Get Started Now

Get Started with a Free account on our PRIOn Knowledge Base

A Year in Review 2022: 100 vulnerabilities you should prioritize

In this blog post we will walk you through the most notable, detected and widely exploited vulnerabilities of 2022

In this article we present the analysis of one hundred (100) vulnerabilities that you should keep an eye on and prioritize them according to your environment. We used PRIOn Knowledge Base for our research. PRIOn Knowledge Base (PRIOn KB) is an online SaaS platform that enables the triaging of publicly disclosed vulnerabilities from the Common Vulnerability Exposure (CVE) program. The main purpose of the PRIOn KB platform is to assist users to analyze, validate and prioritize vulnerabilities. The scope of this research was to identify, classify and analyze vulnerabilities from the previous year (2022) with the following characteristics:
  • Vulnerabilities that were zero-day (detected and disclosed to the public)
  • Vulnerabilities that can be found in the CISA Known Exploited Vulnerabilities (KEV) catalog (CVE-2022-*)
  • Vulnerabilities that were (are) exploited in the wild

Disclosed vulnerabilities distribution by vendors

During our research we found thirty five (35) vendors/products affected by vulnerabilities with the aforementioned characteristics. The following graph shows that ~23% of the total disclosed vulnerabilities were reported in Microsoft products. The two closest ones were reported in Google and Apple products with ~9% each.

Disclosed vulnerabilities over months

On this graph we can see the disclosed vulnerabilities per month. The most busy months for vulnerabilities seem to be March, April, August and September.

Vulnerability Types

The following graph shows the types of the vulnerabilities under examination. PRIOn core engine extracts the vulnerability types from the CVE description using NLP predictive models. We identified that 33% of the vulnerability types were predicted as Privilege Escalation (~17%) and Remote Code Execution (~16%) respectively.

Additionally, many vulnerabilities can be categorized as memory corruption vulnerabilities (superset), such as Buffer/Heap Overflows, Use Afrer Free, Type confusion etc. In Blackhat (2010) conference a research paper/presentation Memory Corruption Attacks The (almost) Complete History by Thinkst Applied Research, was presented. At that time, memory corruption vulnerabilities monopolized the headlines in the security research community for the past 2 decades, now it’s almost 3 and a half decades. It’s a strong indication that this kind of vulnerabilities, a.k.a memory corruption, will exist for a long time. Other remaining vulnerabilities can be categorized as design or logic flaws including Authentication Bypass, Default Installation etc. Identifying the vulnerability type is very useful in terms of prioritization as not all vulnerability types are equal.

Exploitability

The lowest hanging fruit is exploitability. PRIOn data shows that public exploits (free or paid) can be found, at least, for the half of the vulnerabilities under examination.

During the enrichment and analysis of the vulnerabilities under examination we gathered information about exploit code. The following graph shows the total number of exploits by source.

The above graph shows that security researchers are doing their best to disclose exploits to the public. The above graph shows that ~67% of the total exploits were found in various Github repositories and Rapid7 Metasploit® respectively. The exposure of exploitation code to the public could be very helpful for the overall security community, as security researchers are in the position to study various exploitation methods and on top of that to build detection/prevention mechanisms. On the other hand, threat actors, with different motivations, have access to malicious code that it can be exploited to attack infrastructure, applications etc.

Addressing vulnerabilities with existing exploit code, either free or paid, should be a high priority for immediate remediation actions. It is very useful to embed this intelligence in your vulnerability management program as you are able to prioritize identified vulnerabilities in a more granular way.

Cyber Threat Intelligence

During our research, we identified that 33% of the total vulnerabilities (100) have been weaponized by threat actors and have been used in hacking activities against various countries and industries. With this kind of information, organizations are able to develop a sense about threat actor groups/vulnerabilities which are relevant to their industries.

The following table contains a list of the affected vendors, the CVE IDs, the threat actors, the potential victim countries and the potentially affected industries.

