آسیب‌پذیری‌های حیاتی هفته سوم اسفند‌ماه

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Microsoft گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد. همچنین در محصولات شرکت‌های Netgear، VMware، Apache، Google، SAMSUNG وکرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری	امتیاز مبنا	عنوان آسیب‌پذیری	ارزش روز صفر	رفع آسیب‌پذیری
CVE-2021-27730	۹.۸	Accellion FTA Admin Endpoint argument injection	$۱k-$2k	Official Fix
CVE-2021-27731	۶.۱	Accellion FTA User Endpoint cross site scripting	$۰-$۱k	Official Fix
CVE-2020-13554	۷.۸	Advantech WebAccess/SCADA access control	$۲k-$5k	Not Defined
CVE-2021-26293	۵.۵	AfterLogic Aurora/WebMail Pro DAV DAVServer.php pathname traversal	$۱k-$2k	Not Defined
CVE-2021-26294	۵.۵	AfterLogic Aurora/WebMail Pro settings.xml path traversal	$۰-$۵k	Not Defined
CVE-2020-1936	۶.۱	Apache Ambari Views cross site scripting	$۲k-$5k	Not Defined
CVE-2020-9479	۵.۵	Apache AsterixDB UDF Deployment path traversal	$۵k-$10k	Official Fix
CVE-2021-27907	۳.۵	Apache Superset Dashboard cross site scripting	$۰-$۵k	Not Defined
CVE-2021-25122	۷.۵	Apache Tomcat h2c Connection information disclosure	$۵k-$10k	Not Defined
CVE-2021-25329	۹.۸	Apache Tomcat Incomplete Fix CVE-2020-9484 deserialization	$۱۰k-$25k	Not Defined
CVE-2021-26966	۶.۳	Aruba AirWave Management Platform API sql injection	$۰-$۵k	Official Fix
CVE-2021-26963	۸.۸	Aruba AirWave Management Platform CLI Remote Privilege Escalation	$۰-$۵k	Official Fix
CVE-2021-26962	۶.۳	Aruba AirWave Management Platform CLI Remote Privilege Escalation	$۰-$۵k	Official Fix
CVE-2021-26965	۶.۳	Aruba AirWave Management Platform sql injection	$۰-$۵k	Official Fix
CVE-2021-26968	۳.۵	Aruba AirWave Management Platform Web-based Management Interface cross site scripting	$۰-$۵k	Official Fix
CVE-2021-26967	۳.۵	Aruba AirWave Management Platform Web-based Management Interface cross site scripting	$۰-$۵k	Official Fix
CVE-2021-26961	۴.۳	Aruba AirWave Management Platform Web-based Management Interface cross-site request forgery	$۰-$۵k	Official Fix
CVE-2021-26960	۴.۳	Aruba AirWave Management Platform Web-based Management Interface cross-site request forgery	$۰-$۵k	Official Fix
CVE-2021-26964	۶.۳	Aruba AirWave Management Platform Web-based Management Interface improper authentication	$۰-$۵k	Official Fix
CVE-2021-26971	۶.۳	Aruba AirWave Management Platform Web-based Management Interface os command injection	$۰-$۵k	Official Fix
CVE-2021-26970	۶.۳	Aruba AirWave Management Platform Web-based Management Interface os command injection	$۰-$۵k	Official Fix
CVE-2021-26969	۴.۳	Aruba AirWave Management Platform Web-based Management Interface xml entity expansion	$۰-$۵k	Official Fix
CVE-2020-28657	۹.۸	bPanel Administrative Ajax Endpoint aj_*.php sql injection	$۱k-$2k	Not Defined
CVE-2020-28601	۳.۵	CGAL libcgal Nef polygon-parsing PM_io_parser.h read_vertex out-of-bounds read	$۰-$۱k	Not Defined
