Exploits 05/28/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
05/28/2021$5k-$25k$5k-$25kLinux Kernel Nouveau DRM Subsystem nouveau_sgdma.c nouveau_sgdma_create_ttm use after freeNot Defined
 
 
0.56CVE-2021-20292
05/28/2021$5k-$25k$0-$5kCitrix ShareFile Storage Zones Controller authorizationNot Defined
 
 
0.64CVE-2021-22891
05/28/2021$5k-$25k$5k-$25kHuawei Secospace USG9500 out-of-bounds writeNot Defined
 
 
0.96CVE-2021-22411
05/28/2021$5k-$25k$5k-$25kHuawei CloudEngine 12800 out-of-bounds writeNot Defined
 
 
0.72CVE-2021-22362
05/28/2021$5k-$25k$5k-$25kSiemens Luxion KeyShot CATPart File Parser out-of-bounds writeNot Defined
 
 
0.16CVE-2021-27488
05/28/2021$5k-$25k$5k-$25kSiemens Luxion KeyShot STP File Parser stack-based overflowNot Defined
 
 
0.32CVE-2021-27494
05/28/2021$5k-$25k$0-$5kFreeBSD System Call unknown vulnerabilityNot Defined
 
 
0.72CVE-2021-29628
05/28/2021$5k-$25k$5k-$25kHuawei FusionCompute input validationNot Defined
 
 
0.80CVE-2021-22358
05/28/2021$5k-$25k$0-$5kCitrix Workspace App access controlNot Defined
 
 
0.56CVE-2021-22907
05/28/2021$5k-$25k$5k-$25kSiemens Luxion KeyShot 3DXML File Parser xml external entity referenceNot Defined
 
 
0.09CVE-2021-27492
05/28/2021$5k-$25k$0-$5kApache Fineract configureClient certificate validationNot Defined
 
 
0.32CVE-2020-17514
05/28/2021$5k-$25k$0-$5kLinux Kernel sysctl Subsystem rh_features uninitialized pointerNot Defined
 
 
0.00CVE-2020-10774
05/28/2021$5k-$25k$0-$5kLinux Kernel BPF information disclosureNot Defined
 
 
0.34CVE-2021-20239
05/28/2021$5k-$25k$0-$5kAdobe ColdFusion Installer access controlNot Defined
 
 
0.56CVE-2020-10145
05/28/2021$5k-$25k$0-$5kSiemens Luxion KeyShot Datakit Software Libraries out-of-bounds readNot Defined
 
 
0.72CVE-2021-27490
05/28/2021$5k-$25k$0-$5kHuawei USG9500 resource consumptionNot Defined
 
 
0.08CVE-2021-22360
05/28/2021$5k-$25k$0-$5kSquid Web Proxy Range Request denial of serviceNot Defined
 
 
0.17CVE-2021-31808
05/28/2021$5k-$25k$0-$5kSquid Web Proxy urn Scheme memory allocationNot Defined
 
 
0.51CVE-2021-28651
05/28/2021$5k-$25k$0-$5kSquid Web Proxy Range Request denial of serviceNot Defined
 
 
0.08CVE-2021-31806
05/28/2021$5k-$25k$0-$5kSquid Web Proxy Cache Manager API memory leakNot Defined
 
 
0.16CVE-2021-28652
05/28/2021$5k-$25k$0-$5kSquid Web Proxy Response Header denial of serviceNot Defined
 
 
0.16CVE-2021-28662
05/28/2021$5k-$25k$0-$5kGoogle Go nethttp ReadResponse denial of serviceNot Defined
 
 
0.40CVE-2021-31525
05/28/2021$0-$5k$0-$5kRed Hat Quay Notification cross site scriptingNot Defined
 
 
0.08CVE-2020-27832
05/28/2021$0-$5k$0-$5kMozilla Network Security Services CHACHA20-POLY1305 out-of-bounds readNot Defined
 
 
0.48CVE-2020-12403
05/28/2021$0-$5k$0-$5kSiemens Luxion KeyShot PRT File Parser null pointer dereferenceNot Defined
 
 
1.21CVE-2021-27496
05/28/2021$0-$5k$0-$5kQEMU am53c974 SCSI Host Bus Adapter Emulation CMD_TI denial of serviceNot Defined
 
