Updates February 2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Microsoft Internet Explorer119
Apple Mac OS X104
Reolink RLC-410W79
Google Chrome78
Linux Kernel75

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix2576
Temporary Fix0
Workaround6
Unavailable36
Not Defined809

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High138
Functional7
Proof-of-Concept146
Unproven870
Not Defined2266

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤336
≤4454
≤5543
≤61004
≤7639
≤8496
≤9119
≤10136

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤21
≤346
≤4541
≤5761
≤61049
≤7623
≤8220
≤9123
≤1063

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k605
<2k526
<5k705
<10k393
<25k634
<50k227
<100k289
≥100k48

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k2280
<2k424
<5k262
<10k259
<25k199
<50k2
<100k1
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
02/28/20225.55.5C-DATA ONU4FERW File formImportOMCIShell command injection(1): source_cve_nvd_summaryNot DefinedNot Defined0.00CVE-2021-44132
02/28/20224.13.9Huawei AIS-BW80H-00 command injection(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.04CVE-2021-40043
02/28/20223.53.4Huawei Smartphone Wallet App permission(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2021-37103
02/28/20227.37.1Zulip Invitation access control(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.07CVE-2022-21706
02/28/20225.55.0Home Owners Collection Management System view_member.php sql injection(1): source_cve_nvd_summaryProof-of-ConceptNot Defined0.04CVE-2022-25096
02/28/20226.35.7Home Owners Collection Management System SystemSettings.php Privilege Escalation(1): source_cve_nvd_summaryProof-of-ConceptNot Defined0.04CVE-2022-25094
02/28/20224.64.4Huawei Smartphone denial of service(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.04CVE-2021-37027
02/28/20225.95.7karma Query Parameter redirect(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2021-23495
02/28/20223.53.4Huawei Smartphone denial of service(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.08CVE-2021-22489
02/28/20225.55.3Huawei HarmonyOS integer overflow(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.08CVE-2021-22480
02/28/20223.53.4Huawei HarmonyOS information disclosure(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2021-22478
02/28/20225.55.3Huawei Smartphone Privilege Escalation(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2021-22448
02/28/20224.64.4Huawei Smartphone integer overflow(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.00CVE-2021-22437
02/28/20225.55.4Huawei Smartphone out-of-bounds(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2021-22434
02/28/20225.55.3Huawei Smartphone out-of-bounds(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.04CVE-2021-22433
02/28/20225.55.3Huawei Smartphone Isolation out-of-bounds(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.04CVE-2021-22432
02/28/20225.55.3Huawei Smartphone Isolation permission(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2021-22431
02/28/20225.55.3Huawei Smartphone code injection(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.13CVE-2021-22430
02/28/20225.55.3Huawei Smartphone out-of-bounds(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2021-22429
02/28/20225.55.3Huawei Smartphone out-of-bounds(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.00CVE-2021-22426
02/28/20223.53.4Huawei Smartphone code injection(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.02CVE-2021-22395
02/28/20225.55.3Huawei Smartphone Multi-Screen Collaboration buffer overflow(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.02CVE-2021-22394
02/28/20225.55.3Huawei Smartphone integer overflow(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.04CVE-2021-22319
02/28/20224.64.4JetBrains YouTrack Custom Logo permission(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.02CVE-2022-24343
02/28/20224.64.4JetBrains TeamCity User Account user session(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2022-24341
02/28/20225.55.3JetBrains TeamCity Pull Request permission(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.06CVE-2022-24337
02/28/20224.34.1JetBrains TeamCity XML-RPC Request denial of service(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2022-24336
02/28/20224.64.4JetBrains TeamCity XML-RPC race condition(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2022-24335
02/28/20225.55.3JetBrains TeamCity Agent Push Privilege Escalation(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2022-24334
02/28/20224.64.4JetBrains TeamCity XML-RPC Call server-side request forgery(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.04CVE-2022-24333
02/28/20224.94.7JetBrains TeamCity Remember Me Cookie dropped privileges(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.05CVE-2022-24332
02/28/20225.55.3JetBrains TeamCity GitLab Authentication improper authentication(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2022-24331
02/28/20224.94.7JetBrains TeamCity redirect(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.02CVE-2022-24330
02/28/20225.55.3JetBrains Kotlin Gradle Project Privilege Escalation(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.04CVE-2022-24329
02/28/20223.53.4JetBrains Hub denial of service(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.05CVE-2022-24328
02/28/20223.53.4JetBrains Hub API Key permission(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.02CVE-2022-24327
02/28/20227.37.0GE Proficy CIMPLICITY privileges management(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2022-23921
02/28/20225.35.1JetBrains IntelliJ IDEA RLO Local Privilege Escalation(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.06CVE-2022-24346
02/28/20225.35.1JetBrains IntelliJ Project permission(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.05CVE-2022-24345
02/28/20223.53.5TP-LINK TL-WR840N HTTP dm_checkString denial of service(1): source_cve_nvd_summaryNot DefinedNot Defined0.19CVE-2022-25062
02/28/20225.55.5TP-LINK TL-WR840N oal_setIp6DefaultRoute command injection(1): source_cve_nvd_summaryNot DefinedNot Defined0.03CVE-2022-25061
02/28/20225.55.5TP-LINK TL-WR840N oal_startPing command injection(1): source_cve_nvd_summaryNot DefinedNot Defined0.04CVE-2022-25060
02/28/20227.06.9Fatek FvDesigner Project File out-of-bounds write(1): source_cve_nvd_summaryNot DefinedUnavailable0.03CVE-2022-23985
02/28/20225.35.2GE Proficy CIMPLICITY cleartext transmission(1): source_cve_nvd_summaryNot DefinedNot Defined0.08CVE-2022-21798
02/28/20226.06.0Fatek FvDesigner Project File out-of-bounds(1): source_cve_nvd_summaryNot DefinedUnavailable0.03CVE-2022-21209
02/28/20225.55.5Huawei PCManager access control(1): source_cve_nvd_summaryNot DefinedNot Defined0.08CVE-2021-40046
02/28/20226.86.7Gabia Firstmall navercheckout_add input validation(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2021-26617
02/28/20225.75.5Huawei HarmonyOS Kernel denial of service(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2021-22479
02/28/20225.75.5Huawei HarmonyOS Kernel integer overflow(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2021-22441
02/28/20226.36.0Zepl Notebook sandbox(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.04CVE-2021-42952

3377 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!