آسیبپذیریهای حیاتی هفته دوم فروردینماه
این هفته آسیبپذیریهای «حیاتی» و «پرخطر» بسیاری در محصولات مهم Google گزارش و وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شد. همچنین در محصولات شرکتهای Jupyther، Joomla ، IBM، Qualcomm، VMware و کرنل لینوکس چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت.
لیست این آسیبپذیریها بههمراه سطح خطر آنها در جدول زیر آمده است.
|
شناسه آسیبپذیری |
امتیاز مبنا |
عنوان آسیبپذیری |
ارزش روز صفر |
رفع آسیبپذیری |
|
CVE-2022-25598 |
۳.۵ |
Apache DolphinScheduler User Registration resource consumption |
$۲k-$5k |
Official Fix |
|
CVE-2022-22675 |
۷.۸ |
Apple iOS/iPadOS AAppleAVD out-of-bounds write |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-22675 |
۷.۸ |
Apple macOS AppleAVD out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-22674 |
۳.۳ |
Apple macOS Intel Graphics Driver out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-43099 |
۵.۵ |
bbs Archive Extraction UpgradeManageAction.java UpgradeNow pathname traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-43103 |
۶.۳ |
bbs ForumManageAction.java GetType unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2021-43102 |
۶.۳ |
bbs HelpManageAction.java GetType unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2021-43101 |
۶.۳ |
bbs MembershipCardManageAction.java GetType unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2021-43098 |
۵.۵ |
bbs QuestionManageAction.java getType unrestricted upload |
$۱k-$2k |
Not Defined |
|
CVE-2021-43097 |
۵.۵ |
bbs Template TemplateManageAction.java injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-43100 |
۶.۳ |
bbs TopicManageAction.java GetType unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2022-28134 |
۵.۵ |
Bitbucket Server Integration Plugin HTTP Endpoint authorization |
$۱k-$2k |
Not Defined |
|
CVE-2022-28133 |
۳.۵ |
Bitbucket Server Integration Plugin URL Scheme cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-23850 |
۸.۳ |
Bosch CCP TCP stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-23851 |
۸.۳ |
Bosch CPP TCP stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2022-0405 |
۴.۳ |
Calibre-Web access control |
$۰-$۵k |
Official Fix |
|
CVE-2022-0406 |
۵.۳ |
Calibre-Web improper authorization |
$۰-$۵k |
Official Fix |
|
CVE-2022-28147 |
۵.۵ |
Continuous Integration with Toad Edge Plugin authorization |
$۱k-$2k |
Not Defined |
|
CVE-2022-28145 |
۳.۵ |
Continuous Integration with Toad Edge Plugin cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-28148 |
۳.۵ |
Continuous Integration with Toad Edge Plugin File Browser path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2022-28146 |
۳.۵ |
Continuous Integration with Toad Edge Plugin path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2022-24426 |
۷.۸ |
Dell Command Update/Alienware Update Advanced Driver Restore uncontrolled search path |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-38362 |
۵.۵ |
Dell EMC RSA Archer REST API Endpoint resource injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2022-23158 |
۴.۱ |
Dell Wyse Device Agent information disclosure |
$۱k-$2k |
Not Defined |
|
CVE-2022-23156 |
۴.۱ |
Dell Wyse Device Agent WMS Server improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2022-23157 |
۳.۳ |
Dell Wyse Device Agent WMS Server information disclosure |
$۱k-$2k |
Not Defined |
|
CVE-2022-23155 |
۷.۲ |
Dell Wyse Management Suite unrestricted upload |
$۱۰k-$25k |
Not Defined |
|
CVE-2022-26836 |
۷.۷ |
Delta Electronics DIAEnergie Calendar sql injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-26839 |
۷.۸ |
Delta Electronics DIAEnergie default permission |
$۲k-$5k |
Official Fix |
|
CVE-2022-26013 |
۷.۷ |
Delta Electronics DIAEnergie DIAE_dmdsetHandler.ashx sql injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-26349 |
۷.۷ |
Delta Electronics DIAEnergie DIAE_eccoefficientHandler.ashx sql injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-26887 |
۷.۷ |
Delta Electronics DIAEnergie DIAE_HandlerTag_KID.ashx sql injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-26338 |
۷.۷ |
