آسیب‌پذیری‌های حیاتی هفته دوم اردیبهشت‌ماه

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Apple گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد. همچنین در محصولات شرکت‌های Cisco، NVIDIA، Apache، IBM، Foxit ومرورگر Google Chromeچندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری	امتیاز مبنا	عنوان آسیب‌پذیری	ارزش روز صفر	رفع آسیب‌پذیری
CVE-2021-22669	۵.۵	Advantech WebAccess/SCADA Portal permission assignment	$۱k-$2k	Not Defined
CVE-2021-28359	۳.۵	Apache Airflow trigger cross site scripting	$۰-$۵k	Official Fix
CVE-2021-30128	۵.۵	Apache OFBiz deserialization	$۱۰k-$25k	Official Fix
CVE-2021-29200	۷.۳	Apache OFBiz deserialization	$۱۰k-$25k	Official Fix
CVE-2020-17517	۶.۳	Apache Ozone improper authorization	$۱۰k-$25k	Official Fix
CVE-2021-28125	۴.۹	Apache Superset External URL redirect	$۵k-$10k	Not Defined
CVE-2021-30638	۳.۵	Apache Tapestry URL information disclosure	$۲k-$5k	Not Defined
CVE-2021-1865	۲.۱	Apple iOS/iPadOS Password Manager information disclosure	$۰-$۱k	Official Fix
CVE-2021-1740	۵.۳	Apple iOS/iPadOS Preferences access control	$۲۵k-$50k	Official Fix
CVE-2021-1739	۵.۳	Apple iOS/iPadOS Preferences access control	$۲۵k-$50k	Official Fix
CVE-2021-1815	۵.۳	Apple iOS/iPadOS Preferences access control	$۲۵k-$50k	Official Fix
CVE-2021-1807	۵.۳	Apple iOS/iPadOS Safari access control	$۲۵k-$50k	Official Fix
CVE-2021-1831	۵.۳	Apple iOS/iPadOS Shortcuts permission	$۲۵k-$50k	Official Fix
CVE-2021-1868	۵.۳	Apple iOS/iPadOS Tailspin state issue	$۲۵k-$50k	Official Fix
CVE-2021-1854	۵.۶	Apple iOS/iPadOS Telephony behavioral workflow	$۵۰k-$100k	Official Fix
CVE-2021-1848	۳.۳	Apple iOS/iPadOS Wallet information disclosure	$۱۰k-$25k	Official Fix
CVE-2021-1826	۴.۳	Apple iOS/iPadOS WebKit cross site scripting	$۲۵k-$50k	Official Fix
CVE-2021-1825	۴.۳	Apple iOS/iPadOS WebKit cross site scripting	$۲۵k-$50k	Official Fix
CVE-2021-1820	۴.۳	Apple iOS/iPadOS WebKit initialization	$۲۵k-$50k	Official Fix
CVE-2021-1817	۶.۳	Apple iOS/iPadOS WebKit memory corruption	$۱۰۰k and more	Official Fix
CVE-2021-30661	۶.۳	Apple iOS/iPadOS WebKit Storage use after free	$۱۰۰k and more	Official Fix
CVE-2020-7463	۷.۲	Apple iOS/iPadOS WebRTC use after free	$۱۰۰k and more	Official Fix
CVE-2021-1853	۵.۳	Apple macOS APFS state issue	$۵k-$10k	Official Fix
CVE-2021-1867	۷.۸	Apple macOS Apple Neural Engine out-of-bounds read	$۵k-$10k	Official Fix
CVE-2021-1849	۵.۳	Apple macOS AppleMobileFileIntegrity signature verification	$۲k-$5k	Official Fix
CVE-2021-1810	۵.۳	Apple macOS Archive Utility state issue	$۵k-$10k	Official Fix
CVE-2021-1808	۳.۳	Apple macOS Audio memory corruption	$۵k-$10k	Official Fix
CVE-2021-1857	۴.۳	Apple macOS CFNetwork initialization	$۵k-$10k	Official Fix
CVE-2021-1809	۴.۳	Apple macOS CoreAudio memory corruption	$۱۰k-$25k	Official Fix
CVE-2021-1846	۴.۳	Apple macOS CoreAudio out-of-bounds read	$۵k-$10k	Official Fix
CVE-2021-30659	۳.۵	Apple macOS CoreFoundation information disclosure	$۲k-$5k	Official Fix
CVE-2021-1847	۶.۳	Apple macOS CoreGraphics memory corruption	$۱۰k-$25k	Official Fix
CVE-2021-1811	۴.۳	Apple macOS CoreText information disclosure	$۵k-$10k	Official Fix
CVE-2020-8285	۵.۹	Apple macOS curl buffer overflow	$۱۰k-$25k	Official Fix
CVE-2020-8286	۶.۵	Apple macOS curl certificate validation	$۵k-$10k	Official Fix
CVE-2021-1784	۵.۳	Apple macOS DiskArbitration permission	$۵k-$10k	Official Fix
CVE-2021-1872	۶.۵	Apple macOS FaceTime state issue	$۱۰k-$25k	Official Fix
CVE-2021-1881	۶.۳	Apple macOS FontParser out-of-bounds read	$۵k-$10k	Official Fix
CVE-2021-1813	۷.۸	Apple macOS Foundation behavioral workflow	$۱۰k-$25k	Official Fix
CVE-2021-1882	۵.۳	Apple macOS Foundation memory corruption	$۵k-$10k	Official Fix
CVE-2021-1884	۴.۳	Apple macOS Heimdal denial of service	$۲k-$5k	Official Fix
CVE-2021-1883	۷.۳	Apple macOS Heimdal heap-based overflow	$۱۰k-$25k	Official Fix
CVE-2021-1885	۶.۳	Apple macOS ImageIO out-of-bounds read	$۵k-$10k	Official Fix
CVE-2021-1858	۶.۳	Apple macOS ImageIO out-of-bounds write	$۱۰k-$25k	Official Fix
CVE-2021-1843	۶.۳	Apple macOS ImageIO Remote Code Execution	$۱۰k-$25k	Official Fix
CVE-2021-1814	۶.۳	Apple macOS ImageIO Remote Code Execution	$۱۰k-$25k	Official Fix
CVE-2021-30653	۶.۳	Apple macOS ImageIO Remote Code Execution	$۱۰k-$25k	Official Fix
CVE-2021-1880	۶.۳	Apple macOS ImageIO Remote Code Execution	$۱۰k-$25k	Official Fix
