Recent 06/25/2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

IBM Jazz Team Server8
Secheron SEPCOS7
Illumina Local Run Manager5
Concrete4
OFFIS DCMTK3

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix51
Temporary Fix0
Workaround0
Unavailable0
Not Defined43

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept5
Unproven0
Not Defined89

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤31
≤44
≤519
≤615
≤713
≤829
≤98
≤105

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤44
≤519
≤619
≤711
≤829
≤96
≤105

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k20
<2k15
<5k43
<10k6
<25k9
<50k0
<100k1
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k49
<2k11
<5k30
<10k3
<25k0
<50k1
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTIEPSSCVE
23:585.25.2Raytion cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.050.00885CVE-2022-29931
15:095.45.3Argo CD resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2022-31016
15:086.76.6wire-webapp mentions cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.060.01086CVE-2022-29168
15:062.32.2Zulip API Event expression is always true$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2022-31017
15:047.17.0Espressif Bluetooth Mesh SDK out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2022-24893
08:317.77.7Ruijie RG-EG350 alarmService.php get_alarmAction sql injection$0-$5k$0-$5kNot DefinedNot Defined0.180.00885CVE-2022-33128
08:306.26.2miniCMS DAT File cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-33121
08:294.14.1EyouCMS Login Page cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-33122
08:274.44.4BigBlueButton Private Message cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-27238
08:276.96.8SysAid Okta SSO xml external entity reference$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-23170
08:248.28.1deep-get-set Incomplete Fix CVE-2020-7715 deep code injection$0-$5k$0-$5kNot DefinedNot Defined0.050.00885CVE-2022-21231
08:235.75.6Dradis Professional Edition Password Reset Token password recovery$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2022-30028
08:215.25.1Telesoft VitalPBX Backup System access control$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00885CVE-2022-29330
08:205.05.0Dell Wyse Management Suite saveGroupConfigurations Page cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.030.01086CVE-2022-29096
08:147.67.5Online Student Rate System access control$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2021-39409
08:144.94.9GNOME GIMP XCF File gimp_layer_invalidate_boundary denial of service$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-32990
08:135.75.7OFFIS DCMTK DICOM File null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00885CVE-2022-2121
08:129.09.0Illumina Local Run Manager path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2022-1518
08:013.83.7Broadcom Symantec Messaging Gateway Active Directory information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00885CVE-2021-30651
07:466.56.4Thales Safenet Authentication Client Lock File symlink$0-$5k$0-$5kNot DefinedNot Defined0.040.01036CVE-2021-42056
07:458.38.3EagleGet Downloader luminati_net_updater_win_eagleget_com privileges management$0-$5k$0-$5kNot DefinedNot Defined0.040.01005CVE-2020-21046
07:444.34.3Concrete cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00954CVE-2022-30120
07:434.34.3Concrete view cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00954CVE-2022-30119
07:424.34.3Concrete [GUID] cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00954CVE-2022-30118
07:415.55.4underscore-99xp deepValueSearch incorrect regex$0-$5k$0-$5kNot DefinedNot Defined0.180.00885CVE-2021-40894
07:393.83.8Dell WMS Device API path traversal$5k-$25k$5k-$25kNot DefinedNot Defined0.040.01055CVE-2022-29097
07:375.55.4validate-data Mail incorrect regex$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2021-40893
07:379.49.3Secheron SEPCOS behavioral workflow$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2022-2105
07:368.78.6Secheron SEPCOS FTP Server access control$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2022-2103
07:355.75.6Illumina Local Run Manager TLS Encryption cleartext transmission$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2022-1524
07:358.28.0Illumina Local Run Manager improper authorization$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-1521
07:349.99.7Illumina Local Run Manager unrestricted upload$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-1519
07:325.55.4validate-color RGB String incorrect regex$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2021-40892
07:317.06.9HPE Version Control Repository Manager Installer Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-28619
07:307.77.7Texercise backdoor$0-$5k$0-$5kNot DefinedNot Defined0.000.02509CVE-2022-34066
07:307.77.7Rondolu-YT-Concate backdoor$0-$5k$0-$5kNot DefinedNot Defined0.030.02509CVE-2022-34065
07:297.77.6Zibal backdoor$0-$5k$0-$5kNot DefinedNot Defined0.030.01440CVE-2022-34064
07:287.77.7Catly-Translate backdoor$0-$5k$0-$5kNot DefinedNot Defined0.060.02509CVE-2022-34061
07:277.77.7Togglee backdoor$0-$5k$0-$5kNot DefinedNot Defined0.060.02509CVE-2022-34060
07:277.77.7Sixfab-Tool Request backdoor$0-$5k$0-$5kNot DefinedNot Defined0.000.02509CVE-2022-34059
07:277.77.6Scoptrial Request Package backdoor$0-$5k$0-$5kNot DefinedNot Defined0.030.01440CVE-2022-34057
07:267.77.7Watertools Request backdoor$0-$5k$0-$5kNot DefinedNot Defined0.030.02509CVE-2022-34056
07:267.77.7drxhello Request Package backdoor$0-$5k$0-$5kNot DefinedNot Defined0.030.02509CVE-2022-34055
07:257.77.7Perdido Request Package backdoor$0-$5k$0-$5kNot DefinedNot Defined0.060.02509CVE-2022-34054
07:247.77.7DR-Web-Engine Request Package backdoor$0-$5k$0-$5kNot DefinedNot Defined0.020.02509CVE-2022-34053
07:237.77.7Beginner Request Package backdoor$0-$5k$0-$5kNot DefinedNot Defined0.020.02509CVE-2022-33004
07:237.77.7watools Request Package backdoor$0-$5k$0-$5kNot DefinedNot Defined0.060.02509CVE-2022-33003
07:227.77.7KGExplore Request Package backdoor$0-$5k$0-$5kNot DefinedNot Defined0.030.02509CVE-2022-33002
07:227.77.7AAmiles Request Package backdoor$0-$5k$0-$5kNot DefinedNot Defined0.040.02509CVE-2022-33001
07:217.77.7ML-Scanner Request Package backdoor$0-$5k$0-$5kNot DefinedNot Defined0.000.02509CVE-2022-33000

44 more entries are not shown

Do you want to use VulDB in your project?

Use the official API to access entries easily!