CVE-2020-35636	۵.۵	CGAL libcgal Nef polygon-parsing SNC_io_parser.h read_sface out-of-bounds read	$۰-$۱k	Not Defined
CVE-2020-35628	۵.۵	CGAL libcgal Nef polygon-parsing SNC_io_parser.h read_sloop out-of-bounds read	$۰-$۱k	Not Defined
CVE-2020-28636	۵.۵	CGAL libcgal Nef polygon-parsing SNC_io_parser.h read_sloop out-of-bounds read	$۰-$۱k	Not Defined
CVE-2020-35327	۶.۳	Courier Management System admin_class.php sql injection	$۱k-$2k	Not Defined
CVE-2020-35328	۴.۴	Courier Management System cross site scripting	$۰-$۱k	Not Defined
CVE-2020-35329	۶.۴	Courier Management System sql injection	$۱k-$2k	Not Defined
CVE-2021-21513	۸.۶	Dell EMC OpenManage Server Administrator Distributed Web Server improper authentication	$۱۰k-$25k	Not Defined
CVE-2021-21514	۴.۹	Dell EMC OpenManage Server Administrator path traversal	$۵k-$10k	Not Defined
CVE-2021-21515	۹.۰	Dell EMC SourceOne cross site scripting	$۲k-$5k	Not Defined
CVE-2021-21517	۷.۲	Dell EMC SRS Policy Manager XML Parser xml external entity reference	$۱۰k-$25k	Not Defined
CVE-2021-27314	۹.۸	Doctor Appointment System admin.php sql injection	$۲k-$5k	Not Defined
CVE-2021-27318	۶.۱	Doctor Appointment System contactus.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-27317	۶.۱	Doctor Appointment System contactus.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-26475	۶.۱	EPrints cal cross site scripting	$۰-$۱k	Official Fix
CVE-2021-26702	۶.۱	EPrints dataset_dictionary cross site scripting	$۰-$۱k	Official Fix
CVE-2021-26703	۸.۰	EPrints JSON phrase xml external entity reference	$۱k-$2k	Official Fix
CVE-2021-3342	۸.۰	EPrints Latex os command injection	$۲k-$5k	Not Defined
CVE-2021-26476	۹.۸	EPrints Latex os command injection	$۲k-$5k	Official Fix
CVE-2021-26704	۸.۸	EPrints toolbox os command injection	$۲k-$5k	Official Fix
CVE-2021-24032	۵.۵	Facebook Zstandard permission	$۱۰k-$25k	Official Fix
CVE-2021-24031	۵.۵	Facebook Zstandard permission	$۱۰k-$25k	Official Fix
CVE-2021-21322	۱۰.۰	fastify-http-proxy escape output	$۲k-$5k	Official Fix
CVE-2021-21321	۱۰.۰	fastify-reply-from HTTP Request escape output	$۲k-$5k	Official Fix
CVE-2021-22638	۶.۳	Fatek FvDesigner Project File out-of-bounds read	$۱k-$2k	Not Defined
CVE-2021-22683	۶.۳	Fatek FvDesigner Project File out-of-bounds write	$۲k-$5k	Not Defined
CVE-2021-22666	۶.۳	Fatek FvDesigner Project File stack-based overflow	$۲k-$5k	Not Defined
CVE-2021-22670	۶.۳	Fatek FvDesigner Project File uninitialized pointer	$۲k-$5k	Not Defined
CVE-2021-22662	۶.۳	Fatek FvDesigner Project File use after free	$۲k-$5k	Not Defined
CVE-2020-15938	۴.۰	Fortinet FortiGate HTTP Header unknown vulnerability	$۲k-$5k	Official Fix
CVE-2020-15937	۴.۷	Fortinet FortiGate Log Dashboard cross site scripting	$۰-$۱k	Official Fix
CVE-2021-22128	۷.۱	Fortinet FortiProxy SSL VPN Portal access control	$۲k-$5k	Official Fix
CVE-2021-25306	۷.۵	Gigaset DX600A AT Command buffer overflow	$۲k-$5k	Workaround
