info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته اول اسفند‌ماه

 

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Cisco گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد.  همچنین در  محصولات شرکت‌های Accellion، Intel، Apache، McAfee،  IBM وکرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری

امتیاز مبنا

عنوان آسیب‌پذیری

ارزش روز صفر

رفع آسیب‌پذیری

CVE-2021-27104

۹.۸

Accellion FTA Admin Endpoint os command injection

$۱k-$2k

Official Fix

CVE-2021-27101

۹.۸

Accellion FTA Host Header document_root.html sql injection

$۱k-$2k

Official Fix

CVE-2021-27103

۹.۸

Accellion FTA POST Request wmProgressstat.html server-side request forgery

$۱k-$2k

Official Fix

CVE-2021-27102

۷.۸

Accellion FTA Web Service os command injection

$۱k-$2k

Official Fix

CVE-2020-13551

۸.۸

Advantech WebAccess/SCADA access control

$۲k-$5k

Not Defined

CVE-2020-13555

۸.۸

Advantech WebAccess/SCADA COM Server access control

$۲k-$5k

Not Defined

CVE-2020-13550

۳.۵

Advantech WebAccess/SCADA HTTP Request information disclosure

$۰-$۱k

Not Defined

CVE-2020-13553

۸.۸

Advantech WebAccess/SCADA Loaded Module access control

$۲k-$5k

Not Defined

CVE-2020-13552

۸.۸

Advantech WebAccess/SCADA Services access control

$۲k-$5k

Not Defined

CVE-2021-26559

۵.۵

Apache Airflow Configurations Endpoint airflow.cfg access control

$۱۰k-$25k

Not Defined

CVE-2021-26697

۶.۳

Apache Airflow Lineage Endpoint improper authentication

$۵k-$10k

Not Defined

CVE-2021-26296

۳.۵

Apache MyFaces Core cross-site request forgery

$۲k-$5k

Not Defined

CVE-2021-27404

۵.۵

Askey RTF8115VW HTTP Header injection

$۱k-$2k

Not Defined

CVE-2021-27403

۳.۵

Askey RTF8115VW te_acceso_router.cgi cross site scripting

$۰-$۱k

Not Defined

CVE-2020-28490

۹.۱

async-git command injection

$۲k-$5k

Official Fix

CVE-2020-36233

۵.۳

Atlassian Bitbucket Server/Data Center Installer access control

$۱k-$2k

Official Fix

CVE-2021-25779

۶.۳

Baby Care System contentsectionpage.php sql injection

$۱k-$2k

Not Defined

CVE-2021-25780

۶.۳

Baby Care System posts.php unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-3210

۶.۳

BloodHound GenericAll.jsx command injection

$۲k-$5k

Official Fix

CVE-2021-27367

۵.۵

Bolt FileEditController.php pathname traversal

$۱k-$2k

Official Fix

CVE-2021-24115

۵.۵

Botan unknown vulnerability

$۲k-$5k

Official Fix

CVE-2021-26911

۵.۶

Canary Mail IMAP MCIMAPSession.cpp certificate validation

$۱k-$2k

Official Fix

CVE-2021-22858

۸.۸

CGE property management system Account Management improper authentication

$۱k-$2k

Not Defined

CVE-2021-22856

۹.۸

CGE property management system Cookie sql injection

$۲k-$5k

Not Defined

CVE-2021-22857

۷.۵

CGE property management system pathname traversal

$۱k-$2k

Not Defined

CVE-2021-1366

۷.۸

Cisco AnyConnect Secure Mobility Client Interprocess Communication uncontrolled search path

