آسیبپذیریهای حیاتی هفته سوم بهمنماه
این هفته آسیبپذیریهای «حیاتی» و «پرخطر» بسیاری در محصولات مهم Cisco گزارش و وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شد. همچنین در محصولات شرکتهای Apache، HPE، Google، Solarwinds، D-Link، IBM وکرنل لینوکس چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت.
لیست این آسیبپذیریها بههمراه سطح خطر آنها در جدول زیر آمده است.
|
شناسه آسیبپذیری |
امتیاز مبنا |
عنوان آسیبپذیری |
ارزش روز صفر |
رفع آسیبپذیری |
|---|---|---|---|---|
|
CVE-2020-13947 |
۳.۵ |
Apache ActiveMQ Administration Console message.jsp cross site scripting |
$۰-$۵k |
Not Defined |
|
CVE-2020-17516 |
۷.۵ |
Apache Cassandra missing encryption |
$۲k-$5k |
Not Defined |
|
CVE-2021-25646 |
۸.۸ |
Apache Druid cross site scripting |
$۲k-$5k |
Official Fix |
|
CVE-2020-17523 |
۹.۸ |
Apache Shiro Spring Support improper authentication |
$۵k-$10k |
Official Fix |
|
CVE-2021-1761 |
۴.۳ |
Apple macOS Analytics denial of service |
$۲k-$5k |
Official Fix |
|
CVE-2021-1797 |
۳.۳ |
Apple macOS APFS permission |
$۵k-$10k |
Official Fix |
|
CVE-2020-27945 |
۶.۳ |
Apple macOS CFNetwork Cache integer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1760 |
۵.۳ |
Apple macOS CoreAnimation memory corruption |
$۵k-$10k |
Official Fix |
|
CVE-2021-1747 |
۶.۳ |
Apple macOS CoreAudio out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1776 |
۶.۳ |
Apple macOS CoreGraphics out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1759 |
۶.۳ |
Apple macOS CoreMedia out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-1792 |
۶.۳ |
Apple macOS CoreText out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-1772 |
۶.۳ |
Apple macOS CoreText stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1787 |
۵.۳ |
Apple macOS Crash Reporter behavioral workflow |
$۵k-$10k |
Official Fix |
|
CVE-2021-1761 |
۴.۳ |
Apple macOS Crash Reporter denial of service |
$۲k-$5k |
Official Fix |
|
CVE-2021-1786 |
۵.۳ |
Apple macOS Crash Reporter state issue |
$۵k-$10k |
Official Fix |
|
CVE-2021-1773 |
۶.۳ |
Apple macOS denial of service |
$۵k-$10k |
Official Fix |
|
CVE-2020-27937 |
۳.۳ |
Apple macOS Directory Utility state issue |
$۵k-$10k |
Official Fix |
|
CVE-2021-1802 |
۵.۳ |
Apple macOS Endpoint Security state issue |
$۵k-$10k |
Official Fix |
|
CVE-2021-1791 |
۳.۳ |
Apple macOS FairPlay out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-1758 |
۶.۳ |
Apple macOS FontParser out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2020-29608 |
۶.۳ |
Apple macOS FontParser out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-1790 |
۶.۳ |
Apple macOS FontParser out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-1775 |
۶.۳ |
Apple macOS FontParser Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1766 |
۴.۳ |
Apple macOS ImageIO denial of service |
$۵k-$10k |
Official Fix |
|
CVE-2021-1783 |
۶.۳ |
Apple macOS ImageIO memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1785 |
۶.۳ |
Apple macOS ImageIO out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-1736 |
۶.۳ |
Apple macOS ImageIO out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-1778 |
۵.۵ |
Apple macOS ImageIO out-of-bounds read |
Calculating |
Official Fix |
|
CVE-2021-1743 |
۶.۳ |
Apple macOS ImageIO out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-1741 |
۶.۳ |
Apple macOS ImageIO out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-1744 |
۶.۳ |
Apple macOS ImageIO out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1738 |
۶.۳ |
Apple macOS ImageIO out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1737 |
۶.۳ |
Apple macOS ImageIO out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1793 |
۶.۳ |
Apple macOS ImageIO Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1777 |
۶.۳ |
Apple macOS ImageIO Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1774 |
۶.۳ |
Apple macOS ImageIO Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1754 |
۶.۳ |
Apple macOS ImageIO Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1746 |
۶.۳ |
Apple macOS ImageIO Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1742 |
۶.۳ |
Apple macOS ImageIO Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1818 |
۶.۳ |
Apple macOS ImageIO state issue |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1779 |
۷.۸ |
Apple macOS IOKit state issue |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1757 |
۵.۳ |
Apple macOS IOSkywalkFamily out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-1750 |
۷.۸ |
Apple macOS Kernel behavioral workflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-27904 |
۷.۸ |
Apple macOS Kernel memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1782 |
۴.۵ |
