Recent 05/12/2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Adobe Acrobat Reader61
InHand InRouter30210
AMD EPYC10
Simple Client Management System6
Intel Optane SSD5

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix135
Temporary Fix0
Workaround1
Unavailable0
Not Defined71

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept5
Unproven0
Not Defined202

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤21
≤37
≤425
≤521
≤653
≤778
≤810
≤96
≤106

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤21
≤37
≤425
≤521
≤661
≤771
≤812
≤93
≤106

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k41
<2k48
<5k50
<10k1
<25k29
<50k38
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k89
<2k35
<5k45
<10k6
<25k32
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTIEPSSCVE
10:21 PM3.33.2Intel CPU information exposure$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2021-33149
10:14 PM2.42.3Intel RealSense ID Solution F450 information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2021-33130
10:11 PM3.33.2Intel Xeon BIOS information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2021-33117
10:10 PM3.33.2Intel SSD/SSD DC/Optane SSD/Optane SSD DC Firmware information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00885CVE-2021-33083
10:08 PM2.42.3Intel SSD DC/Optane SSD/Optane SSD DC Firmware information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2021-33080
10:06 PM2.42.3Intel SSD/SSD DC/Optane SSD protection mechanism$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2021-33074
10:05 PM5.55.3Intel SSD/SSD DC/Optane SSD/Optane SSD DC Firmware denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2021-33069
09:55 PM3.33.2Intel CPU BIOS Firmware information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00885CVE-2021-0155
09:55 PM3.53.4Stormshield Network Security ASQ Sofbus Lacbus Plugin null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2022-30279
09:54 PM7.37.3RESI Gemini-Net Web access control$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2022-29538
09:53 PM5.35.3InHand InRouter302 Console Infactory hard-coded password$0-$5k$0-$5kNot DefinedNot Defined0.000.01440CVE-2022-27172
09:51 PM6.36.3InHand InRouter302 Configuration Export hard-coded key$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-26020
09:50 PM7.67.5causefx organizr integer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-1699
09:44 PM7.67.5causefx organizr Long Password integer underflow$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-1698
09:43 PM2.42.3Intel SSD/Optane SSD information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00885CVE-2021-33082
09:42 PM9.39.3InHand InRouter302 httpd libnvram.so nvram_import input validation$0-$5k$0-$5kNot DefinedNot Defined0.000.01978CVE-2022-26782
09:42 PM9.39.3InHand InRouter302 httpd libnvram.so nvram_import input validation$0-$5k$0-$5kNot DefinedNot Defined0.000.01978CVE-2022-26781
09:41 PM9.39.3InHand InRouter302 httpd libnvram.so nvram_import input validation$0-$5k$0-$5kNot DefinedNot Defined0.000.01978CVE-2022-26780
09:40 PM9.39.3InHand InRouter302 Network Request infactory_net os command injection$0-$5k$0-$5kNot DefinedNot Defined0.000.01978CVE-2022-26518
09:35 PM9.39.3InHand InRouter302 Console infactory_port os command injection$0-$5k$0-$5kNot DefinedNot Defined0.000.01978CVE-2022-26420
09:34 PM9.39.3InHand InRouter302 Console infactory_wlan os command injection$0-$5k$0-$5kNot DefinedNot Defined0.000.01978CVE-2022-26075
09:34 PM8.18.1InHand InRouter302 Console Factory stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.000.01978CVE-2022-26002
09:33 PM6.46.4InHand InRouter302 httpd parse_ping_result buffer overflow$0-$5k$0-$5kNot DefinedNot Defined0.080.01888CVE-2022-24910
09:32 PM7.57.4Kingsoft WPS Office Spreadsheets use after free$0-$5k$0-$5kNot DefinedNot Defined0.020.01611CVE-2021-40399
09:31 PM6.36.1Simple Client Management System manage_service.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-29982
09:30 PM6.36.1Simple Client Management System sql injection$0-$5k$0-$5kNot DefinedNot Defined0.060.00885CVE-2022-29981
09:30 PM6.36.1Simple Client Management System sql injection$0-$5k$0-$5kNot DefinedNot Defined0.090.00885CVE-2022-29979
09:29 PM6.36.1Simple Client Management System sql injection$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2022-29751
09:29 PM6.36.1Simple Client Management System sql injection$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2022-29750
09:15 PM6.36.1Simple Client Management System sql injection$0-$5k$0-$5kNot DefinedNot Defined0.060.00885CVE-2022-29749
09:12 PM6.36.1Insurance Management System editNominee.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-30002
09:12 PM6.36.1Insurance Management System editAgent.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-30001
09:11 PM6.36.1Insurance Management System editPayment.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.060.00885CVE-2022-30000
09:10 PM6.36.1Insurance Management System editClient.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-29999
09:08 PM6.36.1Insurance Management System clientStatus.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.050.00885CVE-2022-29998
09:07 PM6.36.1Money Transfer Management System sql injection$0-$5k$0-$5kNot DefinedNot Defined0.050.00885CVE-2022-29746
09:07 PM6.36.1Money Transfer Management System sql injection$0-$5k$0-$5kNot DefinedNot Defined0.060.00885CVE-2022-29745
09:07 PM6.36.1Money Transfer Management System sql injection$0-$5k$0-$5kNot DefinedNot Defined0.050.00885CVE-2022-29741
09:06 PM6.36.1Online Sports Complex Booking System view_booking.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-29993
09:06 PM6.36.1Online Sports Complex Booking System manage_category.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2022-29992
09:04 PM6.36.1Online Sports Complex Booking System view_category.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2022-29990
09:03 PM6.36.1Booking Online Sports Complex Booking System sql injection$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-29989
09:03 PM6.36.1Online Sports Complex Booking System sql injection$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2022-29988
09:03 PM6.36.1Booking Online Sports Complex Booking System sql injection$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-29986
08:54 PM5.55.5IonizeCMS lang_model.php copy_lang_content command injection$0-$5k$0-$5kNot DefinedNot Defined0.000.02055CVE-2022-29307
08:52 PM6.36.3IonizeCMS article_model.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2022-29306
08:51 PM3.53.5SolarView Compact Solar_Ftp.php information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2022-29302
08:43 PM6.56.2Intel SGX Linux Kernel Driver resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2021-33135
06:40 PM6.36.1Online Sports Complex Booking System sql injection$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2022-29985
04:59 PM5.35.3F-Secure Safe Browser Address Bar clickjacking$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2022-28872

157 more entries are not shown

Do you need the next level of professionalism?

Upgrade your account now!