$۱۰k-$25k

Official Fix

CVE-2021-1416

۶.۵

Cisco Identity Services Engine Admin Portal privileges assignment

$۱۰k-$25k

Official Fix

CVE-2021-1412

۶.۵

Cisco Identity Services Engine privileges assignment

$۱۰k-$25k

Official Fix

CVE-2021-1378

۵.۳

Cisco StarOS SSH Service resource consumption

$۵k-$10k

Official Fix

CVE-2021-1372

۵.۵

Cisco Webex Meetings Desktop App information disclosure

$۲k-$5k

Official Fix

CVE-2021-1351

۶.۱

Cisco Webex Meetings Web-based Interface cross site scriting

$۵k-$10k

Official Fix

CVE-2020-35775

۹.۸

CITSmart ldap injection

$۱k-$2k

Official Fix

CVE-2021-23336

۵.۹

cpython urllib.parse.parse_qs request smuggling

$۲k-$5k

Official Fix

CVE-2021-27138

۷.۸

Das U-Boot Boot Loader Local Privilege Escalation

$۱k-$2k

Official Fix

CVE-2021-27097

۷.۸

Das U-Boot Boot Loader Local Privilege Escalation

$۱k-$2k

Official Fix

CVE-2020-35512

۴.۶

D-Bus Policy Rules use after free

$۲k-$5k

Not Defined

CVE-2021-21511

۸.۱

Dell EMC Avamar Server Web UI improper authorization

$۱۰k-$25k

Not Defined

CVE-2021-21512

۷.۹

Dell EMC PowerProtect Cyber Recovery information disclosure

$۱k-$2k

Not Defined

CVE-2020-12878

۸.۸

Digi ConnectPort X2e Python S50dropbear.sh symlink

$۲k-$5k

Official Fix

CVE-2021-26906

۴.۳

Digium Asterisk SDP Negotiation res_pjsip_session.c denial of service

$۰-$۱k

Official Fix

CVE-2020-35681

۶.۳

Django ASGI channels.http.AsgiHandler Remote Privilege Escalation

$۱۰k-$25k

Official Fix

CVE-2021-23342

۸.۶

docsify cross site scripting

$۰-$۱k

Official Fix

CVE-2020-28918

۵.۳

DualShield Login Form information exposure

$۱k-$2k

Not Defined

CVE-2020-7848

۸.۰

EFM ipTIME C200 IP Camera GET Request os command injection

$۱k-$2k

Not Defined

CVE-2020-35577

۵.۰

Endalia Selection Portal Identification Number resource injection

$۲k-$5k

Official Fix

CVE-2021-27513

۶.۳

EyesOfNetwork admin_ITSM xml.php unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-27514

