Exploit Prices 03/15/2022

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation

Official Fix45
Temporary Fix0
Workaround0
Unavailable0
Not Defined22

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept0
Unproven0
Not Defined67

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base

≤10
≤20
≤30
≤48
≤513
≤618
≤724
≤82
≤92
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤47
≤514
≤626
≤715
≤82
≤92
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k26
<2k11
<5k14
<10k6
<25k4
<50k6
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k42
<2k14
<5k5
<10k2
<25k4
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
03/15/2022$25k-$100k$5k-$25kApple Safari WebKit memory corruptionNot Defined
 
 
0.03CVE-2022-22610
03/15/2022$25k-$100k$5k-$25kApple Safari WebKit buffer overflowNot Defined
 
 
0.03CVE-2022-22629
03/15/2022$25k-$100k$5k-$25kApple Safari WebKit use after freeNot Defined
 
 
0.00CVE-2022-22628
03/15/2022$25k-$100k$5k-$25kApple Safari WebKit use after freeNot Defined
 
 
0.03CVE-2022-22624
03/15/2022$25k-$100k$5k-$25kApple Safari Address Bar improper restriction of rendered ui layersNot Defined
 
 
0.03CVE-2022-22654
03/15/2022$25k-$100k$5k-$25kApple Safari WebKit unknown vulnerabilityNot Defined
 
 
0.05CVE-2022-22637
03/15/2022$5k-$25k$0-$5kIBM Spectrum Copy Data Management Registration server-side request forgeryNot Defined
 
 
0.06CVE-2021-39051
03/15/2022$5k-$25k$0-$5kIBM Spectrum Copy Data Management HTTP Header injectionNot Defined
 
 
0.03CVE-2022-22344
03/15/2022$5k-$25k$0-$5kIBM Spectrum Protect Operations Center URL improper restriction of rendered ui layersNot Defined
 
 
0.03CVE-2022-22348
03/15/2022$5k-$25k$0-$5kOpenSSL Non-prime Moduli BN_mod_sqrt denial of serviceNot Defined
 
 
0.00CVE-2022-0778
03/15/2022$5k-$25k$0-$5kIBM Engineering Workflow Management Build Definition information disclosureNot Defined
 
 
0.03CVE-2020-4989
03/15/2022$5k-$25k$0-$5kIBM Big SQL on IBM Cloud Pak for Data SELECT Statement information disclosureNot Defined
 
 
0.03CVE-2022-22353
03/15/2022$5k-$25k$0-$5kApache CloudStack Project Invitation entropyNot Defined
 
 
0.03CVE-2022-26779
03/15/2022$5k-$25k$0-$5kIBM Spectrum Protect Operations Center cross-site request forgeryNot Defined
 
 
0.03CVE-2022-22346
03/15/2022$5k-$25k$0-$5kIBM Spectrum Protect Plus Admin Console Slowloris denial of serviceNot Defined
 
 
0.06CVE-2022-22354
03/15/2022$5k-$25k$0-$5kIBM Data Virtualization on Cloud Pak for Data Data Masking Rule information disclosureNot Defined
 
 
0.03CVE-2021-38971
03/15/2022$0-$5k$0-$5kIBM Spectrum Copy Data Management Web UI cross site scriptingNot Defined
 
 
0.03CVE-2021-39055
03/15/2022$0-$5k$0-$5kLua Garbage Collector lgc.c use after freeNot Defined
 
 
0.03CVE-2021-44964
03/15/2022$0-$5k$0-$5kvim heap-based overflowNot Defined
 
 
0.03CVE-2022-0943
03/15/2022$0-$5k$0-$5kSylius X-Frame-Options Header improper restriction of rendered ui layersNot Defined
 
 
0.00CVE-2022-24733
03/15/2022$0-$5k$0-$5kFish fish_git_prompt injectionNot Defined
 
 
0.06CVE-2022-20001
03/15/2022$0-$5k$0-$5kTribal Systems Zenario CMS unrestricted uploadNot Defined
 
 
0.04CVE-2021-42171
03/15/2022$0-$5k$0-$5kstar7th showdoc unrestricted uploadNot Defined
 
 
0.08CVE-2022-0950
03/15/2022$0-$5k$0-$5kSyliusGridBundle Sorter.php sql injectionNot Defined
 
