Updates 11/24/2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

ImageMagick21
Apple iTunes19
TigerVNC5
Linux Kernel3
Snoopy3

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix69
Temporary Fix0
Workaround2
Unavailable0
Not Defined12

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High2
Functional0
Proof-of-Concept7
Unproven0
Not Defined74

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤30
≤45
≤52
≤629
≤713
≤820
≤97
≤107

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤45
≤58
≤624
≤715
≤818
≤99
≤104

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k6
<2k40
<5k9
<10k6
<25k22
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k76
<2k2
<5k4
<10k0
<25k1
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTIEPSSCVE
01:48 PM6.76.7Huawei HiSuite Software Package Download input validation(3): vulnerability_cvss2_nvd_basescore, advisory_identifier, exploit_price_0dayNot DefinedNot Defined0.050.00885CVE-2016-8273
01:42 PM4.34.3Huawei HiSuite Password information disclosure(3): vulnerability_cvss2_nvd_basescore, advisory_identifier, exploit_price_0dayNot DefinedNot Defined0.040.00885CVE-2016-8272
01:36 PM5.35.2Huawei eSpace IAD information disclosure(3): vulnerability_cvss2_nvd_basescore, advisory_identifier, exploit_price_0dayNot DefinedWorkaround0.070.00885CVE-2016-8271
01:30 PM5.45.4Huawei OceanStor 5800 Network File System integer overflow(3): vulnerability_cvss2_nvd_basescore, advisory_identifier, exploit_price_0dayNot DefinedNot Defined0.110.00885CVE-2016-6177
01:25 PM6.96.7Huawei S5700/S6700/S7700/S9700/S12700/ACU2 AAA access control(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, advisory_identifier, exploit_price_0dayNot DefinedOfficial Fix0.110.00885CVE-2016-2404
01:19 PM7.57.3Huawei ACXXXX/SXXXX SSH Packet input validation(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, advisory_identifier, exploit_price_0dayNot DefinedOfficial Fix0.140.01055CVE-2014-8572
01:13 PM7.57.4Huawei Campus access control(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, advisory_identifier, exploit_price_0dayNot DefinedOfficial Fix0.250.00885CVE-2014-4707
01:07 PM7.57.3Huawei Quidway resource management(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, advisory_identifier, exploit_price_0dayNot DefinedOfficial Fix0.320.00885CVE-2014-3224
01:00 PM7.57.3Huawei S2300/S3300/S5300/S6300/S9300 Y.1731 data processing(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, advisory_identifier, exploit_price_0dayNot DefinedOfficial Fix0.400.00885CVE-2014-3223
12:52 PM5.95.8Huawei Eudemon8000E Telnet/SSH resource management(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, advisory_identifier, exploit_price_0dayNot DefinedWorkaround0.360.00885CVE-2014-3221
12:45 PM3.93.7Splunk JSON Username information disclosure(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, exploit_price_0day, source_cve_nvd_summaryProof-of-ConceptOfficial Fix0.510.10418CVE-2017-5607
12:38 PM6.46.3TigerVNC CConnection.cxx CConnection resource management(1): advisory_identifierNot DefinedOfficial Fix0.360.01018CVE-2017-7396
12:22 PM5.45.2TigerVNC SMsgReader.cxx readClientCutText) integer overflow(5): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, advisory_identifier, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.470.00950CVE-2017-7395
12:16 PM6.46.1TigerVNC SSecurityPlain.cxx processMsg) input validation(1): advisory_identifierNot DefinedOfficial Fix0.430.01018CVE-2017-7394
12:01 PM7.57.2TigerVNC VNCSConnectionST.cxx fence) double free(1): advisory_identifierNot DefinedOfficial Fix0.400.02260CVE-2017-7393
11:45 AM6.46.1TigerVNC SSecurityVeNCrypt.cxx SSecurityVeNCrypt) resource management(1): advisory_identifierNot DefinedOfficial Fix0.540.01018CVE-2017-7392
11:31 AM5.25.0magmi ajax_gettime.php cross site scripting(5): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, advisory_identifier, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.550.27452CVE-2017-7391
11:23 AM5.25.0SocialNetwork pw_forgot.php cross site scripting(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, advisory_identifier, exploit_price_0dayNot DefinedNot Defined0.510.00885CVE-2017-7390
11:15 AM5.25.0openeclass webconf.php cross site scripting(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, advisory_identifier, exploit_price_0dayNot DefinedNot Defined0.510.00885CVE-2017-7389
11:07 AM5.25.0WallacePOS resetpassword.php cross site scripting(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, advisory_identifier, exploit_price_0dayNot DefinedNot Defined0.650.00885CVE-2017-7388
11:01 AM6.56.4Linux Kernel use after free(1): advisory_identifierNot DefinedOfficial Fix0.610.01669CVE-2017-7374
10:49 AM6.96.8LabVIEW 2016 VI File LvVarientUnflatten memory corruption(14): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, exploit_price_0day, source_cve_cna, vulnerability_cvss3_cna_basescore, vulnerability_cvss3_cna_av, vulnerability_cvss3_cna_ac, vulnerability_cvss3_cna_pr, vulnerability_cvss3_cna_ui, vulnerability_cvss3_cna_s, vulnerability_cvss3_cna_c, vulnerability_cvss3_cna_i, vulnerability_cvss3_cna_aNot DefinedOfficial Fix0.580.04967CVE-2017-2775
