Vulnerability Trends Summary
As part of our monthly vulnerability trends, this report shows the monthly top 10 trends on security vulnerabilities and how hackers, malware, and exploit kits are exploiting those vulnerabilities. To demonstrate, we assign vulnerability trends value as a percentage of how each vulnerability is significantly gaining the attention of cybersecurity communities, attackers, together with malware. In either case, companies can benefit from the report to have more cyber threat insights and relatively anticipate attacks wave that might target their public assets in the following months.
Subscribe to the monthly vulnerability digest report by clicking here.
Download the full vulnerability digest report by clicking here.
The following chart shows the trends.
Starting of 2021, we see a smaller number of vulnerabilities. However, still many remote code execution vulnerabilities in Jan 2021 were discovered and disclosed. The vulnerability with most interaction is SUDO remote code execution that is installed on most Linux environments.
The majority of Jan2021 vulnerabilities affect web technologies and frameworks like Laravel, WebLogic, TomCat, and ZendFramework.
The following table shows the details of the trends.
| CVE | Vulnerability | Publish Date | Exploited | Trends* |
| CVE-2021-3156 | Remote Code Execution in SUDO | 26/01/2021 | Yes | 44% |
| CVE-2021-1647 | Remote Code Execution in Windows Defender | 12/01/2021 | Yes | 15% |
| CVE-2021-3011 | Side Channel in Google Titan Security Key | 07/01/2021 | Yes | 14% |
| CVE-2021-23240 | Privilege Escalation in SUDO | 11/01/2021 | Yes | 8% |
| CVE-2021-2109 | Remote Code Execution in Oracle WebLogic | 20/01/2021 | Yes | 6% |
| CVE-2021-3007 | Remote Code Execution in Zend Framework | 04/01/2021 | Yes | 5% |
| CVE-2021-3115 | Command Execution in GoLang | 19/01/2021 | Yes | 2% |
| CVE-2021-24122 | JSP Source Code disclosure in Apache TomCat | 14/01/2021 | Yes | 2% |
| CVE-2021-3129 | Remote Code Execution in Laravel | 12/01/2021 | Yes | 2% |
| CVE-2021-1667 | Remote Code Execution in MS RPC | 12/01/2021 | No | 2% |
Subscribe to the monthly vulnerability digest report by clicking here.
Download the full vulnerability digest report by clicking here.
1. CVE-2021-3156 Remote Code Execution in SUDO
A heap overflow vulnerability exists in the common command sudo of Linux systems. That allows any local users to execute commands with root privilege.
| CVSS Rate | 7.8 High |
| Exploited | Yes |
| Links | https://www.sudo.ws/stable.html#1.9.5p2 https://github.com/stong/CVE-2021-3156 |
2. CVE-2021-1647 Remote Code Execution in Windows Defender
A remote code execution exists in Malware Protection Engine component (mpengine.dll) of Windows Defender. This is a zero-day vulnerability as it is exploited in the wild. However, no technical analysis nor PoC is available yet.
| CVSS Rate | 7.8 High |
| Exploited | Yes |
| Links | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647 |
3. CVE-2021-3011 Side Channel in Google Titan Security Key
An electromagnetic-wave side-channel issue was discovered on Google Titan Security Key (2FA token) that uses NXP security microcontrollers. It allows attackers to extract the ECDSA private key after extensive physical access and consequently produce a clone.
| CVSS Rate | 4.2 Medium |
| Exploited | Yes |
| Links | https://ninjalab.io/a-side-journey-to-titan/ |
4. CVE-2021-23240 Remote Code Execution in SUDO
Links<linksA heap overflow vulnerability exists in the common command sudo of Linux systems. That allows any local users to execute commands with root privilege.
| CVSS Rate | 7.8 High |
| Exploited | Yes |
| Links | https://www.sudo.ws/alerts/sudoedit_selinux.html |
5. CVE-2021-3156 Privilege Escalation in SUDO
A vulnerability in sudoedit of Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target.
| CVSS Rate | 7.8 High |
| Exploited | Yes |
| Links | https://www.sudo.ws/alerts/sudoedit_selinux.html |
6. CVE-2021-2109 Remote Code Execution in Oracle WebLogic
A remote code execution vulnerability exists in console component of Oracle WebLogic Server. This vulnerability requires authentication.
| CVSS Rate | 7.8 High |
| Exploited | Yes |
| Links | https://www.oracle.com/security-alerts/cpujan2021.html https://packetstormsecurity.com/files/161053/Oracle-WebLogic-Server-14.1.1.0-Remote-Code-Execution.html |
7. CVE-2021-3007 Remote Code Execution in Zend Framework
Laminas and Zend Framework (Stream.php) has a deserialization vulnerability that can lead to remote code execution if the content is controllable by an attacker. NOTE: Zend Framework is no longer supported by the maintainer.
8. CVE-2021-3115 Command Execution in GoLang
Go language on Windows is vulnerable to Command Injection and remote code execution when using the “go get” command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
| CVSS Rate | 7.3 High |
| Exploited | Yes |
| Links | https://blog.golang.org/path-security https://github.com/golang/go/issues/43783 |
9. CVE-2021-24122 JSP Source code disclosure in Apache TomCat
Apache Tomcat has JSP source code disclosure in some configurations when it serves resources from network location using NTFS file system.
| CVSS Rate | 7.5 High |
| Exploited | Yes |
| Links | https://tomcat.apache.org/security-10.html |
10. CVE-2021-3129 Remote Code Execution in Laravel
Remote code execution vulnerability exists in Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
| CVSS Rate | 9.8 Critical |
| Exploited | Yes |
| Links | https://github.com/facade/ignition/pull/334 https://www.ambionics.io/blog/laravel-debug-rce |