Delta Electronics DIAEnergie DIAE_hierarchyHandler.ashx sql injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-25880 |
۷.۷ |
Delta Electronics DIAEnergie DIAE_hierarchyHandler.ashx sql injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-26514 |
۷.۷ |
Delta Electronics DIAEnergie DIAE_tagHandler.ashx sql injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-27175 |
۷.۷ |
Delta Electronics DIAEnergie GetCalcTagList sql injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-26667 |
۷.۷ |
Delta Electronics DIAEnergie GetDemandAnalysisData sql injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-26065 |
۷.۷ |
Delta Electronics DIAEnergie GetDemandAnalysisData sql injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-26059 |
۷.۷ |
Delta Electronics DIAEnergie GetQueryData sql injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-25980 |
۷.۷ |
Delta Electronics DIAEnergie HandlerCommon.ashx sql injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-0923 |
۸.۵ |
Delta Electronics DIAEnergie HandlerDialog_KID.ashx sql injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-26666 |
۷.۷ |
Delta Electronics DIAEnergie HandlerDialogECC.ashx sql injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-26069 |
۷.۷ |
Delta Electronics DIAEnergie HandlerPage_KID.ashx sql injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-25347 |
۸.۵ |
Delta Electronics DIAEnergie path traversal |
$۲k-$5k |
Official Fix |
|
CVE-2022-1098 |
۸.۳ |
Delta Electronics DIAEnergie uncontrolled search path |
$۲k-$5k |
Official Fix |
|
CVE-2021-43722 |
۵.۵ |
D-Link DIR-645 cgibin hnap_main buffer overflow |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-37517 |
۳.۵ |
Dolibarr ERP/CRM Email Address denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-36625 |
۶.۳ |
Dolibarr ERP/CRM UPDATE Statement sql injection |
$۱k-$2k |
Official Fix |
|
CVE-2021-44310 |
۳.۵ |
Firmware Analysis and Comparison Tool cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-44312 |
۴.۳ |
Firmware Analysis and Comparison Tool cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2022-0123 |
۵.۰ |
GitLab CI Service certificate validation |
$۱k-$2k |
Official Fix |
|
CVE-2022-0390 |
۴.۳ |
GitLab Community Edition/Enterprise Edition access control |
$۲k-$5k |
Not Defined |
|
CVE-2021-39876 |
۴.۳ |
GitLab Community Edition/Enterprise Edition Assignee information disclosure |
$۱k-$2k |
Not Defined |
|
CVE-2022-0741 |
۴.۰ |
GitLab Community Edition/Enterprise Edition Email Address information disclosure |
$۰-$۱k |
Not Defined |
|
CVE-2022-0489 |
۳.۵ |
GitLab Community Edition/Enterprise Edition Formula denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-4191 |
۵.۳ |
GitLab Community Edition/Enterprise Edition GraphQL API information disclosure |
$۱k-$2k |
Not Defined |
|
CVE-2022-0427 |
۵.۷ |
GitLab Community Edition/Enterprise Edition HTTP POST Request injection |
$۲k-$5k |
Not Defined |
|
CVE-2022-0425 |
۵.۹ |
GitLab Community Edition/Enterprise Edition IRC Gateway server-side request forgery |
$۲k-$5k |
Not Defined |
|
CVE-2022-0488 |
۳.۵ |
GitLab Community Edition/Enterprise Edition Markdown denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-39908 |
۵.۹ |
GitLab Community Edition/Enterprise Edition Merge Request unknown vulnerability |
$۲k-$5k |
Official Fix |
|
CVE-2022-0549 |
۵.۹ |
GitLab Community Edition/Enterprise Edition REST API access control |
$۲k-$5k |
Official Fix |
|
CVE-2022-0735 |
۷.۶ |
GitLab Community Edition/Enterprise Edition Runner Registration Token information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2022-0371 |
۴.۳ |
GitLab Community Edition/Enterprise Edition Search information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2022-0373 |
۴.۳ |
GitLab Community Edition/Enterprise Edition Service Desk Email Address access control |
$۲k-$5k |
Not Defined |
|
CVE-2022-0751 |
۶.۴ |
GitLab Community Edition/Enterprise Edition Snippet Privilege Escalation |
$۲k-$5k |
Not Defined |
|
CVE-2022-0283 |
۴.۵ |
GitLab Jira redirect |
$۱k-$2k |
Official Fix |
|
CVE-2022-0738 |
۳.۱ |
GitLab Mirror information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2022-0344 |
۳.۱ |
