info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته اول فروردین‌ماه

 

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Apache و Google گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد.  همچنین در  محصولات شرکت‌های Siemens، Qualcomm، Cisco، Google،  Huawei، IBM، افزونه‌های WordPress وکرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری

امتیاز مبنا

عنوان آسیب‌پذیری

ارزش روز صفر

رفع آسیب‌پذیری

CVE-2021-24141

۴.۷

Advanced Database Cleaner Plugin sql injection

$۱k-$2k

Official Fix

CVE-2019-18231

۳.۱

Advantech Spectre RT ERT351 cleartext transmission

$۰-$۱k

Official Fix

CVE-2019-18235

۳.۷

Advantech Spectre RT ERT351 excessive authentication

$۱k-$2k

Official Fix

CVE-2019-18233

۳.۵

Advantech Spectre RT Industrial Routers ERT351 Error Response cross site scripting

$۰-$۱k

Official Fix

CVE-2021-27436

۳.۵

Advantech WebAccess/SCADA cross site scripting

$۰-$۱k

Not Defined

CVE-2020-13924

۷.۵

Apache Ambari pathname traversal

$۵k-$10k

Not Defined

CVE-2020-1926

۵.۹

Apache Hive Cookie Signature Verification timing discrepancy

$۲k-$5k

Official Fix

CVE-2021-26295

۶.۳

Apache OFBiz deserialization

$۱۰k-$25k

Official Fix

CVE-2021-27906

۳.۵

Apache PDFbox memory allocation

$۲k-$5k

Not Defined

CVE-2021-27807

۳.۵

Apache PDFbox PDF File iteration

$۲k-$5k

Not Defined

CVE-2020-17525

۷.۵

Apache Subversion mod_authz_svn null pointer dereference

$۲k-$5k

Official Fix

CVE-2021-28789

۶.۳

Apple swift-format Workspace Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-26069

۴.۳

Atlassian JIRA Server/Data Center API Endpoint ActionsAndOperations information disclosure

$۱k-$2k

Official Fix

CVE-2021-26070

۷.۳

Atlassian JIRA Server/Data Center behind-the-firewall Protection improper authentication

$۱k-$2k

Official Fix

CVE-2021-1287

۷.۲

Cisco RV132W ADSL2+/RV134W VDSL2 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-24144

