آسیبپذیریهای حیاتی هفته اول مردادماه
این هفته آسیبپذیریهای «حیاتی» و «پرخطر» بسیاری در محصولات مهم Cisco گزارش و وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شد. همچنین در محصولات شرکتهای NVIDIA، Dell، Apache، IBM، SUSE و کرنل لینوکس چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت.
لیست این آسیبپذیریها بههمراه سطح خطر آنها در جدول زیر آمده است.
|
شناسه آسیبپذیری |
امتیاز مبنا |
عنوان آسیبپذیری |
ارزش روز صفر |
رفع آسیبپذیری |
|
CVE-2021-31581 |
۷.۲ |
Akkadian Provisioning Manager Engine Edit MySQL Configuration privileges management |
$۲k-$5k |
Not Defined |
|
CVE-2021-31579 |
۷.۳ |
Akkadian Provisioning Manager Engine hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-31580 |
۷.۲ |
Akkadian Provisioning Manager Engine OpenSSH Channel os command injection |
$۲k-$5k |
Official Fix |
|
CVE-2021-33900 |
۳.۱ |
Apache Directory Studio SASL Authentication missing encryption |
$۲k-$5k |
Not Defined |
|
CVE-2021-28131 |
۴.۳ |
Apache Impala log file |
$۵k-$10k |
Official Fix |
|
CVE-2021-37578 |
۶.۳ |
Apache jUDDI RMI deserialization |
$۵k-$25k |
Official Fix |
|
CVE-2021-30807 |
۷.۸ |
Apple iOS/iPadOS IOMobileFrameBuffer memory corruption |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-32794 |
۴.۶ |
ArchiSteamFarm ASF API improper authentication |
$۱k-$2k |
Official Fix |
|
CVE-2021-32795 |
۳.۷ |
ArchiSteamFarm Steam Chat Message denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-37220 |
۵.۵ |
Artifex MuPDF Cached Color Converter out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2020-19609 |
۳.۵ |
Artifex MuPDF TIFF File tiff_expand_colormap denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-29148 |
۳.۵ |
Aruba CX 6200F/6300/6400/8320/8325/8400/CX 8360 cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-29149 |
۵.۳ |
Aruba CX 6200F/6300/6400/8320/8325/8400/CX 8360 Local Privilege Escalation |
$۱k-$2k |
Official Fix |
|
CVE-2021-29143 |
۶.۳ |
Aruba CX 6200F/6300/6400/8320/8325/8400/CX 8360 Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2020-36239 |
۷.۳ |
Atlassian Jira Data Center Ehcache RMI deserialization |
$۲k-$5k |
Official Fix |
|
CVE-2021-36746 |
۴.۴ |
BlackBoard Learn Assignment Instructions HTML Editor cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-36747 |
۴.۴ |
BlackBoard Learn Feedback to Learner Form cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-26228 |
۶.۳ |
CASAP Automated Enrollment System edit_class1.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-26227 |
۳.۵ |
CASAP Automated Enrollment System edit_stud.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-26229 |
۶.۳ |
CASAP Automated Enrollment System edit_stud.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-26226 |
۶.۳ |
CASAP Automated Enrollment System edit_user.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-27332 |
۳.۵ |
CASAP Automated Enrollment System update_class.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-26230 |
۳.۵ |
CASAP Automated Enrollment System User Information save_user.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-26223 |
۶.۳ |
CASAP Automated Enrollment System view_pay.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-1518 |
۶.۳ |
Cisco Firepower Device Manager REST API code injection |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1601 |
۶.۳ |
Cisco Intersight Virtual Appliance External Management Interface access control |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1600 |
۸.۸ |
Cisco Intersight Virtual Appliance External Management Interface access control |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1618 |
۷.۲ |
Cisco Intersight Virtual Appliance Web-based Management Interface path traversal |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1617 |
۷.۲ |
Cisco Intersight Virtual Appliance Web-based Management Interface path traversal |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-33478 |