GitLab Private Project information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2022-0136 |
۵.۹ |
GitLab Project Import server-side request forgery |
$۲k-$5k |
Not Defined |
|
CVE-2022-0249 |
۳.۷ |
GitLab server-side request forgery |
$۲k-$5k |
Not Defined |
|
CVE-2021-39740 |
۳.۳ |
Google Android Attachment information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39760 |
۲.۵ |
Google Android AudioService information exposure |
$۵k-$10k |
Official Fix |
|
CVE-2021-39774 |
۳.۳ |
Google Android Bluetooth out-of-bounds read |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39772 |
۵.۳ |
Google Android Bluetooth permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39752 |
۵.۳ |
Google Android Bubbles permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39784 |
۵.۳ |
Google Android CellBroadcastReceiver permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1000 |
۵.۳ |
Google Android ConnectedDevicesSliceProvider.java createBluetoothDeviceSlice permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1033 |
۵.۳ |
Google Android ConnectedDevicesSliceProvider.java.java createGeneralSlice permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39754 |
۲.۵ |
Google Android ContextImpl information exposure |
$۵k-$10k |
Official Fix |
|
CVE-2021-39769 |
۳.۳ |
Google Android Device Policy information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39744 |
۳.۳ |
Google Android DevicePolicyManager information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39745 |
۲.۵ |
Google Android DevicePolicyManager information exposure |
$۵k-$10k |
Official Fix |
|
CVE-2021-39755 |
۲.۵ |
Google Android DevicePolicyManager information exposure |
$۵k-$10k |
Official Fix |
|
CVE-2021-39790 |
۵.۳ |
Google Android Dialer permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39753 |
۳.۳ |
Google Android DomainVerificationService information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39756 |
۲.۵ |
Google Android Framework information exposure |
$۵k-$10k |
Official Fix |
|
CVE-2021-39765 |
۳.۳ |
Google Android Gallery information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-20002 |
۴.۲ |
Google Android incfs permission |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39770 |
۳.۳ |
Google Android information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39748 |
۳.۳ |
Google Android InputMethodEditor information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39741 |
۴.۲ |
Google Android Keymaster out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39759 |
۵.۳ |
Google Android libstagefright out-of-bounds write |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39761 |
۲.۵ |
Google Android Media information exposure |
$۵k-$10k |
Official Fix |
|
CVE-2021-39767 |
۵.۳ |
Google Android MiniaDB access control |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39786 |
۴.۲ |
Google Android NFC out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39776 |
۵.۳ |
Google Android NFC use after free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39750 |
۵.۳ |
Google Android PackageManager permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39743 |
۵.۳ |
Google Android PackageManager permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39775 |
۳.۳ |
Google Android People information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39757 |
۳.۳ |
Google Android Permission Controller information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39746 |
۵.۳ |
Google Android PermissionController permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39783 |
۵.۳ |
Google Android rcsservice permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39763 |
۵.۳ |
Google Android Settings access control |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39751 |
۳.۳ |
Google Android Settings information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39766 |
۲.۵ |
Google Android Settings information exposure |
$۵k-$10k |
Official Fix |
|
CVE-2021-39771 |
۵.۳ |
Google Android Settings input validation |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39764 |
۵.۳ |
