Updates April 2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Microsoft Windows120
Google Android76
Google Chrome65
Oracle Communications Cloud Native Core Policy32
Cisco IOS XE32

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix2345
Temporary Fix1
Workaround12
Unavailable8
Not Defined1228

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High47
Functional4
Proof-of-Concept253
Unproven250
Not Defined3040

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤22
≤360
≤4418
≤5573
≤6781
≤7829
≤8593
≤9191
≤10147

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤22
≤365
≤4458
≤5605
≤6989
≤7775
≤8441
≤9144
≤10115

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k710
<2k672
<5k859
<10k376
<25k587
<50k138
<100k164
≥100k88

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k2057
<2k521
<5k540
<10k221
<25k207
<50k47
<100k1
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
04/30/20226.36.0Google Chrome SwiftShader use after free(1): source_cve_assignedNot DefinedOfficial Fix0.02CVE-2022-1478
04/30/20226.36.0Google Chrome Vulkan use after free(1): source_cve_assignedNot DefinedOfficial Fix0.13CVE-2022-1477
04/30/20225.45.3Snipe-IT access control(2): advisory_identifier, source_cve_nvd_summaryNot DefinedOfficial Fix0.02CVE-2022-1511
04/30/20227.06.9Elcomplus SmartPTT Request improper authorization(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.00CVE-2021-43939
04/30/20228.58.4Elcomplus SmartPTT Upload Request unrestricted upload(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2021-43934
04/30/20226.26.2Elcomplus SmartPTT Dashboard/Main Page cross site scripting(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.04CVE-2021-43932
04/30/20223.83.7Elcomplus SmartPTT Download Request path traversal(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.26CVE-2021-43930
04/30/20225.55.3Encode httpx input validation(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.00CVE-2021-41945
04/30/20225.95.8Shopware cross-site request forgery(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.00CVE-2022-24879
04/30/20226.36.0Navigate CMS Feed feed_parser server-side request forgery(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.00CVE-2022-28117
04/30/20225.55.4Shopware Password Reset Token password recovery(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.00CVE-2022-24892
04/30/20224.84.7Shopware Storefront cross site scripting(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2022-24873
04/30/20225.25.1Shea Bunge Footer Text Plugin cross-site request forgery(1): source_cve_nvd_summaryNot DefinedNot Defined0.04CVE-2022-27860
04/30/20225.25.1Rav Messer Ravpage Plugin cross site scripting(1): source_cve_nvd_summaryNot DefinedNot Defined0.04CVE-2022-29415
04/30/20226.06.0neorazorx facturascripts ZIP Format cross site scripting(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.04CVE-2022-1514
04/30/20224.34.1Mahara cross-site request forgery(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.09CVE-2022-28892
04/30/20223.53.4Mahara Cascading Style Sheet cross site scripting(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2022-29584
04/30/20223.53.4Mahara Group information disclosure(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2022-29585
04/30/20226.36.3Turtlapp Turtle Note meta Tag injection(1): source_cve_nvd_summaryNot DefinedNot Defined0.06CVE-2022-28101
04/30/20225.45.4Zoom On-Premise Meeting Connector Controller information disclosure(1): source_cve_nvd_summaryNot DefinedNot Defined0.02CVE-2022-22783
04/30/20226.26.1Zoom Client for Meetings Update Remote Code Execution(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.05CVE-2022-22781
04/30/20224.54.4Hermit Plugin cross-site request forgery(1): source_cve_nvd_summaryNot DefinedNot Defined0.03CVE-2022-29413
04/30/20224.84.8Hermit Plugin cross-site request forgery(1): source_cve_nvd_summaryNot DefinedNot Defined0.03CVE-2022-29412
04/30/20227.87.7Hermit Plugin sql injection(1): source_cve_nvd_summaryNot DefinedNot Defined0.06CVE-2022-29411
04/30/20226.86.7Hermit Plugin sql injection(1): source_cve_nvd_summaryNot DefinedNot Defined0.03CVE-2022-29410
04/30/20223.53.5PHP MySQL Admin Panel Generator edit-db.php cross site scripting(1): source_cve_nvd_summaryNot DefinedNot Defined0.02CVE-2022-28102
04/30/20225.45.3IBM InfoSphere Information Server information disclosure(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.02CVE-2022-22441