۷.۳

EyesOfNetwork improper authentication

$۱k-$2k

Not Defined

CVE-2020-28491

۷.۵

FasterXML jackson-dataformat-cbor memory corruption

$۲k-$5k

Official Fix

CVE-2021-22853

۵.۴

Feiteng HR Portal access control

$۲k-$5k

Not Defined

CVE-2021-22855

۷.۳

Feiteng HR Portal deserialization

$۲k-$5k

Not Defined

CVE-2021-22854

۵.۳

Feiteng HR Portal sql injection

$۲k-$5k

Not Defined

CVE-2019-18243

۵.۳

GE Digital HMI-SCADA iFIX Registry access control

$۱k-$2k

Official Fix

CVE-2019-18255

۵.۳

GE Digital HMI-SCADA iFIX Section Object access control

$۱k-$2k

Official Fix

CVE-2021-27218

۵.۵

GNOME GLib g_byte_array_new_take buffer overflow

$۲k-$5k

Official Fix

CVE-2021-27219

۵.۵

GNOME GLib g_bytes_new memory corruption

$۲k-$5k

Official Fix

CVE-2021-20987

۷.۵

Hilscher EtherNet-IP Core Ethernet stack-based overflow

$۲k-$5k

Official Fix

CVE-2021-20986

۷.۵

Hilscher PROFINET IO Device stack-based overflow

$۱k-$2k

Official Fix

CVE-2020-4933

۵.۴

IBM Jazz Reporting Service Web UI cross site scripting

$۲k-$5k

Official Fix

CVE-2021-20445

۶.۵

IBM Maximo for Civil Infrastructure information disclosure

$۵k-$10k

Official Fix

CVE-2021-20443

۶.۳

IBM Maximo for Civil Infrastructure Library Remote Privilege Escalation

$۱۰k-$25k

Official Fix

CVE-2021-20446

۵.۴

IBM Maximo for Civil Infrastructure Web UI cross site scripting

$۲k-$5k

Official Fix

CVE-2021-20444

۶.۱

IBM Maximo for Civil Infrastructure Web UI cross site scripting

$۵k-$10k

Official Fix

CVE-2020-4956

۴.۸

IBM Spectrum Protect Operations Center RPC denial of service

$۲k-$5k

Official Fix

CVE-2020-4955

۸.۰

IBM Spectrum Protect Operations Center Servlet Request unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-4954

