Recent 06/22/2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Autodesk AutoCAD5
Frappe ERPNext4
oretnom23 Online Railway Reservation System4
habitica2
SUSE Manager Server2

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix23
Temporary Fix0
Workaround0
Unavailable0
Not Defined23

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional1
Proof-of-Concept0
Unproven0
Not Defined45

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤30
≤47
≤57
≤615
≤712
≤82
≤93
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤47
≤58
≤616
≤710
≤82
≤93
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k12
<2k14
<5k10
<10k6
<25k3
<50k1
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k21
<2k15
<5k6
<10k3
<25k1
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTICVE
06:27 PM5.55.5Apache Sling Commons Log/Sling API neutralization for logs$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2022-32549
06:26 PM4.94.8Cisco Adaptive Security Device Manager log file$5k-$25k$0-$5kNot DefinedOfficial Fix0.22CVE-2022-20651
04:28 PM5.45.3microweber cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.15CVE-2022-2174
04:28 PM5.25.1habitica Login Page cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.26CVE-2022-23077
04:27 PM7.57.4motor-admin Password Reset escape output$0-$5k$0-$5kNot DefinedOfficial Fix0.22CVE-2022-23079
04:26 PM5.55.4habitica Login Page redirect$0-$5k$0-$5kNot DefinedOfficial Fix0.30CVE-2022-23078
04:25 PM6.46.3SUSE Manager Server spacewalk-java resource consumption$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-21952
04:24 PM5.35.2SUSE Manager Server spacewalk-java information exposure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-31248
02:11 PM4.44.4Frappe ERPNext Profile cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.33CVE-2022-23057
02:11 PM4.44.4Frappe ERPNext My Settings Page cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.37CVE-2022-23058
02:10 PM4.44.4Frappe ERPNext Patient History Page cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-23056
02:09 PM5.95.8Frappe ERPNext Chat Room authorization$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-23055
08:08 AM3.53.5Unioncms Default Setting cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-25585
08:05 AM3.53.4NukeViet cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-30874
08:05 AM3.53.4IdeaLMS cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-31786
08:04 AM3.53.4Webkul krayin cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-41924
08:03 AM3.53.4UserTakeOver Search information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-31478
08:02 AM3.53.5OBDA Mastro xml entity expansion$0-$5k$0-$5kNot DefinedNot Defined0.37CVE-2021-40511
08:01 AM5.55.5Qlik Sense GeoAnalytics server-side request forgery$0-$5k$0-$5kNot DefinedNot Defined0.37CVE-2021-36761
08:00 AM8.88.8Comodo Antivirus Quarantine access control$5k-$25k$5k-$25kNot DefinedNot Defined0.11CVE-2022-34008
07:52 AM8.88.4Tenable Nessus PowerShell cmdlet Check access control$0-$5k$0-$5kNot DefinedOfficial Fix0.14CVE-2022-32973
07:50 AM6.36.3iSpyConnect iSpy URL improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-29775
07:50 AM5.55.5iSpyConnect iSpy path traversal$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-29774
07:49 AM5.55.3Quectel RG502Q-EA os command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-26147
07:48 AM3.53.4Hyland Onbase Application Server/OnBase Connect information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-23342
07:37 AM7.47.2Atlas VPN Named Pipe access control$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-23171
07:35 AM5.34.9VMware Spring Cloud Function Function Catalog allocation of resources$5k-$25k$0-$5kFunctionalOfficial Fix0.07CVE-2022-22979
07:34 AM4.34.2discourse-chat Chat Message Lookup Endpoint information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-31095
07:33 AM5.55.5OBDA Mastro DTD xml external entity reference$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-40510
07:32 AM5.45.2Devolutions Remote Desktop Manager Entry Attachment path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.29CVE-2022-33995
07:32 AM6.36.1oretnom23 Online Railway Reservation System sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-33049
07:31 AM4.34.1Tenable Nessus Compliance Audit File information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2022-32974
07:29 AM4.34.3Autodesk Navisworks PDF File Parser null pointer dereference$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-27872
07:28 AM6.36.0Autodesk AutoCAD PDFTron buffer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-27871
07:25 AM6.36.3Autodesk AutoCAD TGA File Parser buffer overflow$0-$5k$0-$5kNot DefinedNot Defined0.21CVE-2022-27870
07:24 AM6.36.3Autodesk AutoCAD CAT File use after free$0-$5k$0-$5kNot DefinedNot Defined0.22CVE-2022-27868
07:24 AM6.36.3Autodesk AutoCAD JT File use after free$0-$5k$0-$5kNot DefinedNot Defined0.29CVE-2022-27867
07:23 AM5.55.3Red Hat AMQ Broker Operator default permission$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-1833
07:20 AM5.45.4ABB REX640 PCL1/REX640 PCL2/REX640 PCL3 User Database File permission assignment$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-1596
07:20 AM6.36.3Autodesk AutoCAD TIFF File Parser buffer overflow$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-27869
07:16 AM5.35.2IBM IBM QRadar WinCollect Agent information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-39006
07:15 AM6.36.0OpenSSL Incomplete Fix CVE-2022-1292 c_rehash os command injection$25k-$100k$5k-$25kNot DefinedOfficial Fix1.10CVE-2022-2068
07:11 AM6.36.1oretnom23 Online Railway Reservation System manage_schedule.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-33056
07:10 AM6.36.1oretnom23 Online Railway Reservation System manage_train.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.16CVE-2022-33055
07:10 AM6.36.1oretnom23 Online Railway Reservation System view_details.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.15CVE-2022-33048
07:09 AM8.48.4Red Hat Enterprise Linux Kernel hard-coded key$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2022-1665

Want to stay up to date on a daily basis?

Enable the mail alert feature now!