Cloud Software Vulnerabilities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Vendor

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

Apple iCloud425
ownCloud109
Microsoft Azure Site Recovery VMWare to Azure80
Oracle Communications Cloud Native Core Policy58
Oracle Communications Diameter Signaling Router55

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix2582
Temporary Fix1
Workaround11
Unavailable2
Not Defined621

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High30
Functional3
Proof-of-Concept147
Unproven80
Not Defined2957

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical23
Local318
Adjacent187
Network2689

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High248
Low1050
None1919

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required862
None2355

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤20
≤327
≤4205
≤5402
≤6600
≤7661
≤8815
≤9267
≤10240

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤337
≤4217
≤5443
≤6721
≤7618
≤8766
≤9205
≤10210

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤24
≤378
≤4316
≤5416
≤6569
≤7786
≤8618
≤9179
≤10251

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤35
≤445
≤5125
≤6346
≤7342
≤8502
≤9475
≤10350

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤22
≤36
≤419
≤547
≤654
≤794
≤895
≤943
≤1017

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤31
≤48
≤530
≤646
≤7101
≤8111
≤944
≤1072

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤81
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day

<1k314
<2k399
<5k577
<10k652
<25k979
<50k112
<100k89
≥100k95

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k1940
<2k363
<5k570
<10k127
<25k171
<50k46
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (688): 3D Tag Cloud Plugin, A-Member, A-Member for MT Cloud, A-Reserve, A-Reserve for MT Cloud, Adobe AEM Forms Cloud Service, Adobe Creative Cloud, Adobe Creative Cloud Desktop, Adobe Creative Cloud Desktop Application, Akamai CloudTest, Alcatel-Lucent 8008 Cloud Edition Deskphone, Amazon AWS CloudFormation Bootstrap Tools, Amazon AWS CloudFront, Annex Cloud Loyalty Experience Platform, AnyShare Cloud, Apache CloudStack, Apache Libcloud, Apache libcloud, Apple iCloud, Apple iClouds, Arista CloudEOS, Arista CloudVision eXchange Server, Arista CloudVision Portal, Arista Cloud EOS VM vEOS, Arista EOS, asyncapi java-spring-cloud-stream-template, Avantune Genialcloud ProJ, Axios Italia Axioscloud Sissiweb Registro Elettronico, Better Tag Cloud Plugin, Big Switch Big Cloud Fabric, Big Switch Big Monitoring Fabric, Big Switch Multi-Cloud Director, BitDefender GravityZone Cloud Console, BitDefender GravityZone Console On-Premise, CA Cloud Service Management, CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP, Cdsincdesign Simple Dropbox Upload Form, Cisco Application Policy Infrastructure Controller, Cisco CloudCenter Orchestrator, Cisco Cloud Application Policy Infrastructure Controller, Cisco Cloud Portal, Cisco Cloud Services Platform 2100, Cisco Intercloud Fabric, Cisco Intercloud Fabric for Business, Cisco Intercloud Fabric for Providers, Cisco Nexus 1000V InterCloud for VMware, Cisco Ultra Cloud Core SMI, cloud-init, Cloud4Wi, cloudacl Safe Browser - The Web Filter, CloudAvid PParam, CloudBees AWS Credentials Plugin, CloudBees Directory, CloudBees Enterprise, CloudBoot, CloudCTI HIP Integrator Recognition Configuration Tool, Cloudera CDH, Cloudera Data Engineering, Cloudera Data Science Workbench, Cloudera Hue, Cloudera HUE, Cloudera Key Trustee Server, Cloudera Manager, Cloudera Manager UI, Cloudera Navigator, Cloudera Navigator Key Trustee KMS, Cloudera