۶.۴ |
Cisco IP Phone/Wireless IP Phone Broadcom MediaxChange Firmware Local Privilege Escalation |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1614 |
۵.۳ |
Cisco SD-WAN Software/SD-WAN vManage Software MPLS buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-34700 |
۳.۳ |
Cisco SD-WAN vManage Software CLI improper authentication |
$۲k-$5k |
Official Fix |
|
CVE-2021-1599 |
۳.۵ |
Cisco Unified Customer Voice Portal Web-based Management Interface cross site scripting |
$۲k-$5k |
Official Fix |
|
CVE-2020-23241 |
۳.۵ |
CMS Made Simple Article cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-23240 |
۳.۵ |
CMS Made Simple Content Manager cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-32745 |
۴.۳ |
Collabora Online iFrame cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-32744 |
۵.۶ |
Collabora Online Online Editor resource injection |
$۲k-$5k |
Official Fix |
|
CVE-2021-32776 |
۴.۳ |
Combodo iTop cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2021-21407 |
۴.۳ |
Combodo iTop CSRF Token cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2021-32775 |
۴.۳ |
Combodo iTop GroupBy Dashlet information exposure |
$۱k-$2k |
Official Fix |
|
CVE-2021-32631 |
۶.۳ |
Common Package JSON Web Token authentication spoofing |
$۱k-$2k |
Official Fix |
|
CVE-2020-5329 |
۶.۳ |
Dell EMC Avamar Server redirect |
$۵k-$25k |
Not Defined |
|
CVE-2020-5341 |
۷.۳ |
Dell EMC Avamar Server/Integrated Data Protection Appliance deserialization |
$۵k-$25k |
Not Defined |
|
CVE-2020-5351 |
۵.۳ |
Dell EMC Data Protection Advisor hard-coded password |
$۵k-$25k |
Not Defined |
|
CVE-2021-21538 |
۷.۳ |
Dell EMC iDRAC9 Virtual Console improper authentication |
$۵k-$25k |
Official Fix |
|
CVE-2020-26180 |
۶.۳ |
Dell EMC Isilon OneFS/PowerScale OneFS ifs default permission |
$۵k-$25k |
Not Defined |
|
CVE-2020-5353 |
۶.۳ |
Dell EMC Isilon OneFS/PowerScale OneFS NFS default permission |
$۵k-$25k |
Not Defined |
|
CVE-2021-21546 |
۴.۳ |
Dell EMC NetWorker log file |
$۵k-$25k |
Official Fix |
|
CVE-2020-5370 |
۴.۷ |
Dell EMC OpenManage Enterprise RPM pathname traversal |
$۵k-$10k |
Official Fix |
|
CVE-2020-5316 |
۸.۸ |
Dell SupportAssist for Business PCs uncontrolled search path |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-34431 |
۳.۵ |
Eclipse Mosquitto MQTT v5 memory leak |
$۰-$۱k |
Not Defined |
|
CVE-2021-34432 |
۳.۵ |
Eclipse Mosquitto PUBLISH Packet denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-22146 |
۴.۳ |
Elasticsearch Elastic Cloud Enterprise API permission |
$۲k-$5k |
Not Defined |
|
CVE-2021-22144 |
۳.۵ |
Elasticsearch Grok Parser infinite loop |
$۰-$۱k |
Official Fix |
|
CVE-2021-31292 |
۳.۵ |
Exiv2 Metadata encode0x1810 heap-based overflow |
$۱k-$2k |
Not Defined |
|
CVE-2021-31291 |
۵.۵ |
Exiv2 Metadata jp2image.cpp heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-24036 |
۶.۳ |
Facebook HHVM out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-22284 |
۳.۵ |
FSF IwIP 6LoWPAN Packet zepif_linkoutput buffer overflow |
$۱k-$2k |
Not Defined |
|
CVE-2020-22283 |
۳.۵ |
FSF IwIP ICMPv6 Packet icmp6_send_response_with_addrs_and_netif buffer overflow |
$۱k-$2k |
Not Defined |
|
CVE-2021-35942 |
۵.۵ |
GNU C Library wordexp.c parse_param memory corruption |
$۲k-$5k |
Official Fix |
|
CVE-2020-19488 |
۳.۵ |
GPAC MP4Box box_code_apple.c ilst_item_Read denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2020-19481 |
۳.۵ |
GPAC MP4Box MP4 File mpegts.c gf_m2ts_process_pmt denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-29769 |
۳.۷ |
IBM i2 Analysts Notebook Premium Cookie missing secure attribute |
$۵k-$10k |
Official Fix |
|
CVE-2021-29767 |
۵.۳ |
IBM i2 Analysts Notebook Premium information exposure |
$۵k-$10k |
Official Fix |
|
CVE-2021-29766 |
۵.۳ |
IBM i2 Analysts Notebook Premium information exposure |