CVE-2021-30658	۵.۳	Apple macOS Installer access control	$۵k-$10k	Official Fix
CVE-2021-1834	۷.۸	Apple macOS Intel Graphics Driver out-of-bounds write	$۱۰k-$25k	Official Fix
CVE-2021-1841	۷.۸	Apple macOS Intel Graphics Driver out-of-bounds write	$۱۰k-$25k	Official Fix
CVE-2021-1860	۳.۳	Apple macOS Kernel initialization	$۲k-$5k	Official Fix
CVE-2021-1840	۵.۳	Apple macOS Kernel memory corruption	$۵k-$10k	Official Fix
CVE-2021-30660	۳.۳	Apple macOS Kernel out-of-bounds read	$۲k-$5k	Official Fix
CVE-2021-1832	۵.۳	Apple macOS Kernel permission	$۵k-$10k	Official Fix
CVE-2021-1851	۷.۸	Apple macOS Kernel state issue	$۱۰k-$25k	Official Fix
CVE-2021-30652	۷.۸	Apple macOS libxpc race condition	$۵k-$10k	Official Fix
CVE-2021-1875	۶.۳	Apple macOS libxslt double free	$۱۰k-$25k	Official Fix
CVE-2021-1824	۲.۵	Apple macOS Login Window information disclosure	$۲k-$5k	Official Fix
CVE-2021-1859	۳.۳	Apple macOS Notes state issue	$۵k-$10k	Official Fix
CVE-2021-1876	۶.۳	Apple macOS NSRemoteView use after free	$۱۰k-$25k	Official Fix
CVE-2021-1740	۵.۳	Apple macOS Preferences path traversal	$۵k-$10k	Official Fix
CVE-2021-1739	۵.۳	Apple macOS Preferences path traversal	$۵k-$10k	Official Fix
CVE-2021-1815	۵.۳	Apple macOS Preferences path traversal	$۵k-$10k	Official Fix
CVE-2021-1861	۴.۳	Apple macOS Safari information disclosure	$۵k-$10k	Official Fix
CVE-2021-1855	۴.۳	Apple macOS Safari state issue	$۱۰k-$25k	Official Fix
CVE-2021-1868	۵.۳	Apple macOS SampleAnalysis state issue	$۵k-$10k	Official Fix
CVE-2021-1878	۳.۷	Apple macOS smbx integer overflow	$۱۰k-$25k	Official Fix
CVE-2021-30657	۵.۳	Apple macOS System Preferences state issue	$۵k-$10k	Official Fix
CVE-2020-8037	۵.۹	Apple macOS tcpdump resource consumption	$۵k-$10k	Official Fix
CVE-2021-1839	۵.۳	Apple macOS Time Machine permission	$۵k-$10k	Official Fix
CVE-2021-1826	۴.۳	Apple macOS WebKit cross site scripting	$۵k-$10k	Official Fix
CVE-2021-1825	۴.۳	Apple macOS WebKit cross site scripting	$۵k-$10k	Official Fix
CVE-2021-1820	۴.۳	Apple macOS WebKit initialization	$۵k-$10k	Official Fix
CVE-2021-1817	۶.۳	Apple macOS WebKit memory corruption	$۱۰k-$25k	Official Fix
CVE-2021-30661	۶.۳	Apple macOS WebKit Storage use after free	$۱۰k-$25k	Official Fix
CVE-2020-7463	۷.۲	Apple macOS WebRTC use after free	$۲۵k-$50k	Official Fix
CVE-2021-1828	۷.۸	Apple macOS Wi-Fi memory corruption	$۱۰k-$25k	Official Fix
CVE-2021-30655	۷.۸	Apple macOS Wi-Fi permission	$۱۰k-$25k	Official Fix
CVE-2021-1829	۷.۸	Apple macOS Wi-Fi type confusion	$۱۰k-$25k	Official Fix
CVE-2021-1873	۳.۵	Apple macOS Windows Server permission	$۵k-$10k	Official Fix
CVE-2021-1825	۴.۳	Apple Safari WebKit cross site scripting	$۱۰k-$25k	Official Fix
CVE-2020-7463	۵.۹	Apple Safari WebRTC use after free	$۲۵k-$50k	Official Fix
CVE-2021-1849	۵.۳	Apple tvOS AppleMobileFileIntegrity signature verification	$۱k-$2k	Official Fix
CVE-2021-1836	۵.۳	Apple tvOS Assets access control	$۲k-$5k	Official Fix
CVE-2021-1808	۵.۳	Apple tvOS Audio memory corruption	$۲k-$5k	Official Fix
CVE-2021-1857	۴.۳	Apple tvOS CFNetwork initialization	$۲k-$5k	Official Fix
CVE-2021-1809	۳.۳	Apple tvOS CoreAudio memory corruption	$۲k-$5k	Official Fix
CVE-2021-1846	۶.۳	Apple tvOS CoreAudio out-of-bounds read	$۲k-$5k	Official Fix
CVE-2021-1811	۴.۳	Apple tvOS CoreText state issue	$۵k-$10k	Official Fix
CVE-2021-1881	۶.۳	Apple tvOS FontParser out-of-bounds read	$۲k-$5k	Official Fix
CVE-2021-1813	۷.۸	Apple tvOS Foundation behavioral workflow	$۵k-$10k	Official Fix
CVE-2021-1882	۵.۳	Apple tvOS Foundation memory corruption	$۲k-$5k	Official Fix
CVE-2021-1884	۴.۳	Apple tvOS Heimdal denial of service	$۱k-$2k	Official Fix
CVE-2021-1883	۶.۳	Apple tvOS Heimdal heap-based overflow	$۵k-$10k	Official Fix
CVE-2021-1885	۶.۳	Apple tvOS ImageIO out-of-bounds read	$۲k-$5k	Official Fix
CVE-2021-1858	۶.۳	Apple tvOS ImageIO out-of-bounds write	$۵k-$10k	Official Fix
CVE-2021-1843	۶.۳	Apple tvOS ImageIO Remote Code Execution	$۵k-$10k	Official Fix
CVE-2021-30653	۶.۳	Apple tvOS ImageIO Remote Code Execution	$۵k-$10k	Official Fix
CVE-2021-1864	۶.۳	Apple tvOS iTunes Store use after free	$۵k-$10k	Official Fix
CVE-2021-1816	۷.۸	Apple tvOS Kernel buffer overflow	$۵k-$10k	Official Fix
CVE-2021-1860	۳.۳	Apple tvOS Kernel initialization	$۱k-$2k	Official Fix