Vendor
CVE ID
Threat Actors
Victim Countries
Industries
Microsoft
APT37 (North Korea)
China, Czech, Hong Kong, India, Japan, Kuwait, Nepal, Poland, Romania, Russia, South Korea, UK, USA, Vietnam
Aerospace, Automotive, Chemical, Financial, Government, Healthcare, High-Tech, Manufacturing, Technology, Transportation
Microsoft
N/A
Worldwide
Vertical
NA
Worldwide
Vertical
Microsoft
Unit 26165 (Russia), SVR (Russia), TA413 (China), APT28 (Russia), UAC-0098 (Russia)
APEC, Afghanistan, Armenia, Australia, Azerbaijan, Belarus, Belgium, Brazil, Bulgaria, Canada, Chechnya, Chile, China, Croatia, Cyprus, Czech, Denmark, Europe, France, Georgia, Germany, Hungary, India, Iran, Iraq, Ireland, Israel, Italy, Japan, Jordan, Kazakhstan, Kyrgyzstan, Latvia, Lebanon, Lithuania, Luxembourg, Malaysia, Mexico, Mongolia, Montenegro, NATO, Netherlands, New Zealand, Norway, OSCE, Pakistan, Palau, Poland, Portugal, Romania, Russia, Singapore, Slovakia, Slovenia, South Africa, South Korea ,Spain, Sweden, Switzerland, Tajikistan, Thailand, Tibet, Turkey, UAE, UK, USA, Uganda, Ukraine, Uzbekistan
Aerospace, Automotive, Aviation, Chemical, Construction, Defense, Education, Embassies, Energy, Engineering, European humanitarian, Financial, Government, Healthcare, IT, Industrial, Intelligence organizations, Law enforcement, Media, NGOs, Non-profit organizations, Oil & gas, Pharmaceutical, Telecommunications, Think Tanks, Transportation
Atlassian
Argentina, Asia, Europe, Germany, Hong Kong, Iran, Israel, Japan, Kyrgyzstan, Netherlands, Poland, South Africa, USA, Ukraine, Uzbekistan
Aerospace, Blockchain technology companies, Branding and marketing, Critical Infrastructure, Cybersecurity, Defense, Diamond industry, Education, Embassies, Engineering, Financial services, Information Technology, Insurance, Law, Manufacturing, Media, National and local governments, Political entities, Retail, Social services, Telecommunication
Microsoft
Tropical Scorpius
Australia, Canada, Colombia, Italy, India, Kuwait, Poland, Taiwan, UAE, USA
Manufacturing, Legal Services, Financial, Construction, Technology, Retail, Real Estate, Government, Transportation, Energy, Education, Healthcare
Microsoft
KNOTWEED
Europe, Central America
Vertical
Fortinet
APT5 (China)
Europe, Africa, Southeast Asia
Defense, High-Tech, Industrial, Technology, Telecommunication, Government Managed Services
Mite
Lorenz
China, Mexico, USA
Enterprises
Citrix
APT5 (China)
Southeast Asia
Defense, High-Tech, Industrial, Technology, Telecommunication
Zimbra
N/A
Worldwide
Verical
VMWare
Donot Team (Russia), Mustang Panda (Russia), Winnti (Russia), TA419 (Russia), Sandworm (Russia), Sednit (Russia), Gamaredon (Russia), InvisiMole (Russia), Turla (Russia), Buhtrap (Russia)
Worldwide
Vertical
Google Chrome
Candiru
Middle East, Lebanon
Journalists
Sophos
TA413 (China), DriftingCloud (China)
Tibet, Europe, WorldWide
Religious, Vertical
Zimbra
N/A
Central Asia
Vertical
Zimbra
N/A
Worldwide
Vertical
Zimbra
N/A
Worldwide
Vertical
RARLAB
N/A
Worldwide
Vertical
Apache
N/A
Worldwide
Vertical
VMWare
Various
Worldwide
Multiple large organizations
VMWare
Killnet (Russia)
Czech Republic, Ukraine, NATO
Airports, Government
F5
Various (China)
USA
Information Technology, Telecommunications, Defense Industrial Base, Critical Infrastructure
Microsoft
BlueSky
Worldwide
Verical
Zyxel
Europe, North America, South America, Asia Pacific
Enterprises, Consumer Services
WSO2
N/A (China)
Worldwide
Vertical
DLink
N/A
Worldwide
Vertical
DOTCMS
H0lyGh0st
Worldwide
Schools, Banks, Mid-Sized Businesses
DLink
N/A
Worldwide
Vertical
Watchguard
Sandworm
Azerbaijan, Belarus, France, Georgia, Iran, Israel, Kazakhstan, Kyrgyzstan, Lithuania, Poland, Russia, Ukraine
Education, Energy, Government, Telecommunications
Spring Cloud
N/A
Worldwide
Vertical
Spring Cloud
N/A
Worldwide
Vertical
Debian (Redis)
N/A
Worldwide
Vertical
Zimbra
N/A
Worldwide
Vertical