Search, cloudflare-scrape, Cloudflare GoFlow, Cloudflare OctoRPKI, Cloudflare Warp, Cloudflare WARP, Cloudflare WARP Client, cloudflared, Cloudforms, CloudForms, CloudForms Management Engine, cloudlabeling, CloudLinux Imunify360, CloudMe, CloudNine Interactive Links Manager, Cloudreve, Cloudron, Cloudtoken, CloudView NMS, CloudVision Portal, Cloudwords for Multilingual Module, cloudwu cstring, cloudwu PBC, Cloud Foundry, Cloud Foundry BOSH, Cloud Foundry BOSH Azure CPI, Cloud Foundry BOSH System Metrics Server, Cloud Foundry CAPI, Cloud Foundry CF Networking Release, Cloud Foundry Cloud Controller, Cloud Foundry Cloud Controller API, Cloud Foundry CredHub CLI, Cloud Foundry Diego, Cloud Foundry Foundation UAA, Cloud Foundry Garden-runC, Cloud Foundry Loggregator, Cloud Foundry Log Cache, Cloud Foundry NFS Volume Service, Cloud Foundry Runtime, Cloud Foundry SMB Volume, Cloud Foundry UAA, Cloud Foundry UAA Server, Cloud Foundry Bits Service, Cloud Foundry BOSH, Cloud Foundry BOSH CLI, Cloud Foundry cf-deployment, Cloud Foundry CLI, Cloud Foundry Cloud Controller, Cloud Foundry CredHub, Cloud Foundry Garden-runC, Cloud Foundry NFS Volume, Cloud Foundry Plugin, Cloud Foundry Routing, Cloud Foundry Silk CNI Plugin, Cloud Foundry Stratos, Cloud Foundry UAA, Cloud Media Popcorn A-200, Cloud Native Computing Foundation Harbor, Cloud Server, Cloud Statistics Plugin, CodeLathe FileCloud, COINS Construction Cloud, com.google.cloud.tools:jib-core, Cool Tag Cloud Plugin, Creative Cloud Desktop Application, CTERA Cloud Storage OS, Cubettechnologies Cloud Manager, Daumcorp Daum Cloud, Dell CloudLink, Dell Cloud Mobility for Dell Storage, Dell EMC CloudLink, Dell EMC Integrated System for Microsoft Azure Stack Hub, Deskpro Cloud, Deskpro Cloud Platform, Deskpro On-Premise, DigitalCloudToken, Directory Cloud Station, Documentcloud karteek-docsplit, dropbox, Dropbox App, Dropbox Desktop App, Dropbox Lepton, Dropbox SDK, Dropbox Lepton, Elastic Cloud Enterprise, Elasticsearch Elastic Cloud Enterprise, Elastic Cloud Enterprise, Elastic Runtime, Electric Cloud ElectricCommander, EMC Cloud Tiering Appliance Software, EMC Cloud Tiering Appliance Virtual Edition, EMC Elastic Cloud Storage, Enghouse Cloud Contact Center Platform, F-Secure Cloud Protection For Salesforce, F-Secure Email, F-Secure Internet GateKeeper, F-Secure Server Security, F5 BIG-IQ Cloud, F5 Security, Fabasoft Cloud, Fabasoft Cloud Enterprise Client, FileCloud, Firebase Cloud Messaging + Advance Admin Panel, FusionSphere OpenStack, geniuscloud Smart Browser, GL.iNet GoodCloud IoT Device Management System, Gocloud ISP3000, Gocloud S2A, Gocloud S2A_WL, Gocloud S3A, Gocloud S3A K2P MTK, google-cloudstorage-commands, Google Cloud Platform guest-oslogin, Google Drive for Desktop, Google Cloud Messaging Notification Plugin, granita Cloud Browser, GroupSession byCloud, GroupSession Free Edition, GroupSession ZION, GroupSession byCloud, GroupSession Free Edition, GroupSession ZION, H3C H3Cloud OS, Hangzhou Xiongmai XMeye P2P Cloud Server, HP Helion Cloud Development Platform, HP MagCloud, HPE Cloudline CL3100 Gen10 Server, HPE Cloudline CL4100 Gen10 Server, HPE Cloudline CL5200 Gen9 Server, HPE Cloudline CL5800 Gen9 Server, HPE Cloudline CL5800 Gen10 Server, HPE Cloud Optimizer, HPE Helion OpenStack Glance, Huawei AC6005, Huawei AC6605, Huawei AR200, Huawei AR1200, Huawei AR3200, Huawei CloudEngine, Huawei CloudEngine8800, Huawei CloudEngine 1800V, Huawei CloudEngine 5800, Huawei CloudEngine 6800, Huawei CloudEngine 7800, Huawei CloudEngine 8800, Huawei CloudEngine 12800, Huawei CloudLink Phone 7900, Huawei