Archive 06/14/2022

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Microsoft Windows33
Siemens SINEMA Remote Connect Server8
Couchbase Server7
Microsoft HEVC Video Extensions4
Microsoft Office4

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix89
Temporary Fix0
Workaround0
Unavailable0
Not Defined20

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept10
Unproven42
Not Defined57

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤31
≤411
≤54
≤629
≤718
≤820
≤925
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤32
≤410
≤511
≤628
≤728
≤821
≤99
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k14
<2k15
<5k8
<10k9
<25k35
<50k5
<100k23
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k29
<2k16
<5k27
<10k12
<25k25
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
2018676.66.5Microsoft Windows SMB denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-32230
2018668.17.4Microsoft AV1 Video Extension Remote Code Execution$5k-$25k$0-$5kUnprovenOfficial Fix0.00CVE-2022-30193
2018655.85.4Microsoft Windows Autopilot Device Management/Enrollment Client information disclosure$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.03CVE-2022-30189
2018648.17.4Microsoft HEVC Video Extensions Remote Code Execution$5k-$25k$0-$5kUnprovenOfficial Fix0.00CVE-2022-30188
2018635.14.8Microsoft .NET/Visual Studio information disclosure$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2022-30184
2018626.66.2Microsoft RTOS GUIX information disclosure$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2022-30180
2018618.17.6Microsoft RTOS GUIX Remote Code Execution$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2022-30179
2018608.17.6Microsoft RTOS GUIX Remote Code Execution$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2022-30178
2018597.87.3Microsoft Azure RTOS GUIX Local Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2022-30177
2018587.06.4Microsoft Office Remote Code Execution$5k-$25k$0-$5kUnprovenOfficial Fix0.03CVE-2022-30174
2018577.36.7Microsoft Excel Remote Code Execution$5k-$25k$0-$5kUnprovenOfficial Fix0.03CVE-2022-30173
2018565.14.7Microsoft SharePoint Server/Office information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.00CVE-2022-30172
2018555.14.7Microsoft SharePoint Server/Office information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.00CVE-2022-30171
2018547.36.7Microsoft Microsoft Photos Remote Code Execution$5k-$25k$0-$5kUnprovenOfficial Fix0.03CVE-2022-30168
2018538.17.4Microsoft AV1 Video Extension Remote Code Execution$5k-$25k$0-$5kUnprovenOfficial Fix0.03CVE-2022-30167
2018528.17.4Microsoft Windows Local Security Authority Subsystem Service Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.07CVE-2022-30166
2018518.88.1Microsoft Windows Kerberos Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-30165
2018508.98.1Microsoft Windows Kerberos AppContainer Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.04CVE-2022-30164
2018498.57.8Microsoft Windows Hyper-V Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.04CVE-2022-30163
2018485.14.7Microsoft Windows Kernel information disclosure$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-30162
2018478.88.1Microsoft Windows LDAP Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2022-30161
2018468.17.4Microsoft Windows Advanced Local Procedure Call Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-30160
2018455.14.7Microsoft Office information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.06CVE-2022-30159
2018448.88.1Microsoft SharePoint Server Privilege Escalation$5k-$25k$0-$5kUnprovenOfficial Fix0.03CVE-2022-30158
2018438.88.1Microsoft SharePoint Server Privilege Escalation$5k-$25k$0-$5kUnprovenOfficial Fix0.00CVE-2022-30157
2018425.85.3Microsoft Windows Kernel denial of service$5k-$25k$5k-$25kUnprovenOfficial Fix0.04CVE-2022-30155
2018415.24.8Microsoft Windows File Server Shadow Copy Agent Service Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-30154
2018408.88.1Microsoft Windows LDAP Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-30153
2018397.56.8Microsoft Windows NAT denial of service$5k-$25k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-30152
2018387.26.5Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-30151
2018377.56.8Microsoft Windows Defender Remote Credential Guard Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-30150
2018367.56.8Microsoft Windows LDAP Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-30149
2018355.14.7Microsoft Windows Desired State Configuration information disclosure$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-30148
2018348.17.4Microsoft Windows Installer Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-30147
2018337.56.8Microsoft Windows LDAP Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.04CVE-2022-30146
2018327.56.8Microsoft Windows Encrypting File System Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2022-30145
2018317.56.8Microsoft Windows LDAP Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2022-30143
2018307.26.6Microsoft Windows File History Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.04CVE-2022-30142
2018298.17.4Microsoft Windows LDAP Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-30141
2018287.26.6Microsoft Windows iSCSI Discovery Service Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.04CVE-2022-30140
2018277.56.8Microsoft Windows LDAP Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.06CVE-2022-30139
2018266.96.4Microsoft Azure Service Fabric Container Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2022-30137
2018259.88.9Microsoft Windows Network File System Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-30136
2018248.17.5Microsoft Windows Media Center Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-30135
2018238.17.4Microsoft Windows Container Manager Service Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2022-30132
2018228.17.4Microsoft Windows Container Isolation FS Filter Driver Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2022-30131
2018218.17.6Microsoft System Center Operations Manager Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2022-29149
2018207.56.8Microsoft SQL Server Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.30CVE-2022-29143
2018198.17.4Microsoft HEVC Video Extensions Remote Code Execution$5k-$25k$0-$5kUnprovenOfficial Fix0.03CVE-2022-29119
2018188.17.4Microsoft HEVC Video Extensions Remote Code Execution$5k-$25k$0-$5kUnprovenOfficial Fix0.00CVE-2022-29111

59 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!