Archive September 2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Google TensorFlow59
Microsoft Windows47
Qualcomm Snapdragon Mobile42
Qualcomm Snapdragon Connectivity41
Qualcomm Snapdragon Auto37

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix982
Temporary Fix0
Workaround7
Unavailable0
Not Defined955

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High4
Functional0
Proof-of-Concept42
Unproven59
Not Defined1839

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤24
≤354
≤4326
≤5307
≤6502
≤7486
≤8140
≤9106
≤1019

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤26
≤356
≤4341
≤5293
≤6604
≤7422
≤8149
≤957
≤1016

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k468
<2k542
<5k497
<10k180
<25k164
<50k49
<100k42
≥100k2

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k919
<2k606
<5k231
<10k110
<25k76
<50k2
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

PublishedBaseTempVulnerability0dayTodayExpRemCTICVE
09/26/20226.36.1Zoo Management System Events Module unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined2.14-CVE-2022-40925
09/26/20226.36.1Zoo Management System Animals Module unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined1.47-CVE-2022-40924
09/26/20226.36.0Restricted Site Access Plugin HTTP Header authorization$0-$5k$0-$5kNot DefinedOfficial Fix1.63-CVE-2022-1613
09/26/20225.35.2ikus060 rdiffweb allocation of resources$0-$5k$0-$5kNot DefinedOfficial Fix2.06-CVE-2022-3295
09/26/20224.34.2Bitcoin Altcoin Faucet Plugin Setting cross site scripting$0-$5k$0-$5kNot DefinedNot Defined1.55-CVE-2022-3025
09/26/20223.53.4Simple Bitcoin Faucets Plugin AJAX Action cross site scripting$0-$5k$0-$5kNot DefinedNot Defined1.11-CVE-2022-3024
09/26/20222.42.4SEO Smart Links Plugin Setting cross site scripting$0-$5k$0-$5kNot DefinedNot Defined1.27-CVE-2022-3135
09/26/20226.36.0OAuth Client Single Sign On Plugin Setting improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix1.55-CVE-2022-3119
09/26/20224.34.2Login Block IPs Plugin Setting cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined1.23-CVE-2022-3098
09/26/20222.42.3Slider Hero Plugin Slider Name cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix1.19-CVE-2022-3074
09/26/20222.42.3Generate PDF Plugin Setting cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix1.31-CVE-2022-3070
09/26/20222.42.3WordLift Plugin Setting cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix1.19-CVE-2022-3069
09/26/20223.53.4Simple File List Plugin cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix1.27-CVE-2022-3062
09/26/20224.34.1Active Directory Integration Plugin Setting cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix1.46-CVE-2022-2987
09/26/20224.34.2WP Popup Builder Plugin AJAX Action cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined1.42-CVE-2022-2405
09/26/20223.53.4WP Popup Builder Plugin cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix1.39-CVE-2022-2404
09/26/20223.53.4SVG Support Plugin URL cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix1.50-CVE-2022-1755
09/26/20222.72.6Download Manager Plugin Setting path traversal$0-$5k$0-$5kNot DefinedOfficial Fix1.27-CVE-2022-2926
09/26/20224.34.1Email Log Plugin server-side request forgery$0-$5k$0-$5kNot DefinedOfficial Fix1.38-CVE-2022-2352
09/26/20226.36.1Online Leave Management System sql injection$0-$5k$0-$5kNot DefinedNot Defined1.46-CVE-2022-40928
09/26/20226.36.1Online Leave Management System sql injection$0-$5k$0-$5kNot DefinedNot Defined1.46-CVE-2022-40927