Google Android Settings input validation |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39768 |
۵.۳ |
Google Android Settings permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39747 |
۳.۳ |
Google Android Settings Provider information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39739 |
۳.۳ |
Google Android SMS Message log file |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39781 |
۳.۳ |
Google Android SmsController information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39787 |
۵.۳ |
Google Android SystemUI access control |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39789 |
۵.۳ |
Google Android Telecom permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39779 |
۳.۳ |
Google Android Telecom Service information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39778 |
۳.۳ |
Google Android Telecomm information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39788 |
۲.۵ |
Google Android TelecomManager information exposure |
$۵k-$10k |
Official Fix |
|
CVE-2021-39777 |
۳.۳ |
Google Android Telephony information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39782 |
۵.۳ |
Google Android Telephony permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39780 |
۵.۳ |
Google Android Traceur permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39762 |
۴.۳ |
Google Android Tremolo out-of-bounds read |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39742 |
۳.۳ |
Google Android Voicemail information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39773 |
۲.۵ |
Google Android VpnManagerService information exposure |
$۵k-$10k |
Official Fix |
|
CVE-2021-39791 |
۲.۵ |
Google Android WallpaperManagerService information exposure |
$۵k-$10k |
Official Fix |
|
CVE-2021-39758 |
۵.۳ |
Google Android WindowManager permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39749 |
۵.۳ |
Google Android WindowManager permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-1139 |
۶.۳ |
Google Chrome Background Fetch API Remote Code Execution |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-1131 |
۶.۳ |
Google Chrome Cast UI use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-1137 |
۶.۳ |
Google Chrome Extensions Remote Code Execution |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-1145 |
۶.۳ |
Google Chrome Extensions use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-1141 |
۶.۳ |
Google Chrome File Manager use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-1129 |
۶.۳ |
Google Chrome Full Screen Mode Remote Code Execution |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-1125 |
۶.۳ |
Google Chrome Portals use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-1127 |
۶.۳ |
Google Chrome QR Code Generator use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-1146 |
۶.۳ |
Google Chrome Resource Timing Remote Code Execution |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-1135 |
۶.۳ |
Google Chrome Shopping Cart use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-1136 |
۶.۳ |
Google Chrome Tab Strip use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-1134 |
۶.۳ |
Google Chrome v8 type confusion |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-1096 |
۶.۳ |
Google Chrome v8 type confusion |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-1132 |
۶.۳ |
Google Chrome Virtual Keyboard Remote Code Execution |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-1138 |
۶.۳ |
Google Chrome Web Cursor Remote Code Execution |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-1128 |
۶.۳ |
Google Chrome Web Share API Remote Code Execution |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-1130 |
۶.۳ |
Google Chrome WebOTP Remote Code Execution |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-1133 |
۶.۳ |
Google Chrome WebRTC use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-1143 |
۶.۳ |
Google Chrome WebUI heap-based overflow |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-1142 |
۶.۳ |
Google Chrome WebUI heap-based overflow |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-1144 |
۶.۳ |