۶.۳

Contact Form 7 Database Addon Plugin csv injection

$۲k-$5k

Official Fix

CVE-2021-24125

۶.۳

Contact Form Submissions Plugin sql injection

$۱k-$2k

Not Defined

CVE-2021-20628

۳.۵

Cybozu Office Address Book cross site scripting

$۰-$۱k

Official Fix

CVE-2021-20627

۳.۵

Cybozu Office Address Book cross site scripting

$۰-$۱k

Official Fix

CVE-2021-20632

۵.۵

Cybozu Office Bulletin Board access control

$۱k-$2k

Official Fix

CVE-2021-20625

۵.۵

Cybozu Office Bulletin Board access control

$۱k-$2k

Official Fix

CVE-2021-20633

۵.۵

Cybozu Office Cabinet access control

$۱k-$2k

Official Fix

CVE-2021-20634

۵.۵

Cybozu Office Custom App access control

$۱k-$2k

Official Fix

CVE-2021-20631

۵.۵

Cybozu Office Custom App input validation

$۱k-$2k

Official Fix

CVE-2021-20629

۳.۵

Cybozu Office E-Mail cross site scripting

$۰-$۱k

Official Fix

CVE-2021-20630

۵.۵

Cybozu Office Phone Message access control

$۱k-$2k

Official Fix

CVE-2021-20624

۵.۵

Cybozu Office Scheduler access control

$۱k-$2k

Official Fix

CVE-2021-20626

۵.۵

Cybozu Office Workflow access control

$۱k-$2k

Official Fix

CVE-2021-22860

۷.۳

EIC E-Document System permission

$۲k-$5k

Not Defined

CVE-2021-22859

۷.۳

EIC E-Document System sql injection

$۲k-$5k

Not Defined

CVE-2021-24029

۳.۵

Facebook mvfst QUIC Session assertion

$۲k-$5k

Official Fix

CVE-2021-26236

۶.۳

FastStone Image Viewer CUR File buffer overflow

$۲k-$5k

Not Defined

CVE-2021-26237

۶.۳

FastStone Image Viewer CUR File FSViewer.exe memory corruption

$۲k-$5k

Not Defined

CVE-2021-26235

۶.۳

FastStone Image Viewer CUR File FSViewer.exe memory corruption

$۲k-$5k

Not Defined

CVE-2021-26234

۶.۳

FastStone Image Viewer CUR File FSViewer.exe memory corruption

$۲k-$5k

Not Defined

CVE-2021-26233

۶.۳

FastStone Image Viewer CUR File FSViewer.exe memory corruption

$۲k-$5k

Not Defined

CVE-2021-25278

۳.۵

FTAPI Background Image Upload cross site scripting

$۰-$۱k

Not Defined

CVE-2021-25277

۳.۵

FTAPI File Submission cross site scripting

$۰-$۱k

Not Defined

CVE-2021-27520

۳.۵

FUDForum index.php cross site scripting

$۰-$۱k

Not Defined

CVE-2021-27519

۳.۵

FUDForum index.php cross site scripting

$۰-$۱k

Not Defined

CVE-2021-28650

۵.۵

GNOME gnome-autoar Symlink autoar-extractor.c pathname traversal

$۱k-$2k

Official Fix

CVE-2021-21193

۸.۸

Google Chrome Blink use after free

$۵۰k-$100k

Official Fix

CVE-2021-21192

۸.۸

Google Chrome Tab Groups heap-based overflow

$۵۰k-$100k

Official Fix

CVE-2021-21191

۸.۸

Google Chrome WebRTC use after free

$۵۰k-$100k

Official Fix

CVE-2021-27962

۶.۳

Grafana Enterprise Dashboard permission

$۲k-$5k

Official Fix

CVE-2021-28146

۵.۵

Grafana Enterprise HTTP API access control

$۱k-$2k

Official Fix

CVE-2021-28147

۵.۵

Grafana Enterprise Team Sync HTTP API improper authentication

$۱k-$2k

Official Fix

CVE-2021-28148

۴.۳

Grafana Enterprise Usage Insights HTTP API Endpoint denial of service

$۰-$۱k

Official Fix

CVE-2021-27358

۵.۳

Grafana Snapshot denial of service

$۰-$۱k

Official Fix

CVE-2020-29556

۷.۳

Grav CMS Backup path traversal

$۲k-$5k

Not Defined

CVE-2020-29555

۷.۳

Grav CMS path traversal

$۲k-$5k

Not Defined

CVE-2020-29553

۳.۵

Grav CMS Scheduler cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-3418

۶.۳

grub2 improper validation of integrity check value

$۲k-$5k

Official Fix

CVE-2020-27278

۴.۳

Hamilton Medical T1-Ventillator Configuration Interface hard-coded credentials

$۰-$۱k

Not Defined

CVE-2020-27290

۲.۴

Hamilton Medical T1-Ventillator Configuration Interface information disclosure

$۰-$۱k

Not Defined

CVE-2020-27282

۲.۴