CloudUSM-EUA, Huawei E600, Huawei FusionSphere OpenStack, Huawei MyCloud APP, Huawei Public Cloud Solution, Huawei S1700, Huawei S2300, Huawei S2700, Huawei S5300, Huawei S5700, Huawei S6300, Huawei S6700, Huawei S7700, Huawei S9300, Huawei S9700, Huawei S12700, Huawei Secospace USG6600, Huawei CloudEngine 7800, Ian Bezanson DropBox, IBM Aspera Cloud, IBM Big SQL on IBM Cloud Pak for Data, IBM CloudPak for Multicloud Monitoring, IBM Cloudscape, IBM Cloud APM, IBM Cloud Application Performance Management, IBM Cloud App Management, IBM Cloud CLI, IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, IBM Cloud Pak for Applications, IBM Cloud Pak for Data, IBM Cloud Pak for Multicloud Management, IBM Cloud Pak for Multicloud Management Monitoring, IBM Cloud Pak for Security, IBM Cloud Pak System, IBM Cloud Private, IBM Kenexa LCMS Premier on Cloud, IBM Kenexa LMS on Cloud, IBM MQ Advanced Cloud Pak, IBM Multi-Cloud Data Encryption, IBM Multicloud Manager, IBM SmartCloud Analytics, IBM SmartCloud Analytics Log Analysis, IBM SmartCloud Control Desk, IBM SmartCloud Provisioning, IBM Watson Developer Cloud, IBM Application Security on Cloud Plugin, ICloudCenter ICJobSite, ICloudCenter ICTimeAttendance, Intel Expressway Cloud Access 360, Intel Open AMT Cloud Toolkit, Intel Security CloudAV, Intel Unite Cloud Service Client, Intelbras NCLOUD 300, Interactive Infocom Teamplus Pro Private Cloud, Ivanti EPM Cloud Services Appliance, Juniper Mist Cloud UI, Juniper Networks Contrail Cloud, Kaspersky Internet Security, Kaspersky Secure Connection, Kaspersky Security Cloud, Kaspersky Total Security, Lenovo Cloud Networking Operating System, Lenovo Personal Cloud Storage, LiveCRM SaaS Cloud Component, Maxthon Cloud Browser, McAfee Cloud Single Sign On, McAfee ePO Cloud, metago ASTRO File Manager with Cloud, Microsoft Azure Active Directory, Microsoft Azure Active Directory Connect, Microsoft Azure Active Directory Passport, Microsoft Azure AD Connect, Microsoft Azure App Service, Microsoft Azure ARC, Microsoft Azure Arc-enabled Kubernetes Cluster, Microsoft Azure Automation, Microsoft Azure Automation State Configuration, Microsoft Azure Automation Update Management, Microsoft Azure Batch, Microsoft Azure CLI, Microsoft Azure Container Instance, Microsoft Azure CycleCloud, Microsoft Azure Data Explorer, Microsoft Azure DevOps Server, Microsoft Azure Diagnostics, Microsoft Azure Functions, Microsoft Azure Guest Configuration, Microsoft Azure IoT CLI Extension, Microsoft Azure IoT Edge, Microsoft Azure IoT SDK, Microsoft Azure Kubernetes Service, Microsoft Azure Linux Guest Agent, Microsoft Azure Migrate, Microsoft Azure Open Management Infrastructure, Microsoft Azure Pack Rollup, Microsoft Azure Real Time Operating System GUIX Studio, Microsoft Azure RTOS, Microsoft Azure RTOS GUIX, Microsoft Azure RTOS GUIX Studio, Microsoft Azure RTOS USBX, Microsoft Azure SDK for .NET, Microsoft Azure SDK for Java, Microsoft Azure Security Center, Microsoft Azure Sentinel, Microsoft Azure Service Fabric, Microsoft Azure Service Fabric Explorer, Microsoft Azure Site Recovery, Microsoft Azure Site Recovery VMWare to Azure, Microsoft Azure Sphere, Microsoft Azure Spring Cloud, Microsoft Azure SSH Keypairs, Microsoft Azure Stack, Microsoft Azure Stack Edge, Microsoft Azure Stack Hub, Microsoft Azure Storage Blobs Client Library, Microsoft Azure StorSimple 8000, Microsoft Container Monitoring Solution, Microsoft Hub Device Client SDK for Azure IoT, Microsoft Log Analytics Agent, Microsoft OneDrive, Microsoft System Center Operations Manager, Mightymess SoundCloud Is Gold, Mitel MiCloud Management