Recent 11/22/2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Netgear R7000P13
Appalti & Contratti5
SilverStripe Framework4
Apache Airflow4
Backdrop CMS3

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix39
Temporary Fix0
Workaround0
Unavailable0
Not Defined56

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept1
Unproven0
Not Defined94

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤32
≤423
≤56
≤643
≤712
≤85
≤93
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤34
≤423
≤55
≤649
≤76
≤84
≤93
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k4
<2k59
<5k1
<10k29
<25k2
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k50
<2k14
<5k8
<10k22
<25k1
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTIEPSSCVE
08:45 PM5.55.5ZTE MF286R Wifi Interface buffer overflow$0-$5k$0-$5kNot DefinedNot Defined0.080.00885CVE-2022-39067
08:44 PM5.55.5ZTE MF286R Phonebook Interface sql injection$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-39066
08:44 PM5.25.1super-xray unnecessary privileges$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-41950
08:43 PM6.36.3ZTE PON OLT access control$0-$5k$0-$5kNot DefinedNot Defined0.130.01055CVE-2022-39070
08:42 PM5.55.3Billing System Project fetchOrderData.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.070.00885CVE-2022-43212
07:08 PM3.53.5Backdrop CMS Comment cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.000.03867CVE-2022-42097
07:07 PM3.53.5Backdrop CMS Content cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.000.03867CVE-2022-42094
07:07 PM3.53.4Sankhya ERP Caixa de Entrada cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00890CVE-2022-42989
07:06 PM5.55.3D-Link DIR-882 webGetVarString buffer overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00885CVE-2022-44807
07:06 PM5.55.3D-Link DIR-882 buffer overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00885CVE-2022-44806
07:06 PM5.55.3D-Link DIR-882 websRedirect buffer overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.070.00885CVE-2022-44804
07:05 PM5.55.3D-Link DIR-878 access control$5k-$25k$5k-$25kNot DefinedNot Defined0.080.00885CVE-2022-44801
07:05 PM5.55.3D-Link DIR878 buffer overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.170.00885CVE-2022-44202
07:04 PM5.55.3D-Link DIR823G command injection$5k-$25k$5k-$25kNot DefinedNot Defined0.090.00885CVE-2022-44201
07:04 PM5.55.3Netgear R7000P httpd buffer overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.340.00885CVE-2022-44184
07:03 PM5.55.3Netgear R7000P buffer overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.070.00885CVE-2022-44200
07:03 PM5.55.3Netgear R7000P buffer overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00885CVE-2022-44199
07:02 PM5.55.3Netgear R7000P buffer overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00885CVE-2022-44198
07:02 PM5.55.3Netgear R7000P buffer overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.070.00885CVE-2022-44197
07:01 PM5.55.3Netgear R7000P buffer overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.070.00885CVE-2022-44196
07:01 PM5.55.3Netgear R7000P buffer overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.040.01018CVE-2022-44194
07:00 PM5.55.3Netgear R7000P httpd buffer overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00885CVE-2022-44193
07:00 PM5.55.3Netgear R7000P buffer overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.040.00885CVE-2022-44191
07:00 PM5.55.3Netgear R7000P buffer overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.130.00885CVE-2022-44190
06:59 PM5.55.3Netgear R7000P httpd buffer overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.040.00885CVE-2022-44188
06:59 PM5.55.3Netgear R7000P wan_dns1_pri buffer overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.090.00885CVE-2022-44187
06:59 PM5.55.3Netgear R7000P httpd buffer overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00885CVE-2022-44186
06:58 PM3.53.5PHPGurukul Teachers Record Management System Add Subject Page cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.000.03867CVE-2022-41445
06:57 PM5.55.5Microweber Header injection$0-$5k$0-$5kNot DefinedNot Defined0.040.00950CVE-2022-33012
06:56 PM4.84.8All-In-One Security Security and Firewall Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-44737
06:55 PM7.57.3Schneider Electric Modicon M340 CPU Ethernet privileges management$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-0222
06:54 PM5.55.5D-Link DIR-823G HNAP API HNAP1 command injection$5k-$25k$5k-$25kNot DefinedNot Defined0.040.00885CVE-2022-44808
06:53 PM5.35.1Synapse URL Preview resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.070.01018CVE-2022-41952
06:51 PM5.55.3KLiK SocialMediaWebsite profile.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.070.00950CVE-2022-42098
06:49 PM8.38.1Linux Kernel Local Privilege io_uring use after free$5k-$25k$0-$5kNot DefinedOfficial Fix0.260.00885CVE-2022-3910
04:10 PM3.53.5Backdrop CMS Post Content cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.040.03867CVE-2022-42096
04:10 PM3.53.5MyBB MyCode Visual Editor cross site scripting$5k-$25k$5k-$25kNot DefinedNot Defined0.040.01055CVE-2022-43707
04:09 PM3.53.2SilverStripe Assets GPX File cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00950CVE-2022-38147
04:03 PM3.53.4SilverStripe Assets/Framework Shortcode cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00950CVE-2022-38724
04:02 PM3.53.4SilverStripe CMS Custom Meta Tag cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00950CVE-2022-37421
04:02 PM3.53.2SilverStripe Framework HTMLEditor cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00950CVE-2022-37430
03:57 PM3.53.2SilverStripe Framework HTMLEditor cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00950CVE-2022-37429
03:55 PM3.53.4SilverStripe Framework cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00954CVE-2022-38462
03:54 PM3.53.2SilverStripe versioned-admin Compare Mode cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.070.01132CVE-2022-38145
03:50 PM7.57.5Schneider Electric Modicon MC80 Modbus TCP Protocol integer underflow$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-37301
03:46 PM5.25.2Hitachi Energy PCM600 IED ConnPack cleartext storage$0-$5k$0-$5kNot DefinedNot Defined0.110.00885CVE-2022-2513
03:45 PM3.53.4Muffingroup Betheme Theme cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-45363
02:11 PM5.55.5Fusiondirectory user session$0-$5k$0-$5kNot DefinedNot Defined0.070.00885CVE-2022-36179
02:10 PM3.53.5MyBB Post Attachments Interface cross site scripting$5k-$25k$5k-$25kNot DefinedNot Defined0.040.00885CVE-2022-43708
02:10 PM8.88.4HPE OfficeConnect 1820 improper authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.840.00000CVE-2022-37932

45 more entries are not shown

Do you want to use VulDB in your project?

Use the official API to access entries easily!