CVE-2021-25309	۳.۷	Gigaset DX600A Telnet Administrator Service excessive authentication	$۱k-$2k	Not Defined
CVE-2021-22862	۵.۵	GitHub Enterprise Server Fork improper authorization	$۱k-$2k	Official Fix
CVE-2021-22863	۵.۵	GitHub Enterprise Server GraphQL API improper authorization	$۱k-$2k	Official Fix
CVE-2020-10519	۵.۵	GitHub Enterprise Server Parser Configuration command injection	$۲k-$5k	Official Fix
CVE-2021-22861	۶.۳	GitHub Enterprise Server REST API improper authorization	$۲k-$5k	Official Fix
CVE-2021-22188	۵.۳	GitLab Community Edition/Enterprise Edition Branch Log information disclosure	$۱k-$2k	Not Defined
CVE-2021-22183	۴.۱	GitLab Community Edition/Enterprise Edition Epics Page cross site scripting	$۰-$۱k	Not Defined
CVE-2021-22189	۵.۹	GitLab Community Edition/Enterprise Edition improper authentication	$۱k-$2k	Not Defined
CVE-2021-22182	۵.۴	GitLab Community Edition/Enterprise Edition Merge Request cross site scripting	$۰-$۱k	Not Defined
CVE-2021-22187	۴.۳	GitLab Community Edition/Enterprise Edition Project resource consumption	$۰-$۱k	Official Fix
CVE-2021-21313	۴.۹	GLPI common.tabs.php cross site scripting	$۰-$۱k	Official Fix
CVE-2021-21312	۵.۴	GLPI Document Upload document.form.php cross site scripting	$۰-$۱k	Official Fix
CVE-2021-21327	۶.۸	GLPI dropdownConnect.php getItemForItemtype injection	$۲k-$5k	Official Fix
CVE-2021-21258	۶.۸	GLPI kanban.php cross site scripting	$۰-$۱k	Official Fix
CVE-2021-21255	۵.۸	GLPI resource injection	$۱k-$2k	Official Fix
CVE-2021-21314	۵.۴	GLPI Ticket Update cross site scripting	$۰-$۱k	Official Fix
CVE-2021-21168	۶.۳	Google Chrome AppCache Remote Code Execution	$۵۰k-$100k	Official Fix
CVE-2021-21166	۶.۳	Google Chrome Audio Remote Code Execution	$۵۰k-$100k	Official Fix
CVE-2021-21165	۶.۳	Google Chrome Audio Remote Code Execution	$۵۰k-$100k	Official Fix
CVE-2021-21181	۳.۱	Google Chrome Autofill information disclosure	$۲۵k-$50k	Official Fix
CVE-2021-21177	۶.۳	Google Chrome Autofill Remote Code Execution	$۵۰k-$100k	Official Fix
CVE-2021-21188	۶.۳	Google Chrome Blink use after free	$۵۰k-$100k	Official Fix
CVE-2021-21167	۶.۳	Google Chrome Bookmarks use after free	$۵۰k-$100k	Official Fix
CVE-2021-21178	۶.۳	Google Chrome Compositing Remote Code Execution	$۵۰k-$100k	Official Fix
CVE-2021-21185	۶.۳	Google Chrome Extensions Remote Code Execution	$۵۰k-$100k	Official Fix
CVE-2021-21172	۶.۳	Google Chrome File System API Remote Code Execution	$۵۰k-$100k	Official Fix
CVE-2021-21176	۶.۳	Google Chrome Full Screen Mode Remote Code Execution	$۵۰k-$100k	Official Fix
CVE-2021-21170	۶.۳	Google Chrome Loader Remote Code Execution	$۵۰k-$100k	Official Fix
CVE-2021-21182	۶.۳	Google Chrome Navigation Remote Code Execution	$۵۰k-$100k	Official Fix
CVE-2021-21173	۳.۱	Google Chrome Network Internals information disclosure	$۲۵k-$50k	Official Fix
CVE-2021-21179	۶.۳	Google Chrome Network Internals use after free	$۵۰k-$100k	Official Fix
