Archive 09/23/2022

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

OTFCC18
Tenda AC157
Tenda AC186
Tenda W20E4
Apache Pulsar4

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix30
Temporary Fix0
Workaround0
Unavailable0
Not Defined90

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept2
Unproven0
Not Defined118

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤21
≤33
≤418
≤515
≤651
≤724
≤84
≤94
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤21
≤34
≤417
≤516
≤653
≤721
≤85
≤93
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k43
<2k20
<5k45
<10k4
<25k8
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k62
<2k38
<5k10
<10k6
<25k4
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
2094388.88.8UI Desktop access control$0-$5k$0-$5kNot DefinedNot Defined0.77CVE-2022-35257
2094376.46.2U-Boot DFU heap-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.14CVE-2022-2347
2094365.55.3Tenda AC15/AC18 fromDhcpListClient stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.14CVE-2022-40869
2094355.55.3Tenda W20E formDelDhcpRule stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.19CVE-2022-40868
2094345.55.3Tenda W20E formIPMacBindDel stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.14CVE-2022-40867
2094335.55.3Tenda W20E formSetDebugCfg stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.14CVE-2022-40866
2094325.55.3Tenda AC15/AC18 setSchedWifi heap-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.10CVE-2022-40865
2094315.55.3Tenda AC15/AC18 PowerSaveSet setSmartPowerManagement stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.10CVE-2022-40864
2094305.55.3Tenda AC15/AC18 NatStaticSetting fromNatStaticSetting stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.10CVE-2022-40862
2094295.55.3Tenda AC18 formSetQosBand stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.11CVE-2022-40861
2094285.55.3Tenda AC15 SetNetControlList formSetQosBand stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.10CVE-2022-40860
2094275.55.3Tenda AC18 fast_setting_wifi_set stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.11CVE-2022-40854
2094265.55.3Tenda AC15 fast_setting_wifi_set stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.12CVE-2022-40853
2094255.55.3Tenda AC15 fromAddressNat stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.12CVE-2022-40851
2094243.53.4Hyperledger Fabric resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.13CVE-2022-35253
2094233.73.4cURL Cookie denial of service$0-$5k$0-$5kProof-of-ConceptNot Defined0.78CVE-2022-35252
2094225.55.5ZTE ZXvSTB access control$0-$5k$0-$5kNot DefinedNot Defined0.19CVE-2022-23144
2094215.55.3HashiCorp Consul/Consul Enterprise SAN URI access control$0-$5k$0-$5kNot DefinedOfficial Fix0.20CVE-2022-40716
2094203.13.0Mattermost GIF File resource consumption$0-$5k$0-$5kNot DefinedNot Defined0.10CVE-2022-3257
2094195.55.5Ivanti Endpoint Manager Client LANDesk Management Agent Privilege Escalation$0-$5k$0-$5kNot DefinedNot Defined0.93CVE-2022-30121
2094188.58.5Sophos Firewall User Portal/Webadmin code injection$0-$5k$0-$5kNot DefinedNot Defined10.00CVE-2022-3236
2094176.36.0Facebook WhatsApp Video File integer underflow$5k-$25k$5k-$25kNot DefinedOfficial Fix3.41CVE-2022-27492
2094166.36.1Tenda W20E POST Request formSetPortMapping stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.15CVE-2022-40855
2094153.63.6CPO Shortcodes Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.10CVE-2022-40672
2094144.34.2WP Rating System Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.10CVE-2022-40671
2094133.83.7GS Plugins GS Testimonial Slider Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.12CVE-2022-40213
2094123.63.6PCA Predict Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.10CVE-2022-40195
2094114.34.2Awesome Filterable Portfolio Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.24CVE-2022-40193
2094102.92.9Max Foundry MaxButtons Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.15CVE-2022-38703
2094094.44.4Notice Board Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.19CVE-2022-38460
2094084.34.2Read More by Adam Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.15CVE-2022-38085
2094072.42.4Add Shortcodes Actions and Filters Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.15CVE-2022-37342
2094063.83.7Fullworks Meet My Team Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.15CVE-2022-37339
2094053.53.4Blossom Recipe Maker Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.20CVE-2022-37338
2094044.44.4WHA Crossword Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.15CVE-2022-37330
2094033.53.4Themes Awesome History Timeline Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.15CVE-2022-37328
2094024.84.8Topdigitaltrends Mega Addons for WPBakery Page Builder Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.15CVE-2022-36798
2094014.44.4Awesome UG Torro Forms Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.15CVE-2022-36791
2094004.84.8YDS Support Ticket System Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.15CVE-2022-36388
2093992.02.0Firewall & Malware Scan Plugin Setting Options Page cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.10CVE-2022-3144
2093984.94.8WP Rating System Plugin Vote race condition$0-$5k$0-$5kNot DefinedNot Defined0.15CVE-2022-40310
2093974.84.8AlgolPlus Advanced Dynamic Pricing for WooCommerce Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.10CVE-2022-38095
2093965.45.4Apasionados Export Post Info Plugin csv injection$0-$5k$0-$5kNot DefinedNot Defined0.10CVE-2022-38061
2093956.96.8Awesome Filterable Portfolio Plugin Setting access control$0-$5k$0-$5kNot DefinedNot Defined0.12CVE-2022-35238
2093943.53.4Biplob Adhikari Image Hover Effects Ultimate Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.10CVE-2022-2937
2093936.36.1Online Tours & Travels Management System update_tax.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.13CVE-2022-40093
2093926.36.1Online Tours & Travels Management System update_payment.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.15CVE-2022-40092
2093916.36.1Online Tours & Travels Management System update_packages.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.12CVE-2022-40091
2093907.67.5FFmpeg build_open_gop_key_points heap-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.16CVE-2022-2566
2093893.53.4Veritas Desktop Laptop Option Login Page login.jsp cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2022-41319

70 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!