info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته سوم آبان‌ماه

 

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Cisco  گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد.  همچنین در  محصولات شرکت‌های Mozilla، Apache، Fortinet، IBM، HP، Jenkins، NVIDIA، SAMSUNG، Google و کرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت. 
لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

 

شناسه آسیب‌پذیری

امتیاز مبنا

عنوان آسیب‌پذیری

ارزش روز صفر

رفع آسیب‌پذیری

CVE-2021-20839

۶.۴

Antenna House Office Server Document Converter XML Document xml external entity reference

$۱k-$2k

Not Defined

CVE-2021-20838

۶.۹

Antenna House Office Server Document Converter XML Document xml external entity reference

$۱k-$2k

Not Defined

CVE-2021-27644

۶.۹

Apache DolphinScheduler MySQL Data Source sql injection

$۱۰k-$25k

Official Fix

CVE-2021-41973

۵.۹

Apache MINA HTTP Header infinite loop

$۵k-$10k

Not Defined

CVE-2021-37149

۷.۳

Apache Traffic Server HTTP Header Parser request smuggling

$۱۰k-$25k

Not Defined

CVE-2021-37148

۷.۳

Apache Traffic Server HTTP Header Parser request smuggling

$۱۰k-$25k

Not Defined

CVE-2021-37147

۷.۳

Apache Traffic Server request smuggling

$۱۰k-$25k

Not Defined

CVE-2021-41585

۴.۳

Apache Traffic Server Socket Connection denial of service

$۲k-$5k

Not Defined

CVE-2021-43082

۵.۵

Apache Traffic Server stats-over-http Plugin buffer overflow

$۱۰k-$25k

Not Defined

CVE-2021-38161

۵.۶

Apache Traffic Server TLS Origin improper authentication

$۱۰k-$25k

Not Defined

CVE-2021-36698

۴.۴

Artica Pandora FMS Event Filter cross site scripting

$۰-$۱k

Not Defined

CVE-2021-36697

۵.۵

Artica Pandora FMS File Manager .htaccess unrestricted upload

$۱k-$2k

Not Defined

CVE-2021-41310

۴.۸

Atlassian JIRA Server/Data Center Associated Project AssociatedProjectsForCustomField.jspa cross site scripting

$۰-$۱k

Official Fix

CVE-2021-41313

۵.۳

Atlassian JIRA Server/Data Center Email Batch Confirguation ConfigureBatching!default.jspa improper authorization

$۲k-$5k

Official Fix

CVE-2021-41312

۷.۴

Atlassian JIRA Server/Data Center Jira Service Management Project ViewCollectors improper authentication

$۱k-$2k

Official Fix

CVE-2021-25875

۳.۵

AVideo/YouPHPTube AVideo/YouPHPTube cross site scripting

$۰-$۱k

Not Defined

CVE-2021-25874

۷.۳

AVideo/YouPHPTube AVideo/YouPHPTube Parameter sql injection

$۲k-$5k

Not Defined

CVE-2021-25878

۳.۵

AVideo/YouPHPTube cross site scripting

$۰-$۱k

Not Defined

CVE-2021-25876

۳.۵

AVideo/YouPHPTube cross site scripting

$۰-$۱k

Not Defined

CVE-2021-25877

۳.۵

AVideo/YouPHPTube Variable save.php unknown vulnerability

$۱k-$2k

Not Defined

CVE-2021-42699

۴.۷

AzeoTech DAQFactory cleartext transmission

$۰-$۱k

Not Defined

CVE-2021-42698

۷.۰

AzeoTech DAQFactory Project File deserialization

$۲k-$5k

Not Defined

CVE-2021-42701

۵.۷

AzeoTech DAQFactory Project File privileges management

$۲k-$5k

Not Defined

CVE-2021-42543

۷.۰

AzeoTech DAQFactory Project File privileges management

$۲k-$5k

Not Defined

CVE-2021-24809

۶.۱

BP Better Messages Plugin AJAX Action bp_better_messages_exclude_user_from_thread cross-site request forgery

$۰-$۱k

Official Fix

CVE-2021-24808

۴.۸

BP Better Messages Plugin Parameter sanitize_text_field cross site scripting

$۰-$۱k

Official Fix

CVE-2021-40124

۷.۸

Cisco AnyConnect Secure Mobility Client Network Access Manager privileges assignment

$۱۰k-$25k

Official Fix

CVE-2021-40113

۹.۹

Cisco Catalyst Passive Optical Network Switch Web-based Management Interface access control

$۱۰k-$25k

Official Fix

CVE-2021-40112

۹.۹

Cisco Catalyst Passive Optical Network Switch Web-based Management Interface access control

$۱۰k-$25k

Official Fix

CVE-2021-34795

۹.۹

Cisco Catalyst Passive Optical Network Switch Web-based Management Interface access control

$۱۰k-$25k

Official Fix

CVE-2021-34774

۴.۶

Cisco Common Services Platform Collector Web-based Management Interface information disclosure

$۵k-$10k

Official Fix

CVE-2021-34741

۷.۵

Cisco Email Security Appliance allocation of resources

$۱۰k-$25k

Official Fix

CVE-2021-40119

۹.۸

Cisco Policy Suite Key-based SSH Authentication hard-coded key

$۲۵k-$50k

Official Fix

CVE-2021-34731

۴.۱

Cisco Prime Access Registrar Web-based Management Interface cross site scripting

$۲k-$5k

Official Fix

CVE-2021-34784

۴.۴

Cisco Prime Infrastructure Web-based Management Interface cross site scripting

$۲k-$5k

Official Fix

CVE-2021-40127

۵.۳

Cisco Small Business 200 Managed Switch Web-based Management Interface denial of service