Apple macOS Kernel race condition |
$۲k-$5k |
Official Fix |
|
CVE-2021-1764 |
۴.۳ |
Apple macOS Kernel use after free |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-29633 |
۵.۰ |
Apple macOS Login Window improper authentication |
$۵k-$10k |
Official Fix |
|
CVE-2021-1771 |
۵.۶ |
Apple macOS Messages access control |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1753 |
۶.۳ |
Apple macOS Model I/O out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-1763 |
۶.۳ |
Apple macOS Model IO buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1767 |
۶.۳ |
Apple macOS Model IO heap-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1768 |
۶.۳ |
Apple macOS Model IO out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-1745 |
۶.۳ |
Apple macOS Model IO out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-1762 |
۶.۳ |
Apple macOS Model IO out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-29614 |
۶.۳ |
Apple macOS Model IO Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1751 |
۶.۳ |
Apple macOS NetFSFramework state issue |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-25709 |
۴.۳ |
Apple macOS OpenLDAP denial of service |
$۲k-$5k |
Official Fix |
|
CVE-2020-27938 |
۵.۳ |
Apple macOS Power Management state issue |
$۵k-$10k |
Official Fix |
|
CVE-2020-14155 |
۵.۵ |
Apple macOS Screen Sharing unknown vulnerability |
$۱۰k-$25k |
Official Fix |
|
CVE-2019-20838 |
۵.۵ |
Apple macOS Screen Sharing unknown vulnerability |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-15358 |
۵.۵ |
Apple macOS SQLite sql injection |
$۵k-$10k |
Official Fix |
|
CVE-2021-1769 |
۵.۵ |
Apple macOS Swift memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1801 |
۶.۳ |
Apple macOS WebKit access control |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1765 |
۶.۳ |
Apple macOS WebKit access control |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1870 |
۶.۳ |
Apple macOS WebKit Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1871 |
۶.۳ |
Apple macOS WebKit Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1789 |
۶.۳ |
Apple macOS WebKit type confusion |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1788 |
۶.۳ |
Apple macOS WebKit use after free |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1799 |
۵.۵ |
Apple macOS WebRTC redirect |
$۵k-$10k |
Official Fix |
|
CVE-2021-3229 |
۳.۵ |
Asus RT-AX3000 Login Error denial of service |
$۰-$۵k |
Not Defined |
|
CVE-2020-36109 |
۵.۵ |
ASUS RT-AX86U httpd module blocking_request.cgi buffer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2020-36231 |
۴.۳ |
Atlassian JIRA Server/Data Center Metadata resource injection |
$۲k-$5k |
Official Fix |
|
CVE-2021-25310 |
۸.۸ |
Belkin Linksys WRT160NL mini_httpd apply.cgi do_upgrade_post os command injection |
$۲k-$5k |
Workaround |
|
CVE-2021-3401 |
۶.۳ |
Bitcoin Core bitcoin-qt state issue |
$۲k-$5k |
Official Fix |
|
CVE-2021-1128 |
۳.۳ |
Cisco IOS XR CLI Parser insertion of sensitive information into sent data |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1370 |
۷.۸ |
Cisco IOS XR Command Line os command injection |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1288 |
۷.۵ |
Cisco IOS XR denial of service |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1268 |
۴.۳ |
Cisco IOS XR IPv6 denial of service |
$۵k-$10k |
Official Fix |
|
CVE-2021-1313 |
۵.۸ |
Cisco IOS XR resource management |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1244 |
۶.۷ |
Cisco IOS XR signature verification |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1136 |
۶.۷ |
Cisco IOS XR signature verification |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1243 |
۵.۳ |
Cisco IOS XR SNMP access control |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1389 |
۷.۳ |
Cisco IOS XR/NX-OS IPv6 Access Control List access control |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1266 |
۴.۳ |
Cisco Managed Services Accelerator REST API denial of service |
$۲k-$5k |
Official Fix |
|
CVE-2021-1318 |
۸.۸ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface command injection |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1317 |
۸.۸ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface command injection |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1316 |
۸.۸ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface command injection |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1315 |
۸.۸ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface command injection |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1314 |
