Exploit Prices 08/11/2022

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation

Official Fix126
Temporary Fix0
Workaround0
Unavailable0
Not Defined70

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept12
Unproven0
Not Defined184

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base

≤10
≤20
≤30
≤419
≤523
≤647
≤758
≤842
≤96
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤419
≤524
≤650
≤758
≤838
≤96
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k17
<2k31
<5k26
<10k33
<25k42
<50k32
<100k15
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k37
<2k51
<5k41
<10k41
<25k26
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTIEPSSCVE
08/11/2022$25k-$100k$5k-$25kGoogle Android cd_codec.c cd_CodeMsg out-of-bounds writeNot Defined
 
 
0.030.01156CVE-2022-20400
08/11/2022$25k-$100k$5k-$25kGoogle Android Kernel miscdatabuilder.cpp BuildDevIDResponse out-of-bounds writeNot Defined
 
 
0.030.01156CVE-2022-20237
08/11/2022$25k-$100k$5k-$25kGoogle Android Bluetooth l2c_ble.cc l2cble_process_sig_cmd out-of-bounds writeNot Defined
 
 
0.050.01103CVE-2022-20345
08/11/2022$25k-$100k$5k-$25kGoogle Android Bluetooth ConnectedDeviceDashboardFragment.java onAttach permissionNot Defined
 
 
0.030.01103CVE-2022-20347
08/11/2022$25k-$100k$5k-$25kGoogle Android Kernel remap_pfn_range memory corruptionNot Defined
 
 
0.030.00885CVE-2022-20239
08/11/2022$25k-$100k$5k-$25kGoogle Android lwis_ioctl.c construct_transaction out-of-bounds writeNot Defined
 
 
0.030.01036CVE-2022-20367
08/11/2022$25k-$100k$5k-$25kGoogle Android trusty-log.c trusty_log_seq_start use after freeNot Defined
 
 
0.060.01036CVE-2022-20376
08/11/2022$25k-$100k$5k-$25kGoogle Android v4l2-mem2mem.c v4l2_m2m_querybuf out-of-bounds writeNot Defined
 
 
0.040.01036CVE-2022-20369
08/11/2022$25k-$100k$5k-$25kGoogle Android st21nfc.c st21nfc_loc_set_polaritymode use after freeNot Defined
 
 
0.070.01036CVE-2022-20373
08/11/2022$25k-$100k$5k-$25kGoogle Android lwis_buffer.c lwis_buffer_alloc use after freeNot Defined
 
 
0.000.01036CVE-2022-20379
08/11/2022$25k-$100k$5k-$25kGoogle Android backing-dev.c bdi_put memory corruptionNot Defined
 
 
0.030.01036CVE-2022-20158
08/11/2022$25k-$100k$5k-$25kGoogle Android lwis_ioctl.c ioctl_dpm_clk_update out-of-bounds writeNot Defined
 
 
0.050.01036CVE-2022-20366
08/11/2022$25k-$100k$5k-$25kGoogle Android dm-bow.c dm_bow_dtr use after freeNot Defined
 
 
0.050.01036CVE-2022-20371
08/11/2022$25k-$100k$5k-$25kGoogle Android exynos5_i2c_irq out-of-bounds writeNot Defined
 
 
0.080.01036CVE-2022-20372
08/11/2022$25k-$100k$5k-$25kGoogle Android Kernel out-of-bounds writeNot Defined
 
 
0.060.01036CVE-2022-20382
08/11/2022$25k-$100k$5k-$25kGoogle Android Bluetooth btif_dm.cc btif_dm_auth_cmpl_evt Remote Code ExecutionNot Defined
 
 
0.070.15362CVE-2022-20361
08/11/2022$25k-$100k$5k-$25kAdobe Acrobat Reader use after freeNot Defined
 
 
0.000.01046CVE-2022-35670
08/11/2022$25k-$100k$5k-$25kAdobe Acrobat Reader use after freeNot Defined
 
 
0.030.01223CVE-2022-35665
08/11/2022$25k-$100k$5k-$25kAdobe Acrobat Reader out-of-bounds writeNot Defined
 
 
0.030.01223CVE-2022-35667
08/11/2022$25k-$100k$5k-$25kGoogle Android g3aa_buffer_allocator.cc out-of-bounds writeNot Defined
 
 
0.050.01036CVE-2022-20383
08/11/2022$25k-$100k$5k-$25kGoogle Android Bluetooth out-of-bounds writeNot Defined
 
 
0.070.01036CVE-2022-20244
08/11/2022$25k-$100k$5k-$25kAdobe Acrobat Reader input validationNot Defined
 