$۵k-$10k

Official Fix

CVE-2021-40120

۵.۶

Cisco Small Business RV Series Router Web-based Management Interface os command injection

$۱۰k-$25k

Official Fix

CVE-2021-34739

۶.۸

Cisco Small Business Series Switch Web-based Management Interface session expiration

$۱۰k-$25k

Official Fix

CVE-2021-40126

۴.۳

Cisco Umbrella Web-based Dashboard information exposure

$۵k-$10k

Official Fix

CVE-2021-34773

۵.۴

Cisco Unified Communications Manager Web-based Management Interface cross-site request forgery

$۵k-$10k

Official Fix

CVE-2021-34701

۴.۳

Cisco Unified Communications Manager Web-based Management Interface path traversal

$۵k-$10k

Official Fix

CVE-2021-40128

۵.۳

Cisco Webex Meetings Account Activation unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2021-40115

۵.۲

Cisco Webex Video Mesh Web-based Management Interface cross site scripting

$۵k-$10k

Official Fix

CVE-2021-1500

۵.۴

Cisco Webex Video Mesh Web-based Management Interface redirect

$۱۰k-$25k

Official Fix

CVE-2021-42763

۳.۵

Couchbase Server information disclosure

$۰-$۱k

Official Fix

CVE-2021-37842

۴.۳

Couchbase Server metakv debug log file

$۱k-$2k

Official Fix

CVE-2021-38411

۳.۹

Delta Electronics DIALink API cross site scripting

$۰-$۱k

Not Defined

CVE-2021-38407

۳.۹

Delta Electronics DIALink API cross site scripting

$۰-$۱k

Not Defined

CVE-2021-38488

۳.۹

Delta Electronics DIALink API Events cross site scripting

$۰-$۱k

Not Defined

CVE-2021-38403

۴.۵

Delta Electronics DIALink API Maintenance cross site scripting

$۰-$۱k

Not Defined

CVE-2021-38428

۳.۹

Delta Electronics DIALink API Schedule cross site scripting

$۰-$۱k

Not Defined

CVE-2021-38422

۶.۰

Delta Electronics DIALink cleartext storage

$۰-$۱k

Not Defined

CVE-2021-38418

۶.۲

Delta Electronics DIALink cleartext transmission

$۰-$۱k

Not Defined

CVE-2021-38416

۷.۰

Delta Electronics DIALink Library uncontrolled search path

$۲k-$5k

Not Defined

CVE-2021-38420

۷.۰

Delta Electronics DIALink permission

$۲k-$5k

Not Defined

CVE-2021-38424

۵.۳

Delta Electronics DIALink Tag csv injection

$۱k-$2k

Not Defined

CVE-2020-25368

۷.۳

D-Link DIR-823G HNAP1 Protocol os command injection

$۱۰k-$25k

Not Defined

CVE-2020-25367

۷.۳

D-Link DIR-823G HNAP1 Protocol os command injection

$۱۰k-$25k

Not Defined

CVE-2020-25366

۳.۵

D-Link DIR-823G upload_firmware.cgi denial of service

$۲k-$5k

Not Defined

CVE-2021-33259

۵.۳

D-Link DIR-868LW DNS Query History improper authentication

$۵k-$10k

Not Defined

CVE-2020-18261

۵.۵

ED01-CMS Image unrestricted upload

$۱k-$2k

Not Defined

CVE-2020-18262

۶.۳

ED01-CMS Parameter cposts.php sql injection

$۱k-$2k

Not Defined

CVE-2020-18259

۳.۵

ED01-CMS Post sposts.php cross site scripting

$۰-$۱k

Not Defined

CVE-2021-43339

۵.۵

Ericsson Network Location MPS GMPC21 Export command injection

$۱k-$2k

Not Defined

CVE-2021-43338

۵.۵

Ericsson Network Location MPS GMPC21 Export Privilege Escalation

$۲k-$5k

Not Defined

CVE-2020-20658

۵.۵

fcovatti libiec_iccp_mod calloc buffer overflow

$۱k-$2k

Not Defined

CVE-2020-20657

۵.۵

fcovatti libiec_iccp_mod Packet buffer overflow

$۱k-$2k

Not Defined

CVE-2020-15935

۴.۳

Fortinet FortiADC GUI cleartext storage

$۰-$۱k

Not Defined

CVE-2020-12814

۴.۳

Fortinet FortiAnalyzer Web GUI cross site scripting

$۰-$۱k

Not Defined

CVE-2021-36183

۸.۰

Fortinet FortiClient Named Pipe improper authorization

$۲k-$5k

Not Defined

CVE-2020-15940

۴.۳

Fortinet FortiClientEMS Parameter cross site scripting

$۰-$۱k

Not Defined

CVE-2021-42754

۳.۸

Fortinet FortiClientMacOS Camera code injection

$۰-$۱k

Not Defined

CVE-2021-36192

۴.۷

Fortinet FortiManager information disclosure

$۱k-$2k

Not Defined

CVE-2021-26107

۵.۶

Fortinet FortiManager VPN Tunnel Status access control

$۲k-$5k

Not Defined

CVE-2021-41019

۴.۲

Fortinet FortiOS LDAP Server certificate validation

$۱k-$2k

Not Defined

CVE-2021-36181

۳.۷

Fortinet FortiPortal Customer Database Interface race condition

$۰-$۱k

Official Fix

CVE-2021-36174

۵.۴

Fortinet FortiPortal License resource consumption

$۰-$۱k

Official Fix

CVE-2021-36176

۴.۸

Fortinet FortiPortal Web Interface resource consumption

$۰-$۱k

Official Fix

CVE-2021-32595

۵.۴

Fortinet FortiPortal Web Interface resource consumption

$۰-$۱k

Official Fix

CVE-2021-36172

۶.۲

Fortinet FortiPortal XML Parser xml external entity reference