۵.۴

IBM Spectrum Protect Operations Center Session improper authentication

$۱۰k-$25k

Official Fix

CVE-2021-20354

۵.۹

IBM WebSphere Application Server path traversal

$۱۰k-$25k

Official Fix

CVE-2020-24505

۳.۳

Intel 700-Series of Ethernet Controller denial of service

$۱k-$2k

Official Fix

CVE-2020-24495

۳.۳

Intel 700-Series of Ethernet Controller denial of service

$۱k-$2k

Official Fix

CVE-2020-24493

۳.۳

Intel 700-Series of Ethernet Controller denial of service

$۱k-$2k

Official Fix

CVE-2020-24496

۳.۳

Intel 722 Ethernet Controller denial of service

$۱k-$2k

Official Fix

CVE-2020-24494

۳.۳

Intel 722 Ethernet Controller denial of service

$۱k-$2k

Official Fix

CVE-2020-24492

۳.۳

Intel 722 Ethernet Controller denial of service

$۱k-$2k

Official Fix

CVE-2020-24482

۵.۳

Intel 7360 Cell Modem denial of service

$۵k-$10k

Official Fix

CVE-2020-12339

۶.۳

Intel Collaboration Suite for WebRTC API control flow

$۱۰k-$25k

Official Fix

CVE-2020-24491

۳.۳

Intel CPU Debug Message information disclosure

$۲k-$5k

Not Defined

CVE-2020-24501

۴.۳

Intel E810 Ethernet Controller <=1.‎4.‎1.‎12 denial of service

$۲k-$5k

Official Fix

CVE-2020-24500

۳.۳

Intel E810 Ethernet Controller buffer overflow

$۵k-$10k

Official Fix

CVE-2020-24498

۳.۳

Intel E810 Ethernet Controller buffer overflow

$۵k-$10k

Official Fix

CVE-2020-24497

۳.۳

Intel E810 Ethernet Controller denial of service

$۱k-$2k

Official Fix

CVE-2020-24453

۵.۳

Intel EPID SDK input validation

$۵k-$10k

Official Fix

CVE-2020-24502

۳.۳

Intel Ethernet E810 Adapter Driver denial of service

$۱k-$2k

Official Fix

CVE-2020-24503

۳.۳

Intel Ethernet E810 Adapter Driver information disclosure

$۲k-$5k

Official Fix

CVE-2020-24504

۳.۳

Intel Ethernet E810 Adapter Driver resource consumption

$۱k-$2k

Official Fix

CVE-2020-0525

۳.۳

Intel Ethernet I210 Controller denial of service

$۱k-$2k

Official Fix

CVE-2020-0524

۳.۳

Intel Ethernet I210 Controller denial of service

$۱k-$2k

Official Fix

CVE-2020-0523

۳.۳

Intel Ethernet I210 Controller denial of service

$۱k-$2k

Official Fix

CVE-2020-0522

۳.۳

Intel Ethernet I210 Controller denial of service

$۱k-$2k

Official Fix

CVE-2020-24462

۵.۳

Intel Graphics Driver out-of-bounds write

$۵k-$10k

Official Fix

CVE-2020-8678

۵.۳

Intel Graphics Drivers access control

$۵k-$10k

Official Fix

CVE-2020-12384

۵.۳

Intel Graphics Drivers access control

$۵k-$10k

Official Fix

CVE-2020-0521

۵.۳

Intel Graphics Drivers Control Flow Management control flow

$۵k-$10k

Official Fix

CVE-2020-12372

۳.۳

Intel Graphics Drivers denial of service

$۱k-$2k

Official Fix

CVE-2020-12370

۳.۳

Intel Graphics Drivers denial of service

$۱k-$2k

Official Fix

CVE-2020-12365

۳.۳

Intel Graphics Drivers denial of service

$۱k-$2k

Official Fix

CVE-2020-12363

۳.۳

Intel Graphics Drivers denial of service

$۱k-$2k

Official Fix

CVE-2020-12371

۳.۳

Intel Graphics Drivers divide by zero

$۱k-$2k

Official Fix

CVE-2020-24448

۳.۳

Intel Graphics Drivers Exception denial of service

$۱k-$2k

Official Fix

CVE-2020-12385

۵.۳

Intel Graphics Drivers input validation

$۵k-$10k

Official Fix

CVE-2020-12366

۵.۳

Intel Graphics Drivers input validation

$۵k-$10k

Official Fix

CVE-2020-12368

۵.۳

Intel Graphics Drivers integer overflow

$۵k-$10k

Official Fix

CVE-2020-12367

۵.۳

Intel Graphics Drivers integer overflow

$۵k-$10k

Official Fix

CVE-2020-12362

۵.۳

Intel Graphics Drivers integer overflow

$۵k-$10k

Official Fix

CVE-2020-0544

۵.۳

Intel Graphics Drivers Kernel Mode Driver control flow

$۵k-$10k

Official Fix

CVE-2020-24450

۵.۳

Intel Graphics Drivers Local Privilege Escalation

$۵k-$10k

Official Fix

CVE-2020-12364

۳.۳

Intel Graphics Drivers null pointer dereference

$۱k-$2k

Official Fix

CVE-2020-12386

۳.۳

Intel Graphics Drivers out-of-bounds write

$۵k-$10k

Official Fix

CVE-2020-12369

۵.۳

Intel Graphics Drivers out-of-bounds write

$۵k-$10k

Official Fix

CVE-2020-12361

۳.۳

Intel Graphics Drivers use after free

$۵k-$10k

Official Fix

CVE-2020-0518

۵.۳

Intel HD Graphics Control Panel access control

$۵k-$10k

Official Fix

CVE-2020-24451

۵.۳

Intel Optane DC Persistent Memory Installer uncontrolled search path

$۵k-$10k

Official Fix

CVE-2020-24458

۴.۶

Intel PROSet/Wireless WiFi Cleanup denial of service

$۲k-$5k

Official Fix

CVE-2020-24481

۵.۳

Intel Quartus Prime Pro/Quartus Prime Standard Edition permission

$۵k-$10k

Not Defined

CVE-2020-8765

۵.۳

Intel RealSense DCM permission

$۵k-$10k

Not Defined

CVE-2020-12373

۵.۳

Intel Server Boards/Server Systems/Compute Modules BMC Firmware buffer overflow

$۵k-$10k

Official Fix

CVE-2020-12374

۷.۸

Intel Server Boards/Server Systems/Compute Modules BMC Firmware buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-12376

۳.۳

Intel Server Boards/Server Systems/Compute Modules BMC Firmware hard-coded key

$۲k-$5k

Official Fix

CVE-2020-12377

۵.۳

Intel Server Boards/Server Systems/Compute Modules BMC Firmware input validation

$۵k-$10k

Official Fix

CVE-2020-12380

۵.۳

Intel Server Boards/Server Systems/Compute Modules BMC Firmware out-of-bounds read