CVE-2021-30660	۳.۳	Apple tvOS Kernel out-of-bounds read	$۱k-$2k	Official Fix
CVE-2021-1832	۵.۳	Apple tvOS Kernel permission	$۲k-$5k	Official Fix
CVE-2021-1851	۷.۸	Apple tvOS Kernel state issue	$۵k-$10k	Official Fix
CVE-2021-30652	۷.۸	Apple tvOS libxpc race condition	$۲k-$5k	Official Fix
CVE-2021-1875	۶.۳	Apple tvOS libxslt double free	$۵k-$10k	Official Fix
CVE-2021-1822	۵.۳	Apple tvOS MobileInstallation Local Privilege Escalation	$۲k-$5k	Official Fix
CVE-2021-1740	۵.۳	Apple tvOS Preferences path traversal	$۲k-$5k	Official Fix
CVE-2021-1739	۵.۳	Apple tvOS Preferences path traversal	$۲k-$5k	Official Fix
CVE-2021-1815	۵.۳	Apple tvOS Preferences path traversal	$۲k-$5k	Official Fix
CVE-2021-1868	۵.۳	Apple tvOS Tailspin state issue	$۲k-$5k	Official Fix
CVE-2021-1826	۴.۳	Apple tvOS WebKit cross site scripting	$۲k-$5k	Official Fix
CVE-2021-1825	۴.۳	Apple tvOS WebKit cross site scripting	$۲k-$5k	Official Fix
CVE-2021-1820	۴.۳	Apple tvOS WebKit initialization	$۲k-$5k	Official Fix
CVE-2021-1817	۶.۳	Apple tvOS WebKit memory corruption	$۵k-$10k	Official Fix
CVE-2021-1844	۷.۵	Apple tvOS WebKit memory corruption	$۵k-$10k	Official Fix
CVE-2021-30661	۶.۳	Apple tvOS WebKit Storage use after free	$۵k-$10k	Official Fix
CVE-2021-1849	۵.۳	Apple watchOS AppleMobileFileIntegrity signature verification	$۱k-$2k	Official Fix
CVE-2021-1808	۳.۳	Apple watchOS Audio memory corruption	$۲k-$5k	Official Fix
CVE-2021-1857	۴.۳	Apple watchOS CFNetwork initialization	$۲k-$5k	Official Fix
CVE-2021-1809	۳.۳	Apple watchOS CoreAudio memory corruption	$۲k-$5k	Official Fix
CVE-2021-1846	۴.۳	Apple watchOS CoreAudio out-of-bounds read	$۲k-$5k	Official Fix
CVE-2021-30659	۳.۵	Apple watchOS CoreFoundation behavioral workflow	$۲k-$5k	Official Fix
CVE-2021-1811	۴.۳	Apple watchOS CoreText state issue	$۵k-$10k	Official Fix
CVE-2021-1872	۵.۰	Apple watchOS FaceTime state issue	$۵k-$10k	Official Fix
CVE-2021-1881	۶.۳	Apple watchOS FontParser out-of-bounds read	$۲k-$5k	Official Fix
CVE-2021-1813	۷.۸	Apple watchOS Foundation behavioral workflow	$۵k-$10k	Official Fix
CVE-2021-1882	۵.۳	Apple watchOS Foundation memory corruption	$۲k-$5k	Official Fix
CVE-2021-1884	۴.۳	Apple watchOS Heimdal denial of service	$۲k-$5k	Official Fix
CVE-2021-1883	۶.۳	Apple watchOS Heimdal heap-based overflow	$۵k-$10k	Official Fix
CVE-2021-1885	۶.۳	Apple watchOS ImageIO out-of-bounds read	$۲k-$5k	Official Fix
CVE-2021-1858	۶.۳	Apple watchOS ImageIO out-of-bounds write	$۵k-$10k	Official Fix
CVE-2021-1843	۶.۳	Apple watchOS ImageIO Remote Code Execution	$۵k-$10k	Official Fix
CVE-2021-1814	۶.۳	Apple watchOS ImageIO Remote Code Execution	$۵k-$10k	Official Fix
CVE-2021-30653	۶.۳	Apple watchOS ImageIO Remote Code Execution	$۵k-$10k	Official Fix
CVE-2021-1880	۶.۳	Apple watchOS ImageIO Remote Code Execution	$۵k-$10k	Official Fix
CVE-2021-1864	۶.۳	Apple watchOS iTunes Store use after free	$۵k-$10k	Official Fix
CVE-2021-1816	۷.۸	Apple watchOS Kernel buffer overflow	$۵k-$10k	Official Fix
CVE-2021-1860	۳.۳	Apple watchOS Kernel initialization	$۱k-$2k	Official Fix
CVE-2021-30660	۳.۳	Apple watchOS Kernel out-of-bounds read	$۱k-$2k	Official Fix
CVE-2021-1832	۵.۳	Apple watchOS Kernel permission	$۲k-$5k	Official Fix
CVE-2021-1851	۷.۸	Apple watchOS Kernel state issue	$۵k-$10k	Official Fix
CVE-2021-30652	۷.۸	Apple watchOS libxpc race condition	$۲k-$5k	Official Fix
CVE-2021-1875	۶.۳	Apple watchOS libxslt double free	$۵k-$10k	Official Fix
CVE-2021-1822	۵.۳	Apple watchOS MobileInstallation access control	$۲k-$5k	Official Fix
CVE-2021-1740	۵.۳	Apple watchOS Preferences path traversal	$۲k-$5k	Official Fix
CVE-2021-1739	۵.۳	Apple watchOS Preferences path traversal	$۲k-$5k	Official Fix
CVE-2021-1815	۵.۳	Apple watchOS Preferences path traversal	$۲k-$5k	Official Fix
CVE-2021-1807	۵.۳	Apple watchOS Safari access control	$۲k-$5k	Official Fix
CVE-2021-1868	۵.۳	Apple watchOS Tailspin state issue	$۲k-$5k	Official Fix
CVE-2021-1826	۴.۳	Apple watchOS WebKit cross site scripting	$۲k-$5k	Official Fix
CVE-2021-1825	۴.۳	Apple watchOS WebKit cross site scripting	$۲k-$5k	Official Fix
CVE-2021-1820	۴.۳	Apple watchOS WebKit initialization	$۲k-$5k	Official Fix
CVE-2021-1817	۶.۳	Apple watchOS WebKit memory corruption	$۵k-$10k	Official Fix
CVE-2021-30661	۶.۳	Apple watchOS WebKit Storage use after free	$۵k-$10k	Official Fix
