Exploit Prices 07/14/2022

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation

Official Fix48
Temporary Fix0
Workaround0
Unavailable0
Not Defined27

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept0
Unproven0
Not Defined75

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base

≤10
≤20
≤30
≤410
≤510
≤625
≤718
≤87
≤94
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤410
≤511
≤625
≤719
≤85
≤94
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k9
<2k19
<5k22
<10k2
<25k12
<50k7
<100k4
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k22
<2k23
<5k17
<10k8
<25k5
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTIEPSSCVE
07/14/2022$25k-$100k$5k-$25kGoogle Android gatt_db.cc read_attr_value out-of-bounds writeNot Defined
 
 
3.19-0.00000CVE-2022-20222
07/14/2022$25k-$100k$5k-$25kGoogle Android bta_hf_client_at.cc bta_hf_client_handle_cind_list_item out-of-bounds writeNot Defined
 
 
3.39-0.00000CVE-2022-20229
07/14/2022$25k-$100k$5k-$25kGoogle Android C2DmaBufAllocator.cpp use after freeNot Defined
 
 
1.71-0.00000CVE-2022-20228
07/14/2022$25k-$100k$5k-$25kGoogle Android Kernel Memory remap_pfn_range memory corruptionNot Defined
 
 
1.71-0.00000CVE-2022-20238
07/14/2022$25k-$100k$5k-$25kGoogle Android permissionNot Defined
 
 
2.11-0.00000CVE-2022-20216
07/14/2022$25k-$100k$5k-$25kGoogle Android Bluetooth avrc_pars_ct.cc avrc_ctrl_pars_vendor_cmd out-of-boundsNot Defined
 
 
1.45-0.00000CVE-2022-20221
07/14/2022$25k-$100k$5k-$25kGoogle Android Bluetooth Stack bta_hf_client_at.cc AT_SKIP_REST out-of-boundsNot Defined
 
 
2.00-0.00000CVE-2022-20224
07/14/2022$25k-$100k$5k-$25kGoogle Android overlay improper restriction of rendered ui layersNot Defined
 
 
1.65-0.00000CVE-2022-20212
07/14/2022$25k-$100k$5k-$25kGoogle Android PermissionController permissionNot Defined
 
 
1.91-0.00000CVE-2022-20218
07/14/2022$25k-$100k$5k-$25kGoogle Android AppRestrictionsFragment.java assertSafeToStartCustomActivity permissionNot Defined
 
 
1.66-0.00000CVE-2022-20223
07/14/2022$25k-$100k$5k-$25kGoogle Android WindowManagerService.java finishDrawingWindow input validationNot Defined
 
 
1.87-0.00000CVE-2022-20226
07/14/2022$5k-$25k$5k-$25kGoogle Android Notification NotificationAccessConfirmationActivity permissionNot Defined
 
 
1.78-0.00000CVE-2022-20234
07/14/2022$5k-$25k$5k-$25kGoogle Android CallLogProvider.java openFile path traversalNot Defined
 
 
1.56-0.00000CVE-2022-20220
07/14/2022$5k-$25k$0-$5kIBM WebSphere Application Server Administrative Console information disclosureNot Defined
 
 
0.52+0.00000CVE-2022-22473
07/14/2022$5k-$25k$0-$5kIBM Engineering Lifecycle Optimization Network Traffic access controlNot Defined
 
 
0.32+0.00000CVE-2021-39016
07/14/2022$5k-$25k$0-$5kIBM Engineering Lifecycle Optimization access controlNot Defined
 
 
0.41+0.00000CVE-2021-39017
07/14/2022$5k-$25k$0-$5kGoogle Android DRM Driver denial of serviceNot Defined
 
 
1.70-0.00000CVE-2022-20236
07/14/2022$5k-$25k$0-$5kGoogle Android SprdContactsProvider denial of serviceNot Defined
 
 
1.96-0.00000CVE-2022-20217
07/14/2022$5k-$25k$0-$5kIBM WebSphere Application Server Web UI cross site scriptingNot Defined
 
 
0.64+0.00000CVE-2022-22477
07/14/2022$5k-$25k$0-$5kGoogle Android USB Driver out-of-boundsNot Defined
 
 
3.31-0.00000CVE-2022-20227
07/14/2022$5k-$25k$0-$5kGoogle Android StorageManagerService.java information disclosureNot Defined
 
 
1.69-0.00000CVE-2022-20219
07/14/2022$5k-$25k$0-$5kGoogle Android SubscriptionController.java getSubscriptionProperty information disclosureNot Defined
 
 
1.55-0.00000CVE-2022-20225
07/14/2022$5k-$25k$0-$5kGoogle Android KeyChain.java choosePrivateKeyAlias information disclosureNot Defined
 
 
1.49-0.00000CVE-2022-20230
07/14/2022$5k-$25k$0-$5kIBM Engineering Lifecycle Optimization SQL Error Message information disclosureNot Defined
 
 
0.46+0.00000CVE-2021-39018
07/14/2022$5k-$25k$0-$5kIBM Engineering Lifecycle Optimization HTTP GET Request information disclosureNot Defined
 