$۲k-$5k

Official Fix

CVE-2020-12375

۵.۳

Intel Server Boards/Server Systems/Compute Modules heap-based overflow

$۵k-$10k

Official Fix

CVE-2020-24452

۳.۳

Intel SGX Platform Software denial of service

$۱k-$2k

Not Defined

CVE-2021-0109

۵.۳

Intel SOC Driver Package for STK1A32SC permission

$۵k-$10k

Official Fix

CVE-2020-8701

۵.۳

Intel SSD Toolbox permission

$۵k-$10k

Official Fix

CVE-2020-24485

۵.۳

Intel Trace Analyzer and Collector uncontrolled search path

$۵k-$10k

Official Fix

CVE-2020-24480

۵.۳

Intel XTU out-of-bounds write

$۵k-$10k

Official Fix

CVE-2020-8625

۸.۱

ISC BIND GSS-TSIG denial of service

$۵k-$10k

Official Fix

CVE-2021-22553

۶.۵

Jetty git Operation resource consumption

$۰-$۱k

Not Defined

CVE-2020-12668

۵.۵

Jinjava unknown vulnerability

$۲k-$5k

Official Fix

CVE-2020-9050

۷.۵

Johnson Controls Metasys Reporting Engine Web Services path traversal

$۲k-$5k

Official Fix

CVE-2021-27335

۶.۳

KollectApps deserialization

$۲k-$5k

Official Fix

CVE-2021-21316

۶.۳

less-openui5 Theming Resource File injection

$۰-$۱k

Official Fix

CVE-2020-35499

۵.۱

Linux Kernel Socket Connection sco.c sco_sock_getsockopt null pointer dereference

$۱k-$2k

Official Fix

CVE-2021-23337

۷.۲

lodash Template command injection

$۱k-$2k

Official Fix

CVE-2020-35571

۴.۶

MantisBT Custom Field manage_custom_field_update.php helper_ensure_confirmed unknown vulnerability

$۱k-$2k

Not Defined

CVE-2020-35557

۶.۵

MB connect line mymbCONNECT24/mbCONNECT24 access control

$۱k-$2k

Not Defined

CVE-2020-35563

۵.۴

MB connect line mymbCONNECT24/mbCONNECT24 cross site scripting

$۰-$۱k

Not Defined

CVE-2020-35561

۵.۳

MB connect line mymbCONNECT24/mbCONNECT24 HA Module server-side request forgery

$۲k-$5k

Not Defined

CVE-2020-35567

۷.۸

MB connect line mymbCONNECT24/mbCONNECT24 hard-coded credentials

$۱k-$2k

Not Defined

CVE-2020-35570

۵.۳

MB connect line mymbCONNECT24/mbCONNECT24 information disclosure

$۱k-$2k

Not Defined

CVE-2020-35568

۴.۳

MB connect line mymbCONNECT24/mbCONNECT24 information disclosure

$۰-$۱k

Not Defined

CVE-2020-35564

۷.۵

MB connect line mymbCONNECT24/mbCONNECT24 injection

$۱k-$2k

Not Defined

CVE-2020-35566

۵.۳

MB connect line mymbCONNECT24/mbCONNECT24 JSON File file inclusion

$۱k-$2k

Not Defined

CVE-2020-35565

۹.۸

MB connect line mymbCONNECT24/mbCONNECT24 Login excessive authentication

$۱k-$2k

Not Defined

CVE-2020-35569

۶.۱

MB connect line mymbCONNECT24/mbCONNECT24 Login Page cross site scripting

$۰-$۱k

Not Defined

CVE-2020-35558

۷.۵

MB connect line mymbCONNECT24/mbCONNECT24 MySQL Access Check server-side request forgery