CVE-2021-21300	۶.۹	Apple Xcode Git link following	$۱۰k-$25k	Official Fix
CVE-2021-25152	۶.۳	Aruba AirWave Management Platform deserialization	$۲k-$5k	Official Fix
CVE-2021-25151	۶.۳	Aruba AirWave Management Platform deserialization	$۲k-$5k	Official Fix
CVE-2021-25147	۷.۳	Aruba AirWave Management Platform improper authentication	$۱k-$2k	Official Fix
CVE-2021-25167	۶.۳	Aruba AirWave Management Platform improper authorization	$۲k-$5k	Official Fix
CVE-2021-25166	۶.۳	Aruba AirWave Management Platform improper authorization	$۲k-$5k	Official Fix
CVE-2021-29137	۵.۵	Aruba AirWave Management Platform redirect	$۱k-$2k	Official Fix
CVE-2021-25154	۶.۳	Aruba AirWave Management Platform Remote Privilege Escalation	$۲k-$5k	Official Fix
CVE-2021-25153	۶.۳	Aruba AirWave Management Platform sql injection	$۱k-$2k	Official Fix
CVE-2021-25163	۶.۳	Aruba AirWave Management Platform XML Data xml external entity reference	$۱k-$2k	Official Fix
CVE-2021-25165	۶.۳	Aruba AirWave Management Platform xml external entity reference	$۱k-$2k	Official Fix
CVE-2021-25164	۶.۳	Aruba AirWave Management Platform XML xml external entity reference	$۱k-$2k	Official Fix
CVE-2021-29147	۶.۳	Aruba ClearPass Policy Manager command injection	$۲k-$5k	Official Fix
CVE-2021-29146	۳.۵	Aruba ClearPass Policy Manager cross site scripting	$۰-$۱k	Official Fix
CVE-2021-29142	۳.۵	Aruba ClearPass Policy Manager cross site scripting	$۰-$۱k	Official Fix
CVE-2021-29139	۳.۵	Aruba ClearPass Policy Manager cross site scripting	$۰-$۱k	Official Fix
CVE-2021-29144	۴.۳	Aruba ClearPass Policy Manager information disclosure	$۱k-$2k	Official Fix
CVE-2021-29141	۴.۳	Aruba ClearPass Policy Manager information disclosure	$۱k-$2k	Official Fix
CVE-2021-29138	۴.۳	Aruba ClearPass Policy Manager information disclosure	$۱k-$2k	Official Fix
CVE-2020-7123	۵.۳	Aruba ClearPass Policy Manager Local Privilege Escalation	$۱k-$2k	Official Fix
CVE-2021-29145	۶.۳	Aruba ClearPass Policy Manager server-side request forgery	$۲k-$5k	Official Fix
CVE-2021-29140	۶.۳	Aruba ClearPass Policy Manager XML Data xml external entity reference	$۱k-$2k	Official Fix
CVE-2020-7038	۷.۳	Avaya Equinox Conferencing Management access control	$۲k-$5k	Official Fix
CVE-2020-7037	۶.۳	Avaya Equinox Conferencing xml external entity reference	$۱k-$2k	Official Fix
CVE-2020-21994	۴.۳	AVE DOMINAplus authClients.xml improper authentication	$۱k-$2k	Not Defined
CVE-2020-21991	۶.۳	AVE DOMINAplus changeparams.php improper authentication	$۱k-$2k	Not Defined
CVE-2020-21996	۴.۳	AVE DOMINAplus denial of service	$۰-$۱k	Not Defined
CVE-2021-31776	۸.۸	Aviatrix VPN Client unquoted search path	$۲k-$5k	Official Fix
CVE-2021-21211	۵.۴	Baidu Navigation unknown vulnerability	$۲k-$5k	Official Fix
CVE-2021-3511	۵.۳	Buffalo BHR-4GRV Configuration information disclosure	$۱k-$2k	Not Defined
CVE-2021-3512	۹.۸	Buffalo BHR-4GRV Telnet Service access control	$۲k-$5k	Workaround
CVE-2021-20716	۶.۳	Buffalo BHR-4RV Debug Option os command injection	$۲k-$5k	Not Defined
CVE-2021-20090	۷.۳	Buffalo WSR-2533DHPL2/WSR-2533DHP3 path traversal	$۲k-$5k	Not Defined
CVE-2021-20092	۳.۵	Buffalo WSR-2533DHPL2/WSR-2533DHP3 Web Interface information disclosure	$۰-$۱k	Not Defined
CVE-2021-20091	۶.۳	Buffalo WSR-2533DHPL2/WSR-2533DHP3 Web Interface Remote Privilege Escalation	$۲k-$5k	Not Defined
CVE-2021-30232	۶.۳	China Mobile An Lianbao WF-1 set_IGMP_PROXY Interface os command injection	$۲k-$5k	Not Defined
CVE-2021-30234	۶.۳	China Mobile An Lianbao WF-1 set_MLD_PROXY Interface os command injection	$۲k-$5k	Not Defined
CVE-2021-25812	۵.۵	China Mobile An Lianbao WF-1 set_online_client command injection	$۱k-$2k	Not Defined
CVE-2021-30230	۶.۳	China Mobile An Lianbao WF-1 set_time_zone Interface os command injection	$۲k-$5k	Not Defined
CVE-2021-30228	۶.۳	China Mobile An Lianbao WF-1 set_ZRAndlink Interface os command injection	$۲k-$5k	Not Defined
CVE-2021-30229	۶.۳	China Mobile An Lianbao WF-1 set_zrDm Interface os command injection	$۲k-$5k	Not Defined
CVE-2021-30231	۶.۳	China Mobile An Lianbao WF-1 set_ZRElink Interface os command injection	$۲k-$5k	Not Defined
CVE-2021-30233	۶.۳	China Mobile An Lianbao WF-1 setIptvInfo Interface os command injection	$۲k-$5k	Not Defined
CVE-2021-1476	۶.۷	Cisco ASA/Firepower Threat Defense CLI os command injection	$۱۰k-$25k	Official Fix