CVE-2020-27844	۷.۰	Google Chrome OpenJPEG heap-based overflow	$۵۰k-$100k	Official Fix
CVE-2021-21189	۵.۵	Google Chrome Payments unknown vulnerability	$۵۰k-$100k	Official Fix
CVE-2021-21190	۶.۳	Google Chrome PDFium uninitialized pointer	$۵۰k-$100k	Official Fix
CVE-2021-21184	۶.۳	Google Chrome Performance API Remote Code Execution	$۵۰k-$100k	Official Fix
CVE-2021-21183	۶.۳	Google Chrome Performance API Remote Code Execution	$۵۰k-$100k	Official Fix
CVE-2021-21186	۵.۵	Google Chrome QR Scanning unknown vulnerability	$۵۰k-$100k	Official Fix
CVE-2021-21163	۶.۳	Google Chrome Reader Mode Remote Code Execution	$۵۰k-$100k	Official Fix
CVE-2021-21174	۶.۳	Google Chrome Referrer Remote Code Execution	$۵۰k-$100k	Official Fix
CVE-2021-21164	۶.۳	Google Chrome Remote Code Execution	$۵۰k-$100k	Official Fix
CVE-2021-21175	۶.۳	Google Chrome Site Isolation sandbox	$۵۰k-$100k	Official Fix
CVE-2021-21180	۶.۳	Google Chrome Tab Search use after free	$۵۰k-$100k	Official Fix
CVE-2021-21161	۶.۳	Google Chrome TabStrip heap-based overflow	$۵۰k-$100k	Official Fix
CVE-2021-21159	۶.۳	Google Chrome TabStrip heap-based overflow	$۵۰k-$100k	Official Fix
CVE-2021-21171	۶.۳	Google Chrome TabStrip/Navigation Remote Code Execution	$۵۰k-$100k	Official Fix
CVE-2021-21187	۵.۵	Google Chrome URL Format unknown vulnerability	$۵۰k-$100k	Official Fix
CVE-2021-21169	۶.۳	Google Chrome V8 out-of-bounds read	$۲۵k-$50k	Official Fix
CVE-2021-21160	۶.۳	Google Chrome WebAudio heap-based overflow	$۵۰k-$100k	Official Fix
CVE-2021-21162	۶.۳	Google Chrome WebRTC use after free	$۵۰k-$100k	Official Fix
CVE-2020-14372	۷.۸	grub2 ACPI Command memory corruption	$۲k-$5k	Official Fix
CVE-2021-20233	۵.۵	grub2 Calculation Setparam_prefix out-of-bounds write	$۲k-$5k	Official Fix
CVE-2020-27749	۵.۵	grub2 Command Line stack-based overflow	$۲k-$5k	Official Fix
CVE-2020-27779	۵.۵	grub2 cutmem Command memory corruption	$۲k-$5k	Official Fix
CVE-2021-20225	۵.۵	grub2 Options out-of-bounds write	$۲k-$5k	Official Fix
CVE-2020-25632	۵.۵	grub2 rmmod use after free	$۲k-$5k	Official Fix
CVE-2020-25647	۴.۳	grub2 USB Device Initialization memory corruption	$۰-$۱k	Official Fix
CVE-2021-22294	۴.۳	HarmonyOS Component API permission	$۲k-$5k	Not Defined
CVE-2021-22296	۳.۳	HarmonyOS Filesystem denial of service	$۰-$۱k	Not Defined
CVE-2020-4725	۳.۵	IBM Cloud APM APM UI cross site scripting	$۲k-$5k	Not Defined
CVE-2020-4719	۲.۷	IBM Cloud APM DNS Query unknown vulnerability	$۱۰k-$25k	Not Defined
CVE-2020-4726	۳.۳	IBM Cloud APM information disclosure	$۲k-$5k	Not Defined
CVE-2021-20351	۴.۴	IBM Engineering Web UI cross site scripting	$۲k-$5k	Not Defined
CVE-2021-20350	۴.۴	IBM Engineering Web UI cross site scripting	$۲k-$5k	Not Defined
CVE-2021-20340	۴.۴	IBM Engineering Web UI cross site scripting	$۲k-$5k	Not Defined
CVE-2020-4975	۳.۵	IBM Engineering Web UI cross site scripting	$۲k-$5k	Not Defined
CVE-2020-4866	۴.۴	IBM Engineering Web UI cross site scripting	$۲k-$5k	Not Defined