Taxonomies

PRIOn ML predictive models map certain cyber security taxonomies, such as MITRE taxonomies, with CVEs. Under the following sections, we present our analysis for MITRE CAPEC™ and MITRE ATT&CK®. Both taxonomies describe threat actor behaviors. CAPEC™ describes the exploitation of a software vulnerability and provides information on how to secure a software vulnerability. On the other hand, MITRE ATT&CK® describes the behavior of adversaries TTPs in different attack stages with focus on how to mitigate and detect those behaviors. Attack patterns provided by CAPEC™ can be a part of MITRE ATT&CK® techniques or sub-techniques. Both taxonomies can assist defenders with the prioritization of the identified vulnerabilities in their environment.

Common Attack Pattern Enumerations and Classifications (CAPEC™)

PRIOn ML predictive models map CVEs to relevant CAPEC known attack patterns. A CAPEC attack pattern is a description, in an abstract way, of a common software exploitation method, for instance Code Injection or SQL Injection. The following graph shows that the 70% of the identified known attack patterns predicted as Code Injection (CAPEC-242), Privilege Escalation (CAPEC-233) and OS Command Injection (CAPEC-88) respectively.

MITRE ATT&CK®

PRIOn ML predictive models map CVEs to relevant techniques from the MITRE ATT&CK® matrix. The following graph shows all the techniques that were mapped, automatically, during this research. The 50% of the total count of MITRE ATT&CK® techniques were predicted and mapped as  T1203-Exploitation for client execution, T1068-Exploitation for privilege escalation and T1210-Exploitation for remote services respectively.
By linking and mapping MITRE ATT&CK® techniques to CVEs, PRIOn engine provides risk insights to defenders. The defender can understand in which attack stage (e.g. cyber kill chain) the adversary may use the vulnerability and plan accordingly. Information can be used to: deploy and test defense control capabilities for prevention purposes, create threat hunting scenarios for daily threat hunting activities, enrich internal threat intelligence and knowledge base or to simulate adversary exercises. Finally, defenders can group techniques (by tactics) to prioritize vulnerabilities relevant to their environment.
Reconnaissance
Resource Development
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Collection
Command and Control
Exfiltration
Impact
T1589 - Gather Victim Identity Information
T1608 - Stage Capabilities
T1190-Exploit Public Facing Application

T1133-External Remote Services
T1203-Exploitation for Client Execution

T1059-Command & Scripting Interpreter

T1204.001-Malicious Link
T1133-External Remote Services
T1068-Exploitation for Privilege Escalation
T1497-Virtualization/Sandbox Evasion

T1221-Template Injection

T1036-Masquarading

T1027.006-HTML Smuggling
T1552-Unsecured Credentials
T1083-File and Directory Discovery