CVE-2021-1504	۸.۶	Cisco ASA/Firepower Threat Defense HTTPS Request out-of-bounds write	$۲۵k-$50k	Official Fix
CVE-2021-1445	۸.۶	Cisco ASA/Firepower Threat Defense HTTPS Request out-of-bounds write	$۲۵k-$50k	Official Fix
CVE-2021-1501	۸.۶	Cisco ASA/Firepower Threat Defense SIP Inspection Engine denial of service	$۱۰k-$25k	Official Fix
CVE-2021-1488	۶.۷	Cisco ASA/Firepower Threat Defense Upgrade Package command injection	$۱۰k-$25k	Official Fix
CVE-2021-1493	۸.۵	Cisco ASA/Firepower Threat Defense Web Services Interface buffer overflow	$۲۵k-$50k	Official Fix
CVE-2021-1369	۵.۴	Cisco Firepower Device Manager REST API xml external entity reference	$۵k-$10k	Official Fix
CVE-2021-1489	۴.۹	Cisco Firepower Device Manager Web-based Management resource consumption	$۲k-$5k	Official Fix
CVE-2021-1477	۶.۳	Cisco FirePOWER Management Center access control	$۱۰k-$25k	Official Fix
CVE-2021-1458	۴.۳	Cisco FirePOWER Management Center Web-based Management Interface cross site scripting	$۵k-$10k	Official Fix
CVE-2021-1457	۴.۳	Cisco FirePOWER Management Center Web-based Management Interface cross site scripting	$۵k-$10k	Official Fix
CVE-2021-1456	۴.۳	Cisco FirePOWER Management Center Web-based Management Interface cross site scripting	$۵k-$10k	Official Fix
CVE-2021-1455	۴.۳	Cisco FirePOWER Management Center Web-based Management Interface cross site scripting	$۵k-$10k	Official Fix
CVE-2021-1256	۵.۳	Cisco Firepower Threat Defense CLI Command pathname traversal	$۵k-$10k	Official Fix
CVE-2021-1448	۷.۸	Cisco Firepower Threat Defense CLI input validation	$۱۰k-$25k	Official Fix
CVE-2021-1402	۵.۳	Cisco Firepower Threat Defense TLS Message memory corruption	$۱۰k-$25k	Official Fix
CVE-2021-1495	۷.۳	Cisco Open Source Snort 2 Snort Detection Engine access control	$۲۵k-$50k	Official Fix
CVE-2021-21544	۲.۷	Dell EMC iDRAC9 Comment improper authentication	$۵k-$25k	Official Fix
CVE-2021-21540	۶.۳	Dell EMC iDRAC9 Configuration stack-based overflow	$۵k-$25k	Official Fix
CVE-2021-21541	۴.۳	Dell EMC iDRAC9 cross site scripting	$۵k-$25k	Official Fix
CVE-2021-21543	۳.۵	Dell EMC iDRAC9 cross site scripting	$۰-$۵k	Official Fix
CVE-2021-21542	۳.۵	Dell EMC iDRAC9 cross site scripting	$۰-$۵k	Official Fix
CVE-2021-21539	۴.۶	Dell EMC iDRAC9 Web Interface toctou	$۵k-$25k	Official Fix
CVE-2021-21507	۴.۳	Dell EMC Networking X-Series/PowerEdge VRTX Switch Module access control	$۵k-$25k	Official Fix
CVE-2021-21547	۱.۹	Dell EMC Unity/UnityVSA/Unity XT Upgrade Readiness Utility cleartext storage	$۰-$۵k	Official Fix
CVE-2021-21537	۵.۳	Dell Hybrid Client access control	$۵k-$25k	Official Fix
CVE-2021-21534	۳.۳	Dell Hybrid Client Local API information disclosure	$۰-$۵k	Official Fix
CVE-2021-21535	۷.۸	Dell Hybrid Client missing authentication	$۵k-$25k	Official Fix
CVE-2021-21536	۳.۳	Dell Hybrid Client Register information disclosure	$۰-$۵k	Official Fix
CVE-2021-21530	۶.۳	Dell OpenManage Enterprise-Modular Environment os command injection	$۵k-$25k	Official Fix
CVE-2021-21531	۵.۳	Dell Unisphere for PowerMax Monitor Role authorization	$۵k-$25k	Official Fix
CVE-2021-27480	۶.۳	Delta Electronics Industrial Automation COMMGR stack-based overflow	$۲k-$5k	Not Defined
CVE-2021-22660	۳.۵	Delta Industrial Automation CNCSoft-B out-of-bounds read	$۰-$۱k	Not Defined
CVE-2021-22664	۶.۶	Delta Industrial Automation CNCSoft-B out-of-bounds write	$۲k-$5k	Not Defined
CVE-2020-15225	۵.۳	django-filter numeric conversion	$۰-$۱k	Official Fix
CVE-2020-22781	۳.۵	Etherpad Cache denial of service	$۰-$۱k	Official Fix
CVE-2020-22783	۳.۵	Etherpad Database Backend log file	$۰-$۱k	Official Fix
CVE-2020-22782	۳.۵	Etherpad Import Endpoint denial of service	$۰-$۱k	Official Fix
CVE-2020-22785	۳.۵	Etherpad Import Endpoint denial of service	$۰-$۱k	Official Fix
CVE-2020-22784	۶.۳	Etherpad UeberDB Trailing Space access control	$۲k-$5k	Official Fix
CVE-2021-29464	۶.۳	Exiv2 Metadata heap-based overflow	$۰-$۵k	Official Fix
CVE-2021-29463	۵.۳	Exiv2 Metadata out-of-bounds read	$۰-$۵k	Official Fix
CVE-2021-29473	۳.۳	Exiv2 Metadata out-of-bounds read	$۰-$۱k	Official Fix
CVE-2021-31433	۷.۸	Foxit Studio Photo ARW File out-of-bounds write	$۲k-$5k	Not Defined
CVE-2021-31435	۷.۸	Foxit Studio Photo CMP File initialization	$۲k-$5k	Not Defined
CVE-2021-31437	۷.۸	Foxit Studio Photo JP2 File out-of-bounds write	$۲k-$5k	Not Defined