 
0.05CVE-2022-24752
03/15/2022$0-$5k$0-$5kClickHouse LZ4 Compression Codec decompressImpl heap-based overflowNot Defined
 
 
0.05CVE-2021-43305
03/15/2022$0-$5k$0-$5kGPAC MP4Box stack-based overflowNot Defined
 
 
0.03CVE-2022-24575
03/15/2022$0-$5k$0-$5kGPAC MP4Box use after freeNot Defined
 
 
0.09CVE-2022-24576
03/15/2022$0-$5k$0-$5kClickHouse LZ4 Compression decompressImpl heap-based overflowNot Defined
 
 
0.00CVE-2021-43304
03/15/2022$0-$5k$0-$5kGPAC script_dec.c SFS_AddString heap-based overflowNot Defined
 
 
0.03CVE-2022-24578
03/15/2022$0-$5k$0-$5kSmarterTools SmarterTrack direct requestNot Defined
 
 
0.03CVE-2022-24385
03/15/2022$0-$5k$0-$5kSmarterTrack Config unrestricted uploadNot Defined
 
 
0.03CVE-2022-24387
03/15/2022$0-$5k$0-$5ksqlpad Test Endpoint injectionNot Defined
 
 
0.06CVE-2022-0944
03/15/2022$0-$5k$0-$5klibvcs URL Parameter update_repo argument injectionNot Defined
 
 
0.05CVE-2022-21187
03/15/2022$0-$5k$0-$5kCVRF-CSAF-Converter xml external entity referenceNot Defined
 
 
0.03CVE-2022-27193
03/15/2022$0-$5k$0-$5kTIBCO JasperReports Library/JasperReports Server pathname traversalNot Defined
 
 
0.03CVE-2022-22771
03/15/2022$0-$5k$0-$5kTiny File Manager File Upload tinyfilemanager.php path traversalNot Defined
 
 
0.03CVE-2021-45010
03/15/2022$0-$5k$0-$5kSylius Password Change session expirationNot Defined
 
 
0.03CVE-2022-24743
03/15/2022$0-$5k$0-$5kVolto Cookie improper authenticationNot Defined
 
 
0.04CVE-2022-24740
03/15/2022$0-$5k$0-$5ksysend.js information disclosureNot Defined
 
 
0.00CVE-2022-24762
03/15/2022$0-$5k$0-$5kClickhouse LZ4 Compression Codec decompressImpl out-of-bounds readNot Defined
 
 
0.04CVE-2021-42387
03/15/2022$0-$5k$0-$5kClickhouse LZ4 Compression Codec decompressImpl out-of-bounds readNot Defined
 
 
0.03CVE-2021-42388
03/15/2022$0-$5k$0-$5kSmarterTools SmarterTrack cross site scriptingNot Defined
 
 
0.03CVE-2022-24384
03/15/2022$0-$5k$0-$5kSmarterTools SmarterTrack cross site scriptingNot Defined
 
 
0.00CVE-2022-24386
03/15/2022$0-$5k$0-$5kSimple Quotation Plugin Quote cross-site request forgeryNot Defined
 
 
0.00CVE-2022-22734
03/15/2022$0-$5k$0-$5kMeks Easy Photo Feed Widget Plugin AJAX Action meks_save_business_selected_account cross-site request forgeryNot Defined
 
 
0.06CVE-2021-24958
03/15/2022$0-$5k$0-$5kSylius SVG File cross site scriptingNot Defined
 
 
0.05CVE-2022-24749
03/15/2022$0-$5k$0-$5kstar7th ShowDoc File Upload cross site scriptingNot Defined
 
 
0.04CVE-2022-0941
03/15/2022$0-$5k$0-$5kstar7th showdoc File Upload cross site scriptingNot Defined
 
 
0.03CVE-2022-0951
03/15/2022$0-$5k$0-$5kstar7th showdoc File Upload cross site scriptingNot Defined
 
 
0.06CVE-2022-0956
03/15/2022$0-$5k$0-$5kstar7th showdoc File Upload cross site scriptingNot Defined
 
 
0.03CVE-2022-0957

17 more entries are not shown

Do you need the next level of professionalism?

Upgrade your account now!