T1497-Virtualization/Sandbox Evasion
T1210-Exploitation for Remote Services
T1499-Endpoint Denial of Serices

Vulnerable Products

In the following sections we describe the vulnerabilities per vendor/product. Each table contains the following information:
  • Vendor/Product
  • CVE ID
  • Disclosed Month
  • Vulnerability Type
  • PRIOn Score
    • Score (Number, color)
    • Tooltip Indicators (Zero Day, Exploits, Exploited in the wild, CTI)
The following pie chart shows the PRIOn Classification Recommendation for the vulnerabilities under examination. More than 70% of the total vulnerabilities could be classified as Patched Immediately, more than 20% could be classified as Must be Patched and less than 7% could be classified as Should be Patched.

Microsoft Product

The following table shows the vulnerabilities affecting Microsoft products.

Product
CVE ID
Disclosed Month
Vulnerability Type
PRIOn Score
Windows (Microsoft Windows Support Diagnostic Tool (MSDT))
May
Remote Code Execution
98  
  • Zero Day
  • Exploits
  • Exploited in the wild
  • CTI
  • Windows (Win32k.sys driver)
    January
    Privilege Escalation
    98  
  • Zero Day
  • Exploits
  • Exploited in the wild
  • CTI
  • Windows (Windows Scripting Languages (JScript9))
    November
    Remote Code Execution
    94  
  • Zero Day
  • Exploited in the wild
  • CTI
  • Microsoft Exchange Server
    September
    Remote Code Execution
    94  
  • Zero Day
  • Exploits
  • Exploited in the wild
  • CTI
  • Microsoft Exchange Server
    September
    Remote Code Execution
    94  
  • Zero Day
  • Exploits
  • Exploited in the wild
  • CTI
  • Windows (Windows Common Log File System Driver)
    April
    Privilege Escalation
    94  
  • Zero Day
  • Exploited in the wild
  • CTI
  • Windows (Windows CSRSS)
    July
    Privilege Escalation
    94  
  • Zero Day
  • Exploited in the wild
  • CTI
  • Windows (Windows CNG Key Isolation Service)
    November
    Privilege Escalation
    86  
  • Zero Day
  • Exploited in the wild
  • Windows (Windows COM+ Event System Service)
    October
    Privilege Escalation
    86  
  • Zero Day
  • Exploited in the wild
  • Windows (Windows LSA Spoofing)
    May
    Spoofing
    86  
  • Zero Day
  • Exploited in the wild
  • Windows (Windows Common Log File System Driver)
    September
    Privilege Escalation
    86  
  • Zero Day
  • Exploits
  • Exploited in the wild
  • Microsoft Exchange Server
    January
    Privilege Escalation
    86  
  • Exploits
  • Exploited in the wild
  • Windows (Active Directory Domain Services)
    August
    Privilege Escalation
    86  
  • Exploits
  • Exploited in the wild
  • Windows (Windows Print Spooler)
    April
    Privilege Escalation
    86  
  • Exploits
  • Exploited in the wild
  • Windows (Windows Print Spooler)
    March
    Privilege Escalation
    86  
  • Exploits
  • Exploited in the wild
  • Windows (Windows Runtime)
    August
    Privilege Escalation
    86  
  • Exploits
  • Exploited in the wild
  • Windows (Windows SmartScreen )
    December
    Security Feature Bypass
    85  
  • Zero Day
  • Exploited in the wild
  • Windows (Mark of the Web)
    November
    Security Feature Bypass
    85  
  • Zero Day
  • Exploited in the wild
  • Windows (Mark of the Web)
    November
    Security Feature Bypass
    85  
  • Zero Day
  • Exploited in the wild
  • Windows (Windows Print Spooler)
    November
    Privilege Escalation
    84  
  • Zero Day
  • Exploited in the wild
  • Windows (Windows User Profile Service)
    April
    Privilege Escalation
    84  
  • Exploits
  • Exploited in the wild
  • Windows (Windows Support Diagnostic Tool (MSDT))
    August
    Remote Code Execution
    71  
  • Exploited in the wild
  • Windows (Windows User Profile Service)
    April
    Privilege Escalation
    71  
  • Exploited in the wild
  • Google Products

    The following table shows the vulnerabilities affecting Google products.