۸.۸ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface command injection |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1348 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1347 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1346 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1345 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1344 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1343 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1342 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1341 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1340 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1339 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1338 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1337 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1336 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1335 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1334 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1333 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1332 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1331 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1330 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1329 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1328 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1327 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1326 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1325 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1324 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1323 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1322 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1321 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1320 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1319 |
۷.۲ |
Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1297 |
۷.۳ |
Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface pathname traversal |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1296 |
۷.۳ |
Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface pathname traversal |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1295 |
۹.۸ |
Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface Remote Code Execution |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1294 |
۹.۸ |
Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface Remote Code Execution |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1293 |
۹.۸ |
Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface Remote Code Execution |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1292 |
۹.۸ |
Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface Remote Code Execution |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1291 |
۹.۸ |
Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface Remote Code Execution |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1290 |
۹.۸ |
Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface Remote Code Execution |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1289 |
۹.۸ |
Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface Remote Code Execution |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1354 |
۳.۵ |
Cisco Unified Computing System Registration API certificate validation |
$۵k-$10k |
Official Fix |
|
CVE-2021-1221 |
۵.۵ |
Cisco WebEx Meetings/WebEx Meetings Server Meeting Invitation Email input validation |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-20294 |
۵.۵ |
CMSWing Log unknown vulnerability |
$۲k-$5k |
Not Defined |
|
CVE-2020-20296 |
۵.۵ |
CMSWing rechargeAction sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-20295 |
۵.۵ |
CMSWing updateAction sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-28450 |
۷.۳ |
Decal Package extend Remote Code Execution |
$۲k-$5k |
Official Fix |
|
CVE-2020-28449 |
۷.۳ |
Decal Package set Remote Code Execution |
$۲k-$5k |
Official Fix |
|
CVE-2020-29557 |
۷.۳ |
D-Link DIR-825 R1 Web Interface buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-25506 |
۹.۸ |
D-Link DNS-320 system_mgr.cgi command injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-18568 |
۹.۸ |
D-Link DSR-250/DSR-1000N UPnP Service command injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-21285 |
۴.۳ |
Docker Docker Image Manifest resource consumption |
$۵k-$10k |
Official Fix |
|
CVE-2021-21284 |
۵.۵ |
Docker Remapped Root <remapping> path traversal |
$۵k-$10k |
Official Fix |
|
CVE-2020-8807 |
۳.۵ |
Electric Coin Company Zcashd Time Offset information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2020-8806 |
۵.۰ |
Electric Coin Company Zcashd Timestamp Remote Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2020-10539 |
۶.۳ |
Epikur checkPasswort backdoor |
$۲k-$5k |