 
0.41+0.00000CVE-2021-39019
07/14/2022$0-$5k$0-$5kIBM Engineering Lifecycle Optimization Web UI cross site scriptingNot Defined
 
 
0.44+0.00000CVE-2021-39015
07/14/2022$0-$5k$0-$5kIBM Engineering Lifecycle Optimization HTTP Header cross site scriptingNot Defined
 
 
0.38+0.00000CVE-2021-39028
07/14/2022$0-$5k$0-$5kSchneider Electric Easergy P5 HTTP Stack buffer overflowNot Defined
 
 
1.73-0.00000CVE-2022-34756
07/14/2022$0-$5k$0-$5kIBM Security Verify Information Queue HTTP Request denial of serviceNot Defined
 
 
0.41+0.00000CVE-2022-35283
07/14/2022$0-$5k$0-$5kSchneider Electric SpaceLogic C-Bus Home Controller os command injectionNot Defined
 
 
1.56-0.00000CVE-2022-34753
07/14/2022$0-$5k$0-$5kVerizon 5G Home LVSKIHP InDoorUnit crtcrpc JSON Listener crtcmode.sh enable_ssh os command injectionNot Defined
 
 
1.28+0.00000CVE-2022-28369
07/14/2022$0-$5k$0-$5k5G Home LVSKIHP InDoorUnit crtcrpc JSON Listener crtc.lua crtcreadpartition os command injectionNot Defined
 
 
1.05+0.00000CVE-2022-28373
07/14/2022$0-$5k$0-$5kVerizon 5G Home LVSKIHP OutDoorUnit crtcrpc JSON Listener rpc.lua crtcswitchsimprofile os command injectionNot Defined
 
 
1.26+0.00000CVE-2022-28375
07/14/2022$0-$5k$0-$5kSchneider Electric X80 Advanced RTU Communication Module URL Parser memory corruptionNot Defined
 
 
1.44-0.00000CVE-2022-34764
07/14/2022$0-$5k$0-$5kSchneider Electric X80 Advanced RTU Communication Module HTTP Header Parser out-of-bounds writeNot Defined
 
 
2.22-0.00000CVE-2022-34759
07/14/2022$0-$5k$0-$5kVerizon 5G Home LVSKIHP InDoorUnit RPC Endpoint crtc.lua crtcfwimage unrestricted uploadNot Defined
 
 
1.28+0.00000CVE-2022-28372
07/14/2022$0-$5k$0-$5kVerizon 5G Home LVSKIHP OutDoorUnit Settings Page settings.lua os command injectionNot Defined
 
 
1.23+0.00000CVE-2022-28374
07/14/2022$0-$5k$0-$5kTP-LINK TL-WR841N httpd buffer overflowNot Defined
 
 
0.38+0.00000CVE-2022-30024
07/14/2022$0-$5k$0-$5kXiaomi Smart Phone heap-based overflowNot Defined
 
 
0.46+0.00000CVE-2020-14127
07/14/2022$0-$5k$0-$5kPrestaShop Catalog unrestricted uploadNot Defined
 
 
1.61-0.00000CVE-2020-21967
07/14/2022$0-$5k$0-$5kkvf-admin com.kalvin.kvf.common.shiro.ShiroConfig File deserializationNot Defined
 
 
1.75-0.00000CVE-2022-35857
07/14/2022$0-$5k$0-$5kNode.js openssl.cnf uncontrolled search pathNot Defined
 
 
0.38+0.00000CVE-2022-32223
07/14/2022$0-$5k$0-$5kSage 300 ERP Installer Runtime untrusted search pathNot Defined
 
 
0.03+0.00000CVE-2021-45492
07/14/2022$0-$5k$0-$5kJerryScript print.c jerryx_print_unhandled_exception stack-based overflowNot Defined
 
 
1.35-0.00000CVE-2022-32117
07/14/2022$0-$5k$0-$5kSchneider Electric X80 Advanced RTU Communication Module Firmware Image path traversalNot Defined
 
 
1.41-0.00000CVE-2022-34762
07/14/2022$0-$5k$0-$5kVerizon 5G Home LVSKIHP InDoorUnit RPC Endpoint ca.pem access controlNot Defined
 
 
1.20+0.00000CVE-2022-28371
07/14/2022$0-$5k$0-$5kSchneider Electric X80 Advanced RTU Communication Module Firmware Image file inclusionNot Defined
 
 
2.22-0.00000CVE-2022-34765
07/14/2022$0-$5k$0-$5kyunzhongzhuan Electronic Mall System sql injectionNot Defined
 
 
1.40+0.00000CVE-2022-30113
07/14/2022$0-$5k$0-$5kVerizon 5G Home LVSKIHP OutDoorUnit RPC Endpoint wnc_crtc_fw.sh crtc_fw_upgrade Privilege EscalationNot Defined
 
 
1.31+0.00000CVE-2022-28370
07/14/2022$0-$5k$0-$5kStrapi Add New Assets unrestricted uploadNot Defined
 
 
2.44-0.00000CVE-2022-32114

25 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!