Updates 05/14/2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Adobe Acrobat Reader57
AMD EPYC6
AMD CPU5
JetBrains TeamCity3
Progress Whatsup Gold3

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix103
Temporary Fix0
Workaround1
Unavailable0
Not Defined24

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept5
Unproven0
Not Defined123

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤32
≤413
≤512
≤642
≤753
≤84
≤92
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤32
≤413
≤512
≤649
≤747
≤84
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k26
<2k21
<5k20
<10k1
<25k26
<50k34
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k55
<2k9
<5k30
<10k1
<25k33
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
18:266.56.2Intel SGX Linux Kernel Driver resource consumption(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.58CVE-2021-33135
18:196.36.1Online Sports Complex Booking System sql injection(1): source_cve_nvd_summaryNot DefinedNot Defined0.58CVE-2022-29985
18:125.35.3F-Secure Safe Browser Address Bar clickjacking(1): source_cve_nvd_summaryNot DefinedNot Defined0.53CVE-2022-28872
18:045.35.3F-Secure Safe Browser Address Bar clickjacking(12): vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, source_cve_cna, vulnerability_cvss3_cna_basescore, vulnerability_cvss3_cna_av, vulnerability_cvss3_cna_ac, vulnerability_cvss3_cna_pr, vulnerability_cvss3_cna_ui, vulnerability_cvss3_cna_s, vulnerability_cvss3_cna_c, vulnerability_cvss3_cna_i, vulnerability_cvss3_cna_aNot DefinedNot Defined0.45CVE-2022-28873
17:485.55.3JerryScript ecma_builtin_typedarray_prototype_filter buffer overflow(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.45CVE-2021-42863
17:405.45.3vim regexp.c vim_regexec_string null pointer dereference(2): advisory_identifier, source_cve_nvd_summaryNot DefinedOfficial Fix0.45CVE-2022-1674
17:336.26.1eventsource information disclosure(2): advisory_identifier, source_cve_nvd_summaryNot DefinedOfficial Fix0.45CVE-2022-1650
17:253.53.4CDR code-server URL cross site scripting(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.53CVE-2021-42648
17:173.53.4Review Board Markdown cross site scripting(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.62CVE-2021-31330
17:093.53.4Skoruba IdentityServer4.Admin cross site scripting(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.67CVE-2021-28290
17:033.63.5JetBrains TeamCity Header cross site scripting(12): vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, source_cve_cna, vulnerability_cvss3_cna_basescore, vulnerability_cvss3_cna_av, vulnerability_cvss3_cna_ac, vulnerability_cvss3_cna_pr, vulnerability_cvss3_cna_ui, vulnerability_cvss3_cna_s, vulnerability_cvss3_cna_c, vulnerability_cvss3_cna_i, vulnerability_cvss3_cna_aNot DefinedOfficial Fix0.45CVE-2022-29929
16:466.46.4XINJE PLC Program Tool Project File path traversal(1): source_cve_nvd_summaryNot DefinedNot Defined0.45CVE-2021-34605
16:397.27.0Palo Alto PAN-OS Configuration Privilege Escalation(1): vulnerability_cweNot DefinedOfficial Fix1.07CVE-2022-0024
16:248.17.9ESET NOD32 Antivirus insufficient permissions or privileges(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.63CVE-2021-37851
16:174.04.0JetBrains TeamCity Build Chain Status Page cross site scripting(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.48CVE-2022-29927
16:106.86.7neorazorx facturascripts URL cross site scripting(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.50CVE-2022-1682
15:526.36.0waimairenCMS sql injection(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.41CVE-2022-30451
15:463.53.5Progress Whatsup Gold API Transaction information disclosure(1): source_cve_nvd_summaryNot DefinedNot Defined0.41CVE-2022-29845
15:405.65.5Adobe Acrobat Reader uncontrolled search path(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.54CVE-2022-28247
15:355.55.3WSO2 API Manager/IS as Key Manager/Identity Server File Based Service Provider Creation xml external entity reference(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.62CVE-2021-42646
15:296.36.0Check Point ZoneAlarm Upgrade privileges management(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.58CVE-2022-23743
15:246.76.6JetBrains Ktor Native SHA1 unknown vulnerability(12): vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, source_cve_cna, vulnerability_cvss3_cna_basescore, vulnerability_cvss3_cna_av, vulnerability_cvss3_cna_ac, vulnerability_cvss3_cna_pr, vulnerability_cvss3_cna_ui, vulnerability_cvss3_cna_s, vulnerability_cvss3_cna_c, vulnerability_cvss3_cna_i, vulnerability_cvss3_cna_aNot DefinedOfficial Fix0.41CVE-2022-29930
