Exploit Prices 12/09/2021

Type

Not Defined41
Web Browser26
Router Operating System10
Content Management System8
Database Software5

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation

Official Fix54
Temporary Fix0
Workaround7
Unavailable0
Not Defined37

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept0
Unproven0
Not Defined98

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base

≤10
≤20
≤30
≤410
≤518
≤623
≤729
≤87
≤94
≤107

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤33
≤47
≤518
≤637
≤717
≤85
≤94
≤107

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k12
<2k19
<5k30
<10k3
<25k15
<50k19
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k26
<2k26
<5k26
<10k18
<25k2
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
12/09/2021$25k-$100k$5k-$25kMozilla Firefox/Firefox ESR/Thunderbird memory corruptionNot Defined
 
 
0.22CVE-2021-43534
12/09/2021$25k-$100k$5k-$25kMozilla Firefox/Firefox ESR/Thunderbird HTML Input Element use after freeNot Defined
 
 
0.09CVE-2021-38504
12/09/2021$25k-$100k$5k-$25kMozilla Firefox/Firefox ESR/Thunderbird Session Object memory corruptionNot Defined
 
 
0.00CVE-2021-43535
12/09/2021$25k-$100k$5k-$25kMozilla Firefox/Firefox ESR/Thunderbird Live Pointer use after freeNot Defined
 
 
0.00CVE-2021-43539
12/09/2021$25k-$100k$5k-$25kMozilla Firefox/Firefox ESR/Thunderbird Form Validity Message improper restriction of rendered ui layersNot Defined
 
 
0.05CVE-2021-38508
12/09/2021$25k-$100k$5k-$25kMozilla Firefox/Firefox ESR/Thunderbird Protocol escape outputNot Defined
 
 
0.00CVE-2021-43541
12/09/2021$25k-$100k$5k-$25kMozilla Firefox/Firefox ESR/Thunderbird CSP sandboxNot Defined
 
 
0.05CVE-2021-43543
12/09/2021$25k-$100k$5k-$25kMozilla Firefox/Firefox ESR/Thunderbird inetloc File access controlNot Defined
 
 
0.00CVE-2021-38510
12/09/2021$25k-$100k$5k-$25kMozilla Firefox/Firefox ESR/Thunderbird Notification improper restriction of rendered ui layersNot Defined
 
 
0.05CVE-2021-43538
12/09/2021$25k-$100k$5k-$25kMozilla Firefox/Firefox ESR/Thunderbird iFrame Sandbox access controlNot Defined
 
 
0.04CVE-2021-38503
12/09/2021$25k-$100k$5k-$25kMozilla Firefox/Firefox ESR/Thunderbird Notification improper restriction of rendered ui layersNot Defined
 
 
0.00CVE-2021-38506
12/09/2021$25k-$100k$5k-$25kMozilla Firefox/Firefox ESR/Thunderbird Javascript Alert improper restriction of rendered ui layersNot Defined
 
 
0.00CVE-2021-38509
12/09/2021$25k-$100k$5k-$25kMozilla Firefox WebExtensions permissionNot Defined
 
 
0.00CVE-2021-43540
12/09/2021$25k-$100k$5k-$25kMozilla Firefox/Firefox ESR/Thunderbird Cursor improper restriction of rendered ui layersNot Defined
 
 
0.05CVE-2021-43546
12/09/2021$25k-$100k$5k-$25kMozilla Thunderbird Composition Area code injectionNot Defined
 
 
0.13CVE-2021-43528
12/09/2021$25k-$100k$5k-$25kMozilla Firefox Internationalized Domain Name improper restriction of rendered ui layersNot Defined
 
 
0.00CVE-2021-43533
12/09/2021$25k-$100k$5k-$25kMozilla Firefox/Firefox ESR/Thunderbird type conversionNot Defined
 
 
0.00CVE-2021-43537
12/09/2021$25k-$100k$5k-$25kMozilla Firefox Web Extension Context Menu unknown vulnerabilityNot Defined
 
 
0.05CVE-2021-43531
12/09/2021$25k-$100k$5k-$25kMozilla Firefox/Firefox ESR/Thunderbird Clipboard insertion of sensitive information into sent dataNot Defined
 
 
0.04CVE-2021-38505
12/09/2021$5k-$25k$5k-$25kMozilla Network Security Services Signature heap-based overflowNot Defined
 
 
0.90CVE-2021-43527
12/09/2021$5k-$25k$0-$5kGoogle Exposure Notification Server Verification Code access controlNot Defined
 
 
0.04CVE-2021-22565
12/09/2021$5k-$25k$0-$5kMozilla Firefox/Firefox ESR/Thunderbird XMLHttpRequest information exposureNot Defined
 
