Recent 03/04/2021

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTICVE
18:065.35.1Google Chrome Performance API origin validation$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21183
18:056.46.1Google Chrome Navigation authorization$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21182
18:034.84.6Google Chrome Autofill information disclosure$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21181
17:597.06.7Google Chrome OpenJPEG heap-based overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-27844
17:577.57.2Google Chrome Tab Search use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21180
17:567.57.2Google Chrome Network Internals use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21179
17:566.46.1Google Chrome Compositing Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21178
17:556.46.1Google Chrome Autofill improper authentication$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21177
17:546.46.1Google Chrome Full Screen Mode Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21176
17:536.46.1Google Chrome Site Isolation sandbox$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21175
17:527.57.2Google Chrome Referrer Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21174
17:514.84.6Google Chrome Network Internals information disclosure$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21173
17:507.26.8Google Chrome File System API Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21172
17:446.46.1Google Chrome TabStrip/Navigation Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.01CVE-2021-21171
17:436.46.1Google Chrome Loader Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21170
17:427.57.2Google Chrome V8 out-of-bounds read$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21169
17:386.46.1Google Chrome AppCache Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21168
17:377.57.2Google Chrome Bookmarks use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21167
17:367.57.2Google Chrome Audio memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21166
17:347.57.2Google Chrome Audio memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21165
17:346.46.1Google Chrome origin validation$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21164
17:326.46.1Google Chrome Reader Mode origin validation$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21163
17:327.57.2Google Chrome WebRTC use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21162
17:317.57.2Google Chrome TabStrip heap-based overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21161
17:307.57.2Google Chrome WebAudio heap-based overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21160
17:297.57.2Google Chrome TabStrip heap-based overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21159
16:006.36.0Xerox AltaLink C8070 Clone Install unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-18629
15:594.34.1Xerox AltaLink C8070 cleartext transmission$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-18628
10:364.84.6openark Orchestrator orchestrator.js cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-27940
10:355.65.4AdGuard inadequate encryption$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-27935
10:346.76.0LumisXP API PageControllerXml.jsp xml external entity reference$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.07CVE-2021-27931
10:343.53.4Zabbix CControllerAuthenticationUpdate cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-27927
10:325.04.8BigProf Online Invoicing System csv injection$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-27839
10:317.37.0genugate Web Interface improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-27215
10:286.46.1markdown2 Regular Expression denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.24CVE-2021-26813
10:263.53.4Trend Micro Visua Scan API/Advanced Threat Scan Engine File denial of service$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2021-25252
10:207.16.8Node.js DNS Server hosts dns rebinding$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-22884
10:195.55.3Node.js File Descriptor Limit resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.15CVE-2021-22883
10:174.14.0Nextcloud Server Notification cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-22878
10:166.05.7NextCloud access control$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-22877
10:087.07.0Fatek FvDesigner Project File out-of-bounds write$0-$5k$0-$5kNot DefinedNot Defined1.19CVE-2021-22683
10:088.08.0Rockwell Automation Studio 5000 Logix Designer/RSLogix 5000 insufficiently protected credentials$0-$5k$0-$5kNot DefinedNot Defined0.20CVE-2021-22681
09:567.07.0Fatek FvDesigner Project File uninitialized pointer$0-$5k$0-$5kNot DefinedNot Defined1.45CVE-2021-22670
09:567.07.0Fatek FvDesigner Project File stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined1.29CVE-2021-22666
09:567.07.0Fatek FvDesigner Project File use after free$0-$5k$0-$5kNot DefinedNot Defined1.53CVE-2021-22662
09:497.07.0Fatek FvDesigner Project File out-of-bounds read$0-$5k$0-$5kNot DefinedNot Defined0.68CVE-2021-22638
09:465.35.3GitLab Community Edition/Enterprise Edition Branch Log information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2021-22188
09:444.44.4GitLab Community Edition/Enterprise Edition Merge Request cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-22182
09:423.53.4Bitnami Docker Container .env random values$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-21979
09:348.07.7VMware View Planner logupload Web Application improper authorization$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2021-21978

Interested in the pricing of exploits?

See the underground prices here!