Portal, Musicloud, NAVER Cloud Explorer, NetApp Cloud Manager, NetEase NetEase CloudAlbum, Netgear Insight Cloud, Netsparker Cloud Scan Plugin, Nexcloud Desktop, Nextcloud, NextCloud, Nextcloud Android, Nextcloud App Extract, Nextcloud Circle, Nextcloud Circles, Nextcloud Collabra, Nextcloud Contacts, Nextcloud Deck, Nextcloud Desktop, Nextcloud Desktop Client, Nextcloud End-to-End Encryption, Nextcloud Enterprise Server, Nextcloud Files Access Control, Nextcloud Lookup-Server, Nextcloud Mail, Nextcloud Mail Application, Nextcloud OfficeOnline, Nextcloud Password Policy, Nextcloud Preferred Providers App, Nextcloud Richdocuments, Nextcloud Server, Nextcloud Social, Nextcloud Social App, Nextcloud Talk, Nextcloud Text, NextCloud Mail, NextCloud Preferred Providers App, Nextcloud Server, Nextcloud Talk, NoMachine Cloud Server, Novell Cloud Manager, Novell SUSE Cloud, No Magic TeamworkCloud, Okacloud Domain Name Search , Okacloud Web Host, OnCommand Cloud Manager, OpenStack, openstack-barbican, openstack-cinder, openstack-ironic-inspector, openstack-mistral, openstack-neutron, openstack-tripleo-heat-templates, openstack-tripleo-image-elements, openstack-utils, OpenStack blazar-dashboard, OpenStack Ceilometer, OpenStack Cinder, OpenStack Compute, OpenStack Compute (Nova), OpenStack Dashboard, OpenStack Delivery Service, OpenStack Designate, OpenStack devstack, OpenStack Diablo, OpenStack Essex, OpenStack Folsom, OpenStack Glance, OpenStack Grizzly, OpenStack Havana, OpenStack Heat, OpenStack horizon, OpenStack Horizon, OpenStack icehouse, OpenStack Identity, OpenStack Image Registry, OpenStack Image Registry And Delivery Service, OpenStack Image Registry And Delivery Service (glance), OpenStack Image Service, OpenStack Ironic, OpenStack Ironic Inspector, OpenStack Keystone, OpenStack keystonemiddleware, OpenStack Keystone Folsom, OpenStack Manila, OpenStack Murano, OpenStack Neutron, openstack neutron, OpenStack Newton, OpenStack Nova, Openstack Nova, OpenStack Nova-LXD, OpenStack Object Storage, OpenStack Ocata, OpenStack OpenStack Keystone, OpenStack Orchestration, OpenStack os-vif, OpenStack Puppet Module for Gerrit, OpenStack PyCADF, OpenStack python-keystoneclient, OpenStack rabbitmq, OpenStack Sushy-Tools, OpenStack Swauth, OpenStack Swift, OpenStack swift, OpenStack Swift-on-File, OpenStack Trove, OpenStack VirtualBMC, OpenStack Workflow, Openstack Cloud Plugin, OpenStack Compute, OpenStack Dashboard Package, Openstack Deployment, Openstack Heat Plugin, OpenStack Horizon, OpenStack Identity, OpenStack Keystone, OpenStack Magnum, OpenStack Mistral, OpenStack Neutron, OpenStack Nova, OpenStack Octavia, Oracle CloudForms Management Engine, Oracle Cloud Infrastructure Data Science Notebook Sessions, Oracle Cloud Infrastructure Storage Gateway, Oracle Cloud Services, Oracle Communications, Oracle Communications Analytics, Oracle Communications Application Session Controller, Oracle Communications ASAP, Oracle Communications ASAP Cartridges, Oracle Communications Billing, Oracle Communications Billing and Revenue Management, Oracle Communications BRM, Oracle Communications BRM - Elastic Charging Engine, Oracle Communications BRM Elastic Charging Engine, Oracle Communications Calendar Server, Oracle Communications Cloud Native Core Automated Test Suite, Oracle Communications Cloud Native Core Binding Support Function, Oracle Communications Cloud Native Core Console, Oracle Communications Cloud Native Core Network Exposure Function, Oracle Communications Cloud Native Core Network Function Cloud Native Environment, Oracle Communications Cloud Native Core Network Repository