On May 3, more than 826 new vulnerabilities were added to NVD (in just one day). Picture from the CVE.icu service, which visualizes NVD changes. There is also a list of these vulnerabilities. Most of them, 709, were added by ZDI. Why would they do that? 🤔
Last November I had a post (in Russian) that a number of trending vulnerabilities that were reported by ZDI are displayed in NVD as “CVE ID Not Found”. So, it seems the geniuses from Trend Micro ZDI finally noticed that their CVEs do not reach NVD and decided to fix this with such a massive import of problematic CVEs. 🤷♂️ At the same time, they clearly demonstrated the scale of the disaster. 🙂
Well, better late than never. But now it will be interesting to calculate the delay between the appearance of ZDI-CAN identifier and NVD CVE. 😏 For example, for RCE – WinRAR CVE-2023-40477, exploited in phishing attacks, it is 260 days. 🤠
PS: the final number for May 3rd is 847 CVE, but this is not that important.
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.