$۱k-$2k

Not Defined

CVE-2020-35560

۶.۱

MB connect line mymbCONNECT24/mbCONNECT24 redirect.php

$۱k-$2k

Not Defined

CVE-2020-35559

۴.۳

MB connect line mymbCONNECT24/mbCONNECT24 resource consumption

$۰-$۱k

Not Defined

CVE-2021-23885

۹.۰

McAfee Web Gateway User Interface privileges management

$۱۰k-$25k

Official Fix

CVE-2021-20588

۷.۳

Mitsubishi FA Engineering Software buffer overflow

$۲k-$5k

Not Defined

CVE-2021-20587

۷.۳

Mitsubishi FA Engineering Software buffer overflow

$۲k-$5k

Not Defined

CVE-2021-27235

۳.۵

Mutare Voice Admin Portal diagzip.asp information disclosure

$۰-$۱k

Official Fix

CVE-2021-27234

۹.۸

Mutare Voice Adminlog.asp sql injection

$۱k-$2k

Official Fix

CVE-2021-27236

۹.۸

Mutare Voice getfile.asp file inclusion

$۲k-$5k

Official Fix

CVE-2021-27233

۴.۹

Mutare Voice Settings.asp missing encryption

$۰-$۱k

Official Fix

CVE-2021-25298

۸.۸

Nagios XI HTTP Request cloud-vm.inc.php os command injection

$۱k-$2k

Not Defined

CVE-2021-25297

۸.۸

Nagios XI HTTP Request switch.inc.php os command injection

$۱k-$2k

Not Defined

CVE-2021-25296

۸.۸

Nagios XI HTTP Request windowswmi.inc.php os command injection

$۱k-$2k

Not Defined

CVE-2020-22427

۸.۸

Nagios XI Request command injection

$۲k-$5k

Not Defined

CVE-2021-25299

۶.۱

Nagios XI sshterm.php cross site scripting

$۰-$۱k

Not Defined

CVE-2020-24899

۸.۸

Nagios XI Webapp Query command injection

$۲k-$5k

Not Defined

CVE-2021-27376

۵.۵

nb-connect Crate SocketAddrV6 memory corruption

$۲k-$5k

Official Fix

CVE-2021-26747

۶.۳

Netis WF2780/WF2411 Ping Command os command injection

$۲k-$5k

Not Defined

CVE-2021-3149

۵.۵

Netshield NANO 25 C Library manual_ping.cgi os command injection

$۱k-$2k

Not Defined

CVE-2020-25340

۵.۵

NFStream Module denial of service

$۰-$۱k

Not Defined

CVE-2020-36003

۷.۵

Online Book Store detail.php sql injection

$۱k-$2k

Not Defined

CVE-2021-21318

۵.۴

Opencast authorization

$۲k-$5k

Official Fix

CVE-2020-29140

۷.۲

OpenEMR immunization_report.php sql injection

$۱k-$2k

Official Fix

CVE-2020-29143

۷.۲

OpenEMR non_reported.php sql injection

$۱k-$2k

Official Fix

CVE-2020-29139

۷.۲

OpenEMR patient_select.php sql injection

$۱k-$2k

Official Fix

CVE-2020-29142

۷.۲

OpenEMR usergroup_admin.php sql injection

$۱k-$2k

Official Fix

CVE-2021-3396

۶.۳

OpenNMS Meridian/Horizon/Newts Access Control access control

$۲k-$5k

Official Fix

CVE-2019-25024

۶.۳

OpenRepeater ajax_system.php os command injection

$۲k-$5k

Official Fix

CVE-2021-23841

۵.۳

OpenSSL EVP_DecryptUpdate return value

$۲۵k-$50k

Official Fix

CVE-2021-23840

۵.۳

OpenSSL EVP_DecryptUpdate return value

$۲۵k-$50k

Official Fix

CVE-2021-23839

۳.۷

OpenSSL RSA Signature inadequate encryption

$۱۰k-$25k

Official Fix

