Updates January 2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Microsoft Windows100
Bentley View74
Linux Kernel52
Google Chrome47
GPAC46

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix2434
Temporary Fix1
Workaround7
Unavailable27
Not Defined1139

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High94
Functional3
Proof-of-Concept172
Unproven135
Not Defined3204

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤24
≤355
≤4540
≤5582
≤6784
≤7635
≤8582
≤9260
≤10166

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤26
≤367
≤4544
≤5604
≤6992
≤7568
≤8465
≤9213
≤10149

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k677
<2k465
<5k975
<10k454
<25k620
<50k237
<100k130
≥100k50

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k2460
<2k417
<5k338
<10k170
<25k214
<50k9
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
01/31/20225.35.1Tntnet Parser information disclosure(1): source_nessus_riskNot DefinedOfficial Fix0.03CVE-2013-7299
01/31/20225.35.1Tntnet cxxtools query_params.cpp resource management(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedOfficial Fix0.03CVE-2013-7298
01/31/20224.34.3Open-Xchange AppSuite Mail Filter cross site scripting(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_sectrackerNot DefinedNot Defined0.03CVE-2013-7143
01/31/20224.34.3Open-Xchange AppSuite cross site scripting(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_sectrackerNot DefinedNot Defined0.04CVE-2013-7142
01/31/20224.34.3Open-Xchange AppSuite cross site scripting(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_sectrackerNot DefinedNot Defined0.00CVE-2013-7141
01/31/20224.34.3Open-Xchange AppSuite WebDAV Interface path traversal(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_sectrackerNot DefinedNot Defined0.03CVE-2013-7140
01/31/20226.36.3Springsource Spring Framework access control(1): source_nessus_riskNot DefinedNot Defined0.04CVE-2013-6429
01/31/20225.35.3Check Point Session Authentication Agent information disclosure(3): vulnerability_cvss2_nvd_basescore, advisory_identifier, exploit_price_0dayNot DefinedNot Defined0.03CVE-2014-1673
01/31/20226.36.0Dell Kace K1000 Systems Management Appliance Software sql injection(4): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_exploitdb, source_nessus_riskProof-of-ConceptNot Defined0.04CVE-2014-1671
01/31/20225.15.1CMU Flite play_wave_from_socket link following(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedNot Defined0.05CVE-2014-0027
01/31/20225.35.1Poppler JBIG2Stream.cc readSegments memory corruption(2): source_securityfocus, source_nessus_riskNot DefinedOfficial Fix0.04CVE-2013-7296
01/31/20227.36.6Josh Fradley Burden login.php improper authentication(5): vulnerability_cvss2_nvd_basescore, advisory_identifier, exploit_price_0day, countermeasure_upgrade_url, countermeasure_patch_urlProof-of-ConceptOfficial Fix0.03CVE-2013-7137
01/31/20224.34.1Cisco Video Surveillance 5000 cross site scripting(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_sectrackerHighOfficial Fix0.03CVE-2014-0673
01/31/20229.88.8Smartbear SoapUI SOAP code injection(3): vulnerability_cvss2_nvd_basescore, advisory_identifier, exploit_price_0dayProof-of-ConceptOfficial Fix0.05CVE-2014-1202
01/31/20224.24.0Apache Hadoop Security Feature improper authentication(3): vulnerability_cvss2_nvd_basescore, advisory_identifier, exploit_price_0dayNot DefinedOfficial Fix0.05CVE-2013-2192
01/31/20224.04.0Almanah cryptographic issues(1): source_nessus_riskNot DefinedNot Defined0.03CVE-2013-1853
01/31/20227.37.3Red Hat Dogtag Certificate System Certificates format string(1): source_nessus_riskNot DefinedNot Defined0.00CVE-2013-1886
01/31/20224.34.3Red Hat Dogtag Certificate System tus cross site scripting(1): source_nessus_riskNot DefinedNot Defined0.02CVE-2013-1885
01/31/20227.37.3Cisco Video Surveillance Operations Manager MySQL Database improper authentication(4): vulnerability_cvss2_nvd_basescore, advisory_identifier, exploit_price_0day, source_sectrackerNot DefinedNot Defined0.03CVE-2014-0674
01/31/20225.35.3Emerson Network Power Avocent Mergepoint Unity 2016 Firmware path traversal(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedNot Defined0.03CVE-2013-6030
01/31/20225.15.1OpenStack Havana access control(1): source_nessus_riskNot DefinedNot Defined0.03CVE-2013-7048
01/31/20227.37.3Live555 Streaming Media parseRTSPRequestString numeric error(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedNot Defined0.03CVE-2013-6934
01/31/20227.37.3Live555 Streaming Media parseRTSPRequestString memory corruption(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedNot Defined0.03CVE-2013-6933