Hamilton Medical T1-Ventillator XML Validation denial of service

$۰-$۱k

Not Defined

CVE-2021-26578

۶.۳

HPE Network Orchestrator sql injection

$۱۰k-$25k

Official Fix

CVE-2019-10196

۴.۳

http-proxy-agent resource consumption

$۰-$۱k

Official Fix

CVE-2020-9206

۴.۳

Huawei eUDC660 information disclosure

$۵k-$10k

Not Defined

CVE-2021-22314

۵.۳

Huawei ManageOne access control

$۵k-$10k

Not Defined

CVE-2021-22311

۴.۶

Huawei ManageOne permission

$۱۰k-$25k

Not Defined

CVE-2020-9213

۳.۵

Huawei Secospace SG9500 Packet denial of service

$۲k-$5k

Not Defined

CVE-2021-22320

۳.۵

Huawei Secospace USG6600 Message denial of service

$۲k-$5k

Not Defined

CVE-2021-22310

۳.۵

Huawei Secospace USG9500 log file

$۵k-$10k

Not Defined

CVE-2021-22321

۵.۵

Huawei Secospace USG9500 use after free

$۱۰k-$25k

Not Defined

CVE-2020-9212

۳.۵

Huawei USG9500 information disclosure

$۲k-$5k

Not Defined

CVE-2021-22309

۲.۶

Huawei USG9500/USG9520/USG9560/USG9580 random values

$۲k-$5k

Not Defined

CVE-2021-20440

۵.۰

IBM API Connect Registration Remote Privilege Escalation

$۱۰k-$25k

Not Defined

CVE-2020-4882

۶.۳

IBM Planning Analytics server-side request forgery

$۱۰k-$25k

Not Defined

CVE-2020-4635

۳.۷

IBM Resilient SOAR information disclosure

$۵k-$10k

Not Defined

CVE-2020-4184

۷.۳

IBM Security Guardium unknown vulnerability

$۱۰k-$25k

Not Defined

CVE-2020-4851

۵.۵

IBM Spectrum Scale Log File injection

$۱۰k-$25k

Not Defined

CVE-2020-4890

۴.۴

IBM Spectrum Scale REST API denial of service

$۰-$۱k

Not Defined

CVE-2020-4891

۵.۵

IBM Spectrum Scale REST API excessive authentication

$۵k-$10k

Not Defined

CVE-2021-22887

۸.۰

Juniper Pulse Secure PSA5000/Pulse Secure PSA7000 BIOS Firmware unknown vulnerability

$۱۰k-$25k

Not Defined

CVE-2021-28117

۶.۳

KDE Discover URL KNSResource.cpp Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-28964

۳.۵

Linux Kernel Cloning Operation ctree.c get_old_root denial of service

$۲k-$5k

Official Fix

CVE-2021-28950

۳.۵

Linux Kernel Inode fuse_i.h infinite loop

$۲k-$5k

Official Fix

CVE-2021-28660

۷.۸

Linux Kernel ioctl_linux.c rtw_wx_set_scan buffer overflow

$۱۰k-$25k

Official Fix

CVE-2021-28971

۶.۵

Linux Kernel PEBS Status ds.c intel_pmu_drain_pebs_nhm denial of service

$۲k-$5k

Official Fix

CVE-2021-28972

۸.۸

Linux Kernel RPA PCI Hotplug Driver rpadlpar_sysfs.c buffer overflow

$۲۵k-$50k

Official Fix

CVE-2021-28952

۵.۵

Linux Kernel Soundwire Device Driver sdm845.c buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-27171

۲.۶

Linux Kernel Spectre Mitigation verifier.c integer underflow

$۱۰k-$25k

Official Fix

CVE-2020-27170

۲.۶

Linux Kernel Spectre Mitigation verifier.c out-of-bounds read

$۲k-$5k

Official Fix

CVE-2021-28951

۳.۵

Linux Kernel Thread io_uring.c deadlock

$۲k-$5k

Official Fix

CVE-2021-23879

۷.۸

McAfee Endpoint Product Removal Tool unquoted search path

$۱۰k-$25k

Official Fix

CVE-2021-28790

۶.۳

Microsoft Workspace Remote Code Execution

$۲k-$5k

Official Fix

CVE-2021-24147

۳.۵

Modern Events Calendar Lite Plugin cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24146

۴.۳

Modern Events Calendar Lite Plugin Export access control

$۲k-$5k

Official Fix

CVE-2021-24145

۵.۵

Modern Events Calendar Lite Plugin File Import unrestricted upload

$۱k-$2k

Official Fix

CVE-2021-24149

۶.۳

Modern Events Calendar Lite Plugin POST Parameter mec_fes_form sql injection

$۱k-$2k

Official Fix

CVE-2021-20279

۳.۵

Moodl User Profile Field cross site scripting

$۰-$۱k

Official Fix

CVE-2019-14829

۵.۵

Moodle Activity Creation unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2019-14828

