Recent 07/20/2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Oracle MySQL Server23
Oracle Financial Services Crime and Compliance Man ...17
Oracle WebLogic Server15
Oracle PeopleSoft Enterprise PeopleTools11
Oracle Agile Engineering Data Management8

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix377
Temporary Fix0
Workaround0
Unavailable0
Not Defined53

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept8
Unproven0
Not Defined422

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤32
≤43
≤542
≤649
≤797
≤8144
≤931
≤1062

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤33
≤42
≤542
≤655
≤7111
≤8135
≤924
≤1058

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k17
<2k24
<5k73
<10k145
<25k102
<50k6
<100k50
≥100k13

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k74
<2k154
<5k114
<10k20
<25k24
<50k44
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTIEPSSCVE
21:477.57.3Juniper Junos OS appqoe Subsystem memory leak$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00885CVE-2022-22205
21:345.35.2Juniper Junos OS SIP ALG memory leak$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.04499CVE-2022-22204
21:346.56.5Juniper Junos OS PFE comparison$5k-$25k$5k-$25kNot DefinedNot Defined0.060.00885CVE-2022-22203
21:136.56.3Juniper Junos OS dcpfe exceptional condition$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00885CVE-2022-22202
21:106.26.1Juniper Junos OS/Junos OS Evolved PAM denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-22215
21:005.95.8Juniper Junos OS/Junos OS Evolved RPD undefined values$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2022-22213
20:567.57.3Juniper Junos OS Advanced Forwarding Toolkit use after free$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2022-22207
20:557.57.3Juniper Junos OS Evolved Packet Forwarding Engine allocation of resources$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.00885CVE-2022-22212
20:517.57.3Juniper Junos Kernel Routing Table memory leak$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-22209
13:539.09.0Pega Platform JMX Interface deserialization$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-24082
13:526.86.7HiCOS Natural Person Credential Component Client double free$0-$5k$0-$5kNot DefinedNot Defined0.000.01036CVE-2022-32962
13:506.86.7HiCOS Natural Person Credential Component Client out-of-bounds write$0-$5k$0-$5kNot DefinedNot Defined0.000.01036CVE-2022-32961
13:486.86.7HiCOS HiCOS Natural Person Credential Component Client out-of-bounds write$0-$5k$0-$5kNot DefinedNot Defined0.060.01036CVE-2022-32960
13:486.86.7HiCOS Natural Person Credential Component Client out-of-bounds write$0-$5k$0-$5kNot DefinedNot Defined0.030.01036CVE-2022-32959
13:466.05.7Unit4 ERP ExecuteServerProcessAsynchronously xml external entity reference$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.00885CVE-2022-34001
13:457.57.5Fortinet FortiClientWindows unnecessary privileges$0-$5k$0-$5kNot DefinedNot Defined0.040.01036CVE-2022-26113
13:444.44.4Digital Watchdog DW MEGApix IP Camera bia_oneshot.cgi cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-34537
13:445.55.4Digital Watchdog DW MEGApix IP Camera log file$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-34536
13:435.95.8Digital Watchdog DW MEGApix IP Camera information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2022-34535
13:425.55.4Digital Watchdog DW Spectrum Server API information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-34534
13:427.07.0gstreamer qtdemux_inflate heap-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.040.00954CVE-2022-2122
13:417.07.0gstreamer MKV Demuxing gst_matroska_decompress_data heap-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.080.00954CVE-2022-1925
13:407.07.0gstreamer MKV Demuxing heap-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.030.00954CVE-2022-1924
13:397.07.0gstreamer MKV Demuxing heap-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.040.00954CVE-2022-1923
13:357.07.0gstreamer MKV Demuxing gst_matroska_decompress_data heap-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.040.00954CVE-2022-1922
13:345.45.4TIBCO Data Virtualization Column Based Security information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.070.00885CVE-2022-30570
13:314.03.9Puppet Bolt information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00885CVE-2022-2394
13:307.07.0SICK Safety Designer Project File deserialization$0-$5k$0-$5kNot DefinedNot Defined0.000.01036CVE-2022-27580
13:297.07.0SICK Flexi Soft Designer Project File deserialization$0-$5k$0-$5kNot DefinedNot Defined0.050.01036CVE-2022-27579
13:274.54.5HCL BigFix Web Reports Email Administrative Configuration Page cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2022-27545
13:264.84.8HCL BigFix Web Reports insufficiently protected credentials$0-$5k$0-$5kNot DefinedNot Defined0.080.00885CVE-2022-27544
13:257.47.4Fortinet FortiAP-U CLI CLI Command path traversal$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-30301
13:246.86.8Fortinet FortiDDoS API hard-coded key$0-$5k$0-$5kNot DefinedNot Defined0.050.00885CVE-2022-29060
13:237.37.2GPAC integer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2022-2454
13:217.37.2GPAC use after free$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2022-2453
12:598.38.3Yokogawa Passage Drive Interprocess Communication os command injection$0-$5k$0-$5kNot DefinedNot Defined0.060.00885CVE-2022-34866
12:576.66.4U-Boot Squashfs heap-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01559CVE-2022-33967
12:564.34.1libtirpc svc_run file descriptor consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.080.01213CVE-2021-46828
12:557.97.8openSUSE Tumbleweed keylime symlink$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00885CVE-2022-31250
11:274.84.8SICK FTMg GET Request authorization$0-$5k$0-$5kNot DefinedNot Defined0.050.00885CVE-2021-32504
11:197.47.3Digiwin BPM System Files xml external entity reference$0-$5k$0-$5kNot DefinedNot Defined0.000.01055CVE-2022-32458
11:185.85.7HYPR Workforce Access deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2022-1984
11:177.16.9SourceCodester Library Management System index.php sql injection$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00885CVE-2022-2492
11:157.16.9SourceCodester Library Management System lab.php sql injection$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00885CVE-2022-2491
11:128.58.4Digiwin BPM sql injection$0-$5k$0-$5kNot DefinedNot Defined0.040.01055CVE-2022-32456
10:527.17.1Digital Watchdog DW MEGApix IP Camera POST Request license_tok.cgi command injection$0-$5k$0-$5kNot DefinedNot Defined0.040.02055CVE-2022-34540
10:387.17.0Digital Watchdog DW MEGApix IP Camera POST Request curltest.cgi command injection$0-$5k$0-$5kNot DefinedNot Defined0.040.02055CVE-2022-34539
10:387.17.0Digital Watchdog DW MEGApix IP Camera POST Request addacph.cgi command injection$0-$5k$0-$5kNot DefinedNot Defined0.040.02055CVE-2022-34538
10:376.46.3undici Request Header crlf injection$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01018CVE-2022-31150
10:347.07.0gstreamer AVI File Parser gst_avi_demux_invert buffer overflow$0-$5k$0-$5kNot DefinedNot Defined0.040.01559CVE-2022-1921

380 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!