CVE-2021-31434	۷.۸	Foxit Studio Photo JPM File out-of-bounds write	$۲k-$5k	Not Defined
CVE-2021-31438	۷.۸	Foxit Studio Photo PSP File stack-based overflow	$۲k-$5k	Not Defined
CVE-2021-31436	۷.۸	Foxit Studio Photo SGI File heap-based overflow	$۲k-$5k	Not Defined
CVE-2021-20294	۵.۰	GNU Binutils readelf memory corruption	$۲k-$5k	Not Defined
CVE-2021-31879	۴.۳	GNU wget HTTP Header information disclosure	$۱k-$2k	Not Defined
CVE-2021-21233	۸.۸	Google Chrome ANGLE heap-based overflow	$۲۵k-$100k	Official Fix
CVE-2021-21216	۶.۵	Google Chrome Autofill authentication spoofing	$۲۵k-$50k	Official Fix
CVE-2021-21215	۶.۵	Google Chrome Autofill authentication spoofing	$۲۵k-$50k	Official Fix
CVE-2021-21206	۸.۸	Google Chrome Blink use after free	$۵۰k-$100k	Official Fix
CVE-2021-21204	۸.۸	Google Chrome Blink use after free	$۵۰k-$100k	Official Fix
CVE-2021-21203	۸.۸	Google Chrome Blink use after free	$۵۰k-$100k	Official Fix
CVE-2021-21232	۸.۸	Google Chrome Dev Tools use after free	$۲۵k-$100k	Official Fix
CVE-2021-21229	۴.۳	Google Chrome Downloads clickjacking	$۲۵k-$100k	Official Fix
CVE-2021-21202	۸.۶	Google Chrome Extension use after free	$۵۰k-$100k	Official Fix
CVE-2021-21228	۵.۰	Google Chrome Extensions access control	$۲۵k-$100k	Official Fix
CVE-2021-21207	۸.۶	Google Chrome IndexedDB use after free	$۵۰k-$100k	Official Fix
CVE-2021-21221	۶.۵	Google Chrome Mojo unknown vulnerability	$۵۰k-$100k	Official Fix
CVE-2021-21214	۸.۸	Google Chrome Network API use after free	$۵۰k-$100k	Official Fix
CVE-2021-21212	۶.۵	Google Chrome Network Config UI Remote Code Execution	$۵۰k-$100k	Official Fix
CVE-2021-21210	۶.۵	Google Chrome Network exposure of resource	$۲۵k-$50k	Official Fix
CVE-2021-21219	۵.۵	Google Chrome PDFium uninitialized pointer	$۲۵k-$50k	Official Fix
CVE-2021-21218	۵.۵	Google Chrome PDFium uninitialized pointer	$۲۵k-$50k	Official Fix
CVE-2021-21217	۵.۵	Google Chrome PDFium uninitialized pointer	$۲۵k-$50k	Official Fix
CVE-2021-21201	۹.۶	Google Chrome Permissions use after free	$۵۰k-$100k	Official Fix
CVE-2021-21208	۶.۵	Google Chrome QR Scanner clickjacking	$۵۰k-$100k	Official Fix
CVE-2021-21209	۶.۵	Google Chrome Storage unknown vulnerability	$۵۰k-$100k	Official Fix
CVE-2021-21231	۶.۳	Google Chrome V8 heap-based overflow	$۲۵k-$100k	Official Fix
CVE-2021-21227	۸.۸	Google Chrome V8 heap-based overflow	$۲۵k-$100k	Official Fix
CVE-2021-21220	۸.۸	Google Chrome V8 heap-based overflow	$۵۰k-$100k	Official Fix
CVE-2021-21230	۸.۸	Google Chrome V8 type confusion	$۲۵k-$100k	Official Fix
CVE-2021-21213	۸.۸	Google Chrome WebMIDI use after free	$۵۰k-$100k	Official Fix
CVE-2021-29474	۴.۳	HedgeDoc findNote path traversal	$۱k-$2k	Not Defined
CVE-2021-29475	۷.۳	HedgeDoc PDF Export server-side request forgery	$۲k-$5k	Official Fix
CVE-2020-21987	۳.۵	HomeAutomation cross site scripting	$۰-$۱k	Not Defined
CVE-2020-21989	۲.۴	HomeAutomation cross-site request forgery	$۰-$۱k	Not Defined
CVE-2020-22000	۵.۵	HomeAutomation Custom Command Plugin customcommand.plugin.php exec os command injection	$۱k-$2k	Not Defined
CVE-2020-21998	۶.۳	HomeAutomation GET Parameter api.php redirect	$۱k-$2k	Official Fix
CVE-2020-22001	۷.۳	HomeAutomation HTTP Header improper authentication	$۱k-$2k	Not Defined
CVE-2021-22393	۳.۵	Huawei CloudEngine 12800 Message denial of service	$۲k-$5k	Not Defined
CVE-2021-22332	۴.۶	Huawei CloudEngine 12800 Module double free	$۱۰k-$25k	Not Defined
CVE-2021-22331	۳.۵	Huawei P30 cross site scripting	$۲k-$5k	Official Fix
CVE-2021-22327	۵.۵	Huawei P30 File Parser memory corruption	$۱۰k-$25k	Not Defined
CVE-2021-22330	۶.۳	Huawei P30 Message out-of-bounds write	$۱۰k-$25k	Not Defined
CVE-2021-20550	۵.۴	IBM Content Navigator Web UI cross site scripting	$۲k-$5k	Not Defined
CVE-2021-20549	۵.۴	IBM Content Navigator Web UI cross site scripting	$۲k-$5k	Not Defined
CVE-2021-20448	۵.۴	IBM Content Navigator Web UI cross site scripting	$۲k-$5k	Not Defined
CVE-2021-20515	۶.۷	IBM Informix Dynamic Server stack-based overflow	$۵k-$25k	Not Defined
CVE-2020-4562	۵.۳	IBM Planning Analytics unknown vulnerability	$۱۰k-$25k	Not Defined
CVE-2021-20546	۵.۵	IBM Spectrum Protect buffer overflow	$۵k-$10k	Not Defined
CVE-2021-29672	۷.۸	IBM Spectrum Protect Client stack-based overflow	$۱۰k-$25k	Not Defined
CVE-2021-20532	۷.۸	IBM Spectrum Protect permission	$۱۰k-$25k	Not Defined