CVE-2020-4863	۴.۴	IBM Engineering Web UI cross site scripting	$۲k-$5k	Not Defined
CVE-2020-4857	۴.۴	IBM Engineering Web UI cross site scripting	$۲k-$5k	Not Defined
CVE-2020-4856	۴.۴	IBM Engineering Web UI cross site scripting	$۲k-$5k	Not Defined
CVE-2021-20442	۳.۷	IBM Security Verify Bridge external hard-coded credentials	$۵k-$10k	Not Defined
CVE-2021-20441	۳.۷	IBM Security Verify Bridge inadequate encryption	$۵k-$10k	Not Defined
CVE-2021-23126	۳.۹	Joomla!‎ 2FA Secret rand random values	$۲k-$5k	Not Defined
CVE-2021-23127	۵.۸	Joomla!‎ 2FA Secret random values	$۲k-$5k	Not Defined
CVE-2021-26027	۵.۵	Joomla!‎ Category unknown vulnerability	$۱۰k-$25k	Not Defined
CVE-2021-23132	۶.۵	Joomla!‎ com_media path traversal	$۵k-$10k	Not Defined
CVE-2021-23130	۴.۸	Joomla!‎ Feed Field cross site scripting	$۲k-$5k	Not Defined
CVE-2021-23128	۵.۸	Joomla!‎ FOFEncryptRandval random values	$۲k-$5k	Not Defined
CVE-2021-26029	۶.۳	Joomla!‎ Form Filter Remote Privilege Escalation	$۱۰k-$25k	Not Defined
CVE-2021-23129	۴.۸	Joomla!‎ Message cross site scripting	$۲k-$5k	Not Defined
CVE-2021-23131	۶.۵	Joomla!‎ Template Manager input validation	$۱۰k-$25k	Not Defined
CVE-2021-26028	۵.۵	Joomla!‎ ZIP Package path traversal	$۵k-$10k	Not Defined
CVE-2021-27901	۵.۵	LG Mobile Device Fingerprint unknown vulnerability	$۱۰k-$25k	Not Defined
CVE-2020-25639	۵.۵	Linux Kernel GPU Nouveau Driver DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC null pointer dereference	$۲k-$5k	Official Fix
CVE-2021-27365	۴.۳	Linux Kernel iSCSI Data Structure iscsi_host_get_param information disclosure	$۵k-$25k	Official Fix
CVE-2021-27363	۴.۳	Linux Kernel iSCSI Transport scsi_transport_iscsi.c information disclosure	$۵k-$25k	Official Fix
CVE-2021-27364	۵.۵	Linux Kernel Netlink Message scsi_transport_iscsi.c iscsi_if_recv_msg unknown vulnerability	$۵k-$25k	Official Fix
CVE-2020-12530	۴.۳	MB Connect Line mymbCONNECT24/mbCONNECT24 GET Parameter redirect.php cross site scripting	$۰-$۱k	Official Fix
CVE-2020-12529	۵.۸	MB Connect Line mymbCONNECT24/mbCONNECT24 LDAP server-side request forgery	$۲k-$5k	Official Fix
CVE-2020-12527	۶.۵	MB Connect Line mymbCONNECT24/mbCONNECT24 privileges management	$۲k-$5k	Official Fix
CVE-2020-12528	۶.۵	MB Connect Line mymbCONNECT24/mbCONNECT24 web2go Session privileges management	$۲k-$5k	Official Fix
CVE-2021-27065	۷.۸	Microsoft Exchange Server Remote Code Execution	$۲۵k-$50k	Official Fix
CVE-2021-26858	۷.۸	Microsoft Exchange Server Remote Code Execution	$۲۵k-$50k	Official Fix
CVE-2021-26857	۷.۸	Microsoft Exchange Server Remote Code Execution	$۲۵k-$50k	Official Fix
CVE-2021-27078	۷.۲	Microsoft Exchange Server Remote Privilege Escalation	$۲۵k-$50k	Official Fix
CVE-2021-26854	۶.۶	Microsoft Exchange Server Remote Privilege Escalation	$۲۵k-$50k	Official Fix
CVE-2021-26412	۹.۱	Microsoft Exchange Server Remote Privilege Escalation	$۲۵k-$50k	Official Fix