$۱k-$2k

Official Fix

CVE-2021-41023

۴.۹

Fortinet FortiSIEM Windows Agent cleartext storage

$۰-$۱k

Not Defined

CVE-2021-41022

۷.۸

Fortinet FortiSIEM Windows Agent PowerShell privileges management

$۲k-$5k

Not Defined

CVE-2021-36186

۹.۱

Fortinet FortiWeb HTTP Request stack-based overflow

$۲k-$5k

Not Defined

CVE-2021-36187

۶.۰

Fortinet FortiWeb Webserver Daemon resource consumption

$۰-$۱k

Not Defined

CVE-2021-36185

۸.۸

Fortinet FortiWLM HTTP Request os command injection

$۲k-$5k

Not Defined

CVE-2021-36184

۷.۲

Fortinet FortiWLM HTTP Request sql injection

$۱k-$2k

Not Defined

CVE-2021-39903

۵.۶

GitLab Community Edition/Enterprise Edition API Call access control

$۲k-$5k

Not Defined

CVE-2021-39905

۴.۳

GitLab Community Edition/Enterprise Edition API information disclosure

$۱k-$2k

Not Defined

CVE-2021-22260

۵.۶

GitLab Community Edition/Enterprise Edition DataDog cross site scripting

$۰-$۱k

Not Defined

CVE-2021-39907

۵.۳

GitLab Community Edition/Enterprise Edition EXIF Data resource consumption

$۰-$۱k

Not Defined

CVE-2021-39906

۶.۱

GitLab Community Edition/Enterprise Edition ipynb File cross site scripting

$۰-$۱k

Not Defined

CVE-2021-39902

۵.۳

GitLab Community Edition/Enterprise Edition Membership improper authorization

$۲k-$5k

Not Defined

CVE-2021-39904

۵.۳

GitLab Community Edition/Enterprise Edition Merge Request access control

$۲k-$5k

Not Defined

CVE-2021-39911

۳.۰

GitLab Community Edition/Enterprise Edition Merge Request information disclosure

$۱k-$2k

Not Defined

CVE-2021-39913

۴.۳

GitLab Community Edition/Enterprise Edition Migration Log log file

$۱k-$2k

Not Defined

CVE-2021-39895

۴.۰

GitLab Community Edition/Enterprise Edition Pipeline Schedule information disclosure

$۰-$۱k

Not Defined

CVE-2021-39898

۳.۷

GitLab Community Edition/Enterprise Edition Project Export access control

$۲k-$5k

Not Defined

CVE-2021-39901

۲.۷

GitLab Community Edition/Enterprise Edition SCIM Token information disclosure

$۰-$۱k

Not Defined

CVE-2021-39897

۳.۵

GitLab Community Edition/Enterprise Edition Subgroup Member access control

$۲k-$5k

Not Defined

CVE-2021-39912

۵.۳

GitLab Community Edition/Enterprise Edition TIFF Image memory allocation

$۰-$۱k

Not Defined

CVE-2021-39909

۴.۷

GitLab Enterprise Edition CODEOWNERS access control

$۲k-$5k

Not Defined

CVE-2021-39914

۳.۱

GitLab Regular Expression denial of service

$۰-$۱k

Not Defined

CVE-2021-43396

۷.۳

GNU C Library ISO-2022-JP-3 Encoding iso-2022-jp-3.c iconv state issue

$۲k-$5k

Not Defined

CVE-2021-0889

۶.۳

Google Android Android TV Remote Service Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0672

۵.۵

Google Android Browser app Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0922

۵.۵

Google Android Framework Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0653

۵.۵

Google Android Framework Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2020-13871

۵.۵

Google Android Framework Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0933

۵.۵

Google Android Framework Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0926

۵.۵

Google Android Framework Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0923

۵.۵

Google Android Framework Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0921

۵.۵

Google Android Framework Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0799

۵.۵

Google Android Framework Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0929

۵.۵

Google Android Kernel Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0924

۵.۵

Google Android Kernel Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0920

۵.۵

Google Android Kernel Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1048

۶.۳

Google Android Kernel use after free

$۵۰k-$100k

Official Fix

CVE-2021-0650

۵.۵

Google Android Media Framework Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0650

۵.۵

Google Android Media Framework Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0928

۵.۵

Google Android Media Framework Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-30284

۵.۵

Google Android Qualcomm Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-30259

۵.۵

Google Android Qualcomm Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-30255

۵.۵

Google Android Qualcomm Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-30254

