Archive May 2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Apple macOS79
Microsoft Windows64
Adobe Acrobat Reader61
Apple iOS36
Apple iPadOS36

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix1320
Temporary Fix0
Workaround6
Unavailable0
Not Defined837

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High1
Functional2
Proof-of-Concept70
Unproven74
Not Defined2016

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤22
≤370
≤4310
≤5286
≤6543
≤7596
≤8231
≤995
≤1030

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤24
≤373
≤4320
≤5282
≤6693
≤7485
≤8211
≤969
≤1026

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k457
<2k508
<5k543
<10k225
<25k232
<50k92
<100k69
≥100k37

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k1115
<2k565
<5k222
<10k97
<25k153
<50k11
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

PublishedBaseTempVulnerability0dayTodayExpRemCTICVE
05/31/20227.56.9Microsoft Edge Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-30127
05/31/20227.56.9Microsoft Edge Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-30128
05/31/20225.04.5Microsoft Edge Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.06CVE-2022-26905
05/31/20225.85.7polonel trudesk integer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2022-1926
05/31/20227.07.0Eufy 2K Indoor Camera RSTP Server buffer overflow$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-3555
05/31/20227.37.1Microsoft Windows Support Diagnostic Tool Follina Remote Code Execution$25k-$100k$0-$5kHighWorkaround0.18CVE-2022-30190
05/31/20226.96.8polonel trudesk Synchronisation incorrect synchronization$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-1931
05/31/20225.04.9mruby use after free$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-1934
05/30/20224.34.1JivoChat Live Chat Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-0642
05/30/20222.42.4Simple Real Estate Pack Plugin Setting cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2022-1646
05/30/20222.42.4Amazon Link Plugin Setting cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-1645
05/30/20222.42.4Call&Book Mobile Bar Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.11CVE-2022-1644
05/30/20222.42.4Birthdays Widget Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.11CVE-2022-1643
05/30/20224.34.1Bulk Page Creator Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-1611
05/30/20224.34.1Change wp-admin Login Plugin authorization$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2022-1589
05/30/20223.53.4External Links in New Window Plugin URL cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.16CVE-2022-1582
05/30/20222.42.3Team Members Plugin Setting cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2022-1568
05/30/20223.13.0Quotes llama Plugin CSV File cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.14CVE-2022-1566
05/30/20222.42.310Web Form Maker Plugin Custom Text Setting cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-1564
05/30/20223.53.4Enable SVG Plugin SVG File cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-1562
05/30/20223.53.4VikBooking Hotel Booking Engine & PMS Plugin URL cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.14CVE-2022-1528
05/30/20223.53.4WP 2FA Plugin Admin Page cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.14CVE-2022-1527
05/30/20222.42.3Poll Maker Plugin Setting cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-1456
05/30/20222.42.4Easy FAQ with Expanding Text Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.12CVE-2022-1395
05/30/20222.42.4No Future Posts Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-1387
05/30/20222.42.4Slideshow Plugin Setting cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2022-1299
05/30/20222.42.4IMDB Info Box Plugin Setting cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-1294
05/30/20223.53.4BannerMan Plugin Setting cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-1275
05/30/20224.34.1Content Mask Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.14CVE-2022-1203
05/30/20222.42.3Smush Plugin Admin Page cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-1009
05/30/20222.42.3User Meta Plugin Shared Field Label cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.10CVE-2022-0376
05/30/20226.36.0External Links in New Window Plugin unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-1583
05/30/20224.74.5StaffList Plugin Admin Dashboard sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2022-1556
05/30/20222.42.4HPB Dashboard Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-1542
05/30/20226.36.0Mozilla Firefox/Firefox ESR/Thunderbird Javascript Object code injection$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2022-1529
05/30/20226.36.0Mozilla Firefox/Firefox ESR/Thunderbird Top-Level Await code injection$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2022-1802
05/29/20223.53.4Gitea cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-1928
05/29/20227.06.9vim buffer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-1927
05/28/20227.77.6protobufjs code injection$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-25878
05/28/20225.35.2HCL BigFix Mobile XML xml validation$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-27780
05/28/20227.06.9vim out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-1897
05/28/20224.54.5HCL BigFix Mobile cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-27781
05/28/20224.44.4Cisco Enterprise Chat and Email Web Interface cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-20802
05/28/20225.25.1Cisco Common Services Platform Collector Web-based Management Interface cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-20674
05/28/20225.25.1Cisco Common Services Platform Collector Web-based Management Interface cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-20673
05/28/20225.25.1Cisco Common Services Platform Collector Web-based Management Interface cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-20672
05/28/20225.25.1Cisco Common Services Platform Collector Web-based Management Interface cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-20671
05/28/20225.25.1Cisco Common Services Platform Collector Web-based Management Interface cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-20670
05/28/20225.25.1Cisco Common Services Platform Collector Web-based Management Interface cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-20669
05/28/20225.25.1Cisco Common Services Platform Collector Web-based Management Interface cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-20668

2113 more entries are not shown

Do you know our Splunk app?

Download it now for free!