Function, Oracle Communications Cloud Native Core Network Slice Selection Function, Oracle Communications Cloud Native Core Policy, Oracle Communications Cloud Native Core Security Edge Protection Proxy, Oracle Communications Cloud Native Core Service Communication Proxy, Oracle Communications Cloud Native Core Unified Data Repository, Oracle Communications Contacts Server, Oracle Communications Control Plane Monitor, Oracle Communications Converged Application Server, Oracle Communications Converged Application Server-Service Controller, Oracle Communications Converged Application Server - Service Controller, Oracle Communications Converged Application Server Service Controller, Oracle Communications Convergence, Oracle Communications Convergent Charging Controller, Oracle Communications Core Session Manager, Oracle Communications Data Model, Oracle Communications Design Studio, Oracle Communications Diameter Intelligence Hub, Oracle Communications Diameter Signaling Router, Oracle Communications Diameter Signaling Router (DSR), Oracle Communications EAGLE Application Processor, Oracle Communications EAGLE Element Management System, Oracle Communications EAGLE FTP Table Base Retrieval, Oracle Communications EAGLE LNP Application Processor, Oracle Communications EAGLE Software, Oracle Communications Element Manager, Oracle Communications Evolved Communications Application Server, Oracle Communications Fraud Monitor, Oracle Communications Instant Messaging Server, Oracle Communications Interactive Session Recorder, Oracle Communications IP Service Activator, Oracle Communications LSMS, Oracle Communications Messaging Server, Oracle Communications MetaSolv Solution, Oracle Communications Network Charging, Oracle Communications Network Charging and Control, Oracle Communications Network Integrity, Oracle Communications Network Intelligence, Oracle Communications Offline Mediation Controller, Oracle Communications Online Mediation Controller, Oracle Communications Operations Monitor, Oracle Communications Order, Oracle Communications Order and Service Management, Oracle Communications Performance Intelligence Center (PIC) Software, Oracle Communications Performance Intelligence Center Software, Oracle Communications Policy Management, Oracle Communications Pricing Design Center, Oracle Communications Security Gateway, Oracle Communications Services Gatekeeper, Oracle Communications Service Broker, Oracle Communications Service Broker Engineered System Edition, Oracle Communications Session Border Controller, Oracle Communications Session Report Manager, Oracle Communications Session Router, Oracle Communications Session Route Manager, Oracle Communications Subscriber-Aware Load Balancer, Oracle Communications Tekelec HLR Router, Oracle Communications Unified, Oracle Communications Unified Assurance, Oracle Communications Unified Inventory Management, Oracle Communications Unified Session Manager, Oracle Communications User Data Repository, Oracle Communications WebRTC Session Controller, Oracle Control, Oracle Management Cloud Engine, Oracle Retail Insights Cloud Service Suite, Oracle Retail Order Broker Cloud Service, Oracle Retail Order Management System Cloud Service, Oracle Revenue Management, Oracle Right Now Service Cloud, Oracle Service Management, Oracle Storage Cloud Software Appliance, Oracle Talent Acquisition Cloud, Oracle Cloud Infrastructure Compute Classic Plugin, OSIsoft PI Integrator for Business Analytics, OSIsoft PI Integrator for Microsoft Azure, OSIsoft PI Integrator for SAP HANA, ownCloud, ownCloud Client, ownCloud Desktop Client, ownCloud