CVE-2020-36248

۳.۹

ownCloud App Backup Archive information disclosure

$۰-$۱k

Official Fix

CVE-2020-36250

۶.۱

ownCloud App Lock Protection time protection mechanism

$۰-$۱k

Official Fix

CVE-2020-10252

۶.۳

ownCloud external server-side request forgery

$۲k-$5k

Official Fix

CVE-2020-10254

۶.۳

ownCloud Preview improper authentication

$۱k-$2k

Official Fix

CVE-2020-36249

۳.۷

ownCloud Server File Type information disclosure

$۱k-$2k

Official Fix

CVE-2020-36252

۶.۸

ownCloud Server Request information disclosure

$۱k-$2k

Official Fix

CVE-2020-36251

۳.۵

ownCloud Server Share denial of service

$۰-$۱k

Official Fix

CVE-2021-27232

۸.۸

Pelco Digital Sentry Server ActiveX Control RTSPLive555.dll SetCameraConnectionParameter buffer overflow

$۲k-$5k

Not Defined

CVE-2021-26809

۶.۳

PHPGurukul Car Rental Project changeimage1.php unrestricted upload

$۲k-$5k

Not Defined

CVE-2020-35592

۳.۵

Pi-hole Options Header cross site scripting

$۰-$۱k

Not Defined

CVE-2020-35591

۶.۳

Pi-Hole Session Cookie session fixiation

$۱k-$2k

Not Defined

CVE-2021-23340

۷.۱

Pimcore CustomReportController.php downloadCsvAction file inclusion

$۱k-$2k

Official Fix

CVE-2020-28248

۵.۵

png-img PNG File InitStorage_ integer overflow

$۲k-$5k

Official Fix

CVE-2020-2501

۹.۸

QNAP NAS Surveillance Station stack-based overflow

$۲k-$5k

Official Fix

CVE-2020-2502

۶.۱

QNAP Photo Station cross site scripting

$۰-$۱k

Official Fix

CVE-2021-20074

۸.۸

Racom MIDGE Command Line Interface os command injection

$۱k-$2k

Not Defined

CVE-2021-20075

۷.۸

Racom MIDGE configd access control

$۱k-$2k

Not Defined

CVE-2021-20073

۸.۸

Racom MIDGE cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-20068

۴.۸

Racom MIDGE Error cross site scripting

$۰-$۱k

Not Defined

CVE-2021-20067

۵.۳

Racom MIDGE information disclosure

$۱k-$2k

Not Defined

CVE-2021-20072

۷.۲

Racom MIDGE path traversal

$۱k-$2k

Not Defined

CVE-2021-20069

۴.۸

Racom MIDGE regionalSettings.php cross site scripting

$۰-$۱k

Not Defined

CVE-2021-20071

۴.۸

Racom MIDGE sms.php cross site scripting

$۰-$۱k

Not Defined

CVE-2021-20070

۴.۸

Racom MIDGE virtualization.php cross site scripting

$۰-$۱k

Not Defined

CVE-2020-35776

۴.۳

Sangoma Asterisk SIP 181 Response res_pjsip_diversion.c buffer overflow

$۲k-$5k

Official Fix

CVE-2021-26712

۷.۳

Sangoma Asterisk SRTP Packet res_srtp.c access control

$۲k-$5k

Official Fix

CVE-2021-26717

۴.۳

Sangoma Asterisk T.‎38 Negotiaton denial of service

$۰-$۱k

Official Fix

CVE-2021-26713

۵.۵

Sangoma Asterisk WebRTC Client res_rtp_asterisk.c stack-based overflow

$۲k-$5k

Official Fix

CVE-2021-22701

۳.۵

Schneider Electric PowerLogic PM800 HTTP Web Interface cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-22703

