Archive June 2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Google Android79
Qualcomm Snapdragon Industrial IOT58
Qualcomm Snapdragon Mobile55
Qualcomm Snapdragon Compute52
Qualcomm Snapdragon Connectivity52

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix1009
Temporary Fix0
Workaround9
Unavailable0
Not Defined1054

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High2
Functional2
Proof-of-Concept66
Unproven47
Not Defined1955

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤25
≤355
≤4284
≤5357
≤6440
≤7588
≤8202
≤9109
≤1032

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤26
≤360
≤4295
≤5355
≤6497
≤7560
≤8199
≤969
≤1031

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k600
<2k624
<5k409
<10k155
<25k166
<50k72
<100k45
≥100k1

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k1065
<2k609
<5k215
<10k121
<25k57
<50k5
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

PublishedBaseTempVulnerability0dayTodayExpRemCTICVE
06/30/20227.97.2Microsoft Edge privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.11CVE-2022-33680
06/30/20228.07.9EyesOfNetwork Options Configuration sendmail Privilege Escalation$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-40643
06/30/20226.46.2Atlassian Jira Server/Jira Data Center Mobile Plugin server-side request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-26135
06/30/20224.74.5Online Hotel Booking System Room edit_room_cat.php sql injection$0-$5k$0-$5kProof-of-ConceptNot Defined0.13CVE-2022-2263
06/30/20224.74.5Online Hotel Booking System Room edit_all_room.php sql injection$0-$5k$0-$5kProof-of-ConceptNot Defined0.18CVE-2022-2262
06/30/20226.66.3Omron SYSMAC CS1 signature verification$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-31206
06/30/20224.44.2Omron SYSMAC CS1 data authenticity$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2022-31207
06/30/20222.72.6Omron SYSMAC CS1 CP1W-CIF41 Ethernet Option Board credentials storage$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-31205
06/30/20223.73.6Omron SYSMAC CS1 cleartext transmission$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2022-31204
06/30/20227.67.5Das U-Boot i2c md Command do_i2c_md stack-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-34835
06/30/20228.08.0Edimax IC-3140W hard-coded credentials$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-40597
06/30/20224.64.5Joy Wolf E-Bike Key Fob Request denial of service$0-$5k$0-$5kProof-of-ConceptNot Defined0.05CVE-2022-30467
06/30/20227.36.4Backdoor.Win32.EvilGoat.b Service Port 13014 hard-coded credentials$0-$5k$0-$5kProof-of-ConceptWorkaround0.02
06/30/20227.36.4Backdoor.Win32.Cafeini.b Service Port 51966 hard-coded credentials$0-$5k$0-$5kProof-of-ConceptWorkaround0.02
06/30/20227.36.4Backdoor.Win32.Coredoor.10.a Service Port 21000 improper authentication$0-$5k$0-$5kProof-of-ConceptWorkaround0.00
06/29/20226.36.0Mozilla Firefox Internal URL Protection access control$25k-$100k$5k-$25kNot DefinedOfficial Fix0.08CVE-2022-31746
06/29/20227.06.9grav code injection$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-2073
06/29/20225.15.1Enalean Tuleap MyDocmanSearch Widget cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2022-31063
06/29/20225.95.8Enalean Tuleap Tracker Report sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2022-31058
06/29/20224.34.2Enalean Tuleap Project information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-31032
06/29/20226.06.0RSSHub resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-31110
06/29/20226.76.6oretnom23 Online Railway Reservation System sql injection$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-33061
06/29/20226.76.6oretnom23 Online Railway Reservation System sql injection$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-33060
06/29/20226.76.6oretnom23 Online Railway Reservation System sql injection$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-33059
06/29/20226.76.6oretnom23 Online Railway Reservation System sql injection$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2022-33058
06/29/20226.76.6oretnom23 Online Railway Reservation System sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-33057
06/29/20225.65.5microweber redirect$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-2252
06/29/20225.55.4IBM Security Guardium Web UI cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-39074
06/29/20226.76.6oretnom23 Online Railway Reservation System view_details.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-33042
06/29/20224.74.6MetaMask BIP39 Mnemonic information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-32969
06/29/20225.55.5ApiFest OAuth 2.0 Server URI redirect$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-26877
06/29/20227.06.9XLPD unquoted search path$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-33035
06/29/20226.86.7NoMachine permission$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2022-34043
06/29/20226.66.5Embarcadero Dev-CPP EXE File uncontrolled search path$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-33037
06/29/20226.66.5Embarcadero Dev-CPP EXE File uncontrolled search path$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-33036
06/29/20226.56.4CVA6 Multiplication Unit permission$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2022-33023
06/29/20226.56.5CVA6 memory corruption$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2022-33021
06/29/20227.67.6ThinkPHP AbstractCache.php deserialization$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-33107
06/29/20224.03.9Textpattern CMS txplib_misc.php missing secure attribute$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-40642
06/29/20224.03.9SilverStripe Framework cwp-core Module cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.13CVE-2022-25238
06/29/20225.45.4Marval MSM 2FA cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2022-31886
06/29/20224.44.4Admidio cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2022-23896
06/29/20224.44.4SilverStripe Framework XMLHttpRequest cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2022-28803
06/29/20223.93.9SilverStripe Assets cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-29858
06/29/20224.84.8wuzhicms cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-19897
06/29/20224.24.2dompdf server-side request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-0085
06/29/20224.84.7SourceCodester Zoo Management System register_visitor cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2022-31897
06/29/20225.55.5Nagios XI Login redirect$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-29272
06/29/20225.05.0Nagios XI Downtime permission$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2022-29271
06/29/20224.94.9Nagios XI Email Address access control$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2022-29270

2022 more entries are not shown

Do you need the next level of professionalism?

Upgrade your account now!