Updates November 2021

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Google Chrome177
Mozilla Firefox90
Microsoft Windows88
Huawei Smartphone64
Apple Mac OS X58

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix2181
Temporary Fix1
Workaround6
Unavailable20
Not Defined1363

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High83
Functional3
Proof-of-Concept283
Unproven56
Not Defined3146

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤338
≤4281
≤5570
≤6873
≤7582
≤8570
≤9148
≤10509

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤350
≤4282
≤5605
≤6998
≤7661
≤8353
≤9141
≤10481

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k570
<2k406
<5k771
<10k416
<25k684
<50k367
<100k324
≥100k33

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k2210
<2k326
<5k455
<10k336
<25k202
<50k38
<100k4
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
11/30/20217.57.5Cisco IOS resource management(1): source_nessus_riskNot DefinedNot Defined0.11CVE-2012-0382
11/30/202110.09.5Adobe Flash Player memory corruption(2): vulnerability_cvss2_nvd_basescore, source_nessus_riskNot DefinedOfficial Fix0.03CVE-2012-0773
11/30/202110.09.5Adobe Flash Player ActiveX Control memory corruption(2): vulnerability_cvss2_nvd_basescore, source_nessus_riskNot DefinedOfficial Fix0.05CVE-2012-0772
11/30/20217.07.0Microsoft Windows Shell32.dll untrusted search path(9): vulnerability_cwe, vulnerability_cvss2_nvd_basescore, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, exploit_price_0dayNot DefinedNot Defined0.15CVE-2007-6753
11/30/20216.56.2MaraDNS unknown vulnerability(4): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_securityfocus, source_nessus_riskNot DefinedOfficial Fix0.31CVE-2012-1570
11/30/20215.35.3AtMail AtMail Open Webmail Client phpinfo information disclosure(1): source_xforceNot DefinedNot Defined0.03CVE-2012-1920
11/30/20215.35.1Atmail AtMail Open Webmail Client compose.php path traversal(1): source_xforceNot DefinedOfficial Fix0.02CVE-2012-1918
11/30/20217.37.0Dell Powervault Ml6020 Default Password credentials management(1): source_xforceNot DefinedOfficial Fix0.09CVE-2012-1844
11/30/20217.37.0AjaXplorer improper authentication(1): source_xforceNot DefinedOfficial Fix0.00CVE-2012-1840
11/30/20217.37.0AjaXplorer path traversal(1): source_xforceNot DefinedOfficial Fix0.03CVE-2012-1839
11/30/20215.35.3LG-Nortel ELO GS24M switch Web Management Interface improper authentication(1): source_xforceNot DefinedNot Defined0.00CVE-2012-1838
11/30/20217.37.3Inspire Ircd InspIRCd dns.cpp memory corruption(1): source_nessus_riskNot DefinedOfficial Fix0.05CVE-2012-1836
11/30/20215.35.3Trendmicro Antivirus Malware Detection access control(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedNot Defined0.00CVE-2012-1459
11/30/20215.35.3Trendmicro Antivirus Malware Detection access control(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedNot Defined0.05CVE-2012-1457
11/30/20217.37.0webglimpse webglimpse.cgi os command injection(2): source_securityfocus, source_nessus_riskHighOfficial Fix0.04CVE-2012-1795
11/30/20214.33.9Dotclear cross site scripting(1): source_xforceProof-of-ConceptOfficial Fix0.06CVE-2012-1039
11/30/20215.35.3Bitweaver path traversal(7): vulnerability_cvss2_nvd_basescore, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_aiHighNot Defined0.06CVE-2010-5086
11/30/20215.35.3Iwork WebGlimpse WebGL wgarcmin.cgi path traversal(1): source_xforceNot DefinedNot Defined0.06CVE-2009-5114
11/30/20215.35.3Iwork WebGlimpse Installation wgarcmin.cgi information disclosure(1): source_xforceNot DefinedNot Defined0.03CVE-2009-5112
11/30/20219.89.4Gomlab GOM Media Player Remote Code Execution(1): source_xforceNot DefinedOfficial Fix0.06CVE-2012-1774
11/30/202110.09.5Gomlab GOM Media Player memory corruption(1): source_xforceNot DefinedOfficial Fix0.05CVE-2012-1264
11/30/202110.010.0GE Intelligent Platforms Proficy Plant Applications PRRDS.exe memory corruption(1): source_xforceNot DefinedNot Defined0.06CVE-2012-0230
11/30/202110.010.0GE Intelligent Platforms Proficy Historian ihDataArchiver.exe memory corruption(2): vulnerability_cvss2_nvd_basescore, source_secuniaNot DefinedNot Defined0.04CVE-2012-0229
11/30/20219.89.8Netfrontlife NetFront Life Browser Remote Code Execution(1): source_xforceNot DefinedNot Defined0.06CVE-2012-1485
11/30/20219.89.8Wali WaliSMS CN cn.com.wali.walisms Remote Code Execution(1): source_xforceNot DefinedNot Defined0.07CVE-2012-1484
11/30/20219.89.8Zhou Bo Message Forwarder Remote Code Execution(1): source_xforceNot DefinedNot Defined0.05CVE-2012-1483
11/30/20219.89.8TouchPal TouchPal Contacts com.cootek.smartdialer Remote Code Execution(1): source_xforceNot DefinedNot Defined0.04CVE-2012-1482
11/30/20219.89.8Kashif Masud Textdroid Remote Code Execution(1): source_xforceNot DefinedNot Defined0.06CVE-2012-1481
11/30/20215.35.1Pidgin Protocol Plugin oim.c msn_oim_report_to_user resource management(2): advisory_identifier, source_nessus_riskNot DefinedOfficial Fix0.05CVE-2012-1178
11/30/20216.56.2pidgin gtkconv.c pidgin_conv_chat_rename_user access control(1): source_nessus_riskNot DefinedOfficial Fix0.07CVE-2011-4939
11/30/20219.89.8Pansi SMS Remote Code Execution(1): source_xforceNot DefinedNot Defined0.03CVE-2012-1480
11/30/20219.89.8Movesti AContact Remote Code Execution(1): source_xforceNot DefinedNot Defined0.05CVE-2012-1479
11/30/20219.89.8Ucweb UCMobile BloveStorm Remote Code Execution(1): source_xforceNot DefinedNot Defined0.03CVE-2012-1478
11/30/202110.09.5HP Data Protector Express memory corruption(3): vulnerability_cvss2_nvd_basescore, source_exploitdb, source_nessus_riskHighOfficial Fix0.06CVE-2012-0124
11/30/202110.09.0HP Data Protector Express memory corruption(3): vulnerability_cvss2_nvd_basescore, source_exploitdb, source_nessus_riskProof-of-ConceptOfficial Fix0.06CVE-2012-0123
11/30/202110.09.0HP Data Protector Express memory corruption(3): vulnerability_cvss2_nvd_basescore, source_exploitdb, source_nessus_riskProof-of-ConceptOfficial Fix0.04CVE-2012-0122
11/30/202110.09.0HP Data Protector Express memory corruption(3): vulnerability_cvss2_nvd_basescore, source_exploitdb, source_nessus_riskProof-of-ConceptOfficial Fix0.03CVE-2012-0121
11/30/20217.36.6gnu gnutls resource management(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskProof-of-ConceptOfficial Fix0.04CVE-2012-1663
11/30/20214.34.1Ruby on Rails form_options_helper.rb cross site scripting(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedOfficial Fix0.03CVE-2012-1099
11/30/20214.34.3Ruby on Rails cross site scripting(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedNot Defined0.06CVE-2012-1098

3531 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!