Google Chrome WebUI use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-22572 |
۴.۹ |
Google Data Transfer Project File.createTempFile temp file |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-0343 |
۴.۱ |
Google run-dev-server HTTP Request permission |
$۵k-$10k |
Official Fix |
|
CVE-2022-26546 |
۳.۵ |
Hospital Management System improper authorization |
$۱k-$2k |
Not Defined |
|
CVE-2022-24136 |
۵.۵ |
Hospital Management System treatmentrecord.php unrestricted upload |
$۱k-$2k |
Not Defined |
|
CVE-2022-26244 |
۳.۵ |
Hospital Patient Record Management System cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-22404 |
۵.۴ |
IBM App Connect Enterprise Certified Container Dashboard UI resource consumption |
$۲k-$5k |
Official Fix |
|
CVE-2022-22332 |
۵.۶ |
IBM Partner Engagement Manager JWT Token Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-22311 |
۵.۲ |
IBM Security Verify Access channel accessible |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-22328 |
۶.۳ |
IBM SterlingPartner Engagement Manager access control |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-22331 |
۶.۳ |
IBM SterlingPartner Engagement Manager authorization |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-22327 |
۳.۷ |
IBM UrbanCode Deploy inadequate encryption |
$۵k-$10k |
Official Fix |
|
CVE-2022-28136 |
۴.۳ |
JiraTestResultReporter Plugin cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2022-28137 |
۵.۵ |
JiraTestResultReporter Plugin URL authorization |
$۱k-$2k |
Not Defined |
|
CVE-2022-28151 |
۵.۵ |
Job and Node Ownership Plugin authorization |
$۱k-$2k |
Not Defined |
|
CVE-2022-28149 |
۳.۵ |
Job and Node Ownership Plugin cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-28152 |
۴.۳ |
Job and Node Ownership Plugin cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2022-28150 |
۴.۳ |
Job and Node Ownership Plugin cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2022-23796 |
۳.۵ |
Joomla com_fields cross site scripting |
$۲k-$5k |
Not Defined |
|
CVE-2022-23801 |
۳.۵ |
Joomla com_media cross site scripting |
$۲k-$5k |
Not Defined |
|
CVE-2022-23800 |
۳.۵ |
Joomla Filter cross site scripting |
$۲k-$5k |
Not Defined |
|
CVE-2022-23795 |
۶.۳ |
Joomla improper authentication |
$۵k-$10k |
Not Defined |
|
CVE-2022-23799 |
۵.۵ |
Joomla Privilege Escalation |
$۱۰k-$25k |
Not Defined |
|
CVE-2022-23798 |
۵.۵ |
Joomla redirect |
$۵k-$10k |
Not Defined |
|
CVE-2022-23794 |
۴.۳ |
Joomla Source Code information disclosure |
$۵k-$10k |
Not Defined |
|
CVE-2022-23797 |
۶.۳ |
Joomla sql injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2022-23793 |
۵.۵ |
Joomla tar path traversal |
$۵k-$10k |
Not Defined |
|
CVE-2022-24758 |
۷.۵ |
Jupyter Notebook Error log file |
$۱k-$2k |
Official Fix |
|
CVE-2021-27223 |
۶.۵ |
Kaspersky Anti-Virus/Endpoint Security Binary Module denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2022-27534 |
۶.۳ |
Kaspersky Anti-Virus/Endpoint Security Data Parser Remote Code Execution |
$۲k-$5k |
Official Fix |
|
CVE-2020-35501 |
۵.۵ |
Linux Kernel Audit Rule access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2022-28390 |
۵.۵ |
Linux Kernel ems_usb.c ems_usb_start_xmit double free |
$۵k-$25k |
Official Fix |
|
CVE-2022-28389 |
۵.۵ |
Linux Kernel mcba_usb.c mcba_usb_start_xmit double free |
$۵k-$25k |
Official Fix |
|
CVE-2021-3847 |
۶.۳ |
Linux Kernel OverlayFS Subsystem permissions |
$۱۰k-$25k |
Not Defined |
|
CVE-2022-28356 |
۴.۳ |
Linux Kernel Refcount af_llc.c memory leak |
$۰-$۵k |
Official Fix |
|
CVE-2022-1055 |
۵.۶ |
Linux Kernel tc_new_tfilter use after free |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-28388 |
۵.۵ |
Linux Kernel usb_8dev.c usb_8dev_start_xmit double free |
$۵k-$25k |
Official Fix |
|
CVE-2022-0998 |
۶.۳ |
Linux Kernel Virtio Device Driver vdpa.c vhost_vdpa_config_validate integer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-32933 |
۹.۹ |
MDT Autosave API command injection |
$۲k-$5k |
Official Fix |
|
CVE-2021-32961 |
۷.۵ |
MDT Autosave getfile unrestricted upload |
$۲k-$5k |
Official Fix |
|
CVE-2021-32945 |
۵.۶ |
MDT AutoSave inadequate encryption |
$۰-$۱k |
Official Fix |
