Archive 05/06/2022

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

F5 BIG-IP16
TOTOLINK A7100RU9
F5 BIG-IP APM7
Tenda AX18065
Piwigo5

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix65
Temporary Fix0
Workaround0
Unavailable0
Not Defined47

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept7
Unproven0
Not Defined105

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤30
≤412
≤513
≤639
≤730
≤810
≤96
≤102

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤412
≤513
≤644
≤729
≤810
≤92
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k15
<2k40
<5k32
<10k11
<25k14
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k52
<2k42
<5k17
<10k1
<25k0
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1992023.73.63CX Phone System Management Console missing encryption$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2022-28005
1992013.53.4Tenda AX1806 fromAdvSetMacMtuWan denial of service$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2022-28973
1992003.53.4Tenda AX1806 form_fast_setting_wifi_set denial of service$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-28972
1991993.53.4Tenda AX1806 GetParentControlInfo denial of service$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2022-28970
1991983.53.4Tenda AX1806 fromSetWifiGusetBasic denial of service$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2022-28969
1991973.53.4Tenda AX1806 fromSetIpMacBind denial of service$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-28971
1991966.36.3Piwigo batch_manager.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-19217
1991956.36.3Piwigo user_perm.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-19216
1991946.36.3Piwigo user_perm.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-19215
1991936.36.3Piwigo cat_move.php move_categories sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-19213
1991926.36.3Piwigo group_list.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-19212
1991914.94.8Netty Incomplete Fix CVE-2021-21290 temp file$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2022-24823
1991906.36.2Johnson Controls Metasys ADS/Metasys ADX/Metasys OAS password recovery$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-21934
1991895.55.5uClibc/uClibc-ng DNS Transaction Privilege Escalation$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2022-30295
1991886.36.3WebKitGTK TextureMapperLayer.cpp setContentsLayer use after free$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-30294
1991876.36.3WebKitGTK TextureMapperLayer.cpp setContentsLayer heap-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-30293
1991866.35.7Trojan-Ransom.LockerGoga wow64log.dll untrusted search path$0-$5k$0-$5kProof-of-ConceptNot Defined0.00
1991856.35.7Ransom.CTBLocker SHFOLDER.DLL untrusted search path$0-$5k$0-$5kProof-of-ConceptNot Defined0.06
1991846.35.7Trojan.Ransom.Cryptowall urlmon.dll untrusted search path$0-$5k$0-$5kProof-of-ConceptNot Defined0.00
1991836.35.7REvil.Ransom urlmon.dll untrusted search path$0-$5k$0-$5kProof-of-ConceptNot Defined0.00
1991826.35.7Trojan-Ransom.Cerber CLDAPI.dll untrusted search path$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.05
1991815.55.4XWiki Platform x509 Certificate risky encryption$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-29161
1991805.45.3Sophos Firewall Webadmin cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-25268
1991794.64.5Sophos Firewall Webadmin cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-25267
1991783.63.5TkVideoplayer Video File resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2022-24902
1991776.56.4Flux/kustomize-controller kustomization.yaml path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2022-24878
1991768.17.9Flux/kustomize-controller kustomization.yaml path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-24877
1991756.36.3Zoho ManageEngine OpManager Default Report sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-29535
1991746.36.2Mozilla Hawk HTTP Authentication resource consumption$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-29167
1991736.76.7matrix-appservice-irc Reply injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-29166
1991725.55.3TOTOLINK A7100RU setWiFiWpsStart command injection$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2022-28584
1991715.55.3TOTOLINK A7100RU setWiFiWpsCfg command injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-28583
1991705.55.3TOTOLINK A7100RU setWiFiSignalCfg command injection$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2022-28582
1991695.55.3TOTOLINK A7100RU setWiFiAdvancedCfg command injection$0-$5k$0-$5kNot DefinedNot Defined0.20CVE-2022-28581
1991685.55.3TOTOLINK A7100RU setL2tpServerCfg command injection$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2022-28580
1991675.55.3TOTOLINK A7100RU setParentalRules command injection$0-$5k$0-$5kNot DefinedNot Defined0.30CVE-2022-28579
1991665.55.3TOTOLINK A7100RU setOpenVpnCfg command injection$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2022-28578
1991655.55.3TOTOLINK A7100RU delParentalRules command injection$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-28577
1991645.55.3TOTOLINK A7100RU setopenvpnclientcfg command injection$0-$5k$0-$5kNot DefinedNot Defined0.20CVE-2022-28575
1991633.53.5Poppler PDF File Hints denial of service$0-$5k$0-$5kNot DefinedNot Defined0.11CVE-2022-27337
1991626.96.8Anker Eufy Homebase libxm_av.so DemuxCmdInBuffer integer overflow$0-$5k$0-$5kNot DefinedNot Defined0.11CVE-2022-26073
1991616.76.6Anker Eufy Homebase DHCP libxm_av.so getpeermac authentication spoofing$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2022-25989
1991605.55.3Tenda TX9 Pro set_route os command injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-29592
1991595.55.5SchedMD Slurm access control$0-$5k$0-$5kNot DefinedNot Defined0.63CVE-2022-29502
1991585.55.4F5 BIG-IP AFM/BIG-IP CGNAT/BIG-IP PEM Configuration Utility cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2022-28716
1991579.89.6QNAP QVR command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-27588
1991566.46.2F5 NGINX Service Mesh Control Plane Endpoint missing authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-27495
1991555.55.3Wenzhou Huoyin BossCMS unrestricted upload$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-28606
1991544.94.8F5 Access information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-27875
1991538.68.5ecdsautils CLI Command ecdsa_verify_list_legacy signature verification$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-24884

62 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!