Archive 04/28/2022

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Google Chrome25
JetBrains IntelliJ IDEA8
Bender CC6128
Bender CC6137
Bender ICC15xx7

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix105
Temporary Fix0
Workaround1
Unavailable0
Not Defined15

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept0
Unproven0
Not Defined121

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤21
≤33
≤416
≤528
≤624
≤739
≤84
≤95
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤21
≤35
≤415
≤527
≤651
≤713
≤84
≤94
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k38
<2k19
<5k26
<10k6
<25k7
<50k1
<100k24
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k76
<2k12
<5k8
<10k1
<25k24
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1986916.36.0Google Chrome IFRAME Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2022-1501
1986906.36.0Google Chrome Dev Tools Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2022-1500
1986896.36.0Google Chrome WebAuthentication Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2022-1499
1986886.36.0Google Chrome HTML Parser Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.08CVE-2022-1498
1986876.36.0Google Chrome Input Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2022-1497
1986866.36.0Google Chrome File Manager use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2022-1496
1986856.36.0Google Chrome Downloads Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.02CVE-2022-1495
1986846.36.0Google Chrome Trusted Types Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.08CVE-2022-1494
1986836.36.0Google Chrome Dev Tools use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.03CVE-2022-1493
1986826.36.0Google Chrome Blink Editing Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.02CVE-2022-1492
1986816.36.0Google Chrome Bookmarks use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2022-1491
1986806.36.0Google Chrome Browser Switcher use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2022-1490
1986796.36.0Google Chrome UI Shelf out-of-bounds$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2022-1489
1986786.36.0Google Chrome Extensions API Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2022-1488
1986776.36.0Google Chrome Ozone use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.02CVE-2022-1487
1986766.36.0Google Chrome V8 type confusion$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2022-1486
1986756.36.0Google Chrome File System API use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2022-1485
1986746.36.0Google Chrome Web UI Settings heap-based overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2022-1484
1986736.36.0Google Chrome WebGPU heap-based overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2022-1483
1986726.36.0Google Chrome WebGL Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2022-1482
1986716.36.0Google Chrome Sharing use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2022-1481
1986706.36.0Google Chrome Device API use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2022-1480
1986696.36.0Google Chrome ANGLE use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2022-1479
1986686.36.0Google Chrome SwiftShader use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2022-1478
1986676.36.0Google Chrome Vulkan use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2022-1477
1986665.45.3Snipe-IT access control$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2022-1511
1986657.06.9Elcomplus SmartPTT Request improper authorization$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-43939
1986648.58.4Elcomplus SmartPTT Upload Request unrestricted upload$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-43934
1986636.26.2Elcomplus SmartPTT Dashboard/Main Page cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-43932
1986623.83.7Elcomplus SmartPTT Download Request path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-43930
1986615.55.3Encode httpx input validation$0-$5k$0-$5kNot DefinedOfficial Fix0.11CVE-2021-41945
1986605.95.8Shopware cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-24879
1986596.36.0Navigate CMS Feed feed_parser server-side request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-28117
1986585.55.4Shopware Password Reset Token password recovery$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-24892
1986574.84.7Shopware Storefront cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-24873
1986565.25.1Shea Bunge Footer Text Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2022-27860
1986555.25.1Rav Messer Ravpage Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2022-29415
1986546.06.0neorazorx facturascripts ZIP Format cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-1514
1986534.34.1Mahara cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2022-28892
1986523.53.4Mahara Cascading Style Sheet cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-29584
1986513.53.4Mahara Group information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-29585
1986506.36.3Turtlapp Turtle Note meta Tag injection$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2022-28101
1986495.45.4Zoom On-Premise Meeting Connector Controller information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-22783
1986486.26.1Zoom Client for Meetings Update Remote Code Execution$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-22781
1986474.54.4Hermit Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-29413
1986464.84.8Hermit Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-29412
1986457.87.7Hermit Plugin sql injection$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2022-29411
1986446.86.7Hermit Plugin sql injection$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-29410
1986433.53.5PHP MySQL Admin Panel Generator edit-db.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-28102
1986425.45.3IBM InfoSphere Information Server information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2022-22441

71 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!