۵.۵

Google Android Qualcomm Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1982

۵.۵

Google Android Qualcomm Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1981

۵.۵

Google Android Qualcomm Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1979

۵.۵

Google Android Qualcomm Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1973

۵.۵

Google Android Qualcomm Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1921

۵.۵

Google Android Qualcomm Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1975

۵.۵

Google Android Qualcomm Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1924

۵.۵

Google Android Qualcomm Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0919

۳.۵

Google Android System denial of service

$۱۰k-$25k

Official Fix

CVE-2021-0931

۵.۵

Google Android System Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0925

۵.۵

Google Android System Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0932

۵.۵

Google Android System Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0649

۵.۵

Google Android System Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0434

۵.۵

Google Android System Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0930

۶.۳

Google Android System Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0918

۶.۳

Google Android System Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0649

۵.۵

Google Android Tethering Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0653

۵.۵

Google Android Tethering Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-0927

۵.۵

Google Android TvInputManager Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2020-16048

۵.۹

Google Chrome ANGLE out-of-bounds read

$۲۵k-$50k

Official Fix

CVE-2020-6492

۷.۹

Google Chrome ANGLE use after free

$۵۰k-$100k

Official Fix

CVE-2018-6125

۵.۴

Google Chrome USB Policy information disclosure

$۲۵k-$50k

Official Fix

CVE-2018-6122

۷.۵

Google Chrome WebAssembly type confusion

$۵۰k-$100k

Official Fix

CVE-2021-39346

۳.۶

Google Maps Easy Plugin mgrEditMarkerGroup.php cross site scripting

$۰-$۱k

Official Fix

CVE-2021-41218

۴.۹

Google TensorFlow AllToAll divide by zero

$۲k-$5k

Official Fix

CVE-2021-41206

۶.۰

Google TensorFlow API improper validation of integrity check value

$۱۰k-$25k

Official Fix

CVE-2021-41208

۷.۵

Google TensorFlow API null pointer dereference

$۵k-$10k

Official Fix

CVE-2021-41213

۴.۹

Google TensorFlow API tf.function locking

$۲k-$5k

Official Fix

CVE-2021-41220

۷.۰

Google TensorFlow CollectiveReduceV2 use after free

$۱۰k-$25k

Official Fix

CVE-2021-41217

۴.۹

Google TensorFlow Control Flow Graph null pointer dereference

$۲k-$5k

Official Fix

CVE-2021-41209

۴.۹

Google TensorFlow Convolution Operator divide by zero

$۲k-$5k

Official Fix

CVE-2021-41215

۴.۹

Google TensorFlow DeserializeSparse null pointer dereference

$۲k-$5k

Official Fix

CVE-2021-41197

۴.۹

Google TensorFlow Dimensions MultiplyWithoutOverflow integer overflow

$۱۰k-$25k

Official Fix

CVE-2021-41207

۴.۹

Google TensorFlow divide by zero

$۲k-$5k

Official Fix

CVE-2021-41223

۶.۷

Google TensorFlow FusedBatchNorm out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-41204

۴.۹

Google TensorFlow Grappler Optimizer uninitialized pointer

$۲k-$5k

Official Fix

CVE-2021-41225

۴.۹

Google TensorFlow Grappler Optimizer uninitialized resource

$۲k-$5k

Official Fix

CVE-2021-41227

۶.۴

Google TensorFlow ImmutableConst out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-41203

۷.۰

Google TensorFlow Integer Overflow insufficient verification of data authenticity

$۵k-$10k

Official Fix

CVE-2021-41196

۴.۹

Google TensorFlow Keras Pooling Layer integer underflow

$۱۰k-$25k

Official Fix

CVE-2021-41221

۷.۰

Google TensorFlow Parameter Cudnn buffer overflow

$۱۰k-$25k

Official Fix

CVE-2021-41201

۷.۰

Google TensorFlow ParseEquation uninitialized pointer

$۱۰k-$25k

Official Fix

CVE-2021-41205

۶.۷

Google TensorFlow QuantizeAndDequantizeV out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-41211

۶.۷

Google TensorFlow QuantizeV2 out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-41228

۶.۲

Google TensorFlow saved_model_cli os command injection

$۱۰k-$25k

Official Fix

CVE-2021-41219

۶.۰

Google TensorFlow Sparse Matrix Multiplication uninitialized pointer

$۲k-$5k

Official Fix

CVE-2021-41226

۶.۷

Google TensorFlow SparseBinCount out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-41210

۶.۷

Google TensorFlow SparseCountSparseOutput out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-41224

۶.۷

Google TensorFlow SparseFillEmptyRows out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-41222

۴.۹

Google TensorFlow SplitV calculation

$۲k-$5k

Official Fix

CVE-2021-41199

۴.۹

Google TensorFlow tf.image.resize integer overflow

$۱۰k-$25k

Official Fix

CVE-2021-41195

۴.۹

Google TensorFlow tf.math.segment_* integer overflow

$۱۰k-$25k

Official Fix

CVE-2021-41212

۶.۷

Google TensorFlow tf.ragged.cross out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-41214

