Archive 07/02/2022

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

GitLab Enterprise Edition14
TOTOLINK T610
MariaDB10
Tenda M38
GitLab Community Edition8

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix38
Temporary Fix0
Workaround0
Unavailable0
Not Defined40

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept9
Unproven0
Not Defined69

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤30
≤42
≤510
≤619
≤730
≤812
≤93
≤102

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤42
≤511
≤618
≤730
≤813
≤92
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k11
<2k19
<5k45
<10k2
<25k1
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k40
<2k33
<5k5
<10k0
<25k0
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
2031646.56.4Zoho ManageEngine ServiceDesk Plus MSP web.xml path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-32551
2031638.08.0NVIDIA DGX A100 BiosCfgTool memory corruption$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2022-28200
2031626.56.4TOTOLINK T6 FUN_0041621c stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-32053
2031616.56.4TOTOLINK T6 FUN_004137a4 stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2022-32052
2031606.56.4TOTOLINK T6 FUN_004133c4 stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-32051
2031596.56.4TOTOLINK T6 FUN_0041af40 stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2022-32050
2031586.56.4TOTOLINK T6 FUN_00418540 stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-32049
2031576.56.4TOTOLINK T6 FUN_0041cc88 stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-32048
2031566.56.4TOTOLINK T6 FUN_00412ef4 stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-32047
2031556.56.4TOTOLINK T6 FUN_0041880c stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-32046
2031546.56.4TOTOLINK T6 FUN_00413be4 stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-32045
2031536.56.4TOTOLINK T6 FUN_00413f80 stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-32044
2031526.56.4Tenda M3 formSetAccessCodeInfo stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2022-32043
2031516.56.4Tenda M3 formGetPassengerAnalyseData stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2022-32041
2031506.56.4Tenda M3 formSetCfm stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-32040
2031496.56.4Tenda M3 fromDhcpListClient stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-32039
2031486.56.4Tenda M3 formSetAPCfg stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-32037
2031476.56.4Tenda M3 formSetStoreWeb stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2022-32036
2031466.56.4Tenda M3 formMasterMng stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-32035
2031456.56.4Tenda M3 formdelMasteraclist stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-32034
2031446.56.4Tenda AX1806 formSetVirtualSer stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2022-32033
2031437.67.5Tenda AX1806 formAddMacfilterRule stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2022-32032
2031426.56.4Tenda AX1806 Parameter fromSetRouteStatic stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-32031
2031416.56.4Tenda AX1806 Parameter formSetQosBand stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-32030
2031403.73.7GitLab Autocomplete information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-0167
2031393.53.5GitLab Enterprise Edition Group Milestone information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2022-2281
2031384.44.3GitLab Conan Package permission$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-2270
2031378.78.6GitLab Project Import permission assignment$0-$5k$0-$5kNot DefinedOfficial Fix0.35CVE-2022-2185
2031364.24.1GitLab Community Edition/Enterprise Edition REST API access control$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-1999
2031355.25.1GitLab Enterprise Edition Deploy improper authorization$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2022-1983
2031345.35.2GitLab Enterprise Edition Group Setting access control$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2022-1981
2031335.75.7link-preview-js server-side request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-25876
2031326.36.3HongCMS edit Privilege Escalation$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-32412
2031316.36.3HongCMS Languages Config File Privilege Escalation$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-32411
2031305.95.8GitLab Enterprise Edition ZenTao Link cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-2235
2031295.15.1GitLab Community Edition/Enterprise Edition cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2022-2230
2031288.48.3git-clone command injection$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2022-25900
2031277.57.4jsrsasign signature verification$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2022-25898
2031265.15.0passport Session session fixiation$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-25896
2031256.06.0scss-tokenizer Regular Expression loadAnnotation incorrect regex$0-$5k$0-$5kNot DefinedNot Defined0.27CVE-2022-25758
2031244.64.6GitLab Community Edition/Enterprise Edition Response Header incorrect regex$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2022-1954
2031234.54.5Distributed Data Systems WebHMI cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.77CVE-2022-2254
2031225.75.6GitLab Community Edition/Enterprise Edition redirect$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2022-2250
2031215.35.2GitLab Community Edition/Enterprise Edition Error Tracking improper authorization$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-2244
2031204.54.5GitLab Enterprise Edition Non-linked Sentry Project access control$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2022-2243
2031196.46.3GitLab Community Edition/Enterprise Edition Private Project improper authorization$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-2229
2031185.25.1GitLab Enterprise Edition Group access control$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2022-2228
2031174.34.2GitLab Community Edition/Enterprise Edition Rrunner Jobs API access control$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-2227
2031168.18.0Distributed Data Systems WebHMI os command injection$0-$5k$0-$5kNot DefinedNot Defined0.76CVE-2022-2253
2031154.44.4Aerogear cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2014-3650

28 more entries are not shown

Do you know our Splunk app?

Download it now for free!