    Product
    CVE ID
    Disclosed Month
    Vulnerability Type
    PRIOn Score
    Chrome (WebRTC)
    August
    Heap Overflow
    94  
  • Zero Day
  • Exploits
  • Exploited in the wild
  • CTI
  • Chrome (Mojo)
    September
    Input Validation
    88  
  • Zero Day
  • Exploited in the wild
  • Chrome (V8 JavaScript engine )
    December
    Type Confusion
    86  
  • Zero Day
  • Exploited in the wild
  • Chrome (V8)
    October
    Type Confusion
    86  
  • Zero Day
  • Exploited in the wild
  • Chrome (V8 Turbofan)
    May
    Type Confusion
    86  
  • Zero Day
  • Exploited in the wild
  • Chrome (V8)
    March
    Type Confusion
    86  
  • Zero Day
  • Exploits
  • Exploited in the wild
  • Chrome (Animation)
    February
    Use After Free
    86  
  • Zero Day
  • Exploited in the wild
  • Chrome (Intents)
    August
    Input Validation
    85  
  • Zero Day
  • Exploited in the wild
  • Chrome (GPU)
    November
    Heap Overflow
    84  
  • Zero Day
  • Expoits
  • Exploited in the wild
  • Apple Products

    The following table shows the vulnerabilities affecting Apple products.

    Product
    CVE ID
    DIsclosed Month
    Vulnerability Type
    PRIOn Score
    Safari/tvOS/macOS/iPadOS/iOS
    December
    Type Confusion
    86  
  • Zero Day
  • Exploited in the wild
  • iOS/iPadOS
    October
    Out Of Bounds
    86  
  • Zero Day
  • Exploited in the wild
  • MacOS/iOS/iPadOS
    September
    Remote Code Execution
    86  
  • Zero Day
  • Exploited in the wild
  • iOS/iPadOS/MacOS
    August
    Out Of Bounds
    86  
  • Zero Day
  • Exploited in the wild
  • IOS/iPadOS/MacOS/Safari
    August
    Out Of Bounds
    86  
  • Zero Day
  • Exploited in the wild
  • tvOS/watchOS/macOS/iOS/iPadOS
    March
    Out Of Bounds
    86  
  • Zero Day
  • Exploited in the wild
  • MacOS/iOS/iPadOS/Safari
    February
    Use After Free
    86  
  • Exploits
  • Exploited in the wild
  • MacOS
    April
    Out Of Bounds
    85  
  • Zero Day
  • Exploited in the wild
  • IOS/iPadOS/MacOS
    January
    Memory Corruption
    75  
  • Exploited in the wild
  • Cisco Products

    The following table shows the vulnerabilities affecting CISCO products.

    Product
    CVE ID
    Disclosed Month
    Vulnerability Type
    PRIOn Score
    Small Business
    March
    Buffer Overflow
    88  
  • Exploits
  • Exploited in the wild
  • IOS XR Software
    May
    Input Validation
    85  
  • Zero Day
  • Exploited in the wild
  • Small Business
    March
    Buffer Overflow
    75  
  • Exploited in the wild
  • Small Business
    March
    Buffer Overflow
    75  
  • Exploited in the wild
  • Small Business
    March
    Buffer Overflow
    75  
  • Exploited in the wild
  • Small Business
    March
    Buffer Overflow
    75  
  • Exploited in the wild
  • Zimbra Products

    The following table shows the vulnerabilities affecting Zimbra products.