 
0.25CVE-2020-35506
05/28/2021$0-$5k$0-$5kPulse Secure Pulse Connect Secure File Resource Profiles buffer overflowNot Defined
 
 
1.22CVE-2021-22908
05/28/2021$0-$5k$0-$5kPulse Secure Pulse Connect Secure Meeting Room buffer overflowNot Defined
 
 
0.33CVE-2021-22894
05/28/2021$0-$5k$0-$5kplease umask Remote Privilege EscalationNot Defined
 
 
1.12CVE-2021-31155
05/28/2021$0-$5k$0-$5kUbiquiti EdgeMAX EdgeRouter Firmware Update channel accessibleNot Defined
 
 
0.24CVE-2021-22909
05/28/2021$0-$5k$0-$5kHuawei S5700/S6700 Message denial of serviceNot Defined
 
 
0.80CVE-2021-22359
05/28/2021$0-$5k$0-$5kHuawei Mate 30 denial of serviceNot Defined
 
 
0.72CVE-2021-22364
05/28/2021$0-$5k$0-$5kRed Hat containers-image resource consumptionNot Defined
 
 
0.17CVE-2020-1702
05/28/2021$0-$5k$0-$5kQEMU SCSI Emulation Support null pointer dereferenceNot Defined
 
 
0.16CVE-2020-35504
05/28/2021$0-$5k$0-$5kFreeBSD libradius denial of serviceNot Defined
 
 
0.32CVE-2021-29629
05/28/2021$0-$5k$0-$5kQEMU am53c974 SCSI Host Bus Adapter Emulation denial of serviceNot Defined
 
 
0.16CVE-2020-35505
05/28/2021$0-$5k$0-$5kFFmpeg MOV File get_bits.h heap-based overflowNot Defined
 
 
1.14CVE-2020-22016
05/28/2021$0-$5k$0-$5kFFmpeg vf_neighbor.c deflate16 heap-based overflowNot Defined
 
 
1.14CVE-2020-22027
05/28/2021$0-$5k$0-$5kFFmpeg vf_w3fdif.c filter16_complex_low heap-based overflowNot Defined
 
 
0.37CVE-2020-22031
05/28/2021$0-$5k$0-$5kFFmpeg vf_floodfill.c heap-based overflowNot Defined
 
 
0.09CVE-2020-22034
05/28/2021$0-$5k$0-$5kFFmpeg vf_vmafmotion.c convolution_y_8bit heap-based overflowNot Defined
 
 
0.00CVE-2020-22033
05/28/2021$0-$5k$0-$5kFFmpeg drawutils.c ff_fill_rectangle heap-based overflowNot Defined
 
 
0.08CVE-2020-22017
05/28/2021$0-$5k$0-$5kFFmpeg vf_fieldorder.c filter_frame heap-based overflowNot Defined
 
 
0.08CVE-2020-22022
05/28/2021$0-$5k$0-$5kFFmpeg vf_bitplanenoise.c filter_frame heap-based overflowNot Defined
 
 
0.08CVE-2020-22023
05/28/2021$0-$5k$0-$5kFFmpeg af_afade.c crossfade_samples_fltp heap-based overflowNot Defined
 
 
0.08CVE-2020-22030
05/28/2021$0-$5k$0-$5kFFmpeg vf_edgedetect.c gaussian_blur heap-based overflowNot Defined
 
 
0.08CVE-2020-22032
05/28/2021$0-$5k$0-$5kFFmpeg vf_edgedetect.c gaussian_blur heap-based overflowNot Defined
 
 
0.56CVE-2020-22025
05/28/2021$0-$5k$0-$5kFFmpeg vf_colorconstancy.c: slice_get_derivative heap-based overflowNot Defined
 
 
0.08CVE-2020-22029
05/28/2021$0-$5k$0-$5kX.org X11 Server/libX11 LookupCol.c XLookupColor buffer overflowNot Defined
 
 
0.08CVE-2021-31535
05/28/2021$0-$5k$0-$5kCheckbox Survey CheckboxWeb.dll deserializationNot Defined
 
 
1.44CVE-2021-27852

Do you need the next level of professionalism?

Upgrade your account now!