۴.۶

Moodle Course improper authorization

$۱۰k-$25k

Not Defined

CVE-2021-20280

۳.۵

Moodle Feedback Answer cross site scripting

$۲k-$5k

Official Fix

CVE-2019-14831

۵.۵

Moodle Forum Subscribe Link redirect

$۵k-$10k

Official Fix

CVE-2019-14830

۵.۵

Moodle Mobile Launch Endpoint redirect

$۵k-$10k

Official Fix

CVE-2021-20281

۳.۵

Moodle Online Users Block information disclosure

$۲k-$5k

Official Fix

CVE-2021-20282

۴.۳

Moodle Verification authorization

$۱۰k-$25k

Official Fix

CVE-2021-20283

۳.۵

Moodle Web Service authorization

$۵k-$10k

Official Fix

CVE-2021-20676

۶.۳

M-System DL8-A/DL8-B/DL8-C/DL8-D/DL8-E Access Restriction access control

$۲k-$5k

Official Fix

CVE-2021-20675

۴.۳

M-System DL8-A/DL8-B/DL8-C/DL8-D/DL8-E denial of service

$۰-$۱k

Official Fix

CVE-2021-27949

۳.۵

MyBB Custom Moderator Tools cross site scripting

$۲k-$5k

Official Fix

CVE-2021-27947

۶.۳

MyBB Forum Management sql injection

$۱۰k-$25k

Official Fix

CVE-2021-27889

۳.۵

MyBB Message Parser cross site scripting

$۲k-$5k

Official Fix

CVE-2021-27946

۶.۳

MyBB Poll Vote Count sql injection

$۱۰k-$25k

Official Fix

CVE-2021-27890

۶.۳

MyBB Theme XML File sql injection

$۱۰k-$25k

Official Fix

CVE-2021-27948

۶.۳

MyBB User Group sql injection

$۱۰k-$25k

Official Fix

CVE-2021-3127

۵.۵

NATS Server/JWT Library Import Token access control

$۱k-$2k

Official Fix

CVE-2019-14850

۴.۳

nbdkit Backend Plugin resource consumption

$۰-$۱k

Not Defined

CVE-2019-14851

۳.۵

nbdkit denial of service

$۰-$۱k

Not Defined

CVE-2021-26992

۴.۳

NetApp Cloud Manager denial of service

$۰-$۱k

Official Fix

CVE-2021-26991

۶.۳

NetApp Cloud Manager unknown vulnerability

$۲k-$5k

Official Fix

CVE-2021-26990

۵.۴

NetApp Cloud Manager unknown vulnerability

$۲k-$5k

Official Fix

CVE-2021-26987

۷.۳

NetApp Element Plug-In for vCenter Server SpringBoot Framework Remote Code Execution

$۲k-$5k

Official Fix

CVE-2021-28295

۴.۳

Online Ordering System design.php sql injection

$۱k-$2k

Not Defined

CVE-2021-28294

۶.۳

Online Ordering System initiateorder.php unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-25921

۴.۳

OpenEMR Allergies cross site scripting

$۰-$۱k

Official Fix

CVE-2021-25920

۵.۵

OpenEMR Create New User access control

$۱k-$2k

Official Fix

CVE-2021-25919

۲.۴

OpenEMR Create New User cross site scripting

$۰-$۱k

Official Fix

CVE-2021-25918

۲.۴

OpenEMR Create New User cross site scripting

$۰-$۱k

Official Fix

CVE-2021-25917

۲.۴

OpenEMR Create New User cross site scripting

$۰-$۱k

Official Fix

CVE-2021-25922

۳.۵

OpenEMR cross site scripting

$۰-$۱k

Official Fix

CVE-2021-3344

۲.۶

Openshift Builder Container Image or insufficiently protected credentials

$۰-$۱k

Not Defined

CVE-2019-10200

۶.۳

Openshift Container Platform access control

$۲k-$5k

Official Fix

CVE-2019-10225

۳.۵

Openshift Container Platform GlusterFS StorageClass insufficiently protected credentials