۳.۷

Schneider Electric PowerLogic PM800 Network Traffic cleartext transmission

$۱k-$2k

Not Defined

CVE-2021-22702

۳.۷

Schneider Electric PowerLogic PM800 Network Traffic cleartext transmission

$۱k-$2k

Not Defined

CVE-2020-29023

۴.۳

Secomea GateManager CSV Report Generator csv injection

$۱k-$2k

Official Fix

CVE-2020-29026

۴.۷

Secomea GateManager File Upload path traversal

$۱k-$2k

Official Fix

CVE-2020-29022

۵.۳

Secomea GateManager Host Header request smuggling

$۲k-$5k

Official Fix

CVE-2020-29024

۵.۶

Secomea GateManager missing secure attribute

$۱k-$2k

Official Fix

CVE-2020-29031

۵.۴

Secomea GateManager Web UI insufficient permissions or privileges

$۲k-$5k

Official Fix

CVE-2020-29027

۳.۵

Secomea SiteManager cross site scripting

$۰-$۱k

Official Fix

CVE-2020-29025

۴.۳

Secomea SiteManager-Embedded URL cross site scripting

$۰-$۱k

Official Fix

CVE-2020-27997

۳.۵

SmartStoreNET create cross-site request forgery

$۰-$۱k

Official Fix

CVE-2021-26120

۵.۵

Smarty Function code injection

$۱k-$2k

Official Fix

CVE-2021-26119

۵.۵

Smarty Sandbox Mode $smarty.template_object sandbox

$۱k-$2k

Official Fix

CVE-2021-21315

۷.۸

System Information Library si.processLoad os command injection

$۱k-$2k

Official Fix

CVE-2021-26822

۹.۸

Teachers Record Management System POST Parameter search-teacher.php sql injection

$۲k-$5k

Not Defined

CVE-2021-27351

۶.۳

Telegram App Terminate Session session expiration

$۱k-$2k

Not Defined

CVE-2020-9306

۸.۸

Tesla SolarCity Solar Monitoring Gateway Digi ConnectPort X2e hard-coded credentials

$۲k-$5k

Official Fix

CVE-2021-25648

۹.۸

Testes de Codigo Administrative Interface access control

$۱k-$2k

Not Defined

CVE-2020-28496

۷.۵

three Package Color denial of service

$۰-$۱k

Official Fix

CVE-2020-24908

۷.۸

tribe29 Checkmk local Local Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-21317

۵.۳

uap-core Regular Expression resource consumption

$۰-$۱k

Official Fix

CVE-2020-7849

۸.۸

uPrism.io CURIX URL input validation

$۲k-$5k

Not Defined

CVE-2021-22174

۳.۷

Wireshark USB HID Dissector denial of service

$۰-$۱k

Not Defined

CVE-2021-22173

۳.۷

Wireshark USB HID Dissector denial of service

$۰-$۱k

Not Defined

CVE-2021-27362

۹.۸

WPG Plugin memory corruption

$۲k-$5k

Official Fix

CVE-2021-27224

۷.۵

WPG Plugin memory corruption

$۲k-$5k

Official Fix

CVE-2021-26934

۵.۵

Xen Backend drm_xen_front allocation of resources

$۲k-$5k

Not Defined

CVE-2021-26932

۵.۵

Xen Batch Hypercall unknown vulnerability

$۱۰k-$25k

Not Defined

CVE-2021-26933

۵.۵

Xen Cache memory corruption

$۱۰k-$25k

Not Defined

CVE-2021-27379

۵.۵

Xen IOMMU Update memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-26930

۴.۶

Xen PV Backend blkback.c state issue

$۱۰k-$25k

Not Defined

CVE-2021-26931

۵.۷

Xen SCSI Backend blkback.c allocation of resources

$۲k-$5k

Not Defined

CVE-2021-27377

۵.۵

yottadb Crate ydb_subscript_prev_st use after free

$۲k-$5k

Official Fix

CVE-2021-27214

۶.۳

Zoho ManageEngine ADSelfService Plus Administrative Interface server-side request forgery

$۲k-$5k

Not Defined

CVE-2020-11635

۷.۸

Zscaler Client Connector RPC Local Privilege Escalation

$۱k-$2k

Official Fix