 
0.00CVE-2021-43542
12/09/2021$5k-$25k$0-$5kMozilla Firefox information disclosureNot Defined
 
 
0.00CVE-2021-43532
12/09/2021$5k-$25k$0-$5kIBM DB2/DB2 Connect Server access controlNot Defined
 
 
0.00CVE-2021-38926
12/09/2021$5k-$25k$0-$5kIBM DB2 access controlNot Defined
 
 
0.09CVE-2021-29678
12/09/2021$5k-$25k$0-$5kMozilla Firefox QR Code cross site scriptingNot Defined
 
 
0.00CVE-2021-43530
12/09/2021$5k-$25k$0-$5kMozilla Firefox Address Bar cross site scriptingNot Defined
 
 
0.04CVE-2021-43544
12/09/2021$5k-$25k$0-$5kMozilla Firefox/Firefox ESR/Thunderbird HTTP2 Opportunistic Encryption cleartext transmissionNot Defined
 
 
0.05CVE-2021-38507
12/09/2021$5k-$25k$0-$5kIBM WebSphere Application Server resource consumptionNot Defined
 
 
0.17CVE-2021-38951
12/09/2021$5k-$25k$0-$5kNetgear RAX35/RAX38/RAX40 HTTP Packet path traversalNot Defined
 
 
0.04CVE-2021-41449
12/09/2021$5k-$25k$0-$5kMozilla Firefox/Firefox ESR/Thunderbird denial of serviceNot Defined
 
 
0.05CVE-2021-43536
12/09/2021$5k-$25k$0-$5kMozilla Firefox/Firefox ESR/Thunderbird Location API infinite loopNot Defined
 
 
0.00CVE-2021-43545
12/09/2021$5k-$25k$0-$5kOracle SYNEL hard-coded credentialsNot Defined
 
 
0.00CVE-2021-36718
12/09/2021$5k-$25k$0-$5kApache Airavata Django Portal HTTP Request Parameter neutralization for logsNot Defined
 
 
0.09CVE-2021-43410
12/09/2021$5k-$25k$0-$5kIBm DB2/DB2 Connect Server information disclosureNot Defined
 
 
0.00CVE-2021-38931
12/09/2021$5k-$25k$0-$5kIBM DB2 LOAD Utility information disclosureNot Defined
 
 
0.05CVE-2021-20373
12/09/2021$5k-$25k$0-$5kIBM DB2/DB2 Connect Server inadequate encryptionNot Defined
 
 
0.05CVE-2021-39002
12/09/2021$0-$5k$0-$5kFortinet FortiWeb API Controller stack-based overflowNot Defined
 
 
0.04CVE-2021-36194
12/09/2021$0-$5k$0-$5kFortinet FortiWeb LogReport API Controller heap-based overflowNot Defined
 
 
0.09CVE-2021-43071
12/09/2021$0-$5k$0-$5kGryphon Tower Router Service Port 9999 command injectionNot Defined
 
 
0.00CVE-2021-20139
12/09/2021$0-$5k$0-$5kGryphon Tower Router Service Port 9999 command injectionNot Defined
 
 
0.05CVE-2021-20144
12/09/2021$0-$5k$0-$5kGryphon Tower Router Service Port 9999 command injectionNot Defined
 
 
0.00CVE-2021-20140
12/09/2021$0-$5k$0-$5kGryphon Tower Router Service Port 9999 command injectionNot Defined
 
 
0.04CVE-2021-20141
12/09/2021$0-$5k$0-$5kGryphon Tower Router Service Port 9999 command injectionNot Defined
 
 
0.05CVE-2021-20142
12/09/2021$0-$5k$0-$5kGryphon Tower Router Service Port 9999 command injectionNot Defined
 
 
0.09CVE-2021-20143
12/09/2021$0-$5k$0-$5kGryphon Tower Router Web Interface rc command injectionNot Defined
 
 
0.00CVE-2021-20138
12/09/2021$0-$5k$0-$5kFortinet FortiOS Firmware Signature Verification heap-based overflowNot Defined
 
 
0.22CVE-2021-36173
12/09/2021$0-$5k$0-$5kMcAfee Network Security Manager Administrator Interface cross site scriptingNot Defined
 
 
0.13CVE-2021-4038
12/09/2021$0-$5k$0-$5kFortinet Meru AP CLI Command Privilege EscalationNot Defined
 
 
0.13CVE-2021-42759
12/09/2021$0-$5k$0-$5kBosch VRM/DIVAR/BVMS Configuration input validationNot Defined
 
 
0.05CVE-2021-23862

48 more entries are not shown

Do you want to use VulDB in your project?

Use the official API to access entries easily!