$۰-$۱k

Not Defined

CVE-2021-21438

۳.۵

OTRS FAQ Category access control

$۱k-$2k

Not Defined

CVE-2021-21437

۳.۵

OTRSCIsInCustomerFrontend General Catalog access control

$۲k-$5k

Not Defined

CVE-2021-25290

۵.۵

Pillow Offset TiffDecode.c memcpy unknown vulnerability

$۲k-$5k

Official Fix

CVE-2021-25292

۳.۵

Pillow PDF Parser incorrect regex

$۱k-$2k

Official Fix

CVE-2021-25293

۳.۵

Pillow SGIRleDecode.c out-of-bounds read

$۰-$۱k

Official Fix

CVE-2021-25291

۳.۵

Pillow TiffDecode.c TiffreadRGBATile out-of-bounds read

$۰-$۱k

Official Fix

CVE-2021-25289

۵.۵

Pillow YCbCr File TiffDecode heap-based overflow

$۲k-$5k

Official Fix

CVE-2020-24264

۶.۳

Portainer access control

$۲k-$5k

Not Defined

CVE-2020-24263

۶.۳

Portainer permission

$۲k-$5k

Not Defined

CVE-2019-10128

۶.۳

PostgreSQL Windows Installer access control

$۲k-$5k

Official Fix

CVE-2019-10127

۵.۰

PostgreSQL Windows Installer access control

$۲k-$5k

Official Fix

CVE-2021-24123

۶.۳

PowerPress Plugin unrestricted upload

$۲k-$5k

Official Fix

CVE-2020-24985

۵.۵

Quadbase EspressReports ES MenuPage Section unknown vulnerability

$۲k-$5k

Not Defined

CVE-2020-24982

۳.۵

Quadbase ExpressDashboard cross-site request forgery

$۰-$۱k

Not Defined

CVE-2020-11218

۷.۵

Qualcomm Snapdragon Auto Baseband denial of service

$۲k-$5k

Official Fix

CVE-2020-11226

۷.۵

Qualcomm Snapdragon Auto Data Modem out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-11199

۵.۵

Qualcomm Snapdragon Auto EL3 Stack access control

$۱۰k-$25k

Official Fix

CVE-2020-11309

۵.۵

Qualcomm Snapdragon Auto GPU Memory use after free

$۱۰k-$25k

Official Fix

CVE-2020-11186

۵.۵

Qualcomm Snapdragon Auto Histogram Dimension infinite loop

$۲k-$5k

Official Fix

CVE-2020-11290

۵.۵

Qualcomm Snapdragon Auto msm ioctl Event use after free

$۱۰k-$25k

Official Fix

CVE-2020-11222

۹.۱

Qualcomm Snapdragon Auto MT SMS buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11230

۶.۴

Qualcomm Snapdragon Auto qseecom Driver memory corruption

$۱۰k-$25k

Official Fix

CVE-2020-11221

۵.۵

Qualcomm Snapdragon Auto QTEE Diagnostic information disclosure

$۵k-$10k

Official Fix

CVE-2020-11166

۹.۱

Qualcomm Snapdragon Auto ROHC Header out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-11228

۷.۸

Qualcomm Snapdragon Auto RPM Region unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-11227

۹.۸

Qualcomm Snapdragon Auto RTT TTY Packet Parser out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2020-11220

۶.۴

Qualcomm Snapdragon Auto SCM Command unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-11192

۹.۸

Qualcomm Snapdragon Auto SDP String out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2020-11190

۹.۱

Qualcomm Snapdragon Auto SDP Value buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11189

۹.۱

Qualcomm Snapdragon Auto SDP Value buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11188

۹.۱

Qualcomm Snapdragon Auto SDP Value buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11171

۹.۱

Qualcomm Snapdragon Auto SDP Value buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11308

