Exploit Prices 01/14/2022

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation

Official Fix142
Temporary Fix0
Workaround1
Unavailable0
Not Defined24

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High1
Functional0
Proof-of-Concept1
Unproven0
Not Defined165

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base

≤10
≤20
≤30
≤418
≤515
≤627
≤719
≤870
≤916
≤102

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤418
≤515
≤629
≤719
≤873
≤911
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k13
<2k40
<5k84
<10k25
<25k2
<50k3
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k123
<2k29
<5k10
<10k1
<25k4
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
01/14/2022$25k-$100k$5k-$25kNetgear XR500 Environment Variable setupwizard.cgi stack-based overflowNot Defined
 
 
0.07CVE-2021-34980
01/14/2022$25k-$100k$5k-$25kNetgear R6260 SOAP Request setupwizard.cgi stack-based overflowNot Defined
 
 
0.04CVE-2021-34978
01/14/2022$25k-$100k$5k-$25kNetgear R6260 SOAP Request buffer overflowNot Defined
 
 
0.03CVE-2021-34979
01/14/2022$5k-$25k$5k-$25kPanda Free Antivirus Named Pipe unnecessary privilegesNot Defined
 
 
0.03CVE-2021-34998
01/14/2022$5k-$25k$0-$5kCisco Unified Contact Center Management Portal Web-based Management Interface access controlNot Defined
 
 
0.04CVE-2022-20658
01/14/2022$5k-$25k$5k-$25kNetgear R7000 SOAP Request authentication bypassNot Defined
 
 
0.05CVE-2021-34977
01/14/2022$5k-$25k$0-$5kAdobe InCopy JPEG2000 File use after freeNot Defined
 
 
0.05CVE-2021-45054
01/14/2022$5k-$25k$0-$5kAdobe InCopy out-of-bounds writeNot Defined
 
 
0.05CVE-2021-45053
01/14/2022$5k-$25k$0-$5kAdobe InCopy out-of-bounds writeNot Defined
 
 
0.00CVE-2021-45056
01/14/2022$5k-$25k$0-$5kAdobe InDesign JPEG2000 File out-of-bounds writeNot Defined
 
 
0.04CVE-2021-45057
01/14/2022$5k-$25k$0-$5kAdobe View JT File Parser out-of-bounds writeNot Defined
 
 
0.00CVE-2021-34921
01/14/2022$5k-$25k$0-$5kAdobe InDesign JPEG File out-of-bounds writeNot Defined
 
 
0.00CVE-2021-45058
01/14/2022$5k-$25k$0-$5kAdobe InDesign JPEG2000 File use after freeNot Defined
 
 
0.03CVE-2021-45059
01/14/2022$5k-$25k$0-$5kAdobe AEM Dispatcher input validationNot Defined
 
 
0.00CVE-2021-43762
01/14/2022$5k-$25k$0-$5kIBM Sterling Gentran:Server log fileNot Defined
 
 
0.05CVE-2021-39032
01/14/2022$5k-$25k$0-$5kCisco Security Manager Web-based Management Interface cross site scriptingNot Defined
 
 
0.09CVE-2022-20642
01/14/2022$5k-$25k$0-$5kCisco Security Manager Web-based Management Interface cross site scriptingNot Defined
 
 
0.00CVE-2022-20637
01/14/2022$5k-$25k$0-$5kCisco Security Manager Web-based Management Interface cross site scriptingNot Defined
 
 
0.04CVE-2022-20639
01/14/2022$5k-$25k$0-$5kCisco Security Manager Web-based Management Interface cross site scriptingNot Defined
 
 
0.00CVE-2022-20636
01/14/2022$5k-$25k$0-$5kCisco Security Manager Web-based Management Interface cross site scriptingNot Defined
 
 
0.09CVE-2022-20643
01/14/2022$5k-$25k$0-$5kCisco Security Manager Web-based Management Interface cross site scriptingNot Defined
 
 
0.00CVE-2022-20644
01/14/2022$5k-$25k$0-$5kCisco Security Manager Web-based Management Interface cross site scriptingNot Defined
 
 
0.03CVE-2022-20646
01/14/2022$5k-$25k$0-$5kCisco Security Manager Web-based Management Interface cross site scriptingNot Defined
 
 
0.00CVE-2022-20647
01/14/2022$5k-$25k$0-$5kCisco Security Manager Web-based Management Interface cross site scriptingNot Defined
 
