May 18, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-28348 Arm Bifrost Gpu Kernel Driver Use-After-Free

  • CVSS 9.8

New critical Arm Bifrost Gpu Kernel Driver Use-After-Free (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-28349 Arm Bifrost Gpu Kernel Driver Use-After-Free

  • CVSS 9.8

New critical Arm Bifrost Gpu Kernel Driver Use-After-Free (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-28350 Arm Valhall Gpu Kernel Driver Use-After-Free

  • CVSS 9.8

New critical Arm Valhall Gpu Kernel Driver Use-After-Free (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-1795 CVSS 9.8

Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.

CVE-2022-28348 CVSS 9.8

Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r...

CVE-2022-28349 CVSS 9.8

Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r17p0 through r23p0 before r24p0, and...

CVE-2022-28350 CVSS 9.8

Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation.

CVE-2022-29516 CVSS 9.8

The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100, 3200, 3500), IPCOM EX2 SC(1100, 3200, 3500)...

CVE-2022-29644 CVSS 9.8

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet servi...

CVE-2022-29645 CVSS 9.8

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in t...

CVE-2022-30105 CVSS 9.8

In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device,...

CVE-2022-30599 CVSS 9.8

A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.

CVE-2022-30600 CVSS 9.8

A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.

View critical disclosures

cvelogic Threat Intelligence