|
CVE-2021-32949 |
۷.۰ |
MDT AutoSave path traversal |
$۱k-$2k |
Official Fix |
|
CVE-2021-32957 |
۷.۴ |
MDT Autosave sql injection |
$۲k-$5k |
Official Fix |
|
CVE-2021-32953 |
۸.۵ |
MDT Autosave sql injection |
$۲k-$5k |
Official Fix |
|
CVE-2021-32937 |
۶.۴ |
MDT AutoSave Working Directory information exposure |
$۱k-$2k |
Official Fix |
|
CVE-2022-28209 |
۵.۵ |
MediaWiki AntiSpoof Extension permission |
$۱k-$2k |
Not Defined |
|
CVE-2022-28205 |
۵.۵ |
MediaWiki CentralAuth Extension Privilege Escalation |
$۲k-$5k |
Not Defined |
|
CVE-2022-28206 |
۵.۵ |
MediaWiki FileImporter ImportPlanValidator.php access control |
$۱k-$2k |
Not Defined |
|
CVE-2022-28202 |
۳.۵ |
MediaWiki Message Special:RevisionDelete cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2022-25159 |
۵.۶ |
Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ authentication replay |
$۱k-$2k |
Not Defined |
|
CVE-2022-25160 |
۵.۳ |
Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ cleartext storage |
$۱k-$2k |
Not Defined |
|
CVE-2022-25158 |
۳.۱ |
Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ Password Hash cleartext storage |
$۰-$۱k |
Not Defined |
|
CVE-2022-25155 |
۵.۶ |
Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ Password Hash Handler authentication replay |
$۱k-$2k |
Not Defined |
|
CVE-2022-25157 |
۵.۶ |
Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ Password Hash Handler improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2022-25156 |
۳.۷ |
Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ unknown vulnerability |
$۰-$۱k |
Not Defined |
|
CVE-2021-32968 |
۷.۵ |
Moxa IAW5000A buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-32970 |
۶.۴ |
Moxa NPort IAW5000A Web Server denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-32974 |
۹.۸ |
Moxa NPort IAW5000A Web Server input validation |
$۲k-$5k |
Not Defined |
|
CVE-2021-32976 |
۹.۸ |
Moxa NPort IAW5000A Web Server stack-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2020-24771 |
۵.۵ |
NexusPHP access control |
$۱k-$2k |
Official Fix |
|
CVE-2020-24770 |
۶.۳ |
NexusPHP modrules.php sql injection |
$۱k-$2k |
Official Fix |
|
CVE-2020-24769 |
۶.۳ |
NexusPHP SQL Command takeconfirm.php sql injection |
$۱k-$2k |
Official Fix |
|
CVE-2022-27306 |
۵.۵ |
Node.js Hostname url.parse Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2022-21821 |
۷.۸ |
NVIDIA CUDA Toolkit SDK cuobjdump buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2022-25959 |
۷.۰ |
Omron CX-Position Project File memory corruption |
$۲k-$5k |
Not Defined |
|
CVE-2022-26022 |
۷.۰ |
Omron CX-Position Project File out-of-bounds write |
$۲k-$5k |
Not Defined |
|
CVE-2022-26419 |
۷.۰ |
Omron CX-Position Project File Parser stack-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2022-26417 |
۷.۰ |
Omron CX-Position Project File use after free |
$۲k-$5k |
Not Defined |
|
CVE-2022-26645 |
۶.۳ |
Online Banking System Image unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2022-26644 |
۳.۵ |
Online Banking System Protect cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-26646 |
۵.۵ |
Online Banking System Protect file inclusion |
$۱k-$2k |
Not Defined |
|
CVE-2022-1181 |
۵.۷ |
OpenEMR cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2022-1180 |
۴.۰ |
OpenEMR cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2022-1178 |
۵.۴ |
OpenEMR cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2022-1177 |
۵.۴ |
OpenEMR Patient Report access control |
$۲k-$5k |
Official Fix |
|
CVE-2022-1179 |
۴.۰ |
OpenEMR Rule cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2022-26019 |
۶.۳ |
pfSense CE/pfSense Plus NTP GPS Setting access control |
$۲k-$5k |
Official Fix |
|
CVE-2022-24299 |
۶.۳ |
pfSense CE/pfSense Plus Server Setting input validation |
$۲k-$5k |
Official Fix |
|
CVE-2021-20729 |
۳.۵ |
pfSense CE/pfSense Plus URL cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-0922 |
۴.۳ |
Philips e-Alert missing authentication |
$۱k-$2k |
Not Defined |
|
CVE-2021-33022 |
۵.۶ |
Philips Vue PACS cleartext transmission |
$۰-$۱k |
Not Defined |
|
CVE-2021-33024 |
۳.۷ |
