Recent 07/19/2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Foxit PDF Reader18
CVA67
Nginx NJS6
Chcnav P5E GNSS5
DSK DSKNet5

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix43
Temporary Fix0
Workaround1
Unavailable0
Not Defined56

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept2
Unproven0
Not Defined98

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤30
≤43
≤510
≤627
≤724
≤828
≤98
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤43
≤510
≤628
≤724
≤828
≤97
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k17
<2k35
<5k39
<10k4
<25k4
<50k1
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k57
<2k27
<5k13
<10k3
<25k0
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTIEPSSCVE
17:506.36.0Mozilla Firefox Internal URL Protection access control$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00000CVE-2022-31746
14:137.87.6Zyxel USG ZyWALL CLI Command privileges management$5k-$25k$0-$5kNot DefinedOfficial Fix0.080.01732CVE-2022-30526
14:114.94.9Octopus Deploy unknown vulnerability$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-30532
14:095.45.4Zyxel USG ZyWALL CGI Program path traversal$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00885CVE-2022-2030
11:388.18.1Parallels Access Desktop Control Agent service uncontrolled search path$0-$5k$0-$5kNot DefinedNot Defined0.060.01005CVE-2022-34902
11:378.58.4Feed Them Social Plugin deserialization$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-2437
11:367.67.5cPanel Hudson xml external entity reference$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00954CVE-2015-8031
11:368.38.3Fortinet FortiClient FortiESNAC Service path traversal$0-$5k$0-$5kNot DefinedNot Defined0.060.00885CVE-2021-41031
11:356.56.4Check Point Capsule Workspace App buffer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2022-23745
11:347.97.9Parallels Desktop ACPI Virtual Device out-of-bounds$0-$5k$0-$5kNot DefinedNot Defined0.000.01005CVE-2022-34889
11:328.07.8AnyDesk symlink$0-$5k$0-$5kNot DefinedNot Defined0.000.00950CVE-2022-32450
11:316.86.8Fortinet FortiADC Management Interface sql injection$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-26120
11:307.57.5Fortinet FortiNAC CLI empty password in configuration file$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-26117
11:294.64.6Fortinet FortiOS Captive Portal Authentication Replacement Page cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.000.01055CVE-2022-23438
11:246.36.2IBM FSP access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00885CVE-2022-22445
11:206.76.5Fortinet FortiOS/FortiProxy Command Line Argument stack-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2021-44170
11:194.34.2Fortinet FortiSwitch integer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2021-42755
11:185.35.2dompdf file inclusion$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-2400
11:166.86.8Zoho ManageEngine Password Manager Pro/OPManager access control$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-35404
11:146.06.0Chcnav P5E GNSS wifi_ap_pata_get.cmd information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-30626
11:117.27.1Chcnav P5E GNSS admin.html password recovery$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-30624
11:097.77.6Chcnav P5E GNSS authentication bypass$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2022-30623
11:087.57.4Cellinx NVT IP PTZ Camera Cookie access control$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-30620
11:077.07.0Fortinet FortiAnalyzer privilege chaining$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2022-26118
11:058.18.1Parallels Access uncontrolled search path$0-$5k$0-$5kNot DefinedNot Defined0.000.01005CVE-2022-34901
11:047.47.4Parallels Access Symbolic Links toctou$0-$5k$0-$5kNot DefinedNot Defined0.060.01005CVE-2022-34899
11:007.16.9SourceCodester Garage Management System editbrand.php sql injection$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00885CVE-2022-2468
10:578.17.9SourceCodester Garage Management System login.php sql injection$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00885CVE-2022-2467
10:058.18.1Parallels Desktop permission assignment$0-$5k$0-$5kNot DefinedNot Defined0.060.01005CVE-2022-34891
10:045.55.4CVA6 Instruction exceptional condition$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-34639
10:035.55.5CVA6 Virtual Address exceptional condition$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-34637
10:037.67.6Samsung CVA6 Privilege Escalation$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-34635
10:025.55.4CVA6 exceptional condition$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-34634
10:025.55.4CVA6 exceptional condition$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2022-34633
10:016.56.5HTMLDoc html.cxx e_node heap-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00954CVE-2022-34035
10:016.56.5HTMLDoc html.cxx write_header heap-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00954CVE-2022-34033
10:006.56.5Nginx NJS njs_value.c njs_value_own_enumerate memory corruption$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2022-34032
10:006.56.5Nginx NJS njs_value_conversion.h njs_value_to_number memory corruption$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-34031
09:596.56.5Nginx NJS njs_djb_hash.c njs_djb_hash memory corruption$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-34030
09:586.36.3Nginx NJS njs_scope.h njs_scope_value out-of-bounds$0-$5k$0-$5kNot DefinedNot Defined0.120.00885CVE-2022-34029
09:576.56.5Nginx NJS njs_utf8.h njs_utf8_next memory corruption$0-$5k$0-$5kNot DefinedNot Defined0.050.00885CVE-2022-34028
09:556.56.5Nginx NJS njs_value.c njs_value_property memory corruption$0-$5k$0-$5kNot DefinedNot Defined0.080.00885CVE-2022-34027
09:547.37.2Foxit PDF Reader Doc Object out-of-bounds$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01611CVE-2022-28682
09:535.95.8Kentico GetResource denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-32387
09:347.06.9Linux Kernel IOCTL out-of-bounds write$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00890CVE-2021-33656
09:347.06.9Linux Kernel IOCTL out-of-bounds write$5k-$25k$0-$5kNot DefinedOfficial Fix0.090.00890CVE-2021-33655
09:335.65.5Chcnav P5E GNSS information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.200.00885CVE-2022-30627
09:305.55.4Chcnav P5E GNSS Web Server exposure of information through directory listing$0-$5k$0-$5kNot DefinedNot Defined0.130.00885CVE-2022-30625
09:295.85.8DSK DSKNet HTTP Request sql injection$0-$5k$0-$5kNot DefinedNot Defined0.130.00885CVE-2022-24691
09:287.67.6Apache CloudStack SAML 2.0 Plugin xml external entity reference$5k-$25k$5k-$25kNot DefinedNot Defined0.070.00954CVE-2022-35741

50 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!