 
0.00CVE-2022-20641
01/14/2022$5k-$25k$0-$5kCisco Security Manager Web-based Management Interface cross site scriptingNot Defined
 
 
0.00CVE-2022-20645
01/14/2022$5k-$25k$0-$5kCisco Security Manager Web-based Management Interface cross site scriptingNot Defined
 
 
0.06CVE-2022-20635
01/14/2022$5k-$25k$0-$5kCisco Security Manager Web-based Management Interface cross site scriptingNot Defined
 
 
0.00CVE-2022-20638
01/14/2022$5k-$25k$0-$5kCisco Security Manager Web-based Management Interface cross site scriptingNot Defined
 
 
0.03CVE-2022-20640
01/14/2022$5k-$25k$0-$5kClam Antivirus OOXML Parser denial of serviceNot Defined
 
 
0.03CVE-2022-20698
01/14/2022$5k-$25k$0-$5kLinux Kernel verifier.c null pointer dereferenceProof-of-Concept
 
 
0.03CVE-2022-23222
01/14/2022$0-$5k$0-$5kQNAP QVR Elite/QVR Pro/QVR Guard stack-based overflowNot Defined
 
 
0.04CVE-2021-38691
01/14/2022$0-$5k$0-$5kQNAP QVR Elite/QVR Pro/QVR Guard buffer overflowNot Defined
 
 
0.03CVE-2021-38689
01/14/2022$0-$5k$0-$5kQNAP QVR Elite/QVR Pro/QVR Guard stack-based overflowNot Defined
 
 
0.06CVE-2021-38690
01/14/2022$0-$5k$0-$5kQNAP QVR Elite/QVR Pro/QVR Guard stack-based overflowNot Defined
 
 
0.00CVE-2021-38692
01/14/2022$0-$5k$0-$5kQNAP QVR Elite/QVR Pro/QVR Guard buffer overflowNot Defined
 
 
0.04CVE-2021-38682
01/14/2022$0-$5k$0-$5kAdobe AEM Forms Cloud Service xml external entity referenceNot Defined
 
 
0.04CVE-2021-40722
01/14/2022$0-$5k$0-$5kImperva Web Application Firewall HTTP POST Request encoding errorNot Defined
 
 
0.04CVE-2021-45468
01/14/2022$0-$5k$0-$5kCommvault CommCell Demo_ExecuteProcessOnGroup routineNot Defined
 
 
0.00CVE-2021-34996
01/14/2022$0-$5k$0-$5kCommvault CommCell AppStudioUploadHandler unrestricted uploadNot Defined
 
 
0.00CVE-2021-34997
01/14/2022$0-$5k$0-$5kCommvault CommCell input validationNot Defined
 
 
0.04CVE-2021-34994
01/14/2022$0-$5k$0-$5kCommvault CommCell DownloadCenterUploadHandler unrestricted uploadNot Defined
 
 
0.05CVE-2021-34995
01/14/2022$0-$5k$0-$5kWestern Digital EdgeRover Desktop App permissionNot Defined
 
 
0.00CVE-2022-22988
01/14/2022$0-$5k$0-$5kGNU C Library sunrpc Module svcunix_create buffer overflowNot Defined
 
 
0.11CVE-2022-23218
01/14/2022$0-$5k$0-$5kGNU C Library sunrpc Module clnt_create buffer overflowNot Defined
 
 
0.07CVE-2022-23219
01/14/2022$0-$5k$0-$5kBentley View 3DS File memory corruptionNot Defined
 
 
0.00CVE-2021-34874
01/14/2022$0-$5k$0-$5kBentley View JT File Parser out-of-bounds writeNot Defined
 
 
0.00CVE-2021-34878
01/14/2022$0-$5k$0-$5kBentley View JT File Parser out-of-bounds writeNot Defined
 
 
0.00CVE-2021-34877
01/14/2022$0-$5k$0-$5kBentley View DGN File Parser heap-based overflowNot Defined
 
 
0.04CVE-2021-34904
01/14/2022$0-$5k$0-$5kBentley View 3DS File Parser use after freeNot Defined
 
 
0.00CVE-2021-34895
01/14/2022$0-$5k$0-$5kBentley View JT File Parser stack-based overflowNot Defined
 
 
0.00CVE-2021-34892

117 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!