Official Fix |
|
CVE-2020-10538 |
۲.۶ |
Epikur hash without salt |
$۰-$۱k |
Official Fix |
|
CVE-2020-10537 |
۶.۳ |
Epikur Service Port 4848 improper authentication |
$۱k-$2k |
Official Fix |
|
CVE-2020-9014 |
۶.۵ |
Epson iProjection Device Driver EMP_NSAU.sys denial of service |
$۰-$۵k |
Not Defined |
|
CVE-2020-9453 |
۶.۳ |
Epson iProjection Driver File EMP_MPAU.sys null pointer dereference |
$۰-$۵k |
Not Defined |
|
CVE-2020-1896 |
۴.۶ |
Facebook Hermes stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-1910 |
۶.۳ |
Facebook WhatsApp/WhatsApp Business Image out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-26023 |
۳.۵ |
Favorites Component cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-26024 |
۵.۵ |
Favorites Component resource injection |
$۱k-$2k |
Official Fix |
|
CVE-2020-13548 |
۶.۳ |
Foxit PhantomPDF PDF File use after free |
$۰-$۵k |
Official Fix |
|
CVE-2020-27860 |
۶.۳ |
Foxit PhantomPDF XFA Template out-of-bounds write |
$۰-$۵k |
Official Fix |
|
CVE-2020-14391 |
۳.۳ |
GNOME Control Center Settings User Interface insufficiently protected credentials |
$۰-$۵k |
Official Fix |
|
CVE-2021-3349 |
۴.۶ |
GNOME Evolution Valid Signature signature verification |
$۰-$۱k |
Official Fix |
|
CVE-2020-36241 |
۵.۵ |
GNOME gnome-autoar Extraction autoar-extractor.c pathname traversal |
$۱k-$2k |
Official Fix |
|
CVE-2021-0362 |
۴.۲ |
Google Android aee stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0347 |
۲.۳ |
Google Android ccu out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-0349 |
۶.۷ |
Google Android Display Driver memory corruption |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-0365 |
۴.۲ |
Google Android Display Driver use after free |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0350 |
۴.۴ |
Google Android ged denial of service |
$۲k-$5k |
Official Fix |
|
CVE-2021-0354 |
۴.۲ |
Google Android ged out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0353 |
۴.۲ |
Google Android kisd heap-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0361 |
۲.۳ |
Google Android kisd out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-0343 |
۶.۷ |
Google Android kisd out-of-bounds write |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-0355 |
۴.۲ |
Google Android kisd out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0364 |
۴.۲ |
Google Android mobile_log_d command injection |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0363 |
۴.۲ |
Google Android mobile_log_d command injection |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0345 |
۶.۷ |
Google Android mobile_log_d privileges management |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0344 |
۶.۷ |
Google Android mtkpower memory corruption |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-0358 |
۴.۲ |
Google Android netdiag command injection |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0356 |
۴.۲ |
Google Android netdiag command injection |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0360 |
۴.۲ |
Google Android netdiag out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0359 |
۴.۲ |
Google Android netdiag out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0357 |
۴.۲ |
Google Android netdiag out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0352 |
۴.۴ |
Google Android RT Regmap Driver memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0348 |
۶.۷ |
Google Android vpu out-of-bounds write |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-0346 |
۶.۷ |
Google Android vpu out-of-bounds write |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-0351 |
۷.۵ |
Google Android WLAN Driver denial of service |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-21148 |
۶.۳ |
Google Chrome V8 heap-based overflow |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-3283 |
۵.۵ |
Hashicorp Nomad/Nomad Enterprise Java Task Driver unknown vulnerability |
$۲k-$5k |
Official Fix |
|
CVE-2021-3024 |
۵.۳ |
Hashicorp Vault/Vault Enterprise information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2021-3282 |
۶.۳ |
Hashicorp Vault/Vault Enterprise Rast Operator Command improper authentication |
$۱k-$2k |
Official Fix |
|
CVE-2020-25594 |
۴.۳ |
Hashicorp Vault/Vault Enterprise Secrets Engine information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2020-14255 |
۳.۵ |
HCL Digital Experience Container information disclosure |
$۰-$۱k |
Not Defined |
|
CVE-2020-14221 |
۳.۵ |
HCL Digital Experience information disclosure |
$۰-$۱k |
Not Defined |
|
CVE-2020-4081 |
۳.۵ |
HCL Digital Experience WSRP Consumer cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-14246 |
۵.۶ |
