Recent June 2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Google Android79
Qualcomm Snapdragon Industrial IOT58
Qualcomm Snapdragon Mobile55
Qualcomm Snapdragon Compute52
Qualcomm Snapdragon Connectivity52

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix967
Temporary Fix0
Workaround6
Unavailable0
Not Defined997

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High2
Functional2
Proof-of-Concept59
Unproven46
Not Defined1861

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤25
≤370
≤4347
≤5293
≤6415
≤7575
≤8131
≤9102
≤1032

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤26
≤377
≤4355
≤5293
≤6477
≤7536
≤8133
≤962
≤1031

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k569
<2k578
<5k391
<10k151
<25k165
<50k68
<100k47
≥100k1

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k963
<2k602
<5k226
<10k117
<25k58
<50k4
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTICVE
06/28/20223.53.5LightCMS PDF File cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.91+CVE-2022-33009
06/28/20223.53.4Delta Electronics DIAEnergie Settings Module cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.91+CVE-2022-33005
06/28/20223.53.4Apache Tika Incomplete Fix StandardsExtractingContentHandler incorrect regex$5k-$25k$0-$5kNot DefinedOfficial Fix0.91+CVE-2022-33879
06/28/20226.46.3lettersanitizer CSS Rule unusual condition$0-$5k$0-$5kNot DefinedOfficial Fix0.88+CVE-2022-31103
06/28/20227.27.0PrestaShop blockwishlist sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.88+CVE-2022-31101
06/28/20225.45.3rulex Expression Parser assertion$0-$5k$0-$5kNot DefinedOfficial Fix0.83+CVE-2022-31100
06/28/20225.45.3rulex Expression Parser recursion$0-$5k$0-$5kNot DefinedOfficial Fix0.88+CVE-2022-31099
06/28/20225.75.6ScratchTools Recently Viewed Project cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.86+CVE-2022-31094
06/28/20226.56.3LDAP Account Manager Login injection$0-$5k$0-$5kNot DefinedOfficial Fix0.94+CVE-2022-31088
06/28/20223.02.9KubeEdge CSI Driver Controller null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.88+CVE-2022-31077
06/28/20225.04.9BigBlueButton Private Chat cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.85+CVE-2022-31064
06/28/20224.34.2BigBlueButton Greenlight Room Setting privileges management$0-$5k$0-$5kNot DefinedOfficial Fix0.88+CVE-2022-31039
06/28/20223.53.5GPAC MP4Box filter.c filter_parse_dyn_args denial of service$0-$5k$0-$5kNot DefinedNot Defined0.72+CVE-2021-40942
06/28/20225.25.1Wasmtime calculation$0-$5k$0-$5kNot DefinedOfficial Fix0.80+CVE-2022-31104
06/28/20225.55.3Halo CMS upload unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined0.72+CVE-2022-32994
06/28/20226.46.3NextAuth.js URL unusual condition$0-$5k$0-$5kNot DefinedOfficial Fix0.63+CVE-2022-31093
06/28/20223.13.0KubeEdge CloudCore null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.66+CVE-2022-31076
06/28/20225.04.9Shopware cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.69+CVE-2022-31057
06/28/20225.55.3TRENDnet TEW-751DR/TEW-752DRU genacgi_main stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.77+CVE-2022-33007
06/28/20226.36.1Halo CMS Template server-side request forgery$0-$5k$0-$5kNot DefinedNot Defined0.69+CVE-2022-32995
06/28/20225.55.3D-Link DIR-645 __ajax_explorer.sgi command injection$5k-$25k$5k-$25kNot DefinedNot Defined0.66+CVE-2022-32092
06/28/20226.46.3Parse Server Invalid File Request return value$0-$5k$0-$5kNot DefinedOfficial Fix0.72+CVE-2022-31089
06/28/20227.37.2LDAP Account Manager argument injection$0-$5k$0-$5kNot DefinedOfficial Fix0.69+CVE-2022-31084
06/28/20225.04.9BigBlueButton Private Chat cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.66+CVE-2022-31065
06/28/20224.34.2Argo CD symlink$0-$5k$0-$5kNot DefinedOfficial Fix0.91+CVE-2022-31036
06/28/20224.64.5Discourse Invite permissions$0-$5k$0-$5kNot DefinedOfficial Fix0.85+CVE-2022-31096
06/28/20226.26.2Weave GitOps log file$0-$5k$0-$5kNot DefinedOfficial Fix0.88+CVE-2022-31098
06/28/20224.94.8glpi-inventory-plugin Package Deployment Task deploypackage.public.php sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.94+CVE-2022-31082
06/28/20224.34.1Benjamin Balet Jorani Users.php cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.88+CVE-2022-34134
06/28/20223.53.4Benjamin Balet Jorani Leaves.php cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.83+CVE-2022-34133
06/28/20223.53.5GUnet Open eClass Platform index.php pathname traversal$0-$5k$0-$5kNot DefinedNot Defined0.94+CVE-2022-33116
06/28/20225.75.6Guzzle Redirect information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.96+CVE-2022-31091
06/28/20226.05.9Guzzle Curl information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.99+CVE-2022-31090
06/28/20226.36.0Benjamin Balet Jorani Leaves.php sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.94+CVE-2022-34132
06/28/20227.87.6LDAP Account Manager injection$0-$5k$0-$5kNot DefinedOfficial Fix0.83+CVE-2022-31087
06/28/20226.66.4LDAP Account Manager pdf injection$0-$5k$0-$5kNot DefinedOfficial Fix0.85+CVE-2022-31086
06/28/20227.37.1HTTP::Daemon request smuggling$0-$5k$0-$5kNot DefinedOfficial Fix1.13CVE-2022-31081
06/28/20226.26.1Pimcore sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.94CVE-2022-31092
06/28/20224.44.3LDAP Account Manager PHP OpenSSL Extension missing encryption$0-$5k$0-$5kNot DefinedOfficial Fix1.13CVE-2022-31085
06/27/20223.53.5Ruckus Wireless ZoneDirector cross site scripting$0-$5k$0-$5kNot DefinedNot Defined2.51CVE-2020-21161
06/27/20225.45.3Hikvision Hybrid SAN Web Module cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix1.60CVE-2022-28172
06/27/20226.26.2Argo CD UI cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix1.50CVE-2022-31035
06/27/20227.47.2Hikvision Hybrid SAN Web Module os command injection$0-$5k$0-$5kNot DefinedOfficial Fix1.71CVE-2022-28171
06/27/20223.53.4Brocade SANnav Base64 Encoding log file$0-$5k$0-$5kNot DefinedOfficial Fix1.76CVE-2022-28168
06/27/20223.53.4Brocade SANnav Switch Password asyncjobscheduler-manager.log server log file$0-$5k$0-$5kNot DefinedOfficial Fix1.37CVE-2022-28167
06/27/20223.73.6Brocade SANnav SSL Server hard-coded key$0-$5k$0-$5kNot DefinedOfficial Fix1.60CVE-2022-28166
06/27/20223.53.4Apache SystemDS readExternal resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix1.63CVE-2022-26477
06/27/20223.53.5Axiomatic Bento4 Ap4Array.h AP4_Array denial of service$0-$5k$0-$5kNot DefinedNot Defined1.45CVE-2021-40941
06/27/20227.06.9vim out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix1.33CVE-2022-2210
06/27/20226.16.1Elcomplus SmartICS Parameter cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix1.06CVE-2022-2140

1920 more entries are not shown

Do you know our Splunk app?

Download it now for free!