01/31/20226.36.0Springsource Spring Framework Wrapper access control(1): source_nessus_riskNot DefinedOfficial Fix0.03CVE-2013-4152
01/31/202210.010.0Adobe Digital Editions memory corruption(1): source_nessus_riskNot DefinedNot Defined0.03CVE-2014-0494
01/31/20226.35.5Juniper Junos OSPF multiple resources with duplicate identifier(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskUnprovenOfficial Fix0.00CVE-2013-7313
01/31/20224.03.8Novell openSUSE lightdm-gtk-greeter.c lightdm_greeter_get_authentication_user null pointer dereference(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedOfficial Fix0.04CVE-2014-0979
01/31/20225.35.3OpenStack Swift information disclosure(3): advisory_identifier, source_securityfocus, source_nessus_riskNot DefinedNot Defined0.00CVE-2014-0006
01/31/20226.36.0Red Hat CloudForms 3.0 Management Engine cross-site request forgery(4): vulnerability_cvss2_nvd_basescore, advisory_identifier, exploit_price_0day, source_sectrackerNot DefinedOfficial Fix0.04CVE-2013-6443
01/31/20225.95.9Augeas transform.c transform_save access control(1): source_nessus_riskNot DefinedOfficial Fix0.04CVE-2013-6412
01/31/20225.35.0Doug Poulin ommand School Student Management System information disclosure(3): vulnerability_cvss2_nvd_basescore, advisory_identifier, exploit_price_0dayProof-of-ConceptNot Defined0.03CVE-2014-1637
01/31/20227.37.1Doug Poulin ommand School Student Management System admin_school_names.php sql injection(3): vulnerability_cvss2_nvd_basescore, advisory_identifier, exploit_price_0dayHighUnavailable0.03CVE-2014-1636
01/31/20224.34.1e107 CMS content_preset.php cross site scripting(2): vulnerability_cvss2_nvd_basescore, source_nessus_riskNot DefinedOfficial Fix0.00CVE-2013-2750
01/31/20224.34.3Cisco MediaSense Authorization access control(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_sectrackerNot DefinedNot Defined0.03CVE-2014-0672
01/31/20226.56.5Cisco MediaSense input validation(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_sectrackerNot DefinedNot Defined0.04CVE-2014-0671
01/31/20224.34.3Cisco MediaSense cross site scripting(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_sectrackerNot DefinedNot Defined0.03CVE-2014-0670
01/31/20225.35.1Little CMS Color Engine Profiles null pointer dereference(1): source_nessus_riskNot DefinedOfficial Fix0.06CVE-2013-4160
01/31/20225.45.2OpenStack python-keystoneclient access control(1): source_nessus_riskNot DefinedOfficial Fix0.04CVE-2013-2104
01/31/20224.24.0Linux-nfs nfs-utils information disclosure(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedOfficial Fix0.06CVE-2013-1923
01/31/20225.35.1Simon Mcvittie Telepathy Gabble cryptographic issues(1): source_nessus_riskNot DefinedOfficial Fix0.04CVE-2013-1769
01/31/202210.010.0Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software untrusted search path(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedNot Defined0.04CVE-2013-1361
01/31/20229.89.4IBM Java Libraries Remote Code Execution(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedOfficial Fix0.06CVE-2013-0485
01/31/20229.89.4Libexpat XML_SetEntityDeclHandler access control(3): vulnerability_cvss2_nvd_basescore, advisory_confirm_url, exploit_price_0dayNot DefinedOfficial Fix0.05CVE-2013-0340
01/31/20227.37.02Glux Com Sexypolling vote.php sql injection(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_assignedNot DefinedOfficial Fix0.06CVE-2013-7219
01/31/20227.37.0Hornbill Supportworks ITSM sql injection(3): vulnerability_cvss2_nvd_basescore, advisory_identifier, exploit_price_0dayHighOfficial Fix0.04CVE-2013-2594
01/31/20224.34.2HIOX HIOX Guest Book add.php cross site scripting(3): vulnerability_cvss2_nvd_basescore, advisory_identifier, exploit_price_0dayHighUnavailable0.04CVE-2014-1620
01/31/20227.37.3Cubic CMS Login sql injection(3): vulnerability_cvss2_nvd_basescore, advisory_identifier, exploit_price_0dayNot DefinedNot Defined0.05CVE-2014-1619
01/31/20227.37.1UAEPD Shopping Cart Script products.php sql injection(3): vulnerability_cvss2_nvd_basescore, advisory_identifier, exploit_price_0dayHighUnavailable0.04CVE-2014-1618
01/31/20226.35.7O-dyn Collabtive managetimetracker.php sql injection(3): vulnerability_cvss2_nvd_basescore, advisory_identifier, exploit_price_0dayProof-of-ConceptOfficial Fix0.05CVE-2013-6872
01/31/202210.09.4Mw6tech MaxiCode ActiveX control ActiveX Control memory corruption(2): vulnerability_cvss2_nvd_basescore, source_nessus_riskProof-of-ConceptNot Defined0.03CVE-2013-6040

3558 more entries are not shown

Do you know our Splunk app?

Download it now for free!