۷.۰

Google TensorFlow tf.ragged.cross uninitialized pointer

$۱۰k-$25k

Official Fix

CVE-2021-41202

۵.۹

Google TensorFlow tf.range numeric conversion

$۱۰k-$25k

Official Fix

CVE-2021-41200

۴.۹

Google TensorFlow tf.summary.create_file_writer assertion

$۲k-$5k

Official Fix

CVE-2021-41198

۴.۹

Google TensorFlow tf.tile integer overflow

$۱۰k-$25k

Official Fix

CVE-2021-41216

۵.۹

Google TensorFlow Transpose buffer overflow

$۱۰k-$25k

Official Fix

CVE-2021-39238

۷.۶

HP Enterprise LaserJet buffer overflow

$۱۰k-$25k

Not Defined

CVE-2021-39237

۴.۰

HP LaserJet information disclosure

$۲k-$5k

Not Defined

CVE-2021-3705

۵.۵

HP LaserJet Pro access control

$۱۰k-$25k

Not Defined

CVE-2021-3704

۵.۷

HP LaserJet Pro denial of service

$۲k-$5k

Not Defined

CVE-2020-28416

۵.۳

HP OfficeJet/PageWide IRIS OCR Local Privilege Escalation

$۵k-$10k

Not Defined

CVE-2020-6931

۶.۳

HP Print and Scan Doctor Privilege Escalation

$۱۰k-$25k

Not Defined

CVE-2021-3440

۶.۳

HP Smart App Print/Scan Doctor Privilege Escalation

$۱۰k-$25k

Not Defined

CVE-2021-29212

۸.۵

HPE iLO Amplifier Pack pathname traversal

$۱۰k-$25k

Not Defined

CVE-2021-29213

۶.۵

HPE ProLiant DL20 Gen10 access control

$۱۰k-$25k

Official Fix

CVE-2021-29753

۴.۸

IBM Business Automation Workflow or credentials storage

$۱۰k-$25k

Official Fix

CVE-2021-29888

۵.۴

IBM InfoSphere Information Server cross-site request forgery

$۵k-$10k

Official Fix

CVE-2021-29737

۵.۷

IBM InfoSphere Information Server Data Flow Designer Engine certificate validation

$۱۰k-$25k

Official Fix

CVE-2021-29738

۵.۹

IBM InfoSphere Information Server Data Flow Designer server-side request forgery

$۱۰k-$25k

Official Fix

CVE-2021-29875

۴.۸

IBM InfoSphere Information Server information disclosure

$۵k-$10k

Official Fix

CVE-2021-29771

۴.۴

IBM InfoSphere Information Server Web UI cross site scripting

$۲k-$5k

Official Fix

CVE-2021-38948

۶.۷

IBM InfoSphere Information Server XML Data xml external entity reference

$۵k-$10k

Official Fix

CVE-2020-23567

۴.۳

Irfan Skiljan Irfanview JPEG 2000 File ShowPlugInSaveOptions_W divide by zero

$۰-$۱k

Not Defined

CVE-2020-23565

۶.۳

Irfan Skiljan Irfanview JPEG 2000 File ShowPlugInSaveOptions_W Remote Code Execution

$۲k-$5k

Not Defined

CVE-2020-23566

۴.۳

Irfan Skiljan Irfanview ShowPlugInSaveOptions_W infinite loop

$۰-$۱k

Not Defined

CVE-2021-21690

۵.۵

Jenkins Agent File protection mechanism

$۱k-$2k

Not Defined

CVE-2021-21691

۵.۵

Jenkins Agent-to-Controller authorization

$۱k-$2k

Not Defined

CVE-2021-21689

۵.۵

Jenkins Agent-to-Controller authorization

$۱k-$2k

Not Defined

CVE-2021-21687

۵.۵

Jenkins Agent-to-Controller authorization

$۱k-$2k

Not Defined

CVE-2021-21685

۵.۵

Jenkins Agent-to-Controller authorization

$۱k-$2k

Not Defined

CVE-2021-21692

۵.۵

Jenkins Agent-to-Controller authorization

$۱k-$2k

Not Defined

CVE-2021-21693

۵.۵

Jenkins Agent-to-Controller improper authorization

$۱k-$2k

Not Defined

CVE-2021-21688

۵.۵

Jenkins Agent-to-Controller Security Check authorization

$۱k-$2k

Not Defined

CVE-2021-21686

۵.۵

Jenkins Agent-to-Controller Security Subsystem path traversal

$۱k-$2k

Not Defined

CVE-2021-21694

۵.۵

Jenkins authorization

$۱k-$2k

Not Defined

CVE-2021-21696

۵.۵

Jenkins FilePath API protection mechanism

$۱k-$2k

Not Defined

CVE-2021-21697

۵.۵

Jenkins incomplete blacklist

$۱k-$2k

Not Defined

CVE-2021-21698

۵.۵

Jenkins Subversion Plugin Subversion Key File path traversal

$۱k-$2k

Not Defined

CVE-2021-21695

۵.۵

Jenkins Symbolic Links authorization

$۱k-$2k

Not Defined

CVE-2021-23807

۵.۶

jsonpointer code injection

$۲k-$5k

Official Fix

CVE-2021-23820

۵.۶

json-pointer type confusion

$۲k-$5k

Not Defined

CVE-2021-23509

۵.۶

json-ptr Parameter type confusion

$۲k-$5k

Official Fix

CVE-2021-41247

۴.۵

JupyterHub Tab session expiration

$۱k-$2k

Official Fix

CVE-2021-35053

۵.۷

Kaspersky Anti-Virus Firefox Parameter denial of service

$۰-$۱k

Official Fix

CVE-2021-22564

۵.۰

libjxl JPEG XL Image heap-based overflow

$۲k-$5k

Official Fix

CVE-2021-22563

۴.۸

libjxl JPEG XL Image vector buffer overflow

$۲k-$5k

Official Fix

CVE-2020-27820

۵.۶

Linux Kernel Device Hot-Unplugging postclose use after free

$۱۰k-$25k

Official Fix

CVE-2021-34866

۷.۲

Linux Kernel eBPF verifier.c check_map_func_compatibility type confusion

$۱۰k-$25k

Official Fix

CVE-2021-43267

۷.۰

Linux Kernel Inter-Process Communication crypto.c tipc_crypto_key_rcv missing encryption