Philips Vue PACS insufficiently protected credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-33020 |
۷.۲ |
Philips Vue PACS key management |
$۲k-$5k |
Not Defined |
|
CVE-2021-27493 |
۶.۲ |
Philips Vue PACS Message Remote Code Execution |
$۲k-$5k |
Not Defined |
|
CVE-2021-27501 |
۷.۵ |
Philips Vue PACS neutralization |
$۲k-$5k |
Not Defined |
|
CVE-2021-27497 |
۶.۰ |
Philips Vue PACS protection mechanism |
$۲k-$5k |
Not Defined |
|
CVE-2021-33018 |
۵.۳ |
Philips Vue PACS risky encryption |
$۰-$۱k |
Not Defined |
|
CVE-2022-28158 |
۵.۵ |
Pipeline Phoenix AutoTest Plugin authorization |
$۱k-$2k |
Not Defined |
|
CVE-2022-28157 |
۵.۵ |
Pipeline Phoenix AutoTest Plugin FTP path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2022-28156 |
۵.۵ |
Pipeline Phoenix AutoTest Plugin path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2022-28155 |
۵.۵ |
Pipeline Phoenix AutoTest Plugin XML Parser xml external entity reference |
$۱k-$2k |
Not Defined |
|
CVE-2022-28142 |
۵.۰ |
Proxmox Plugin certificate validation |
$۱k-$2k |
Not Defined |
|
CVE-2022-28141 |
۳.۵ |
Proxmox Plugin config.xml credentials storage |
$۱k-$2k |
Not Defined |
|
CVE-2022-28143 |
۴.۳ |
Proxmox Plugin cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2022-28144 |
۵.۵ |
Proxmox Plugin HTTP Endpoint authorization |
$۱k-$2k |
Not Defined |
|
CVE-2021-30331 |
۵.۵ |
Qualcomm Snapdragon Auto DIAG Interface buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-30333 |
۷.۸ |
Qualcomm Snapdragon Auto EFS File memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-35105 |
۸.۱ |
Qualcomm Snapdragon Auto Graphics Profiling out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-35117 |
۷.۷ |
Qualcomm Snapdragon Auto IBSS Beacon out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-1950 |
۷.۸ |
Qualcomm Snapdragon Auto improper authentication |
$۵k-$10k |
Official Fix |
|
CVE-2021-30328 |
۷.۵ |
Qualcomm Snapdragon Auto NR CSI-IM Resource Configuration assertion |
$۵k-$10k |
Official Fix |
|
CVE-2021-30332 |
۷.۵ |
Qualcomm Snapdragon Auto OTA Configuration assertion |
$۵k-$10k |
Official Fix |
|
CVE-2021-1942 |
۹.۳ |
Qualcomm Snapdragon Auto Shared Memory memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-35088 |
۷.۷ |
Qualcomm Snapdragon Auto SSID IE Parser out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-30329 |
۷.۵ |
Qualcomm Snapdragon Auto TCI Configuration assertion |
$۵k-$10k |
Official Fix |
|
CVE-2021-35103 |
۷.۸ |
Qualcomm Snapdragon Auto Timer out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-35089 |
۸.۱ |
Qualcomm Snapdragon Auto USER Command buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-35106 |
۷.۸ |
Qualcomm Snapdragon Auto WMI Message out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-35115 |
۸.۱ |
Qualcomm Snapdragon Auto/Snapdragon Mobile PVM Backend use after free |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-35110 |
۷.۹ |
Qualcomm Snapdragon Connectivity/Snapdragon Mobile Hash Segment buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-21830 |
۳.۵ |
RocketChat LiveChat cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-28139 |
۵.۵ |
RocketChat Notifier Plugin authorization |
$۱k-$2k |
Not Defined |
|
CVE-2022-28138 |
۴.۳ |
RocketChat Notifier Plugin URL cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2022-1159 |
۷.۲ |
Rockwell Automation Compact GuardLogix 5380 code injection |
$۲k-$5k |
Workaround |
|
CVE-2021-32960 |
۸.۰ |
Rockwell Automation FactoryTalk Services Platform Policy access control |
$۲k-$5k |
Not Defined |
|
CVE-2022-1018 |
۵.۵ |
Rockwell Automation ISaGRAF Solution File xml external entity reference |
$۱k-$2k |
Not Defined |
|
CVE-2022-1161 |
۹.۸ |
Rockwell Automation SoftLogix 5800 unknown vulnerability |
$۱۰۰k and more |
Workaround |
|
CVE-2022-26949 |
۵.۸ |
RSA Archer Attachment access control |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-26951 |
۵.۴ |
RSA Archer cross site scripting |
$۵k-$10k |
Official Fix |
|
CVE-2022-26947 |
۴.۹ |
RSA Archer cross site scripting |
$۲k-$5k |
Official Fix |
|
CVE-2021-41594 |
۶.۳ |
RSA Archer Endpoint CheckTaskAccess access control |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-26950 |