04/30/20224.44.4IBM InfoSphere Information Server Web UI cross site scripting(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2022-22443
04/30/20224.74.6IBM InfoSphere Information Server Web UI cross site scripting(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.02CVE-2022-22427
04/30/20224.44.4IBM InfoSphere Information Server Web UI cross site scripting(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.02CVE-2022-22322
04/30/20224.44.4IBM InfoSphere Information Server Web UI cross site scripting(12): vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, source_cve_cna, vulnerability_cvss3_cna_basescore, vulnerability_cvss3_cna_av, vulnerability_cvss3_cna_ac, vulnerability_cvss3_cna_pr, vulnerability_cvss3_cna_ui, vulnerability_cvss3_cna_s, vulnerability_cvss3_cna_c, vulnerability_cvss3_cna_i, vulnerability_cvss3_cna_aNot DefinedOfficial Fix0.00CVE-2021-38952
04/30/20224.64.6DSCMS Adv.php denial of service(1): source_cve_nvd_summaryNot DefinedNot Defined0.03CVE-2022-28114
04/30/20228.48.2Zoom Client for Meetings Installer Repair access control(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.05CVE-2022-22782
04/30/20223.53.4Ericom PowerTerm WebConnect Login Portal cross site scripting(1): source_cve_nvd_summaryNot DefinedNot Defined0.05CVE-2022-29152
04/30/20226.56.4Lexmark Device Firmware Update access control(2): advisory_url, source_cve_nvd_summaryNot DefinedWorkaround0.05CVE-2022-24935
04/30/20225.55.5novel-plus unrestricted upload(2): advisory_identifier, source_cve_nvd_summaryNot DefinedNot Defined0.03CVE-2021-41921
04/30/20228.88.4NoMachine access control(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.08CVE-2021-33436
04/30/20223.73.6JetBrains IntelliJ IDEA Error Message cross site scripting(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.16CVE-2022-29817
04/30/20224.24.2JetBrains Hub Project Icon cross site scripting(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.02CVE-2022-29811
04/30/20223.33.2JetBrains PyCharm Debugger Port access control(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.06CVE-2022-29820
04/30/20223.93.8JetBrains IntelliJ IDEA origin validation(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2022-29818
04/30/20224.24.1JetBrains IntelliJ IDEA IDE Message injection(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.05CVE-2022-29816
04/30/20222.02.0JetBrains IntelliJ IDEA Notification encoding error(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2022-29812
04/30/20225.35.3JetBrains Rider ReSharper Quick Documentation code injection(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.13CVE-2022-29821
04/30/20225.45.3JetBrains IntelliJ IDEA Quick Documentation code injection(12): vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, source_cve_cna, vulnerability_cvss3_cna_basescore, vulnerability_cvss3_cna_av, vulnerability_cvss3_cna_ac, vulnerability_cvss3_cna_pr, vulnerability_cvss3_cna_ui, vulnerability_cvss3_cna_s, vulnerability_cvss3_cna_c, vulnerability_cvss3_cna_i, vulnerability_cvss3_cna_aNot DefinedOfficial Fix0.03CVE-2022-29819
04/30/20225.45.3JetBrains IntelliJ IDEA Workspace Setting code injection(12): vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, source_cve_cna, vulnerability_cvss3_cna_basescore, vulnerability_cvss3_cna_av, vulnerability_cvss3_cna_ac, vulnerability_cvss3_cna_pr, vulnerability_cvss3_cna_ui, vulnerability_cvss3_cna_s, vulnerability_cvss3_cna_c, vulnerability_cvss3_cna_i, vulnerability_cvss3_cna_aNot DefinedOfficial Fix0.00CVE-2022-29815
04/30/20225.35.3JetBrains IntelliJ IDEA JSON Schema code injection(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2022-29814
04/30/20226.16.0JetBrains IntelliJ IDEA Pandoc Path code injection(12): vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, source_cve_cna, vulnerability_cvss3_cna_basescore, vulnerability_cvss3_cna_av, vulnerability_cvss3_cna_ac, vulnerability_cvss3_cna_pr, vulnerability_cvss3_cna_ui, vulnerability_cvss3_cna_s, vulnerability_cvss3_cna_c, vulnerability_cvss3_cna_i, vulnerability_cvss3_cna_aNot DefinedOfficial Fix0.04CVE-2022-29813
04/30/20228.17.9hestiacp sed injection(2): advisory_identifier, source_cve_nvd_summaryNot DefinedOfficial Fix0.03CVE-2022-1509
04/30/20227.37.0Hammock AssetView Configuration File improper authentication(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.04CVE-2022-28719

3544 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!