Recent October 2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Tracker Software PDF-XChange Editor92
Unisoc T61076
Unisoc T60676
Unisoc T76076
Apple macOS73

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix1628
Temporary Fix0
Workaround10
Unavailable1
Not Defined882

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High1
Functional2
Proof-of-Concept107
Unproven81
Not Defined2330

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤21
≤314
≤4118
≤5446
≤6472
≤7617
≤8568
≤9184
≤10101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤21
≤317
≤4129
≤5445
≤6607
≤7531
≤8563
≤9134
≤1094

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k349
<2k646
<5k634
<10k361
<25k311
<50k96
<100k112
≥100k12

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k1078
<2k625
<5k490
<10k154
<25k165
<50k9
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTICVE
10/31/20226.86.6Axiomatic Bento4 Avcinfo SetDataSize heap-based overflow$0-$5k$0-$5kProof-of-ConceptNot Defined0.04CVE-2022-3785
10/31/20226.86.6Axiomatic Bento4 mp4hls Ap4Mp4AudioInfo.cpp ReadBits heap-based overflow$0-$5k$0-$5kProof-of-ConceptNot Defined0.06CVE-2022-3784
10/31/20225.55.5Lodepng pngdetail memory corruption$0-$5k$0-$5kNot DefinedNot Defined0.41CVE-2022-44081
10/31/20225.55.5tsMuxer bitStream.h flushBits heap-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-43152
10/31/20224.54.5timg term-query.cc QueryBackgroundColor memory leak$0-$5k$0-$5kNot DefinedNot Defined0.43CVE-2022-43151
10/31/20225.55.5rtf2html rtf_tools.h heap-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.47CVE-2022-43148
10/31/20225.55.5zrax pycdc StackDepotNode stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-44079
10/31/20226.46.3conduit-hyper to_bytes resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-39294
10/31/20227.77.6zephyrproject-rtos Zephyr CAN Frame resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-2741
10/31/20224.44.3node-red-dashboard ui_text Format ui-component-ctrl.js cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.15CVE-2022-3783
10/31/20227.67.5xfig buffer overflow$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-40241
10/31/20224.84.7Newspaper Theme AJAX Action cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-2627
10/31/20224.84.7Newspaper Theme AJAX Action cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.40CVE-2022-2167
10/31/20223.63.5Rock Convert Plugin Setting cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.41CVE-2022-3441
10/31/20224.84.7Rock Convert Plugin Attribute cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2022-3440
10/31/20223.63.5Official Integration for Billingo Plugin cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.41CVE-2022-3420
10/31/20225.45.3Automatic User Roles Switcher Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.37CVE-2022-3419
10/31/20223.63.6WP Word Count Plugin Setting cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.31CVE-2022-3408
10/31/20223.63.5WP Contact Slider Plugin Setting cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-3237
10/31/20224.44.4WP Total Hacks Plugin Setting cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.50CVE-2022-3096
10/31/20224.34.3Gallery Plugin for Plugin Attribute cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-2190
10/31/20228.58.4Classifieds Plugin Premium Module sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.56CVE-2022-3254
10/31/20228.08.0Clinic Patient Management System Profile Picture users.php unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-40471
10/31/20226.36.2Customizer Export Import Plugin Imported File deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.18CVE-2022-3380
10/31/20225.75.6Ocean Extra Plugin Imported File deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-3374
10/31/20226.36.2PublishPress Capabilities Plugin File Import deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-3366
10/31/20227.17.0Smart Slider 3 Plugin Imported File deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-3357
10/31/20226.36.2Easy WP SMTP Plugin Admin Import File deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-3334
10/31/20227.77.5LearnPress Plugin REST API Endpoint wp_hash deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-3360
10/31/20225.45.3ProcessWire cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-40488
10/31/20227.67.6thlorenz browserify-shim resolve-shims.js resolveShims prototype pollution$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-37623
10/31/20225.55.5kangax html-minifier htmlminifier.js incorrect regex$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-37620
10/31/20224.54.5PwnDoc Authentication timing discrepancy$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2022-44023
10/31/20224.54.5PwnDoc Authentication timing discrepancy$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-44022
10/31/20227.57.4total.js Metacharacter ping os command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.25CVE-2022-44019
10/31/20224.44.4Tech Now Ragic Report Generator cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-40739
10/31/20224.84.7ProcessWire Search cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-40487
10/31/20224.44.4First Class One U-Office Force Forum cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2022-39027
10/31/20224.44.4First Class One U-Office Force UserDefault Page cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.21CVE-2022-39026
10/31/20225.25.1First Class One U-Office Force PrintMessage cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-39025
10/31/20225.25.1First Class One U-Office Force Bulletin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2022-39024
10/31/20225.45.3First Class One U-Office Force Download path traversal$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2022-39023
10/31/20225.45.3First Class One U-Office Force Download path traversal$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2022-39022
10/31/20225.75.6First Class One U-Office Force redirect$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2022-39021
10/31/20225.95.8thorsten phpmyfaq cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-3766
10/31/20226.05.9thorsten phpmyfaq cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-3765
10/31/20228.08.0Stimulsoft Reports Compilation Mode code injection$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-42777
10/31/20224.34.1strongSwan Revocation Plugin resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-40617
10/31/20227.67.5multipath-tools Unix Domain Socket access control$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2022-41974
10/31/20227.67.5multipath-tools multipathd shm symlink$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2022-41973

2471 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!