$۵k-$10k

Official Fix

CVE-2021-43389

۵.۵

Linux Kernel kcapi.c detach_capi_ctr array index

$۱۰k-$25k

Official Fix

CVE-2021-40848

۵.۵

Mahara csv injection

$۱k-$2k

Official Fix

CVE-2021-43264

۴.۴

Mahara Page Help File pathname traversal

$۱k-$2k

Official Fix

CVE-2021-43266

۶.۴

Mahara PDF Export os command injection

$۱k-$2k

Official Fix

CVE-2021-43265

۴.۴

Mahara Script Element cross site scripting

$۰-$۱k

Official Fix

CVE-2021-40849

۵.۵

Mahara Web Service Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-31848

۵.۴

McAfee Data Loss Prevention ePO Extension cross site scripting

$۲k-$5k

Official Fix

CVE-2021-31849

۶.۵

McAfee Data Loss Prevention ePO Extension sql injection

$۵k-$10k

Official Fix

CVE-2021-26739

۸.۰

Millken DOYOCMS Parameter pay.php sql injection

$۱k-$2k

Not Defined

CVE-2021-26740

۷.۶

Millken DOYOCMS sysupload.php unrestricted upload

$۱k-$2k

Not Defined

CVE-2021-38495

۷.۵

Mozilla Firefox ESR/Thunderbird memory corruption

$۲۵k-$50k

Official Fix

CVE-2021-29993

۶.۲

Mozilla Firefox intent Scheme denial of service

$۱۰k-$25k

Official Fix

CVE-2021-38499

۷.۵

Mozilla Firefox memory corruption

$۲۵k-$50k

Official Fix

CVE-2021-38494

۷.۵

Mozilla Firefox memory corruption

$۲۵k-$50k

Official Fix

CVE-2021-38491

۶.۴

Mozilla Firefox Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2021-38501

۷.۵

Mozilla Firefox/Firefox ESR/Thunderbird memory corruption

$۲۵k-$50k

Official Fix

CVE-2021-38500

۷.۵

Mozilla Firefox/Firefox ESR/Thunderbird memory corruption

$۲۵k-$50k

Official Fix

CVE-2021-38493

۶.۳

Mozilla Firefox/Firefox ESR/Thunderbird memory corruption

$۲۵k-$50k

Official Fix

CVE-2021-38496

۷.۵

Mozilla Firefox/Firefox ESR/Thunderbird MessageTasks memory corruption

$۲۵k-$50k

Official Fix

CVE-2021-38492

۵.۷

Mozilla Firefox/Firefox ESR/Thunderbird mk Scheme access control

$۲۵k-$50k

Official Fix

CVE-2021-38498

۶.۹

Mozilla Firefox/Firefox ESR/Thunderbird Shutdown use after free

$۲۵k-$50k

Official Fix

CVE-2021-38497

۶.۴

Mozilla Firefox/Firefox ESR/Thunderbird window.open origin validation

$۲۵k-$50k

Official Fix

CVE-2021-29991

۷.۲

Mozilla Firefox/Thunderbird HTTP3 Header request smuggling

$۲۵k-$50k

Official Fix

CVE-2021-38502

۴.۸

Mozilla Thunderbird SMTP Connection inadequate encryption

$۱۰k-$25k

Official Fix

CVE-2021-20704

۶.۳

NEC CLUSTERPRO X/EXPRESSCLUSTER X buffer overflow

$۲k-$5k

Not Defined

CVE-2021-20701

۶.۳

NEC Disk Agent CLUSTERPRO X/EXPRESSCLUSTER X buffer overflow

$۲k-$5k

Not Defined

CVE-2021-20700

۶.۳

NEC Disk Agent CLUSTERPRO X/EXPRESSCLUSTER X buffer overflow

$۲k-$5k

Not Defined

CVE-2021-20703

۶.۳

NEC Transaction Server CLUSTERPRO X/EXPRESSCLUSTER X buffer overflow

$۲k-$5k

Not Defined

CVE-2021-20702

۶.۳

NEC Transaction Server CLUSTERPRO X/EXPRESSCLUSTER X buffer overflow

$۲k-$5k

Not Defined

CVE-2021-20707

۴.۳

NEC Transaction Server CLUSTERPRO X/EXPRESSCLUSTER X information disclosure

$۱k-$2k

Not Defined

CVE-2021-20706

۶.۳

NEC WebManager CLUSTERPRO X/EXPRESSCLUSTER X unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-20705

۶.۳

NEC WebManager CLUSTERPRO X/EXPRESSCLUSTER X unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-27005