15:143.33.2JetBrains TeamCity log file(12): vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, source_cve_cna, vulnerability_cvss3_cna_basescore, vulnerability_cvss3_cna_av, vulnerability_cvss3_cna_ac, vulnerability_cvss3_cna_pr, vulnerability_cvss3_cna_ui, vulnerability_cvss3_cna_s, vulnerability_cvss3_cna_c, vulnerability_cvss3_cna_i, vulnerability_cvss3_cna_aNot DefinedOfficial Fix0.50CVE-2022-29928
15:037.27.1polonel trudesk Profile Image insecure storage of sensitive information(12): vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, source_cve_cna, vulnerability_cvss3_cna_basescore, vulnerability_cvss3_cna_av, vulnerability_cvss3_cna_ac, vulnerability_cvss3_cna_pr, vulnerability_cvss3_cna_ui, vulnerability_cvss3_cna_s, vulnerability_cvss3_cna_c, vulnerability_cvss3_cna_i, vulnerability_cvss3_cna_aNot DefinedOfficial Fix0.40CVE-2022-1044
15:005.95.8requarks wiki authentication bypass(12): vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, source_cve_cna, vulnerability_cvss3_cna_basescore, vulnerability_cvss3_cna_av, vulnerability_cvss3_cna_ac, vulnerability_cvss3_cna_pr, vulnerability_cvss3_cna_ui, vulnerability_cvss3_cna_s, vulnerability_cvss3_cna_c, vulnerability_cvss3_cna_i, vulnerability_cvss3_cna_aNot DefinedOfficial Fix0.45CVE-2022-1681
14:556.36.0Linux Kernel seccomp PTRACE_SEIZE permission(2): advisory_identifier, source_cve_nvd_summaryNot DefinedOfficial Fix0.49CVE-2022-30594
14:525.35.2Apache Tomcat EncryptInterceptor resource consumption(1): source_cve_nvd_summaryNot DefinedWorkaround0.92CVE-2022-29885
14:513.53.5ZTE ZXCDN URL cross site scripting(1): source_cve_nvd_summaryNot DefinedNot Defined0.45CVE-2022-23137
14:475.25.2Fortinet FortiOS/FortiProxy HTTP cross site scripting(1): source_cve_nvd_summaryNot DefinedNot Defined0.50CVE-2021-43081
14:435.55.3LiteSpeed QUIC lsquic_qenc_hdl.c Privilege Escalation(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.41CVE-2022-30592
14:434.34.1Foxit PDF Reader/PDF Editor Javascript type confusion(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.48CVE-2022-30557
14:406.35.7MicroStrategy Enterprise Manager pathname traversal(1): source_cve_nvd_summaryProof-of-ConceptNot Defined0.44CVE-2022-29596
14:384.34.3Progress Whatsup Gold API Transaction information disclosure(1): source_cve_nvd_summaryNot DefinedNot Defined0.37CVE-2022-29847
14:344.34.3Progress Whatsup Gold information disclosure(1): source_cve_nvd_summaryNot DefinedNot Defined0.35CVE-2022-29846
14:324.84.7Adobe Acrobat Reader Annotation Object use after free(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.21CVE-2022-28269
14:296.36.1Acrobat design PDF unknown vulnerability(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.34CVE-2022-28244
14:247.06.9Adobe Acrobat Reader out-of-bounds read(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.20CVE-2022-28243
14:207.06.9Adobe Acrobat Reader out-of-bounds read(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.36CVE-2022-28241
14:177.06.9Adobe Acrobat Reader out-of-bounds read(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.31CVE-2022-28239
14:147.06.9Adobe Acrobat Reader Doc Object out-of-bounds read(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.20CVE-2022-28231
14:104.64.6Yubico YubiKey OTP access control(1): source_cve_nvd_summaryNot DefinedNot Defined0.26CVE-2022-24584
14:065.75.5TRENDnet TI-PG1284i lldp null pointer dereference(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.27CVE-2021-33317
14:005.55.3TRENDnet TI-PG1284i lldp memcpy integer underflow(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.40CVE-2021-33316
13:545.55.3TRENDnet TI-PG1284i lldp memcpy integer underflow(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.36CVE-2021-33315
13:492.62.5AMD EPYC channel accessible(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.37CVE-2021-46744
13:445.75.5QEMU HD Audio Device memory corruption(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.33CVE-2021-3611
13:394.34.1Check Point Gaia Portal Security Management GUI Client os command injection(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.51CVE-2021-30361
13:275.75.5AMD CPU BIOS denial of service(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.40CVE-2021-26388
13:205.75.5AMD CPU System Management Unit denial of service(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.40CVE-2021-26378
13:145.75.5AMD CPU System Management Unit denial of service(1): source_cve_nvd_summaryNot DefinedOfficial Fix0.29CVE-2021-26375

78 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!