CVE-2021-20432	۶.۵	IBM Spectrum Protect Plus Domain Name unknown vulnerability	$۱۰k-$25k	Not Defined
CVE-2021-20536	۶.۲	IBM Spectrum Protect Plus File Systems Agent log file	$۵k-$10k	Not Defined
CVE-2021-29694	۷.۵	IBM Spectrum Protect Plus inadequate encryption	$۵k-$10k	Not Defined
CVE-2020-4981	۴.۴	IBM Spectrum Scale access control	$۵k-$10k	Not Defined
CVE-2021-29667	۷.۰	IBM Spectrum Scale csv injection	$۵k-$10k	Not Defined
CVE-2021-29666	۵.۴	IBM Spectrum Scale Web UI cross site scripting	$۲k-$5k	Not Defined
CVE-2019-25041	۶.۵	Infinite Unbound Compressed Name dname_pkt_copy assertion	$۲k-$5k	Official Fix
CVE-2019-25040	۵.۵	Infinite Unbound Compressed Name dname_pkt_copy infinite loop	$۰-$۱k	Official Fix
CVE-2020-22002	۷.۳	Inim Electronics SmartLiving SmartLAN GET Parameter onvif.cgi GetImage server-side request forgery	$۲k-$5k	Not Defined
CVE-2020-21995	۶.۳	Inim Electronics SmartLiving SmartLAN Telnet/SSH/FTP hard-coded credentials	$۱k-$2k	Not Defined
CVE-2020-21992	۹.۸	Inim Electronics SmartLiving SmartLAN testemail Module web.cgi system format string	$۲k-$5k	Not Defined
CVE-2021-25214	۵.۳	ISC BIND IXFR denial of service	$۵k-$10k	Official Fix
CVE-2021-25215	۵.۳	ISC BIND Query denial of service	$۵k-$10k	Official Fix
CVE-2021-25216	۸.۱	ISC BIND SPNEGO buffer overflow	$۲۵k-$50k	Official Fix
CVE-2021-31870	۵.۵	klibc calloc integer overflow	$۲k-$5k	Official Fix
CVE-2021-31872	۵.۵	klibc cpio Command integer overflow	$۲k-$5k	Official Fix
CVE-2021-31871	۵.۵	klibc cpio Command integer overflow	$۲k-$5k	Official Fix
CVE-2021-31873	۵.۵	klibc malloc integer overflow	$۲k-$5k	Official Fix
CVE-2021-3451	۵.۳	Lenovo PCManager Configuration default permission	$۱k-$2k	Official Fix
CVE-2021-3464	۷.۸	Lenovo PCManager uncontrolled search path	$۲k-$5k	Official Fix
CVE-2021-30169	۵.۳	LILIN IP Camera P2/IP Camera Z2 information disclosure	$۱k-$2k	Not Defined
CVE-2021-30168	۵.۳	LILIN IP Camera P2/IP Camera Z2 information disclosure	$۱k-$2k	Not Defined
CVE-2021-30166	۶.۳	LILIN IP Camera P2/IP Camera Z2 NTP Server os command injection	$۲k-$5k	Not Defined
CVE-2021-30167	۶.۳	LILIN IP Camera P2/IP Camera Z2 User Profile insufficiently protected credentials	$۱k-$2k	Not Defined
CVE-2021-25810	۳.۵	Mercusys Mercury X18G cross site scripting	$۰-$۱k	Not Defined
CVE-2021-25811	۳.۵	Mercusys Mercury X18G denial of service	$۰-$۱k	Not Defined
CVE-2021-22514	۶.۳	Micro Focus Application Performance Management Remote Privilege Escalation	$۲k-$5k	Not Defined
CVE-2021-25838	۴.۸	MintHCM File Upload cross site scripting	$۰-$۱k	Not Defined
CVE-2021-25839	۳.۱	MintHCM weak password	$۱k-$2k	Not Defined
CVE-2021-20326	۶.۵	MongoDB Server Find Query denial of service	$۰-$۱k	Official Fix
CVE-2021-29441	۷.۳	Nacos AuthFilter Servlet Filter authentication spoofing	$۱k-$2k	Official Fix
CVE-2021-29442	۵.۳	Nacos ConfigOpsController remove missing authentication	$۱k-$2k	Official Fix
CVE-2021-1081	۷.۸	NVIDIA vGPU Software Kernel Mode Driver buffer overflow	$۲k-$5k	Official Fix
CVE-2021-1086	۷.۱	NVIDIA Virtual GPU Manager access control	$۲k-$5k	Official Fix
CVE-2021-1087	۵.۵	NVIDIA Virtual GPU Manager Address Space Layout Randomization information disclosure	$۰-$۱k	Official Fix
CVE-2021-1084	۷.۸	NVIDIA Virtual GPU Manager Kernel Mode Driver buffer overflow	$۲k-$5k	Official Fix
CVE-2021-1083	۷.۸	NVIDIA Virtual GPU Manager Kernel Mode Driver buffer overflow	$۲k-$5k	Official Fix
CVE-2021-1082	۷.۸	NVIDIA Virtual GPU Manager Local Privilege Escalation	$۲k-$5k	Official Fix
CVE-2021-1080	۷.۸	NVIDIA Virtual GPU Manager Local Privilege Escalation	$۲k-$5k	Official Fix
CVE-2021-1085	۷.۸	NVIDIA Virtual GPU Manager Shared Memory buffer overflow	$۲k-$5k	Official Fix
CVE-2021-31784	۵.۵	Open Design Alliance Drawings SDK out-of-bounds write	$۲k-$5k	Official Fix
CVE-2021-21429	۳.۳	OpenAPI Tools OpenAPI Generator File.createTempFile temp file	$۰-$۱k	Official Fix
CVE-2020-15078	۴.۳	OpenVPN Control Channel Data authentication bypass	$۱k-$2k	Not Defined
CVE-2021-2321	۶.۰	Oracle VM VirtualBox information disclosure	$۲k-$5k	Official Fix
CVE-2021-31934	۳.۵	OX Software OX App Suite Contact Object cross site scripting	$۰-$۵k	Not Defined
CVE-2021-31935	۳.۵	OX Software OX App Suite Distribution List cross site scripting	$۰-$۵k	Not Defined
CVE-2020-28943	۵.۵	OX Software OX App Suite Snippet server-side request forgery	$۰-$۵k	Not Defined