$۵k-$10k |
Official Fix |
|
CVE-2021-20430 |
۵.۳ |
IBM i2 Analysts Notebook Premium information exposure |
$۵k-$10k |
Official Fix |
|
CVE-2021-29770 |
۵.۵ |
IBM i2 Analysts Notebook Premium input validation |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-20431 |
۵.۳ |
IBM i2 Analysts Notebook Premium session fixiation |
$۵k-$10k |
Official Fix |
|
CVE-2021-29784 |
۴.۳ |
IBM i2 Analyze information exposure |
$۵k-$10k |
Official Fix |
|
CVE-2020-4623 |
۶.۸ |
IBM i2 iBase uncontrolled search path |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-4974 |
۶.۳ |
IBM Jazz Foundation server-side request forgery |
$۵k-$25k |
Official Fix |
|
CVE-2020-5004 |
۳.۵ |
IBM Jazz Foundation Web UI cross site scripting |
$۰-$۵k |
Official Fix |
|
CVE-2021-20505 |
۲.۲ |
IBM PowerVM Hypervisor FW950 LPM Traffic cryptographic issues |
$۰-$۵k |
Official Fix |
|
CVE-2021-20337 |
۳.۷ |
IBM QRadar SIEM inadequate encryption |
$۵k-$10k |
Official Fix |
|
CVE-2021-20399 |
۶.۳ |
IBM QRadar SIEM XML Data xml external entity reference |
$۵k-$10k |
Official Fix |
|
CVE-2021-20562 |
۳.۵ |
IBM Sterling B2B Integrator Standard Edition Web UI cross site scripting |
$۲k-$5k |
Official Fix |
|
CVE-2021-20560 |
۵.۵ |
IBM Sterling Connect Direct Browser User Interface improper restriction of rendered ui layers |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-35522 |
۶.۳ |
IDEMIA Morpho Wave Compact MD Thrift Command buffer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-35521 |
۶.۳ |
IDEMIA Morpho Wave Compact MD Thrift Command path traversal |
$۱k-$2k |
Official Fix |
|
CVE-2021-35520 |
۴.۱ |
IDEMIA Morpho Wave Compact MDPI Thrift Command buffer overflow |
$۰-$۱k |
Official Fix |
|
CVE-2021-3540 |
۷.۲ |
Ivanti MobileIron Install RPM argument injection |
$۲k-$5k |
Official Fix |
|
CVE-2021-3198 |
۷.۲ |
Ivanti MobileIron Install RPM os command injection |
$۲k-$5k |
Official Fix |
|
CVE-2020-19498 |
۳.۵ |
libheif Exception denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2020-19499 |
۵.۵ |
libheif get_references memory corruption |
$۲k-$5k |
Official Fix |
|
CVE-2021-29657 |
۴.۶ |
Linux Kernel AMD KVM Guest nested.c nested_svm_vmrun use after free |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-37576 |
۸.۰ |
Linux Kernel KVM Guest book3s_rtas.c memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-22522 |
۳.۵ |
Micro Focus Verastream Host Integrator cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-22523 |
۵.۵ |
Micro Focus Verastream Host Integrator xml external entity reference |
$۱k-$2k |
Not Defined |
|
CVE-2021-37534 |
۳.۵ |
MISP Galaxy Cluster Fork add.ctp cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-36222 |
۴.۳ |
MIT Kerberos 5 Key Distribution Center kdc_preauth_ec.c ec_verify null pointer dereference |
$۲k-$5k |
Official Fix |
|
CVE-2021-20596 |
۵.۳ |
Mitsubishi Electric FX3U-ENET-P502 null pointer dereference |
$۰-$۱k |
Not Defined |
|
CVE-2021-20333 |
۵.۳ |
MongoDB neutralization for logs |
$۲k-$5k |
Official Fix |
|
CVE-2020-21936 |
۴.۳ |
Motorola CX2 GetMultipleHNAPs GetNetworkSettings missing authentication |
$۱k-$2k |
Not Defined |
|
CVE-2020-21935 |
۵.۵ |
Motorola CX2 GetNetworkTomographySettings command injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-21932 |
۶.۳ |
Motorola CX2 Login Login.html improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2020-21937 |
۵.۵ |
Motorola CX2 SetWLanApcliSettings command injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-23243 |
۳.۵ |
Navigate CMS cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-23242 |
۳.۵ |
Navigate CMS Tools cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37478 |
۶.۳ |
NavigateCMS Backend block sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-37476 |
۶.۳ |
NavigateCMS Backend product.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-37473 |
۶.۳ |