۵.۵

Qualcomm Snapdragon Auto Unicode String buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11299

۶.۳

Qualcomm Snapdragon Auto Video buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11305

۵.۵

Qualcomm Snapdragon Consumer IOT Argument integer overflow

$۱۰k-$25k

Official Fix

CVE-2019-14852

۳.۷

Red Hat 3scale API Management Platform apicast inadequate encryption

$۵k-$10k

Not Defined

CVE-2019-3897

۲.۶

Red Hat Certification rhcert file access

$۵k-$10k

Not Defined

CVE-2019-3867

۵.۶

Red Hat Quay Web Application session expiration

$۱۰k-$25k

Not Defined

CVE-2021-22665

۷.۸

Rockwell Automation DriveTools SP/Drives AOP uncontrolled search path

$۲k-$5k

Official Fix

CVE-2020-14516

۲.۶

Rockwell Automation FactoryTalk Services Platform unknown vulnerability

$۰-$۱k

Not Defined

CVE-2021-27596

۴.۳

SAP 3D Visual Enterprise Viewer 3DS File denial of service

$۵k-$10k

Not Defined

CVE-2021-27594

۴.۳

SAP 3D Visual Enterprise Viewer BMP File denial of service

$۵k-$10k

Not Defined

CVE-2021-27593

۴.۳

SAP 3D Visual Enterprise Viewer GIF File denial of service

$۵k-$10k

Not Defined

CVE-2021-27595

۴.۳

SAP 3D Visual Enterprise Viewer PDF File denial of service

$۵k-$10k

Not Defined

CVE-2021-26215

۳.۵

SeedDMS out.EditDocument.php cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-26216

۳.۵

SeedDMS out.EditFolder.php cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-28420

۳.۵

Seo Panel alerts.php cross site scripting

$۰-$۱k

Not Defined

CVE-2021-28417

۳.۵

Seo Panel archive.php cross site scripting

$۰-$۱k

Not Defined

CVE-2021-28419

۵.۰

Seo Panel archive.php sql injection

$۱k-$2k

Not Defined

CVE-2021-28418

۳.۵

Seo Panel settings.php cross site scripting

$۰-$۱k

Not Defined

CVE-2020-25236

۵.۵

Siemens LOGO!‎ 8 BM exceptional condition

$۵k-$10k

Not Defined

CVE-2021-25667

۸.۸

Siemens RUGGEDCOM RM1224 STP BPDU Frame stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-25676

۷.۵

Siemens SCALANCE SC-600 SSH Authentication excessive authentication

$۵k-$10k

Official Fix

CVE-2020-25241

۷.۵

Siemens SIMATIC MV400 TCP Stack denial of service

$۵k-$10k

Official Fix

CVE-2021-25675

۵.۵

Siemens SIMATIC S7-PLCSIM divide by zero

$۲k-$5k

Not Defined

CVE-2021-25673

۵.۵

Siemens SIMATIC S7-PLCSIM infinite loop

$۲k-$5k

Not Defined

CVE-2021-25674

۵.۵

Siemens SIMATIC S7-PLCSIM null pointer dereference

$۲k-$5k

Not Defined

CVE-2020-25239

۸.۸

Siemens SINEMA Remote Connect Server UMC Authorization Server authorization

$۱۰k-$25k

Official Fix

CVE-2020-25240

۸.۸

Siemens SINEMA Remote Connect Server URL authorization

$۱۰k-$25k

Official Fix

CVE-2020-28385

۷.۸

Siemens Solid Edge SE2020/Solid Edge SE2021 DFT File Parser out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-27381

۷.۸

Siemens Solid Edge SE2020/Solid Edge SE2021 PAR File Parser out-of-bounds read

$۵k-$10k

Not Defined

CVE-2021-27380

۷.۸

Siemens Solid Edge SE2020/Solid Edge SE2021 PAR File Parser out-of-bounds write

$۱۰k-$25k

Not Defined

CVE-2020-28387

۵.۵

Siemens Solid Edge SE2020/Solid Edge SE2021 SEECTCXML File xml external entity reference