Server, ownCloud user_ldap, ownCloud Windows Client, ownCloud Client, ownCloud Desktop, ownCloud Server, Palo Alto Prisma Cloud Compute, Palo Alto VM Series Firewall for Microsoft Azure, Pascom Cloud Phone System, pivotal-cf Spring Cloud SSO Connector, Pivotal Cloud Cache, Pivotal Cloud Foundry, Pivotal Cloud Foundry Elastic Runtime, Pivotal Cloud Foundry Ops Manager, Pivotal Cloud Foundry Runtime, Pivotal Cloud Foundry On Demand Services SDK, Polycom RealPresence CloudAXIS Suite, Printix Cloud Print Management, Printix Secure Cloud Print Management, Private Cloud Management Platform, QNAP myQNAPcloud Connect, Quali CloudShell, Red Hat CloudForms, Red Hat Cloudforms, Red Hat CloudForms 2 Management Engine, Red Hat CloudForms 3.0 Management Engine, Red Hat Cloudforms 3.0 Management Engine, Red Hat CloudForms 3.1 Management Engine, Red Hat CloudForms Cloud Engine, Red Hat CloudForms Management Engine, Red Hat OpenStack, Red Hat Openstack, Red Hat openstack, Red Hat openstack-neutron, Red Hat openstack-octavia, Red Hat Openstack Enterprise, Red Hat Openstack Folsom, Red Hat OpenStack Platform, Red Hat OpenStack Platform Director, Red Hat QuickStart Cloud Installer, RiyaLab CloudISO, Samsung Cloud, SAP Cloud Connector, SAP Cloud Platform, SAP Commerce Cloud, SAP Customer Data Cloud, SAP sap-cloud-sdk, Saviynt Enterprise Identity Cloud, SCORM Cloud Plugin, Seagate Personal Cloud, Skytap Cloud CI Plugin, SoftNAS Cloud, somcloud Somnote - Journal-Memo, Spring Cloud Netflix, Spring Cloud Config, Supra Smart Cloud TV, SuSE Openstack Cloud, SuSE OpenStack Cloud Crowbar, Synology Cloud Station, Synology Cloud Station Drive, Synology QTS, Synology QuTScloud, Synology QuTS Hero, Telekom Open Cloud SSO, Teradici Cloud Access Connector, Teradici Cloud Access Connector Legacy, Tieba-Cloud-Sign, TP-LINK Cloud Camera, Trend Micro Cloud One, Trend Micro Deep Security, Trove Barclamp, Umbraco Cloud, UniFi Cloud Key, VeloCloud Orchestrator, Veritas CloudPoint, VMware Carbon Black Cloud Workload Appliance, VMware Cloud Director, VMware Cloud Foundation, Vmware macOS Sensor for VMware Carbon Black Cloud, Vmware Spring Cloud Data Flow, VMware Spring Cloud Function, VMware Spring Cloud Gateway, VMware Spring Cloud Netflix Zuul, VMware Spring Cloud OpenFeign, Vmware Spring Cloud Task, VMware vCloud Director, VMware vCloud Director for Service Providers, VMware vRealize Business for Cloud, wasmCloud OTP, wdc WD My Cloud, Webroot BrightCloud SDK, Western Digital DL2100, Western Digital DL4100, Western Digital EX2 Ultra, Western Digital EX2100, Western Digital EX4100, Western Digital ibi, Western Digital Mirror Gen2, Western Digital mycloud.com, Western Digital MyCloud NAS, Western Digital MyCloud PR4100, Western Digital My Cloud, Western Digital My Cloud Cloud, Western Digital My Cloud DL2100, Western Digital My Cloud DL4100, Western Digital My Cloud EX2 Ultra, Western Digital My Cloud EX2100, Western Digital My Cloud EX4100, Western Digital My Cloud Home, Western Digital My Cloud Home Duo, Western Digital My Cloud Mirror Gen2, Western Digital My Cloud NAS, Western Digital My Cloud OS, Western Digital My Cloud PR2100, Western Digital My Cloud PR4100, Western Digital My Cloud Web App, Western Digital PR2100, Western Digital PR4100, Western Digital SanDisk ibi, Western Digital WD Cloud, Western Digital WD My Cloud, Western Digital WD My Cloud Mirror, Ypsomed mylife Cloud, Ypsomed mylife Mobile Application, Zoho ManageEngine CloudSecurityPlus, Zoho ManageEngine Cloud Security Plus, ZOOM Cloud Meetings, ZTE ZXCLOUD GoldenData VAP, ZTE ZXCLOUD iRAI, ZXCLOUD iRAI, ZyXEL CloudCNM SecuManager