09/26/20226.36.1Online Leave Management System sql injection$0-$5k$0-$5kNot DefinedNot Defined2.17-CVE-2022-40926
09/26/20225.55.3Wedding Planner select.php sql injection$0-$5k$0-$5kNot DefinedNot Defined2.33-CVE-2022-40404
09/26/20225.55.3Wedding Planner feature_edit.php sql injection$0-$5k$0-$5kNot DefinedNot Defined2.17-CVE-2022-40403
09/26/20225.55.3Wedding Planner client_assign.php sql injection$0-$5k$0-$5kNot DefinedNot Defined2.25-CVE-2022-40402
09/26/20224.34.1Scripts Organizer Plugin AJAX Action saveScript cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix2.14-CVE-2021-24890
09/26/20224.74.5Creative Minds CM Download Manager Plugin Setting unrestricted upload$0-$5k$0-$5kNot DefinedOfficial Fix2.21-CVE-2022-3076
09/26/20225.55.3Ninja Forms Contact Form Plugin Imported File deserialization$0-$5k$0-$5kNot DefinedOfficial Fix2.14-CVE-2022-2903
09/26/20223.53.2Academy Learning Management System cross site scripting$0-$5k$0-$5kProof-of-ConceptOfficial Fix3.53-CVE-2022-38553
09/26/20224.34.2ikus060 rdiffweb Cleanup cleanup$0-$5k$0-$5kNot DefinedOfficial Fix2.29-CVE-2022-3301
09/26/20226.36.3ieGeek IG20 hipcam RealServer iLnkP2P access control$0-$5k$0-$5kNot DefinedNot Defined2.57-CVE-2022-38970
09/26/20222.62.4Contec FXA3200 Wireless LAN Manager Interface shadow hard-coded password$0-$5k$0-$5kProof-of-ConceptNot Defined2.41-CVE-2022-36159
09/26/20228.88.0Contec FXA3200 Wireless LAN Manager Interface mnt_cmd.cgi permission$0-$5k$0-$5kProof-of-ConceptNot Defined4.52-CVE-2022-36158
09/26/20227.37.1joblib Parallel Remote Code Execution$0-$5k$0-$5kNot DefinedOfficial Fix2.69-CVE-2022-21797
09/26/20225.85.7express-xss-sanitizer cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix2.96-CVE-2022-21169
09/26/20227.36.4Backdoor.Win32.Psychward.b Service Port 8888 hard-coded credentials$0-$5k$0-$5kProof-of-ConceptWorkaround3.73-
09/26/20226.35.6Backdoor.Win32.Augudor.b Service Port 810 backdoor$0-$5k$0-$5kProof-of-ConceptWorkaround2.89-
09/26/20227.06.9vim use after free$0-$5k$0-$5kNot DefinedOfficial Fix3.16-CVE-2022-3297
09/26/20227.06.9vim stack-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix3.08-CVE-2022-3296
09/26/20228.88.8Synacor Zimbra Collaboration Suite Nginx permission$0-$5k$0-$5kNot DefinedNot Defined5.43-CVE-2022-41347
09/26/20225.55.5Synacor Zimbra Collaboration Suite amavisd public unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined4.04-CVE-2022-41352
09/26/20226.36.0Dompdf Font Registration FontMetrics.php registerFont file inclusion$0-$5k$0-$5kNot DefinedOfficial Fix3.32-CVE-2022-41343
09/25/20227.36.4Backdoor.Win32.Bingle.b Service Port 22 hard-coded password$0-$5k$0-$5kProof-of-ConceptWorkaround0.91
09/25/20223.53.4secp256k1-js ECDSA Signature signature verification$0-$5k$0-$5kNot DefinedOfficial Fix1.07CVE-2022-41340
09/24/20224.34.1Host Engineering H0-ECOM100 Communications Module stack-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.71CVE-2022-3228
09/24/20222.92.9Medtronic MiniMed 620G protection mechanism$0-$5k$0-$5kNot DefinedWorkaround0.71CVE-2022-32537
09/24/20225.35.2Nepxion Discovery URL getForEntity server-side request forgery$0-$5k$0-$5kNot DefinedNot Defined0.59CVE-2022-23464
09/24/20227.37.1Nepxion Discovery SpEL unknown vulnerability$0-$5k$0-$5kNot DefinedNot Defined0.59CVE-2022-23463
09/24/20224.34.1Rocket.Chat Mobile App PIN improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.79CVE-2022-30124
09/24/20224.84.6Jodit Editor cross site scripting$0-$5k$0-$5kProof-of-ConceptNot Defined0.99CVE-2022-23461

1894 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!