HCL OneTest Performance Basic Authentication improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2020-14247 |
۳.۷ |
HCL OneTest Performance excessive authentication |
$۱k-$2k |
Not Defined |
|
CVE-2020-14245 |
۵.۳ |
HCL OneTest UI resource consumption |
$۰-$۱k |
Not Defined |
|
CVE-2020-24666 |
۳.۵ |
Hitachi Vantara Pentaho Analysis Report cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2020-24664 |
۳.۵ |
Hitachi Vantara Pentaho Dashboard Editor cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2020-24670 |
۳.۵ |
Hitachi Vantara Pentaho Dashboard Editor dashboardXml cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2020-24665 |
۴.۳ |
Hitachi Vantara Pentaho Dashboard Editor xml external entity reference |
$۱k-$2k |
Official Fix |
|
CVE-2020-24669 |
۲.۶ |
Hitachi Vantara Pentaho New Analysis Report cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2020-29165 |
۶.۳ |
HP Access Control access control |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-25123 |
۵.۳ |
HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller addlicense_func buffer overflow |
$۵k-$10k |
Not Defined |
|
CVE-2021-25138 |
۸.۸ |
HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-25137 |
۸.۸ |
HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-25136 |
۸.۸ |
HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-25135 |
۸.۸ |
HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-25134 |
۸.۸ |
HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-25133 |
۸.۸ |
HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-25132 |
۸.۸ |
HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-25131 |
۸.۸ |
HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-25130 |
۸.۸ |
HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-25127 |
۸.۸ |
HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-25126 |
۸.۸ |
HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-25129 |
۸.۸ |
HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware path traversal |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-25128 |
۸.۸ |
HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware path traversal |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-25125 |
۸.۸ |
HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware path traversal |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-25124 |
۸.۸ |
HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware path traversal |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-9118 |
۵.۵ |
Huawei AIS-BW80H-00 improper validation of integrity check value |
$۵k-$25k |
Not Defined |
|
CVE-2021-22293 |
۳.۵ |
Huawei Campusesight/ManageOne/Taurus-AL00A HTTP Request information disclosure |
$۰-$۵k |
Not Defined |
|
CVE-2021-22292 |
۴.۳ |
Huawei eCNS280 Message resource consumption |
$۰-$۵k |
Not Defined |
|
CVE-2021-22300 |
۳.۵ |
Huawei eCNS280_TD Temporary Files information disclosure |
$۰-$۵k |
Not Defined |
|
CVE-2020-9205 |
۵.۵ |
Huawei ManageOne CSV csv injection |
$۵k-$25k |
Not Defined |
|
CVE-2021-22298 |
۵.۵ |
Huawei ManageOne sql injection |
$۵k-$25k |
Not Defined |
|
CVE-2021-22299 |
۵.۳ |
Huawei ManageOne/NFV_FusionSphere/SMC/iMaster MAE-M access control |
$۵k-$25k |
Not Defined |
|
CVE-2021-22301 |
۶.۸ |
Huawei Mate 30 buffer overflow |
$۵k-$25k |
Not Defined |
|
CVE-2021-22305 |
۵.۵ |
Huawei Mate 30 Module buffer overflow |
$۵k-$25k |
Not Defined |
|
CVE-2021-22306 |
۵.۵ |
Huawei Mate 30 Module out-of-bounds read |
$۵k-$25k |
Not Defined |
|
CVE-2021-22307 |
۳.۳ |
Huawei Mate 30 risky encryption |
$۰-$۵k |
Not Defined |
|
CVE-2021-22302 |
۵.۵ |
Huawei Taurus-AL00A Module out-of-bounds read |
$۵k-$25k |
Not Defined |
|
CVE-2021-22304 |
۵.۵ |
Huawei Taurus-AL00A Module use after free |
$۵k-$25k |
Not Defined |
|
CVE-2021-22303 |
۵.۵ |
Huawei Taurus-AL00A Multi-Thread double free |
$۵k-$25k |
Not Defined |
|
CVE-2020-4827 |
۴.۳ |
IBM API Connect cross-site request forgery |
$۵k-$10k |
Not Defined |
|
CVE-2020-4826 |
۴.۳ |
IBM API Connect cross-site request forgery |
$۵k-$10k |
Not Defined |
|
CVE-2020-4828 |
۷.۳ |
IBM API Connect HTTP Request input validation |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-4640 |
۳.۰ |
IBM API Connect URL Fragment information disclosure |
$۲k-$5k |
Not Defined |
|
CVE-2020-4825 |
۳.۵ |
IBM API Connect Web UI cross site scripting |
$۲k-$5k |
Not Defined |
|
CVE-2020-4934 |
۴.۳ |
IBM Content Navigator URL Request path traversal |
$۵k-$10k |
Not Defined |
|
CVE-2020-4832 |
۴.۰ |
IBM PowerHA Discovery information disclosure |
$۲k-$5k |
Not Defined |
|
CVE-2020-5032 |
۴.۳ |
IBM QRadar SIEM denial of service |
$۲k-$5k |
Not Defined |
|
CVE-2020-8672 |
۵.۹ |
Intel Core/Celeron Processor 4000 BIOS Firmware out-of-bounds read |