 
0.030.01223CVE-2022-35666
08/11/2022$25k-$100k$5k-$25kGoogle Android Kernel LteRrcNr_Codec.c LteRrcNrProAsnDecode out-of-boundsNot Defined
 
 
0.040.01156CVE-2022-20375
08/11/2022$25k-$100k$5k-$25kCisco ASA/Firepower Threat Defense Clientless SSL VPN request smugglingNot Defined
 
 
0.060.01055CVE-2022-20713
08/11/2022$25k-$100k$5k-$25kGoogle Android Media out-of-boundsNot Defined
 
 
0.000.01156CVE-2022-20247
08/11/2022$25k-$100k$5k-$25kGoogle Android SAEMM_ContextManagement.c SAEMM_RetrievEPLMNList out-of-boundsNot Defined
 
 
0.040.01156CVE-2022-20401
08/11/2022$25k-$100k$5k-$25kGoogle Android MPEG4Extractor.cpp updateAudioTrackInfoFromESDS_MPEG4Audio out-of-boundsNot Defined
 
 
0.030.01156CVE-2022-20346
08/11/2022$25k-$100k$5k-$25kGoogle Android SecureNfcPreferenceController.java setChecked permissionNot Defined
 
 
0.000.01036CVE-2022-20360
08/11/2022$25k-$100k$5k-$25kGoogle Android Messaging input validationNot Defined
 
 
0.000.01036CVE-2022-20250
08/11/2022$25k-$100k$5k-$25kGoogle Android ActiveServices.java shouldAllowFgsWhileInUsePermissionLocked permissionNot Defined
 
 
0.030.01036CVE-2022-20356
08/11/2022$25k-$100k$5k-$25kGoogle Android updateState permissionNot Defined
 
 
0.000.01036CVE-2022-20348
08/11/2022$25k-$100k$5k-$25kGoogle Android WindowManager permissionNot Defined
 
 
0.000.01036CVE-2022-20246
08/11/2022$25k-$100k$5k-$25kGoogle Android permissionNot Defined
 
 
0.030.01036CVE-2022-20349
08/11/2022$25k-$100k$5k-$25kGoogle Android Kernel Privilege EscalationNot Defined
 
 
0.090.00885CVE-2022-20405
08/11/2022$25k-$100k$5k-$25kGoogle Android Kernel Privilege EscalationNot Defined
 
 
0.030.00885CVE-2022-20378
08/11/2022$25k-$100k$5k-$25kGoogle Android Privilege EscalationNot Defined
 
 
0.030.00885CVE-2022-20365
08/11/2022$25k-$100k$5k-$25kGoogle Android Kernel Privilege EscalationNot Defined
 
 
0.050.00885CVE-2022-20403
08/11/2022$25k-$100k$5k-$25kGoogle Android Kernel Privilege EscalationNot Defined
 
 
0.040.00885CVE-2022-20368
08/11/2022$25k-$100k$5k-$25kGoogle Android Kernel Privilege EscalationNot Defined
 
 
0.050.00885CVE-2022-20402
08/11/2022$25k-$100k$5k-$25kGoogle Android Kernel Privilege EscalationNot Defined
 
 
0.050.00885CVE-2022-20408
08/11/2022$25k-$100k$5k-$25kGoogle Android Kernel Privilege EscalationNot Defined
 
 
0.030.00885CVE-2022-20381
08/11/2022$25k-$100k$5k-$25kGoogle Android Kernel Privilege EscalationNot Defined
 
 
0.050.00885CVE-2022-20370
08/11/2022$25k-$100k$5k-$25kGoogle Android Kernel Privilege EscalationNot Defined
 
 
0.060.00885CVE-2022-20380
08/11/2022$25k-$100k$5k-$25kGoogle Android Kernel Privilege EscalationNot Defined
 
 
0.000.00885CVE-2022-20384
08/11/2022$25k-$100k$5k-$25kGoogle Android Kernel Privilege EscalationNot Defined
 
 
0.060.00885CVE-2022-20404
08/11/2022$25k-$100k$5k-$25kGoogle Android Kernel Privilege EscalationNot Defined
 
 
0.050.00885CVE-2022-20406
08/11/2022$25k-$100k$5k-$25kGoogle Android Kernel Privilege EscalationNot Defined
 
 
0.000.00885CVE-2022-20407
08/11/2022$5k-$25k$5k-$25kGoogle Android NotificationManagerService.java permissionNot Defined
 
 
0.050.00000CVE-2022-20359
08/11/2022$5k-$25k$5k-$25kVMware vRealize Operations access controlNot Defined
 
 
0.030.00885CVE-2022-31672
08/11/2022$5k-$25k$0-$5kGoogle Android mali_gralloc_reference.cpp Local Privilege EscalationNot Defined
 
 
0.060.01036CVE-2022-20180

146 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!