Recent July 2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Apple macOS55
Microsoft Windows48
Apple iOS39
Apple iPadOS39
Cisco Small Business RV110W35

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix1474
Temporary Fix0
Workaround35
Unavailable0
Not Defined865

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High1
Functional2
Proof-of-Concept107
Unproven47
Not Defined2217

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤318
≤4247
≤5367
≤6445
≤7527
≤8541
≤9136
≤1093

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤320
≤4269
≤5362
≤6522
≤7496
≤8510
≤9108
≤1087

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k466
<2k563
<5k539
<10k313
<25k310
<50k56
<100k108
≥100k19

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k1003
<2k703
<5k395
<10k92
<25k127
<50k54
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTICVE
07/31/20227.87.5HPE iLO 5 Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.14CVE-2022-28636
07/31/20227.87.5HPE iLO 5 Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-28635
07/31/20227.87.5HPE iLO 5 Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-28634
07/31/20228.88.4HPE iLO 5 Remote Code Execution$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2022-28633
07/31/20228.88.4HPE iLO 5 Remote Code Execution$5k-$25k$0-$5kNot DefinedOfficial Fix0.20CVE-2022-28632
07/31/20228.88.4HPE iLO 5 Remote Code Execution$5k-$25k$0-$5kNot DefinedOfficial Fix0.66CVE-2022-28631
07/31/20227.87.5HPE iLO 5 Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-28630
07/31/20227.87.5HPE iLO 5 Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-28629
07/31/20227.87.5HPE iLO 5 Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.19CVE-2022-28628
07/31/20227.87.5HPE iLO 5 Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2022-28627
07/31/20227.87.5HPE iLO 5 Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-28626
07/31/20223.53.5Gutenberg Plugin SVG Document cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-33994
07/31/20225.34.7Backdoor.Win32.Destrukor.20 Service Port 6969 improper authentication$0-$5k$0-$5kProof-of-ConceptWorkaround0.05
07/31/20227.36.4Backdoor.Win32.Destrukor.20 Service Port 6969 backdoor$0-$5k$0-$5kProof-of-ConceptWorkaround0.04
07/31/20227.56.8TEM FLEX-1085 reboot denial of service$0-$5k$0-$5kFunctionalWorkaround0.76CVE-2022-2591
07/30/20226.36.0Rockwell Automation ISaGRAF Workbench deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-2465
07/30/20226.36.0Rockwell Automation ISaGRAF Workbench path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2022-2464
07/30/20226.36.0Rockwell Automation ISaGRAF Workbench 7z File path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-2463
07/30/20223.73.6AutomationDirect SIO-MB04RTDS cleartext transmission$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2022-2485
07/30/20224.74.5Inductive Automation Ignition xml external entity reference$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-1704
07/30/20227.57.2Moxa NPort 5110 out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.17CVE-2022-2044
07/30/20227.57.2Moxa NPort 5110 out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-2043
07/30/20223.53.4Velocidex Velociraptor GUI cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-35632
07/30/20223.53.4Velocidex Velociraptor Collection Report cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.14CVE-2022-35630
07/30/20226.36.3Trend Micro VPN Proxy Pro permission$5k-$25k$5k-$25kNot DefinedNot Defined0.03CVE-2022-33158
07/30/20225.55.3SonicWALL Hosted Email Security Capture ATP Security Service security check$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-2324
07/30/20225.65.4Velocidex Velociraptor improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2022-35629
07/30/20226.36.0Trend Micro Apex One/Worry-Free Business Security link following$5k-$25k$0-$5kNot DefinedOfficial Fix0.27CVE-2022-36336
07/30/20226.36.0Dogtag PKI XML Document Parser xml external entity reference$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2022-2414
07/30/20223.53.5Trend Micro Security 2021/Security 2022 out-of-bounds$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-35234
07/30/20226.36.3EllieGrid App code injection$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2022-30083
07/30/20224.64.6Chia Network CAT1 Standard unknown vulnerability$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2022-36447
07/30/20225.55.3D-Link DSL-3782 getAttrValue stack-based overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2022-34528
07/30/20225.55.3D-Link DSL-3782 byte_4C0160 command injection$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2022-34527
07/30/20224.34.3Tiffsplit TIFF File _TIFFVGetField stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-34526
07/30/20225.55.3HiBy R3 Pro unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2022-34496
07/30/20226.36.0Autodesk Design Review TGA File DesignReview.exe out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2022-27865
07/30/20226.36.0Autodesk Design Review PDF File DesignReview.exe double free$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-27864
07/30/20225.35.2Western Digital Sweet B Cryptographic Library NIST P-256 Curve unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-23004
07/30/20226.36.0Velocidex Velociraptor temp file$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-35631
07/30/20223.93.9HCL Remote Store Server insufficiently protected credentials$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-27785
07/30/20226.36.0Autodesk Fusion360 HTTP Request access control$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2022-27873
07/30/20226.36.0Autodesk Design Review TIFF File DesignReview.exe out-of-bounds$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-27866
07/30/20226.36.3SonicWALL Switch command injection$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-2323
07/30/20225.35.2Western Digital Sweet B Cryptographic Library NIST P-256 Curve unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-23003
07/30/20225.35.2Western Digital Sweet B Cryptographic Library NIST P-256 Elliptic Curve unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-23002
07/30/20225.35.3Western Digital Sweet B Cryptographic Library Elliptic Curve calculation$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2022-23001
07/30/20224.34.1Autodesk AutoCAD 2023 PRT File out-of-bounds$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2022-33881
07/30/20223.63.6PluginlySpeaking Floating Div Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-36378
07/30/20226.36.3DedeCMS mytag_main.php mytag_ Privilege Escalation$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2022-34531

2324 more entries are not shown

Do you want to use VulDB in your project?

Use the official API to access entries easily!