$۵k-$10k |
Not Defined |
|
CVE-2020-8734 |
۵.۳ |
Intel Server Board M10JNP2SB Firmware input validation |
$۵k-$10k |
Official Fix |
|
CVE-2021-25755 |
۳.۱ |
JetBrains Code With Me Session ID random values |
$۰-$۱k |
Official Fix |
|
CVE-2021-25759 |
۴.۶ |
JetBrains Hub 2FA Settings denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-25760 |
۳.۵ |
JetBrains Hub Public API information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-25757 |
۵.۵ |
JetBrains Hub redirect |
$۱k-$2k |
Official Fix |
|
CVE-2021-25756 |
۳.۷ |
JetBrains IntelliJ IDEA HTTP Links cleartext transmission |
$۰-$۱k |
Official Fix |
|
CVE-2021-25758 |
۵.۵ |
JetBrains IntelliJ IDEA Workspace Model deserialization |
$۱k-$2k |
Official Fix |
|
CVE-2020-29582 |
۳.۵ |
JetBrains Kotlin Java API temp file |
$۱k-$2k |
Official Fix |
|
CVE-2021-25762 |
۵.۵ |
JetBrains Ktor HTTP Request request smuggling |
$۱k-$2k |
Official Fix |
|
CVE-2021-25763 |
۲.۶ |
JetBrains Ktor risky encryption |
$۰-$۱k |
Official Fix |
|
CVE-2021-25761 |
۲.۶ |
JetBrains Ktor SessionStorage Key inadequate encryption |
$۰-$۱k |
Official Fix |
|
CVE-2021-25775 |
۴.۳ |
JetBrains TeamCity Access Token access control |
$۱k-$2k |
Official Fix |
|
CVE-2021-25773 |
۳.۵ |
JetBrains TeamCity cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-25776 |
۳.۵ |
JetBrains TeamCity ECR Token information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-25774 |
۳.۵ |
JetBrains TeamCity GitHub Access Token information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2020-35667 |
۳.۵ |
JetBrains TeamCity Plugin server-side request forgery |
$۱k-$2k |
Official Fix |
|
CVE-2021-25772 |
۳.۵ |
JetBrains TeamCity Server Integration denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-25777 |
۵.۵ |
JetBrains TeamCity Token Removal permission |
$۱k-$2k |
Official Fix |
|
CVE-2021-25778 |
۵.۵ |
JetBrains TeamCity User permission |
$۱k-$2k |
Official Fix |
|
CVE-2021-25766 |
۶.۳ |
JetBrains YouTrack access control |
$۲k-$5k |
Official Fix |
|
CVE-2021-25768 |
۵.۵ |
JetBrains YouTrack Attachment permission |
$۱k-$2k |
Official Fix |
|
CVE-2021-25769 |
۵.۵ |
JetBrains YouTrack Attachment unknown vulnerability |
$۲k-$5k |
Official Fix |
|
CVE-2021-25765 |
۳.۵ |
JetBrains YouTrack Attachment Upload cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2021-25767 |
۳.۵ |
JetBrains YouTrack Command information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-25771 |
۳.۵ |
JetBrains YouTrack Project information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-25771 |
۳.۵ |
JetBrains YouTrack Project information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2020-25208 |
۳.۵ |
JetBrains YouTrack REST API information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-25770 |
۵.۵ |
JetBrains YouTrack Template injection |
$۱k-$2k |
Official Fix |
|
CVE-2020-21179 |
۶.۳ |
koa2-blog Signin Page sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-21180 |
۶.۳ |
koa2-blog Signup Page sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-26687 |
۵.۵ |
LG Mobile Device unknown vulnerability |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-26689 |
۵.۵ |
LG Mobile Devices USB laf Gadget use after free |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-26688 |
۵.۵ |
LG Wing Mobile Devices Biometric Sensor unknown vulnerability |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-3348 |
۵.۵ |
Linux Kernel IO Request nbd.c nbd_add_socket use after free |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-3347 |
۷.۸ |
Linux Kernel PI Futex use after free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-26708 |
۵.۰ |
Linux Kernel VSOCK af_vsock.c race condition |
$۵k-$10k |
Official Fix |
|
CVE-2021-22499 |
۳.۵ |
Micro Focus Application Performance Management cross site scripting |
$۰-$۵k |
Not Defined |
|
CVE-2021-22500 |
۳.۵ |
Micro Focus Application Performance Management cross-site request forgery |
$۰-$۵k |
Not Defined |
|
CVE-2019-25018 |
۵.۵ |
MIT krb5-appl rcp Client access control |
$۱۰k-$25k |
Official Fix |
|
CVE-2019-25017 |
۵.۵ |
MIT krb5-appl rcp pathname traversal |
$۵k-$10k |
Official Fix |
|
CVE-2020-8589 |
۳.۵ |
NetApp Clustered Data ONTAP information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2020-8588 |
۳.۵ |
NetApp Clustered Data ONTAP information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2020-27872 |
۶.۳ |
Netgear R7450 mini_httpd improper authorization |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-27873 |
۴.۳ |
Netgear R7450 SOAP API endpoint access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-8294 |
۳.۵ |
Nextcloud Server Markdown cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-1072 |