CVE-2020-28944	۳.۵	OX Software OX Guard WKS Server denial of service	$۰-$۵k	Not Defined
CVE-2021-31422	۶.۴	Parallels Desktop e1000e Virtual Device toctou	$۰-$۱k	Not Defined
CVE-2021-31429	۶.۷	Parallels Desktop IDE Virtual Device heap-based overflow	$۲k-$5k	Not Defined
CVE-2021-31428	۶.۷	Parallels Desktop IDE Virtual Device heap-based overflow	$۲k-$5k	Not Defined
CVE-2021-31432	۳.۳	Parallels Desktop IDE Virtual Device out-of-bounds read	$۰-$۱k	Not Defined
CVE-2021-31431	۲.۳	Parallels Desktop IDE Virtual Device out-of-bounds read	$۰-$۱k	Not Defined
CVE-2021-31430	۲.۳	Parallels Desktop IDE Virtual Device out-of-bounds read	$۰-$۱k	Not Defined
CVE-2021-31424	۷.۸	Parallels Desktop Open Tools Gate heap-based overflow	$۲k-$5k	Not Defined
CVE-2021-31426	۷.۸	Parallels Desktop Parallels Tools integer overflow	$۲k-$5k	Not Defined
CVE-2021-31425	۷.۸	Parallels Desktop Parallels Tools integer overflow	$۲k-$5k	Not Defined
CVE-2021-31427	۳.۳	Parallels Desktop toctou	$۰-$۱k	Not Defined
CVE-2021-31421	۵.۳	Parallels Desktop Toolgate path traversal	$۰-$۱k	Not Defined
CVE-2021-31420	۷.۸	Parallels Desktop Toolgate stack-based overflow	$۲k-$5k	Not Defined
CVE-2021-31423	۲.۳	Parallels Desktop Toolgate uninitialized resource	$۰-$۱k	Not Defined
CVE-2021-31419	۷.۸	Parallels Desktop Toolgate uninitialized resource	$۲k-$5k	Not Defined
CVE-2021-31418	۷.۸	Parallels Desktop Toolgate uninitialized resource	$۲k-$5k	Not Defined
CVE-2021-31417	۷.۸	Parallels Desktop Toolgate uninitialized resource	$۲k-$5k	Not Defined
CVE-2021-28280	۳.۵	PHPFusion search.php cross site scripting	$۰-$۱k	Not Defined
CVE-2020-36326	۵.۵	PHPMailer Phar Deserialization addAttachment deserialization	$۱k-$2k	Official Fix
CVE-2021-21414	۶.۳	Prisma getPackedPackage os command injection	$۲k-$5k	Official Fix
CVE-2021-21415	۵.۰	Prisma VS Code Schema File code injection	$۲k-$5k	Official Fix
CVE-2021-28799	۶.۳	QNAP QTS/QuTS Hero/QuTScloud HBS 3 Hybrid Backup Sync improper authorization	$۲k-$5k	Official Fix
CVE-2021-31863	۳.۵	Redmine Git Repository information disclosure	$۰-$۱k	Official Fix
CVE-2021-31864	۵.۵	Redmine Incoming Mail permission	$۱k-$2k	Official Fix
CVE-2021-31866	۲.۶	Redmine SysController/MailHandlerController timing discrepancy	$۰-$۱k	Official Fix
CVE-2020-22790	۳.۵	Safe FME Server cross site scripting	$۰-$۱k	Not Defined
CVE-2020-22789	۴.۳	Safe FME Server cross site scripting	$۰-$۱k	Not Defined
CVE-2021-30219	۳.۵	Samurai Build File build.c printstatus null pointer dereference	$۰-$۱k	Official Fix
CVE-2021-30218	۳.۵	Samurai Build File util.c writefile null pointer dereference	$۰-$۱k	Official Fix
CVE-2021-29159	۳.۵	Sonatype Nexus Repository Manager NXRM Application cross site scripting	$۰-$۱k	Official Fix
CVE-2021-30635	۴.۳	Sonatype Nexus Repository Manager UI Folder pathname traversal	$۱k-$2k	Official Fix
CVE-2021-29388	۳.۵	SourceCodester Budget Management System index.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-29387	۳.۵	Sourcecodester Equipment Inventory System Add Section cross site scripting	$۰-$۱k	Not Defined
CVE-2021-30642	۷.۳	Symantec Security Analytics Web UI os command injection	$۱۰k-$25k	Official Fix
CVE-2019-25033	۷.۶	Unbound ALIGN_UP Macro integer overflow	$۲k-$5k	Official Fix
CVE-2019-25042	۷.۶	Unbound Compressed Name rdata_copy out-of-bounds write	$۲k-$5k	Official Fix
CVE-2019-25031	۴.۸	Unbound Configuration create_unbound_ad_servers.sh cleartext transmission	$۰-$۱k	Official Fix
CVE-2019-25038	۷.۶	Unbound dnscrypt.c integer overflow	$۲k-$5k	Official Fix
CVE-2019-25037	۵.۵	Unbound Packet dname_pkt_copy denial of service	$۰-$۱k	Official Fix
CVE-2019-25032	۷.۶	Unbound regional_alloc integer overflow	$۲k-$5k	Official Fix
CVE-2019-25039	۷.۶	Unbound respip.c integer overflow	$۲k-$5k	Official Fix
CVE-2019-25035	۷.۶	Unbound sldns_bget_token_par out-of-bounds write	$۲k-$5k	Official Fix
CVE-2019-25034	۷.۶	Unbound sldns_str2wire_dname_buf_origin out-of-bounds write	$۲k-$5k	Official Fix
CVE-2019-25036	۵.۵	Unbound synth_cname denial of service	$۰-$۱k	Official Fix
CVE-2021-20714	۳.۸	WP Fastest Cache pathname traversal	$۱k-$2k	Official Fix
CVE-2021-28959	۷.۳	Zoho ManageEngine EventLog Analyzer ZIP Archive pathname traversal	$۲k-$5k	Not Defined

خدمات آپا

سایر آسیب پذیری ها

آسیب‌پذیری‌های حیاتی هفته دوم اردیبهشت‌ماه