۵.۹

NetApp Clustered Data ONTAP httpd denial of service

$۰-$۱k

Official Fix

CVE-2021-27004

۴.۴

NetApp System Manager iSCSI CHAP Credential missing encryption

$۰-$۱k

Official Fix

CVE-2021-27723

۵.۵

Nsasoft Product Key Explorer denial of service

$۰-$۱k

Not Defined

CVE-2021-27722

۵.۵

Nsasoft SpotAuditor denial of service

$۰-$۱k

Not Defined

CVE-2021-1123

۶.۰

NVIDIA vGPU Software Virtual GPU Manager denial of service

$۰-$۱k

Not Defined

CVE-2021-1119

۶.۴

NVIDIA vGPU Software Virtual GPU Manager double free

$۲k-$5k

Not Defined

CVE-2021-1121

۶.۰

NVIDIA vGPU Software Virtual GPU Manager Kernel Driver allocation of resources

$۰-$۱k

Not Defined

CVE-2021-1122

۵.۶

NVIDIA vGPU Software Virtual GPU Manager null pointer dereference

$۰-$۱k

Not Defined

CVE-2021-1120

۷.۹

NVIDIA vGPU software Virtual GPU Manager null termination

$۲k-$5k

Not Defined

CVE-2021-1118

۸.۳

NVIDIA vGPU Software Virtual GPU Manager unnecessary privileges

$۲k-$5k

Not Defined

CVE-2021-35368

۷.۳

OWASP ModSecurity Core Rule Set Pathname protection mechanism

$۲k-$5k

Official Fix

CVE-2020-18263

۶.۳

PHP-CMS search.php sql injection

$۱k-$2k

Not Defined

CVE-2020-23754

۶.۵

PHP-Fusion Polls poll_admin.php cross site scripting

$۰-$۱k

Not Defined

CVE-2021-39411

۳.۵

PHPGurukul Hospital Management System Parameter cross site scripting

$۰-$۱k

Not Defined

CVE-2021-39412

۳.۵

PHPGurukul Shopping Parameter cross site scripting

$۰-$۱k

Not Defined

CVE-2020-18440

۷.۶

PHPOK init.php buffer overflow

$۲k-$5k

Not Defined

CVE-2020-18438

۵.۵

PHPOK Parameter admin.php pathname traversal

$۱k-$2k

Not Defined

CVE-2020-18439

۷.۳

PHPOK tpl_control.php edit_save_f Privilege Escalation

$۲k-$5k

Not Defined

CVE-2021-41748

۵.۵

Portainer access control

$۱k-$2k

Not Defined

CVE-2021-41874

۳.۵

Portainer information disclosure

$۰-$۱k

Not Defined

CVE-2021-41250

۵.۳

Python Discord Bot URL Blacklist protection mechanism

$۲k-$5k

Official Fix

CVE-2021-36924

۵.۳

Realtek RtsUpx USB Utility Driver RtsUpx.sys access control

$۱k-$2k

Not Defined

CVE-2021-36925

۵.۳

Realtek RtsUpx USB Utility Driver RtsUpx.sys denial of service

$۰-$۱k

Not Defined

CVE-2021-36923

۵.۳

Realtek RtsUpx USB Utility Driver USB Device RtsUpx.sys access control

$۱k-$2k

Not Defined

CVE-2021-36922

۵.۳

Realtek RtsUpx USB Utility Driver USB Device RtsUpx.sys access control

$۱k-$2k

Not Defined

CVE-2021-25509

۵.۶

Samsung Flow Application access control

$۱k-$2k

Official Fix

CVE-2021-25507

۴.۶

Samsung Flow Mobile Application Notification Data improper authorization

$۱k-$2k

Official Fix

CVE-2021-25504

۳.۶

Samsung Group Sharing Contact Information information disclosure

$۰-$۱k

Official Fix

CVE-2021-25503

۴.۴

Samsung HDCP input validation

$۰-$۱k

Official Fix

CVE-2021-25500

۶.۸

Samsung HDCP LDFW TEE input validation

$۱k-$2k

Official Fix

CVE-2021-25506

۳.۶

Samsung Health Content Provider denial of service

$۰-$۱k

Official Fix

CVE-2021-25505

۳.۳

Samsung Pass Lockscreen improper authentication

$۰-$۱k

Official Fix

CVE-2021-25502

۶.۶

Samsung Property Settings privileges management

$۱k-$2k

Official Fix

CVE-2021-25501

۵.۵

Samsung SecTelephonyProvider SCloudBnRReceiver access control

$۱k-$2k

Official Fix

CVE-2021-25508

۶.۳

Samsung SmartThings API Key privileges management

$۲k-$5k

Official Fix

CVE-2020-26707

۷.۶

Shenzhim AAPTJS Parameter add command injection

$۱k-$2k

Not Defined

CVE-2020-36380

۵.۵

Shenzhim AAPTJS Parameter crunch Privilege Escalation

$۲k-$5k

Not Defined

CVE-2020-36377

۵.۵

Shenzhim AAPTJS Parameter dump Privilege Escalation

$۲k-$5k

Not Defined

CVE-2020-36376

۵.۵

Shenzhim AAPTJS Parameter list Privilege Escalation

$۲k-$5k

Not Defined

CVE-2020-36378

۵.۵

Shenzhim AAPTJS Parameter packageCmd Privilege Escalation

$۲k-$5k

Not Defined

CVE-2020-36379

۵.۵

Shenzhim AAPTJS Parameter remove Privilege Escalation

$۲k-$5k

Not Defined

CVE-2020-36381

۵.۵

Shenzhim AAPTJS Parameter singleCrunch Privilege Escalation

$۲k-$5k

Not Defined

CVE-2021-43293

۴.۳

Sonatype Nexus Repository Manager server-side request forgery

$۲k-$5k

Official Fix

CVE-2021-42568

۵.۵

Sonatype Nexus Repository Manager SSL Certificate access control

$۱k-$2k

Not Defined

CVE-2021-36808

۵.۹

Sophos Secure Workspace race condition

$۰-$۱k

Official Fix

CVE-2021-41645

۷.۵

Sourcecodester Budget and Expense Tracker System Image Upload unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-41643