۳.۸ |
NVIDIA GeForce Experience GameStream rxdiag.dll denial of service |
$۰-$۵k |
Official Fix |
|
CVE-2021-21436 |
۳.۵ |
OTRS OTRSCIsInCustomerFrontend Config Item access control |
$۰-$۵k |
Not Defined |
|
CVE-2020-1779 |
۲.۱ |
OTRS OTRSTicketForms Dynamic Template information disclosure |
$۰-$۵k |
Not Defined |
|
CVE-2021-21434 |
۲.۴ |
OTRS Survey Agent Interface cross site scripting |
$۰-$۵k |
Not Defined |
|
CVE-2021-21435 |
۳.۵ |
OTRS Ticket Print information disclosure |
$۰-$۵k |
Not Defined |
|
CVE-2021-20623 |
۸.۸ |
Panasonic Video Insight VMS Remote Privilege Escalation |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-21702 |
۵.۳ |
PHP SoapClient query null pointer dereference |
$۵k-$25k |
Official Fix |
|
CVE-2020-13564 |
۳.۵ |
phpGACL HTTP Request cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-13563 |
۳.۵ |
phpGACL HTTP Request cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-13562 |
۳.۵ |
phpGACL Template cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-10552 |
۶.۳ |
Psyprax Firebird Database access control |
$۰-$۵k |
Official Fix |
|
CVE-2020-10553 |
۶.۳ |
Psyprax Lockscreen PPScreen.ini permission |
$۰-$۵k |
Official Fix |
|
CVE-2020-10554 |
۳.۱ |
Psyprax Password inadequate encryption |
$۰-$۵k |
Official Fix |
|
CVE-2021-3392 |
۴.۳ |
QEMU SCSI IO Request mptsas.c mptsas_process_scsi_io_request use after free |
$۵k-$25k |
Official Fix |
|
CVE-2020-17380 |
۵.۷ |
QEMU SDHCI Device Emulator sdhci.c sdhci_sdma_transfer_multi_blocks denial of service |
$۲k-$5k |
Not Defined |
|
CVE-2020-2507 |
۷.۳ |
QNAP QTS Helpdesk access control |
$۲k-$5k |
Official Fix |
|
CVE-2020-2506 |
۹.۸ |
QNAP QTS Helpdesk os command injection |
$۲k-$5k |
Official Fix |
|
CVE-2020-29164 |
۳.۵ |
RainbowFish PacsOne Server cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2020-29166 |
۴.۳ |
RainbowFish PacsOne Server information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2020-29163 |
۶.۳ |
RainbowFish PacsOne Server sql injection |
$۱k-$2k |
Official Fix |
|
CVE-2020-25853 |
۵.۵ |
Realtek RTL8195A WPA2 Handshake CheckMic stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2020-25857 |
۵.۵ |
Realtek RTL8195A WPA2 Handshake ClientEAPOLKeyRecvd stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2020-25856 |
۶.۳ |
Realtek RTL8195A WPA2 Handshake DecWPA2KeyData stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2020-25854 |
۶.۳ |
Realtek RTL8195A WPA2 Handshake DecWPA2KeyData stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2020-14312 |
۶.۳ |
Red Hat Enterprise Linux dnsmasq access control |
$۵k-$25k |
Official Fix |
|
CVE-2021-26711 |
۶.۳ |
Redwood Report2Web default.htm injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-26710 |
۳.۵ |
Redwood Report2Web signIn.do cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-18713 |
۶.۳ |
RockOA customerAction.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-18716 |
۶.۳ |
RockOA wordAction.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-18714 |
۶.۳ |
RockOA wordModel.php getdata sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-27249 |
۶.۳ |
SoftMaker Office PlanMaker heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2020-27248 |
۶.۳ |
SoftMaker Office PlanMaker heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2020-27247 |
۶.۳ |
SoftMaker Office PlanMaker heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2020-13586 |
۶.۳ |
SoftMaker Office PlanMaker heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2020-13580 |
۶.۳ |
SoftMaker Office PlanMaker heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2020-13579 |
۶.۳ |
SoftMaker Office PlanMaker integer underflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-25274 |
۹.۸ |
SolarWinds Orion Platform MSMQ permission |
$۲k-$5k |
Official Fix |
|
CVE-2021-25275 |
۷.۸ |
SolarWinds Orion Platform SQL Server Backend access control |
$۰-$۱k |
Official Fix |
|
CVE-2020-35482 |
۵.۴ |
SolarWinds Serv-U cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2020-28001 |
۵.۴ |
SolarWinds Serv-U cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-25276 |
۶.۳ |
SolarWinds Serv-U Home Directory permission |
$۲k-$5k |
Official Fix |
|
CVE-2020-35481 |
۶.۳ |
SolarWinds Serv-U Macro injection |
$۲k-$5k |
Official Fix |
|
CVE-2020-27994 |
۵.۵ |
SolarWinds Serv-U pathname traversal |
$۱k-$2k |
Official Fix |
|
CVE-2021-20016 |
۷.۳ |
SonicWall SSLVPN SMA100 sql injection |
$۲k-$5k |
Not Defined |
|
CVE-2020-11920 |
۶.۶ |
Svakom Siime Eye NFS Settings Menu IP os command injection |
$۰-$۵k |
Not Defined |
|
CVE-2020-11915 |
۶.۴ |
Svakom Siime Eye Web Server hard-coded password |
$۰-$۵k |