    Product
    CVE ID
    Disclosed Month
    Vulenrability Type
    PRIOn Score
    Collaboration
    August
    Directory Traversal
    96  
  • Exploits
  • Exploited in the wild
  • CTI
  • Collaboration
    October
    Unrestricted File Upload
    95  
  • Exploits
  • Exploited in the wild
  • CTI
  • Collaboration
    August
    Unrestricted File Upload
    95  
  • Exploits
  • Exploited in the wild
  • CTI
  • Collaboration
    February
    Cross Site Scripting
    94  
  • Zero Day
  • Exploited in the wild
  • CTI
  • Collaboration
    August
    Command Injection
    80  
  • Exploited in the wild
  • CTI
  • VMware Products

    The following table shows the vulnerabilities affecting VMWare products.

    Product
    CVE ID
    Disclosed Month
    Vulnerability Type
    PRIOn Score
    Workspace ONE Access/Identity Manager
    April
    Remote Code Execution
    96  
  • Exploits
  • Exploited in the wild
  • CTI
  • Spring WebFlux
    April
    Remote Code Execution
    95  
  • Zero-Day
  • Exploits
  • Exploited in the wild
  • CTI
  • Spring Cloud
    August
    Remote Code Execution
    95  
  • Explots
  • Exploited in the wild
  • CTI
  • Spring Cloud Gateway
    May
    Remote Code Execution
    Workspace ONE Access/Identity Manager/vRealize Automation
    April
    Privilege Escalation
    94  
  • Exploits
  • Exploited in the wild
  • <CTI
  • Atlassian Products

    The following table shows the vulnerabilities affecting Atlassian products.

    Product
    CVE ID
    Disclosed Month
    Vulnerability Type
    PRIOn Score
    Confluence/Data Center
    May
    Remote Code Execution
    95  
  • Zero-Day
  • Exploits
  • Exploited in the wild
  • CTI
  • Questions For Confluence
    July
    Hardcoded Credentials
    88  
  • Exploits
  • Exploited in the wild
  • BitBucket
    September
    Command Injection
    86  
  • Exploits
  • Exploited in the wild
  • Remaining Vendors/Products

    The following table shows the vulnerabilities of the remaining affected vendors products.