NavigateCMS Backend product.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-37477 |
۶.۳ |
NavigateCMS Backend structure.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-37475 |
۶.۳ |
NavigateCMS Backend templates.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-37459 |
۳.۵ |
NCH Axon PBX cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37458 |
۳.۵ |
NCH Axon PBX cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37457 |
۳.۵ |
NCH Axon PBX cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37456 |
۳.۵ |
NCH Axon PBX cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37455 |
۳.۵ |
NCH Axon PBX cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37454 |
۳.۵ |
NCH Axon PBX cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37453 |
۳.۵ |
NCH Axon PBX cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37461 |
۳.۵ |
NCH Axon PBX extensionsinstruction cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37462 |
۳.۵ |
NCH Axon PBX ipblacklist cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37441 |
۴.۶ |
NCH Axon PBX logdelete path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-37440 |
۵.۵ |
NCH Axon PBX logprop path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-37460 |
۳.۵ |
NCH Axon PBX planprop cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37439 |
۵.۵ |
NCH FlexiServer syslog path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-37448 |
۳.۵ |
NCH IVM Attendant cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37443 |
۴.۶ |
NCH IVM Attendant logdeleteselected path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-37451 |
۳.۵ |
NCH IVM Attendant msglist cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37449 |
۳.۵ |
NCH IVM Attendant ogmlist cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37450 |
۳.۵ |
NCH IVM Attendant ogmprop cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37442 |
۳.۵ |
NCH IVM Attendant viewfile path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-37444 |
۶.۳ |
NCH IVM Attendant ZIP Archive pathname traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-37466 |
۳.۵ |
NCH Quorum conference cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37467 |
۳.۵ |
NCH Quorum conferencebrowseuploadfile cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37452 |
۳.۳ |
NCH Quorum Configuration missing encryption |
$۰-$۱k |
Not Defined |
|
CVE-2021-37464 |
۳.۵ |
NCH Quorum cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37463 |
۳.۵ |
NCH Quorum cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37447 |
۴.۶ |
NCH Quorum documentdelete path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-37446 |
۳.۵ |
NCH Quorum documentprop path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-37445 |
۳.۵ |
NCH Quorum logprop path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-37465 |
۳.۵ |
NCH Quorum uploaddoc cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37468 |
۳.۳ |
NCH Reflect CRM Configuration cleartext storage |
$۰-$۱k |
Not Defined |
|
CVE-2021-37470 |
۳.۵ |
NCH WebDictate cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37469 |
۳.۵ |
NCH WebDictate logprop path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-32748 |
۵.۶ |
Nextcloud Richdocuments WOPI authorization |
$۰-$۵k |
Official Fix |
|
CVE-2021-1093 |
۶.۵ |
NVIDIA GPU Display Driver assert denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-1092 |
۵.۴ |
NVIDIA GPU Display Driver Control Panel access control |
$۲k-$5k |
Not Defined |
|
CVE-2021-1091 |
۵.۴ |
NVIDIA GPU Display Driver denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-1090 |
۸.۸ |
NVIDIA GPU Display Driver Kernel Mode Layer nvlddmkm.sys buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-1095 |
۶.۵ |
NVIDIA GPU Display Driver Kernel Mode Layer nvlddmkm.sys denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-1094 |