PublishedBaseTempVulnerabilityProductExpRemCTICVE
11/26/20224.84.7Nextcloud Desktop certificate validationDesktopNot DefinedOfficial Fix1.10CVE-2022-39334
11/26/20224.04.0Nextcloud Desktop HTML cross site scriptingDesktopNot DefinedOfficial Fix0.67CVE-2022-39333
11/26/20224.04.0Nextcloud Desktop HTML cross site scriptingDesktopNot DefinedOfficial Fix0.59CVE-2022-39332
11/26/20224.04.0Nexcloud Desktop cross site scriptingDesktopNot DefinedOfficial Fix0.79CVE-2022-39331
11/26/20223.53.4Nextcloud Server User Display Name resource consumptionServerNot DefinedOfficial Fix0.67CVE-2022-39346
11/23/20226.36.3FileCloud API Endpoint Privilege EscalationFileCloudNot DefinedNot Defined0.04CVE-2022-39833
11/16/20226.76.5IBM Cloud Pak for Security input validationCloud Pak for SecurityNot DefinedOfficial Fix0.00CVE-2022-38385
11/12/20225.55.4Nextcloud Desktop Client code injectionDesktop ClientNot DefinedOfficial Fix0.07CVE-2022-41882
11/12/20224.44.4IBM Cloud Pak for Security Web UI cross site scriptingCloud Pak for SecurityNot DefinedOfficial Fix0.08CVE-2022-36776
11/12/20226.76.5IBM Cloud Pak for Security Request os command injectionCloud Pak for SecurityNot DefinedOfficial Fix0.00CVE-2022-38387
11/11/20224.64.6ownCloud Server E-Mail Message Remote Code ExecutionownCloud ServerNot DefinedNot Defined0.05CVE-2022-43679
11/10/20222.12.1Western Digital My Cloud Home/My Cloud Home Duo/SanDisk ibi HTTP API path traversalMy Cloud Home/My Cloud Home Duo/SanDisk ibiNot DefinedOfficial Fix0.03CVE-2022-29836
11/08/20227.56.5Microsoft Azure CycleCloud Remote Code ExecutionAzure CycleCloudUnprovenOfficial Fix0.07CVE-2022-41085
11/08/20228.37.3Microsoft Azure RTOS GUIX Studio Remote Code ExecutionAzure RTOS GUIX StudioUnprovenOfficial Fix0.04CVE-2022-41051
11/08/20225.55.3Microsoft Azure CLI GitHub code injectionAzure CLINot DefinedOfficial Fix0.05CVE-2022-39327
10/31/20225.05.0OpenStack Sushy-Tools/VirtualBMC Boot Configuration access controlSushy-Tools/VirtualBMCNot DefinedNot Defined0.15CVE-2022-44020
10/28/20225.25.1Cloudflare OctoRPKI iterationOctoRPKINot DefinedOfficial Fix0.00CVE-2022-3616
10/28/20226.86.8Cloudflare WARP Client Zero Trust Secure Web Gateway Policy authorizationWARP ClientNot DefinedOfficial Fix0.05CVE-2022-3320
10/28/20226.66.6Cloudflare WARP Client CLI Command authorizationWARP ClientNot DefinedOfficial Fix0.00CVE-2022-3512
10/28/20227.37.2VMware Cloud Foundation XML xml external entity referenceCloud FoundationNot DefinedOfficial Fix0.09CVE-2022-31678
10/28/20224.44.3GL.iNet GoodCloud IoT Device Management System cross site scriptingGoodCloud IoT Device Management SystemProof-of-ConceptNot Defined0.05CVE-2022-42054
10/28/20225.04.8GL.iNet GoodCloud IoT Device Management System Ping/Traceroute command injectionGoodCloud IoT Device Management SystemProof-of-ConceptNot Defined0.00CVE-2022-42055
10/27/20224.64.6Nextcloud Server/Enterprise Server resource consumptionServer/Enterprise ServerNot DefinedOfficial Fix0.05CVE-2022-39330
10/27/20224.14.1Nextcloud Server/Enterprise Server improper authorizationServer/Enterprise ServerNot DefinedOfficial Fix0.04CVE-2022-39329
10/27/20224.14.1Nextcloud Server/Enterprise Server cleartext storageServer/Enterprise ServerNot DefinedOfficial Fix0.05CVE-2022-39364
10/25/20228.17.7Microsoft Azure CLI code injectionAzure CLINot DefinedOfficial Fix0.04CVE-2022-39327
10/19/20225.35.2Oracle Communications User Data Repository Platform information disclosureCommunications User Data RepositoryNot DefinedOfficial Fix0.03CVE-2021-21707
10/19/20225.35.2Oracle Communications User Data Repository Platform information disclosureCommunications User Data RepositoryNot DefinedOfficial Fix0.03CVE-2020-29582
10/19/20225.55.3Oracle Communications Diameter Signaling Router Platform information disclosureCommunications Diameter Signaling RouterNot DefinedOfficial Fix0.03CVE-2022-21123