۵.۰ |
RSA Archer redirect |
$۵k-$10k |
Official Fix |
|
CVE-2022-26948 |
۳.۷ |
RSA Archer RSS Feed access control |
$۰-$۱k |
Official Fix |
|
CVE-2022-22936 |
۶.۳ |
SaltStack Salt Job authentication replay |
$۱k-$2k |
Official Fix |
|
CVE-2022-22941 |
۵.۵ |
SaltStack Salt Master-of-Masters permission |
$۱k-$2k |
Official Fix |
|
CVE-2022-22935 |
۴.۳ |
SaltStack Salt Minion denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2022-22934 |
۵.۵ |
SaltStack Salt Pillar Data signature verification |
$۱k-$2k |
Official Fix |
|
CVE-2021-33523 |
۴.۷ |
Software AG MashZone NextGen Admin Console unrestricted upload |
$۱k-$2k |
Not Defined |
|
CVE-2021-33208 |
۵.۵ |
Software AG MashZone NextGen Register an Ehcache Configuration File xml external entity reference |
$۱k-$2k |
Not Defined |
|
CVE-2021-33581 |
۵.۵ |
Software AG MashZone NextG en TCP Service server-side request forgery |
$۱k-$2k |
Not Defined |
|
CVE-2022-0331 |
۵.۳ |
Sophos Firewall Webadmin information disclosure |
$۱k-$2k |
Not Defined |
|
CVE-2021-45866 |
۳.۵ |
SourceCodester Attendance Management System index.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-43505 |
۳.۵ |
Sourcecodester Simple Client Management System Add New Client/Add New Invoice cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-43506 |
۶.۳ |
Sourcecodester Simple Client Management System Login.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-45865 |
۶.۳ |
Sourcecodester Student Attendance Management System unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2022-21947 |
۸.۳ |
SUSE Rancher Desktop Dashboard API access control |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-46006 |
۶.۳ |
TOTOLINK A3100R API test.asp improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2021-46009 |
۶.۳ |
TOTOLINK A3100R improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2021-46007 |
۵.۵ |
TOTOLINK A3100R Ping Command os command injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-46010 |
۳.۷ |
TOTOLINK A3100R random values |
$۰-$۱k |
Not Defined |
|
CVE-2021-46008 |
۵.۹ |
TOTOLINK A3100R Telnet Service hard-coded password |
$۱k-$2k |
Not Defined |
|
CVE-2021-43663 |
۵.۵ |
TOTOLINK EX300v2 cloudupdate_check command injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-43664 |
۶.۳ |
TOTOLINK EX300v2 command injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-43661 |
۳.۵ |
TOTOLINK EX300v2 home.asp cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-43662 |
۶.۵ |
TOTOLINK EX300v2/A720R resource consumption |
$۰-$۱k |
Not Defined |
|
CVE-2022-25008 |
۶.۳ |
TOTOLINK EX300v2/EX1200T improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2022-26641 |
۶.۳ |
TP-LINK TL-WR840N buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2022-26642 |
۵.۵ |
TP-LINK TL-WR840N buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2022-26640 |
۵.۵ |
TP-LINK TL-WR840N buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2022-26639 |
۵.۵ |
TP-LINK TL-WR840N buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2022-1160 |
۶.۸ |
vim get_one_sourceline heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2022-1154 |
۷.۰ |
vim utf_ptr2char use after free |
$۲k-$5k |
Official Fix |
|
CVE-2022-22965 |
۹.۸ |
VMware Spring Boot SpringShell code injection |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-27772 |
۵.۵ |
VMware Spring Boot temp file |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-22963 |
۹.۸ |
VMware Spring Cloud Function SpEL Expression code injection |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-22950 |
۴.۳ |
VMware Spring Framework SpEL Expression allocation of resources |
$۵k-$10k |
Official Fix |
|
CVE-2022-22948 |
۴.۳ |
VMware vCenter Server/Cloud Foundation File permission |
$۱۰k-$25k |
Official Fix |
|
CVE-2019-9564 |
۷.۴ |
Wyze Cam Pan v2/Cam v2/Cam v3 improper authentication |
$۱k-$2k |
Official Fix |
|
CVE-2019-12266 |
۷.۰ |
Wyze Cam Pan v2/Cam v2/Cam v3 stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2022-23136 |
۳.۵ |
ZTE ZXHN F680 Gateway Name cross site scripting |
$۰-$۱k |
Not Defined |