۶.۳ |
NVIDIA GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape array index |
$۲k-$5k |
Not Defined |
|
CVE-2021-1089 |
۸.۸ |
NVIDIA GPU Display Driver uncontrolled search path |
$۲k-$5k |
Not Defined |
|
CVE-2021-1096 |
۶.۵ |
NVIDIA Windows GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape null pointer dereference |
$۰-$۱k |
Not Defined |
|
CVE-2021-21443 |
۳.۵ |
OTRS Community Edition Bulk Action Screen permission |
$۱k-$2k |
Official Fix |
|
CVE-2021-36091 |
۴.۳ |
OTRS Community Edition Calendar permission |
$۲k-$5k |
Official Fix |
|
CVE-2021-36092 |
۴.۳ |
OTRS Community Edition Email cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-21440 |
۲.۷ |
OTRS Community Edition information disclosure |
$۰-$۱k |
Not Defined |
|
CVE-2021-21442 |
۳.۵ |
OTRS Time Accounting Project Crate Screen cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-37402 |
۳.۵ |
OX Software OX App Suite Dataretrieval Endpoint cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-37403 |
۳.۵ |
OX Software OX App Suite Sharing Link cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-37403 |
۳.۵ |
OX Software OX App Suite Sharing Link cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-26698 |
۳.۵ |
OX Software OX App Suite Sharing Link cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-26699 |
۵.۵ |
OX Software OX App Suite SVG Document server-side request forgery |
$۱k-$2k |
Official Fix |
|
CVE-2020-19471 |
۳.۵ |
PDF2JSON decodeImage denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2020-19474 |
۳.۵ |
PDF2JSON doShowText use after free |
$۱k-$2k |
Not Defined |
|
CVE-2020-19473 |
۳.۵ |
PDF2JSON Exception decodeImage denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2020-19464 |
۵.۵ |
PDF2JSON fetch stack-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2020-19470 |
۳.۵ |
PDF2JSON getChar denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2020-19468 |
۳.۵ |
PDF2JSON getChar null pointer dereference |
$۰-$۱k |
Not Defined |
|
CVE-2020-19465 |
۳.۵ |
PDF2JSON getObject denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2020-19475 |
۳.۵ |
PDF2JSON lookChar denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2020-19472 |
۳.۵ |
PDF2JSON readHuffSym denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2020-19469 |
۳.۵ |
PDF2JSON reset denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2020-19466 |
۳.۵ |
PDF2JSON transformDataUnit denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2020-19467 |
۳.۵ |
PDF2JSON transformDataUnit use after free |
$۱k-$2k |
Not Defined |
|
CVE-2020-19463 |
۳.۵ |
PDF2JSON vfprintf stack-based overflow |
$۱k-$2k |
Not Defined |
|
CVE-2021-26762 |
۶.۳ |
PHPGurukul Student Record System edit-course.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-26764 |
۶.۳ |
PHPGurukul Student Record System edit-std.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-26765 |
۶.۳ |
PHPGurukul Student Record System edit-sub.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-32761 |
۷.۵ |
Redis BIT Command out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-37394 |
۵.۵ |
RPCMS API access control |
$۱k-$2k |
Not Defined |
|
CVE-2021-37392 |
۳.۵ |
RPCMS API cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-37393 |
۳.۵ |
RPCMS cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-7388 |
۷.۳ |
Sage X3 AdxDSrv.exe authentication spoofing |
$۱k-$2k |
Official Fix |
|
CVE-2020-7387 |
۵.۳ |
Sage X3 AdxDSrv.exe information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2020-7389 |
۴.۷ |
Sage X3 CHAINE Variable Script command injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-7390 |
۳.۵ |
Sage X3 User Profile cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-22784 |
۷.۳ |
Schneider Electric C-Bus Toolkit missing authentication |
$۱k-$2k |
Official Fix |
|
CVE-2021-22771 |
۵.۵ |
Schneider Electric Easergy T300 csv injection |