    Vendor
    Product
    CVE ID
    Disclosed Month
    Vulnerability Type
    PRIOn Score
    Fortinet
    SSL-VPN
    December
    Heap Overflow
    99  
  • Zero Day
  • Exploits
  • Exploited in the wikd
  • CTI
  • F5
    BigIP
    May
    Authentication
    99  
  • Exploits
  • Exploited in the wild
  • CTI
  • Zyxel
    USG Flex
    May
    Command Injection
    99  
  • Exploits
  • Exploited in the wild
  • CTI
  • Apache
    APISIX
    August
    Authentication
    96  
  • Exploits
  • Exploited in the wild
  • CTI
  • dotCMS
    dotcms
    August
    Directory Traversal
    96  
  • Exploits
  • Exploited in the wild
  • CTI
  • Mitel
    Mivoice Connect
    June
    Input Validation
    95  
  • Zero Day
  • Exploited in the wild
  • CTI
  • Citrix
    Gateway, ADC
    December
    Remote Code Execution
    95  
  • Zero Day
  • Exploited in the wild
  • CTI
  • Sophos
    Firewall
    Authentication
    95  
  • Zero Day
  • Exploits
  • Exploited in the wild
  • CTI
  • RARLAB
    Unrar
    August
    Directory Traversal
    95  
  • Zero Day
  • Exploited in the wild
  • CTI
  • WSO2
    API manager/Enterprise
    April
    Unrestricted File Upload
    95  
  • Exploits
  • Exploited in the wild
  • CTI
  • Debian
    Redis
    March
    Sandbox Bypass
    93  
  • Exploits
  • Exploited in the wild
  • CTI
  • CWP
    WebPanel
    January
    Command Injection
    92  
  • Exploits
  • Exploited in the wild
  • Fortinet
    FortiOS, FortiProxy, FortiSwitchManager
    October
    Authentication
    89  
  • Exploits
  • Exploited in the wild
  • QNAP
    Photo Station
    September
    Externally Controlled Reference
    88  
  • Zero Day
  • Exploited in the wild
  • TrendMicro
    Apex Central
    March
    Unrestricted File Upload
    88  
  • Zero Day
  • Exploited in the wild
  • Sophos
    User Portal/Webadmin
    September
    Code Injection
    88  
  • Zero Day
  • Exploits
  • Exploited in the wild
  • Mozilla
    Firefox
    March
    Use After Free
    88  
  • Zero Day
  • Exploited in the wild
  • Adobe
    Magento Commerce
    February
    Input Validation
    88  
  • Zero Day
  • Exploits
  • Exploited in the wild
  • Zoho
    ManageEngine
    Remote Code Execution
    88  
  • Exploits
  • Exploited in the wild
  • Veeam
    Backup & Replication
    December
    Improper Access Control
    88  
  • Exploits
  • Exploited in the wild
  • Veeam
    Backup & Replication
    December
    Remote Code Execution
    88  
  • Exploits
  • Exploited in the wild
  • Watchguard
    Fireware
    March
    Authentication
    88  
  • Exploits
  • Exploited in the wild
  • Apache
    CouchDB
    August
    Default Installation
    88  
  • Exploits
  • Exploited in the wild
  • SAP
    NetWeaver, ABAP, Dispatcher, Content
    August
    Request Smuggling
    88  
  • Exploits
  • Exploited in the wild
  • Zoho
    Manage Engine
    January
    Remote Code Execution
    87  
  • Exploits
  • Exploited in the wild
  • TrendMicro
    Apex One
    September
    Input Validation
    86  
  • Zero Day
  • Exploited in the wild
  • Mozilla
    FIrefox
    March
    Use After Free
    86  
  • Zero Day
  • Exploited in the wild
  • Linux
    Flags
    April
    Privilege Escalation
    86  
  • Exploits
  • Exploited in the wild
  • Shift Tech Inc.
    Bingo!CMS
    October
    Authentication
    83  
  • Zero Day
  • D-Link
    DIR816L Firmware
    September
    Remote Code Execution
    82  
  • Exploited in the wild
  • CTI
  • D-Link
    DIR-820L Firmware
    September
    Command Injection
    82  
  • Exploited in the wild
  • CTI
  • WatchGuard
    Firewall
    April
    Privilege Escalation
    78  
  • Exploited in the wild
  • CTI
  • Mitel
    MiCollab
    Improper Access Control
    75  
  • Exploited in the wild
  • WordPress
    BackupBuddy
    September
    Authorization
    73  
  • Zero Day
  • Palo Alto Networks
    PanOS, Prisma, Cloud NGFW
    August
    Denial of Service
    71  
  • Exploited in the wild
  • Wordpress
    WPGateway
    September
    Authorization
    71  
  • Zero Day
  • Linux Kernel
    Flags
    N/A
    Double Free
    69  
  • Exploited in the wild
  • Zabbix
    Frontend
    February
    Improper Access Control
    68  
  • Exploited in the wild
  • Owl Labs
    Meeting Owl
    June
    Hardcoded Credentials
    66  
  • Exploited in the wild
  • Conclusion

    In this blog we presented our security research and analysis of one hundred (100) vulnerabilities for the year 2022. Our analysis was done via the PRIOn Knowledge Base platform. It is clear that security researchers are doing their best to provide information to the public related to vulnerabilities (zero day or known exploited) exploited in the wild. PRIOn Knowledge Base, collects, enriches and analyses publicly disclosed vulnerabilities from the CVE program. It provides actionable data to cyber security practitioners to ensure that the most severe and dangerous vulnerabilities are prioritized. Each vulnerability is assigned a risk score according to its unique characteristics. If you have any questions/comments/suggestions/corrections regarding our analysis, feel free to contact us.

    © 2022-2023 PRIOn