10/19/20225.75.6Oracle Communications Cloud Native Core Network Function Cloud Native Environment Configuration information disclosureCommunications Cloud Native Core Network Function Cloud Native EnvironmentNot DefinedOfficial Fix0.42CVE-2021-3426
10/19/20225.95.8Oracle Communications Cloud Native Core Policy Signaling denial of serviceCommunications Cloud Native Core PolicyNot DefinedOfficial Fix0.03CVE-2021-3597
10/19/20225.95.8Oracle Communications Cloud Native Core Network Function Cloud Native Environment Configuration information disclosureCommunications Cloud Native Core Network Function Cloud Native EnvironmentNot DefinedOfficial Fix0.03CVE-2021-40528
10/19/20225.95.8Oracle Communications Cloud Native Core Binding Support Function Signaling denial of serviceCommunications Cloud Native Core Binding Support FunctionNot DefinedOfficial Fix0.03CVE-2021-3597
10/19/20226.46.3Oracle Communications User Data Repository Platform cross site scriptingCommunications User Data RepositoryNot DefinedOfficial Fix0.00CVE-2020-11022
10/19/20226.15.9Oracle Communications User Data Repository Platform cross site scriptingCommunications User Data RepositoryNot DefinedOfficial Fix0.03CVE-2022-34305
10/19/20226.15.9Oracle Communications Session Report Manager BEServer cross site scriptingCommunications Session Report ManagerNot DefinedOfficial Fix0.03CVE-2022-34305
10/19/20226.15.9Oracle Communications Diameter Signaling Router Platform cross site scriptingCommunications Diameter Signaling RouterNot DefinedOfficial Fix0.08CVE-2022-34305
10/19/20226.15.9Oracle Communications Cloud Native Core Console Installer cross site scriptingCommunications Cloud Native Core ConsoleNot DefinedOfficial Fix0.00CVE-2022-36033
10/19/20226.56.3Oracle Communications User Data Repository Platform information disclosureCommunications User Data RepositoryNot DefinedOfficial Fix0.09CVE-2020-6950
10/19/20226.56.3Oracle Communications Interactive Session Recorder Platform denial of serviceCommunications Interactive Session RecorderNot DefinedOfficial Fix0.06CVE-2022-22971
10/19/20226.56.3Oracle Communications Element Manager Security denial of serviceCommunications Element ManagerNot DefinedOfficial Fix0.06CVE-2022-22971
10/19/20226.56.3Oracle Communications Cloud Native Core Unified Data Repository Signaling denial of serviceCommunications Cloud Native Core Unified Data RepositoryNot DefinedOfficial Fix0.00CVE-2022-32206
10/19/20226.56.3Oracle Communications Cloud Native Core Security Edge Protection Proxy Configuration denial of serviceCommunications Cloud Native Core Security Edge Protection ProxyNot DefinedOfficial Fix0.00CVE-2022-32206
10/19/20226.56.3Oracle Communications Cloud Native Core Network Function Cloud Native Environment Configuration denial of serviceCommunications Cloud Native Core Network Function Cloud Native EnvironmentNot DefinedOfficial Fix0.07CVE-2022-29824
10/19/20226.56.3Oracle Communications Cloud Native Core Network Exposure Function Oracle Linux denial of serviceCommunications Cloud Native Core Network Exposure FunctionNot DefinedOfficial Fix1.59CVE-2022-32206
10/19/20226.66.4Oracle Communications Cloud Native Core Policy Signaling input validationCommunications Cloud Native Core PolicyNot DefinedOfficial Fix0.03CVE-2021-44832
10/19/20226.66.4Oracle Communications Cloud Native Core Binding Support Function Signaling input validationCommunications Cloud Native Core Binding Support FunctionNot DefinedOfficial Fix1.29CVE-2021-44832
10/19/20228.48.2Oracle Communications Session Border Controller Routing buffer overflowCommunications Session Border ControllerNot DefinedOfficial Fix0.00CVE-2022-23219
10/19/20227.67.5Oracle Communications WebRTC Session Controller Platform denial of serviceCommunications WebRTC Session ControllerNot DefinedOfficial Fix0.07CVE-2022-25647
10/19/20227.57.3Oracle Communications Session Border Controller System denial of serviceCommunications Session Border ControllerNot DefinedOfficial Fix0.03CVE-2018-25032

3167 more entries are not shown

Do you need the next level of professionalism?

Upgrade your account now!