$۱k-$2k |
Official Fix |
|
CVE-2021-22770 |
۳.۵ |
Schneider Electric Easergy T300 information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-22722 |
۳.۵ |
Schneider Electric EVlink City/EVlink Parking/EVlink Smart Wallbox CSV Import cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-22774 |
۲.۶ |
Schneider Electric EVlink City/EVlink Parking/EVlink Smart Wallbox hash without salt |
$۰-$۱k |
Official Fix |
|
CVE-2021-22726 |
۵.۵ |
Schneider Electric EVlink City/EVlink Parking/EVlink Smart Wallbox server-side request forgery |
$۱k-$2k |
Official Fix |
|
CVE-2021-22708 |
۷.۱ |
Schneider Electric EVlink City/EVlink Parking/EVlink Smart Wallbox signature verification |
$۱k-$2k |
Official Fix |
|
CVE-2021-22706 |
۳.۵ |
Schneider Electric EVlink City/EVlink Parking/EVlink Smart Wallbox Web Page Generation cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-22723 |
۳.۵ |
Schneider Electric EVlink City/EVlink Parking/EVlink Smart Wallbox Web Server cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-22727 |
۲.۶ |
Schneider Electric EVlink City/EVlink Parking/EVlink Smart Wallbox Web Server entropy |
$۰-$۱k |
Official Fix |
|
CVE-2021-22730 |
۶.۳ |
Schneider Electric EVlink City/EVlink Parking/EVlink Smart Wallbox Web Server hard-coded credentials |
$۱k-$2k |
Official Fix |
|
CVE-2021-22707 |
۶.۳ |
Schneider Electric EVlink City/EVlink Parking/EVlink Smart Wallbox Web Server hard-coded credentials |
$۱k-$2k |
Official Fix |
|
CVE-2021-22729 |
۴.۳ |
Schneider Electric EVlink City/EVlink Parking/EVlink Smart Wallbox Web Server hard-coded password |
$۱k-$2k |
Official Fix |
|
CVE-2021-22773 |
۵.۵ |
Schneider Electric EVlink City/EVlink Parking/EVlink Smart Wallbox Web Server weak authentication |
$۱k-$2k |
Official Fix |
|
CVE-2021-22777 |
۵.۵ |
Schneider Electric SoSafe Configurable Project File deserialization |
$۱k-$2k |
Official Fix |
|
CVE-2021-25273 |
۳.۵ |
Sophos UTM Quarantined Email Detail View cross site scripting |
$۰-$۵k |
Official Fix |
|
CVE-2021-25212 |
۶.۳ |
SourceCodester Alumni Management System manage_event.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-25210 |
۶.۳ |
SourceCodester Alumni Management System manage_event.php unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2021-25197 |
۳.۵ |
SourceCodester Content Management System new_content.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-25791 |
۳.۵ |
SourceCodester Doctor Appointment System Update Profile cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-25205 |
۶.۳ |
SourceCodester E-Commerce Website empViewUpdate.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-25204 |
۳.۵ |
SourceCodester E-Commerce Website feedback_process.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-25207 |
۶.۳ |
SourceCodester E-Commerce Website prodViewUpdate.php unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2021-26224 |
۳.۵ |
SourceCodester Fantastic-Blog-CMS Search Field search.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-25790 |
۳.۵ |
SourceCodester House Rental and Property Listing Register cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-25211 |
۶.۳ |
SourceCodester Ordering System edit.php unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2021-25206 |
۶.۳ |
SourceCodester Responsive Ordering System Product_model.php unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2021-25202 |
۶.۳ |
SourceCodester Sales and Inventory System inventory.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-26232 |
۶.۳ |
SourceCodester Simple College Website news.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-25209 |
۶.۳ |
SourceCodester Theme Park Ticketing System view_user.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-25213 |
۶.۳ |
SourceCodester Travel Management System subcat.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-25208 |