$۵k-$10k

Official Fix

CVE-2020-35454

۳.۵

Taidii Diibear App Configuration information disclosure

$۰-$۱k

Not Defined

CVE-2020-35456

۳.۵

Taidii Diibear App logcat log file

$۰-$۱k

Not Defined

CVE-2020-35455

۳.۵

Taidii Diibear App Shared Preferences information disclosure

$۰-$۱k

Not Defined

CVE-2021-28090

۴.۳

Tor Proxy assertion

$۰-$۱k

Official Fix

CVE-2021-28089

۴.۳

Tor Proxy Directory Protocol resource consumption

$۰-$۱k

Official Fix

CVE-2021-28126

۳.۵

TranzWare e-Commerce Payment Gateway index.jsp cross site scripting

$۰-$۱k

Official Fix

CVE-2021-28110

۶.۳

TranzWare e-Commerce Payment Gateway XML Parser exec Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-28109

۳.۵

TranzWare FIMI login_tw.php cross site scripting

$۰-$۱k

Official Fix

CVE-2021-21340

۳.۵

TYPO3 Database Field cross site scripting

$۲k-$5k

Official Fix

CVE-2021-21358

۳.۵

TYPO3 Form Designer Backend Module cross site scripting

$۲k-$5k

Official Fix

CVE-2021-21357

۶.۳

TYPO3 Form Designer Backend Module unrestricted upload

$۱۰k-$25k

Official Fix

CVE-2021-21359

۵.۳

TYPO3 information exposure

$۵k-$10k

Official Fix

CVE-2021-21338

۶.۳

TYPO3 Login Handling redirect

$۱۰k-$25k

Official Fix

CVE-2021-21370

۳.۵

TYPO3 Page Module cross site scripting

$۲k-$5k

Official Fix

CVE-2021-21355

۷.۳

TYPO3 unrestricted upload

$۱۰k-$25k

Official Fix

CVE-2021-21339

۳.۷

TYPO3 User Session cleartext storage

$۵k-$10k

Official Fix

CVE-2021-22191

۸.۸

Wireshark URL Handling injection

$۲k-$5k

Not Defined

CVE-2021-24135

۳.۵

WP Customer Reviews Plugin cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24130

۴.۷

WP Google Map Plugin Manage Locations Page sql injection

$۱k-$2k

Official Fix

CVE-2021-24124

۶.۱

WP Shieldon Plugin CAPTCHA Page cross site scripting

$۰-$۱k

Not Defined

CVE-2021-21341

۵.۳

XStream denial of service

$۰-$۱k

Official Fix

CVE-2021-21351

۴.۶

XStream deserialization

$۲k-$5k

Official Fix

CVE-2021-21350

۵.۰

XStream deserialization

$۲k-$5k

Official Fix

CVE-2021-21349

۵.۰

XStream deserialization

$۲k-$5k

Official Fix

CVE-2021-21348

۳.۱

XStream deserialization

$۲k-$5k

Official Fix

CVE-2021-21347

۵.۰

XStream deserialization

$۲k-$5k

Official Fix

CVE-2021-21346

۵.۰

XStream deserialization

$۲k-$5k

Official Fix

CVE-2021-21345

۵.۰

XStream deserialization

$۲k-$5k

Official Fix

CVE-2021-21344

۵.۰

XStream deserialization

$۲k-$5k

Official Fix

CVE-2021-21343

۵.۰

XStream deserialization

$۲k-$5k

Official Fix

CVE-2021-21342

۵.۰

XStream server-side request forgery

$۲k-$5k

Official Fix

CVE-2020-9367

۶.۳

Zoho ManageEngine Desktop Central MSP DLL dcinventory.exe uncontrolled search path

$۲k-$5k

Not Defined

CVE-2021-28133

۵.۳

Zoom Screen Sharing information disclosure

$۱k-$2k

Workaround

CVE-2020-28899

۹.۸

ZyXEL LTE4506-M606 JSON gui.cgi improper authentication

$۵k-$10k

Not Defined