Archive 09/02/2022

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Qualcomm Snapdragon Auto23
Qualcomm Snapdragon Mobile21
Qualcomm Snapdragon Connectivity20
Qualcomm Snapdragon Compute16
Qualcomm Snapdragon Industrial IOT16

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix78
Temporary Fix0
Workaround0
Unavailable0
Not Defined43

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept1
Unproven0
Not Defined120

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤30
≤41
≤531
≤617
≤727
≤837
≤95
≤103

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤41
≤531
≤619
≤726
≤837
≤94
≤103

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k31
<2k18
<5k19
<10k25
<25k27
<50k1
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k55
<2k23
<5k31
<10k11
<25k1
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
2078327.87.6SFTPGo Two-factor Authentication improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-36071
2078317.67.5PublicCMS ueditor server-side request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-27693
2078306.56.4Dell Command Update/Update/Alienware Update Custom Catalog Configuration access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2022-34382
2078294.44.4Dell EMC PowerScale OneFS path traversal$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2022-34378
2078287.27.2Dell EMC PowerScale OneFS cleartext transmission$5k-$25k$0-$5kNot DefinedNot Defined0.04CVE-2022-34371
2078276.76.6jgraph drawio access control$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-3065
2078267.77.6Modsecurity owasp-modsecurity-crs WAF Protection sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-22669
2078256.26.2Dell EMC PowerScale OneFS log file$5k-$25k$0-$5kNot DefinedNot Defined0.04CVE-2022-34369
2078248.28.1Qualcomm Snapdragon Auto Multimedia memory corruption$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2022-25680
2078237.87.7Qualcomm Snapdragon Auto ASF Clip memory corruption$5k-$25k$5k-$25kNot DefinedOfficial Fix0.03CVE-2022-25668
2078227.87.7Qualcomm Snapdragon Auto MKV Clip Parser memory corruption$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2022-25659
2078217.87.7Qualcomm Snapdragon Auto Video Parser memory corruption$5k-$25k$5k-$25kNot DefinedOfficial Fix0.03CVE-2022-25658
2078207.87.7Qualcomm Snapdragon Auto MKV Clip memory corruption$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2022-25657
2078198.07.9Qualcomm Snapdragon Auto Multimedia memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-22106
2078188.07.9Qualcomm Snapdragon Auto Multimedia memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-22104
2078178.07.9Qualcomm Snapdragon Auto Multimedia memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-22102
2078167.87.5Qualcomm Snapdragon Auto Multimedia memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2022-22100
2078158.07.9Qualcomm Snapdragon Auto Array Index memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-22099
2078148.07.9Qualcomm Snapdragon Auto Multimedia Driver memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-22098
2078138.07.9Qualcomm Snapdragon Consumer IOT Graphic Driver use after free$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-22097
2078129.89.6Qualcomm Snapdragon Connectivity/Snapdragon Mobile Bluetooth Host stack-based overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.03CVE-2022-22096
2078118.07.9Qualcomm Snapdragon Auto PCM Routing Process memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-22080
2078107.87.6Qualcomm Snapdragon Auto APR Routing Table memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-22070
2078097.87.7Qualcomm Snapdragon Auto RPMB cryptographic issues$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-22069
2078087.67.5Qualcomm Snapdragon Auto NSA RRC Reconfiguration memory leak$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-22067
2078077.67.6Qualcomm Snapdragon Auto Server Certificate Parser out-of-bounds$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-22062
2078067.87.6Qualcomm Snapdragon Compute Device ID Verification out-of-bounds write$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-22061
2078058.07.9Qualcomm Snapdragon Auto Video File Parser out-of-bounds$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-22059
2078045.75.7Qualcomm Snapdragon Auto RSA Key Import null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-35135
2078038.17.9Qualcomm Snapdragon Connectivity ELF Header memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-35134
2078026.76.5Qualcomm Snapdragon Connectivity Synx Driver use after free$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-35133
2078018.07.9Qualcomm Snapdragon Auto DSP Service out-of-bounds write$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-35132
2078008.38.2Qualcomm Snapdragon Auto IO Space xPUs permission$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-35122
2077997.06.9Qualcomm Snapdragon Auto signature verification$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-35113
2077986.86.6Qualcomm Snapdragon Connectivity/Snapdragon Mobile APP-S input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-35109
2077975.55.5Qualcomm Snapdragon Auto signature verification$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-35097
2077966.16.0Qualcomm Snapdragon Auto HAB Message resource consumption$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-22101
2077956.86.6Qualcomm Snapdragon Connectivity/Snapdragon Mobile AP-S Lock Bit permission$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-35108
2077944.84.8Discourse Email Address resource consumption$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-37458
2077936.96.8Binary UnmarshalWithDecoder memory allocation$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-36078
2077925.65.6wolfSSL Client infinite loop$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-44718
2077916.96.8NodeBB SSO cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-36076
2077904.14.1Miniblog.Core edit cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-37679
2077894.14.1BlogEngine posts cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2022-36600
2077884.24.2MediaWiki Community Configuration Pages denial of service$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2022-39194
2077874.94.8Apache Airflow umask race condition$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2022-38170
2077868.08.0Apache Airflow Webserver Session Backend session fixiation$5k-$25k$5k-$25kNot DefinedNot Defined0.03CVE-2022-38054
2077856.96.9Apache OFBiz Ecommerce Plugin special elements used in a template engine$5k-$25k$5k-$25kNot DefinedNot Defined0.03CVE-2022-25813
2077844.44.4SourceCodester Garage Management System brand.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-36637
2077837.67.5Apache OFBiz Solr Plugin deserialization$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-29063

71 more entries are not shown

Do you want to use VulDB in your project?

Use the official API to access entries easily!