۶.۳ |
SourceCodester Travel Management System updatepackage.php unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2020-36033 |
۶.۳ |
SourceCodester Water Billing System edituser.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-34261 |
۶.۵ |
STMicroelectronics STM32Cube Remote Wake-Up USBH_ParseCfgDesc denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-34268 |
۳.۵ |
STMicroelectronics STM32Cube USB Device Packet USBH_ParseDevDesc denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-34267 |
۳.۵ |
STMicroelectronics STM32Cube USBH_MSC_InterfaceInit denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-34259 |
۵.۵ |
STMicroelectronics STM32Cube USBH_ParseCfgDesc buffer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-34262 |
۵.۵ |
STMicroelectronics STM32Cube USBH_ParseEPDesc buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-34260 |
۵.۵ |
STMicroelectronics STM32Cube USBH_ParseInterfaceDesc buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-32000 |
۵.۴ |
SUSE Linux Enterprise Server/openSUSE Factory clone-master-clean-up.sh symlink |
$۵k-$25k |
Not Defined |
|
CVE-2021-32001 |
۴.۳ |
SUSE Rancher kde2 missing encryption |
$۵k-$25k |
Not Defined |
|
CVE-2021-30486 |
۶.۳ |
SysAid AssetManagementChart.jsp sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-30049 |
۳.۵ |
SysAid KeepAlive.jsp cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-18171 |
۶.۳ |
Techsmith Snagit Object Linking Privilege Escalation |
$۲k-$5k |
Not Defined |
|
CVE-2020-18169 |
۶.۳ |
TechSmith Snagit Windows Installer Privilege Escalation |
$۲k-$5k |
Not Defined |
|
CVE-2021-20106 |
۴.۳ |
Tenable Nessus Agent access control |
$۱k-$2k |
Not Defined |
|
CVE-2021-25695 |
۵.۵ |
Teradici PCOIP Software Agent USB vHub command injection |
$۱k-$2k |
Official Fix |
|
CVE-2021-25701 |
۳.۵ |
Teradici PCoIP Software Client fUSBHub Driver resource consumption |
$۰-$۱k |
Official Fix |
|
CVE-2020-18430 |
۳.۵ |
tinyexr DecodeEXRImage array index |
$۱k-$2k |
Not Defined |
|
CVE-2020-18428 |
۳.۵ |
tinyexr SaveEXR array index |
$۱k-$2k |
Not Defined |
|
CVE-2020-19490 |
۵.۵ |
tinyexr tinyexr.h DecodePixelData integer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-36742 |
۶.۳ |
Trend Micro Apex One access control |
$۵k-$25k |
Not Defined |
|
CVE-2021-36741 |
۶.۳ |
Trend Micro Apex One Management Console input validation |
$۵k-$25k |
Not Defined |
|
CVE-2020-18172 |
۵.۵ |
Trezor Bridge SeDebugPrivilege code injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-25801 |
۶.۳ |
VideoLAN VLC Media Player AVI File __Parse_indx out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-25802 |
۶.۳ |
VideoLAN VLC Media Player AVI File AVI_ExtractSubtitle out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-25803 |
۶.۳ |
VideoLAN VLC Media Player AVI File vlc_input_attachment_New out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-25804 |
۴.۳ |
VideoLAN VLC Media Player avi.c null pointer dereference |
$۰-$۱k |
Official Fix |
|
CVE-2015-2099 |
۶.۳ |
WebGate Control Center GetThumbnail buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2015-2098 |
۶.۳ |
WebGate eDVR Manager stack-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2015-2100 |
۵.۵ |
WebGate eDVR Manager/Control Center TCPDiscover2 stack-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-32791 |
۳.۷ |
ZmartZone mod_auth_openidc AES GCM Encryption random values |
$۰-$۱k |
Official Fix |
|
CVE-2021-32785 |
۵.۳ |
ZmartZone mod_auth_openidc format string |
$۲k-$5k |
Official Fix |
|
CVE-2021-32792 |
۴.۳ |
ZmartZone mod_auth_openidc OIDCPreservePost cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-32786 |
۶.۳ |
ZmartZone mod_auth_openidc Regular Expression oidc_validate_redirect_url |
$۱k-$2k |
Official Fix |
|
CVE-2021-35030 |
۳.۵ |
ZyXEL GS1900-8 LLDP Packet cross site scripting |
$۱k-$2k |
Not Defined |