۸.۰

SourceCodester Church Management System Image Upload unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-43130

۶.۳

SourceCodester Customer Relationship Management login.php sql injection

$۱k-$2k

Not Defined

CVE-2021-41675

۶.۷

SourceCodester E-Negosyo System controller.php doInsert unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-41674

۸.۰

SourceCodester E-Negosyo System Parameter login.php sql injection

$۱k-$2k

Not Defined

CVE-2021-42669

۶.۳

Sourcecodester Engineers Online Portal in PHP dashboard_teacher.php unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-42671

۷.۳

Sourcecodester Engineers Online Portal in PHP File Upload uploads improper authentication

$۱k-$2k

Not Defined

CVE-2021-42665

۷.۳

Sourcecodester Engineers Online Portal in PHP Login Form index.php sql injection

$۲k-$5k

Not Defined

CVE-2021-42670

۶.۳

Sourcecodester Engineers Online Portal in PHP Parameter announcements_student.php sql injection

$۱k-$2k

Not Defined

CVE-2021-42668

۶.۳

Sourcecodester Engineers Online Portal in PHP Parameter my_classmates.php sql injection

$۱k-$2k

Not Defined

CVE-2021-42666

۶.۳

Sourcecodester Engineers Online Portal in PHP Parameter quiz_question.php sql injection

$۱k-$2k

Not Defined

CVE-2021-42664

۳.۵

Sourcecodester Engineers Online Portal in PHP Quiz add_quiz.php cross site scripting

$۰-$۱k

Not Defined

CVE-2021-42662

۳.۵

SourceCodester Online Event Booking and Reservation System cross site scripting

$۰-$۱k

Not Defined

CVE-2021-42663

۴.۳

SourceCodester Online Event Booking and Reservation System index.php injection

$۲k-$5k

Not Defined

CVE-2021-42667

۶.۳

SourceCodester Online Event Booking and Reservation System views sql injection

$۱k-$2k

Not Defined

CVE-2021-41644

۸.۰

SourceCodester Online Food Ordering System Image Upload unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-41646

۸.۰

SourceCodester Online Reviewer System Image Upload unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-36560

۸.۵

SourceCodester Phone Shop Sales Managements System improper authentication

$۱k-$2k

Not Defined

CVE-2021-41492

۶.۳

Sourcecodester Simple Cashiering System sql injection

$۱k-$2k

Not Defined

CVE-2021-43140

۶.۳

Sourcecodester Simple Subscription Website Login sql injection

$۱k-$2k

Not Defined

CVE-2021-43141

۳.۵

Sourcecodester Simple Subscription Website plan_application cross site scripting

$۰-$۱k

Not Defined

CVE-2020-22223

۶.۳

Stivasoft Fundraising Script pjActionLoad sql injection

$۱k-$2k

Not Defined

CVE-2020-22222

۳.۵

Stivasoft Fundraising Script pjActionLoadCss cross site scripting

$۰-$۱k

Not Defined

CVE-2020-22225

۶.۳

Stivasoft Fundraising Script pjActionLoadForm sql injection

$۱k-$2k

Not Defined

CVE-2020-22224

۳.۵

Stivasoft Fundraising Script pjActionPreview cross site scripting

$۰-$۱k

Not Defined

CVE-2020-22226

۶.۳

Stivasoft Fundraising Script pjActionSetAmount sql injection

$۱k-$2k

Not Defined

CVE-2021-24770

۶.۰

Stylish Price List Plugin AJAX Action spl_upload_ser_img access control

$۱k-$2k

Official Fix

CVE-2021-24757

۵.۸

Stylish Price List Plugin AJAX Action spl_upload_ser_img access control

$۲k-$5k

Official Fix

CVE-2021-42574

۷.۴

Unicode Specification Bidirectional Algorithm source code

$۲k-$5k

Not Defined

CVE-2021-42694

۷.۴

Unicode Specification Homoglyph source code

$۲k-$5k

Not Defined

CVE-2021-3927

۶.۸

Vim heap-based overflow

$۲k-$5k

Official Fix

CVE-2021-3928

۶.۸

Vim stack-based overflow

$۲k-$5k

Official Fix

CVE-2015-20067

۴.۳

WP Attachment Export Plugin XML Data authorization

$۲k-$5k

Official Fix

CVE-2021-42359

۷.۴

WP DSGVO Tools AJAX Request access control

$۲k-$5k

Not Defined

CVE-2021-24723

۴.۴

WP Reactions Lite Plugin cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24715

۴.۱

WP Sitemap Page Plugin Setting cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24793

۴.۱

WPeMatico RSS Feed Fetcher Plugin Campaign cross site scripting

$۰-$۱k

Official Fix

CVE-2020-36504

۴.۳

WP-Pro-Quiz Plugin Delete cross-site request forgery

$۰-$۱k

Not Defined

CVE-2015-10001

۲.۴

WP-Stats Plugin cross site scripting

$۰-$۱k

Official Fix

CVE-2020-24743

۶.۳

Zoho ManageEngine Applications Manager showReports.do access control

$۲k-$5k

Not Defined

CVE-2021-20136

۸.۵

Zoho ManageEngine ManageEngine Log360 Database Configuration access control

$۲k-$5k

Official Fix