Recent 01/15/2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Google Android27
Adobe Acrobat Reader26
GNU InetUtils7
Pexip Infinity5
Arista EOS4

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix81
Temporary Fix0
Workaround0
Unavailable0
Not Defined39

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept1
Unproven0
Not Defined119

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤33
≤438
≤514
≤628
≤725
≤810
≤91
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤34
≤438
≤514
≤629
≤723
≤810
≤91
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k33
<2k6
<5k20
<10k7
<25k15
<50k34
<100k5
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k52
<2k15
<5k13
<10k22
<25k17
<50k1
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTIEPSSCVE
20:483.53.4Checkmk javascript: URL cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01132CVE-2020-28919
20:474.34.1Pexip Infinity Call-Setup denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2021-42555
20:464.34.1Pexip Infinity Call-Setup denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2021-35969
20:464.34.1Pexip Infinity H.264 denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2021-33499
20:454.34.1Pexip Infinity H.264 denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2021-33498
20:444.34.1Pexip Infinity RMTP denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2021-32545
18:456.36.0CyberArk Endpoint Privilege Manager Procmon64.exe uncontrolled search path$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00950CVE-2021-44049
18:445.55.3Open Design Alliance Drawings SDK JPG File memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01036CVE-2022-23095
18:444.34.3Crestron HD-MD4X2-4K-E Administrative Web Interface aj.html information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-23178
15:496.36.1China Mobile An Lianbao WF-1 Web Interface mac_addr_clone command injection$0-$5k$0-$5kNot DefinedNot Defined0.000.02359CVE-2021-33963
08:327.57.2Juniper Junos OS Kernel resource consumption$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2022-22161
08:264.34.1Juniper Junos OS CLI information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2022-22162
08:134.34.1Libreswan IKEv1 Packet ikev1.c null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01213CVE-2022-23094
08:126.36.0Facebook Hermes type confusion$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2021-24044
08:114.34.2livehelperchat cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-0226
08:113.33.2Google Android Emergency Calling CreateConnectionProcessor.java sortSimPhoneAccountsForEmergency denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01036CVE-2021-39659
08:105.35.1Google Android events.cpp inotify_cb out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.01036CVE-2021-39632
08:105.35.1Google Android adb Shell OverlayManagerService.java executeRequest permission$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.01036CVE-2021-39630
08:095.35.1Google Android phTmlNfc.cc phTmlNfc_CleanUp use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.01036CVE-2021-39629
08:095.35.1Google Android LegacyModeSmsHandler.java sendLegacyVoicemailNotification permission$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.01036CVE-2021-39627
08:095.35.1Google Android Bluetooth Setting ConnectedDeviceDashboardFragment.java onAttach permission$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.01036CVE-2021-39626
08:086.05.9Google Android EuiccNotificationManager.java showCarrierAppInstallationNotification privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.01036CVE-2021-39625
08:087.87.6Google Android GBoard permissions$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.01036CVE-2021-39622
08:075.35.1Google Android LegacyModeSmsHandler.java sendLegacyVoicemailNotification permission$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.01036CVE-2021-39621
08:076.36.2Google Android EuiccNotificationManager.java privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.060.01036CVE-2021-39618
08:063.33.2Google Android Bluetooth DevicePickerFragment permission$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2021-1037
08:065.35.1Google Android AndroidManifest.xml LocationSettingsActivity improper restriction of rendered ui layers$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.01036CVE-2021-1036
08:057.87.6Google Android BluetoothDevicePickerPreferenceController.java setLaunchtent external reference$25k-$100k$5k-$25kNot DefinedOfficial Fix0.060.01036CVE-2021-1035
08:056.56.4Google Android jit_memory_region.cc privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.070.01036CVE-2021-0959
08:047.06.9Omron CX-One Project File stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.030.01559CVE-2022-21137
08:033.53.5libIEC61850 acse.c AcseConnection_parseMessage null pointer dereference$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2021-45769
08:037.06.9Adobe Acrobat Reader out-of-bounds$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01223CVE-2021-45060
08:023.83.7Adobe Acrobat Reader out-of-bounds$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01223CVE-2021-44742
08:023.83.7Adobe Acrobat Reader null pointer dereference$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01046CVE-2021-44741
08:023.83.7Adobe Acrobat Reader null pointer dereference$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01046CVE-2021-44740
08:022.82.8Adobe Acrobat Reader Warning Message injection$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.01046CVE-2021-44714
08:014.94.8Adobe Acrobat Reader Format Event Action use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.01046CVE-2021-44713
08:015.95.8Adobe Acrobat Reader buffer overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.01046CVE-2021-44712
08:004.64.6Ubiquiti UniFi Network injection$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2021-44530
07:595.35.3Sensormatic Electronics VideoEdge denial of service$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2021-36199
07:556.46.3colors americanFlag infinite loop$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01018CVE-2021-23567
07:543.63.6nanoid ID Generator valueOf information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00950CVE-2021-23566
07:485.55.3Google Android Privilege Escalation$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.00885CVE-2021-1049
07:482.62.5SAP Enterprise Threat Detection cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2022-22529
07:487.87.5Google Android target.c target_init allocation of resources$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01036CVE-2021-39684
07:474.24.0Google Android sss_ice_util.c copy_from_mbox out-of-bounds write$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000.01036CVE-2021-39683
07:475.35.1Google Android memory_group_manager.c mgm_alloc_page out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.01036CVE-2021-39682
07:475.35.1Google Android vendor_graphicbuffer_meta.cpp init use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.01036CVE-2021-39679
07:467.87.5Google Android Factory Reset Protection Local Privilege Escalation$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.01036CVE-2021-39678
07:465.35.1Google Android eventpoll.c use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.01036CVE-2021-39634

70 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!