Not Defined |
|
CVE-2019-20470 |
۵.۳ |
TK-Star Q90 Junior GPS Horloge Communication Channel hard-coded password |
$۱k-$2k |
Not Defined |
|
CVE-2019-20471 |
۶.۳ |
TK-Star Q90 Junior GPS Horloge hard-coded password |
$۱k-$2k |
Not Defined |
|
CVE-2019-20468 |
۵.۵ |
TK-Star Q90 Junior GPS Horloge SeTracker2 permission |
$۱k-$2k |
Not Defined |
|
CVE-2019-20473 |
۳.۹ |
TK-Star Q90 Junior GPS Horloge SIM Card PIN locking |
$۰-$۱k |
Not Defined |
|
CVE-2020-28494 |
۷.۳ |
total.js image.stream injection |
$۲k-$5k |
Official Fix |
|
CVE-2020-28495 |
۷.۳ |
total.js set code injection |
$۲k-$5k |
Official Fix |
|
CVE-2021-25227 |
۵.۳ |
Trend Micro Antivirus Scanning Engine memory allocation |
$۵k-$10k |
Official Fix |
|
CVE-2021-25243 |
۴.۳ |
Trend Micro Apex One access control |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-25242 |
۴.۳ |
Trend Micro Apex One access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-25240 |
۴.۳ |
Trend Micro Apex One access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-25239 |
۴.۳ |
Trend Micro Apex One access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-25237 |
۴.۳ |
Trend Micro Apex One access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-25233 |
۴.۳ |
Trend Micro Apex One access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-25231 |
۴.۳ |
Trend Micro Apex One access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-25228 |
۴.۳ |
Trend Micro Apex One access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-25234 |
۴.۳ |
Trend Micro Apex One Configuration File access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-25246 |
۳.۱ |
Trend Micro Apex One information disclosure |
$۵k-$10k |
Not Defined |
|
CVE-2021-25249 |
۵.۳ |
Trend Micro Apex One out-of-bounds write |
$۵k-$10k |
Not Defined |
|
CVE-2021-25232 |
۴.۳ |
Trend Micro Apex One/OfficeScan XG access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-25230 |
۴.۳ |
Trend Micro Apex One/OfficeScan XG access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-25229 |
۴.۳ |
Trend Micro Apex One/OfficeScan XG access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-25235 |
۴.۳ |
Trend Micro Apex One/OfficeScan XG Configuration File access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-25248 |
۳.۵ |
Trend Micro Apex One/OfficeScan/Worry-Free Business Security Named Pipe out-of-bounds read |
$۲k-$5k |
Not Defined |
|
CVE-2021-25241 |
۴.۳ |
Trend Micro Apex One/Worry-Free Business Security server-side request forgery |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-25238 |
۴.۳ |
Trend Micro OfficeScan XG/Worry-Free Business Security information disclosure |
$۵k-$10k |
Not Defined |
|
CVE-2021-25236 |
۴.۳ |
Trend Micro OfficeScan XG/Worry-Free Business Security server-side request forgery |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-25245 |
۴.۳ |
Trend Micro Worry-Free Business Security access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-25244 |
۴.۳ |
Trend Micro Worry-Free Business Security access control |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-25036 |
۶.۳ |
UCOPIA Wi-Fi Appliance Administration Shell CLI sandbox |
$۲k-$5k |
Not Defined |
|
CVE-2020-25035 |
۸.۰ |
UCOPIA Wi-Fi Appliance chroothole_client unknown vulnerability |
$۲k-$5k |
Not Defined |
|
CVE-2020-25037 |
۶.۸ |
UCOPIA Wi-Fi Appliance Command unknown vulnerability |
$۲k-$5k |
Not Defined |
|
CVE-2020-28895 |
۷.۳ |
Wind River VxWorks calloc memory corruption |
$۲k-$5k |
Not Defined |
|
CVE-2021-26754 |
۶.۳ |
wpDataTables sql injection |
$۰-$۵k |
Official Fix |
|
CVE-2020-20289 |
۶.۳ |
yccms no_top sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-20290 |
۵.۵ |
yccms pathname traversal |
$۱k-$2k |
Not Defined |
|
CVE-2020-20287 |
۶.۳ |
yccms xhUp unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2021-25910 |
۵.۳ |
ZIV Automation 4CCT-EA6-334126BF improper authentication |
$۰-$۱k |
Not Defined |
|
CVE-2021-25909 |
۵.۳ |
ZIV Automation 4CCT-EA6-334126BF Service Port 7919 denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2020-35765 |
۶.۳ |
Zoho ManageEngine Applications Manager com.adventnet.appmanager.filter.UriCollector showresource.do sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-28653 |
۶.۳ |
Zoho ManageEngine OpManager Smart Update Manager Servlet Remote Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2019-16268 |
۶.۳ |
Zoho ManageEngine Remote Access Plus User Administration Screen injection |
$۲k-$5k |
Not Defined |
|
CVE-2020-10858 |
۵.۵ |
Zulip Desktop Request permission |
$۰-$۵k |
Official Fix |
|
CVE-2020-10857 |
۶.۳ |
Zulip Desktop shell.openItem Remote Privilege Escalation |
$۰-$۵k |
Official Fix |