10:43 AM6.36.3Intel Security Anti-Virus Engine Local Security Protection access control(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_sectrackerNot DefinedNot Defined0.510.00890CVE-2016-8032
10:37 AM6.46.2illumos smbsrv null pointer dereference(5): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, advisory_identifier, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.540.01018CVE-2016-6561
10:31 AM7.27.0illumos osnet-incorporation Comparison bzero input validation(5): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, advisory_identifier, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.550.00954CVE-2016-6560
10:25 AM5.25.1Nagios cross site scripting(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, advisory_identifier, exploit_price_0dayNot DefinedOfficial Fix0.540.00885CVE-2016-6209
10:19 AM5.95.9Hak5 WiFi Pineapple CSRF Token Prediction access control(3): vulnerability_cvss2_nvd_basescore, advisory_identifier, exploit_price_0dayHighNot Defined0.620.76263CVE-2015-4624
10:13 AM6.56.4util-linux Blkid blkid.c command injection(5): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, advisory_identifier, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.510.01916CVE-2014-9114
10:07 AM8.58.4Snoopy exec command injection(5): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, advisory_identifier, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.440.03779CVE-2014-5009
10:03 AM9.89.6Snoopy exec command injection(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, advisory_identifier, exploit_price_0dayNot DefinedOfficial Fix0.400.02172CVE-2014-5008
10:01 AM9.89.6Snoopy _httpsrequest command injection(1): source_xforceNot DefinedOfficial Fix0.400.03779CVE-2008-7313
09:57 AM3.63.5MantisBT Configuration Report Page adm_config_report.php cross site scripting(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, exploit_price_0day, source_sectrackerNot DefinedOfficial Fix0.400.01132CVE-2017-7309
09:52 AM3.63.5MantisBT move_attachments_page.php cross site scripting(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, exploit_price_0day, source_sectrackerNot DefinedOfficial Fix0.510.01132CVE-2017-7241
09:48 AM3.63.5MantisBT Configuration Report Page adm_config_report.php cross site scripting(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, exploit_price_0day, source_sectrackerNot DefinedOfficial Fix0.470.01132CVE-2017-6973
09:47 AM5.55.5Linux Kernel KEYS Subsystem keyring.c keyring_search_iterator null pointer dereference(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, advisory_identifier, exploit_price_0dayNot DefinedOfficial Fix0.470.01282CVE-2017-2647
09:44 AM9.89.6ImageMagick Error 7pk error(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.400.01213CVE-2014-9826
09:40 AM7.57.4ImageMagick PSD File memory corruption(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.450.01213CVE-2014-9825
09:37 AM7.57.4ImageMagick PSD File memory corruption(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.510.01213CVE-2014-9824
09:33 AM7.57.4ImageMagick palm File memory corruption(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.400.01213CVE-2014-9823
09:30 AM7.57.4ImageMagick quantum File memory corruption(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.360.01213CVE-2014-9822
09:26 AM7.57.4ImageMagick XPM File memory corruption(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.510.01213CVE-2014-9821
09:22 AM7.57.4ImageMagick PNM File memory corruption(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.450.01213CVE-2014-9820
09:20 AM7.57.4ImageMagick palm File memory corruption(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.440.01213CVE-2014-9819
09:17 AM5.45.3ImageMagick sun File out-of-bounds(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.380.01213CVE-2014-9818
09:16 AM7.57.4ImageMagick pdb File memory corruption(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.510.01213CVE-2014-9817
09:12 AM5.45.3ImageMagick viff File out-of-bounds(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.540.01213CVE-2014-9816
09:08 AM5.45.3ImageMagick wpg File input validation(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.510.01213CVE-2014-9815
09:07 AM5.45.3ImageMagick wpg File null pointer dereference(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.540.01213CVE-2014-9814
09:03 AM5.45.3ImageMagick viff File input validation(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.310.01213CVE-2014-9813
08:59 AM5.45.3ImageMagick PS File null pointer dereference(4): vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_meta_tempscore, exploit_price_0day, countermeasure_patch_urlNot DefinedOfficial Fix0.380.01213CVE-2014-9812

33 more entries are not shown

Do you know our Splunk app?

Download it now for free!