CVE-2021-26855	۹.۱	Microsoft Exchange Server unknown vulnerability	$۵۰k-$100k	Official Fix
CVE-2021-27904	۵.۵	MISP SharingGroupServer.php access control	$۱k-$2k	Not Defined
CVE-2018-25004	۴.۹	MongoDB Generic Explain Command denial of service	$۰-$۱k	Official Fix
CVE-2020-7929	۶.۵	MongoDB Regex denial of service	$۰-$۱k	Official Fix
CVE-2021-20665	۳.۵	Movable Type Add Asset Screen cross site scripting	$۰-$۱k	Official Fix
CVE-2021-20664	۳.۵	Movable Type Asset Registration Screen cross site scripting	$۰-$۱k	Official Fix
CVE-2021-20663	۳.۵	Movable Type Role Authority Setting cross site scripting	$۰-$۱k	Official Fix
CVE-2021-26988	۳.۵	NetApp Clustered Data ONTAP information disclosure	$۰-$۱k	Official Fix
CVE-2021-26989	۴.۳	NetApp Clustered Data ONTAP SMB Access denial of service	$۰-$۱k	Official Fix
CVE-2021-27256	۸.۸	Netgear R7800 apply_save.cgi improper authentication	$۵k-$25k	Not Defined
CVE-2021-27254	۶.۳	Netgear R7800 Endpoint apply_save.cgi hard-coded key	$۵k-$25k	Not Defined
CVE-2021-27255	۶.۳	Netgear R7800 Endpoint refresh_status.aspx missing authentication	$۵k-$25k	Not Defined
CVE-2021-27257	۶.۵	Netgear R7800 FTP certificate validation	$۵k-$25k	Not Defined
CVE-2021-22877	۵.۵	NextCloud access control	$۱k-$2k	Official Fix
CVE-2020-8296	۲.۶	Nextcloud Server credentials storage	$۱k-$2k	Official Fix
CVE-2021-22878	۳.۵	Nextcloud Server Notification cross site scripting	$۰-$۱k	Official Fix
CVE-2021-22884	۵.۵	Node.js DNS Server hosts dns rebinding	$۱k-$2k	Official Fix
CVE-2021-22883	۳.۵	Node.js File Descriptor Limit resource consumption	$۰-$۱k	Official Fix
CVE-2021-25829	۷.۵	ONLYOFFICE DocumentServer Code Module denial of service	$۰-$۱k	Not Defined
CVE-2021-25832	۷.۸	ONLYOFFICE DocumentServer Core Module heap-based overflow	$۲k-$5k	Not Defined
CVE-2021-25831	۷.۸	ONLYOFFICE DocumentServer Core Module Remote Privilege Escalation	$۲k-$5k	Not Defined
CVE-2021-25830	۷.۸	ONLYOFFICE DocumentServer Core Module Remote Privilege Escalation	$۲k-$5k	Not Defined
CVE-2021-25833	۷.۸	ONLYOFFICE DocumentServer Server Module Remote Privilege Escalation	$۲k-$5k	Not Defined
CVE-2021-28041	۴.۶	OpenSSH ssh-agent double free	$۲۵k-$100k	Official Fix
CVE-2021-2138	۴.۶	Oracle Cloud Infrastructure Data Science Notebook Sessions Local Privilege Escalation	$۰-$۱k	Not Defined
CVE-2021-27921	۳.۵	Pillow BLP Container memory allocation	$۰-$۱k	Official Fix
CVE-2021-27923	۳.۵	Pillow ICO Container memory allocation	$۰-$۱k	Official Fix
CVE-2021-27922	۳.۵	Pillow Image memory allocation	$۰-$۱k	Official Fix
CVE-2020-24914	۷.۳	QCubed POST Request profile.php deserialization	$۲k-$5k	Not Defined
CVE-2020-24912	۴.۳	QCubed profile.php cross site scripting	$۰-$۱k	Not Defined
CVE-2020-24913	۸.۵	QCubed profile.php sql injection	$۲k-$5k	Not Defined
CVE-2021-25348	۳.۳	Samsung Internet Permission permission	$۰-$۱k	Official Fix
CVE-2021-25347	۵.۳	Samsung Mobile Device Email App improper authentication	$۰-$۱k	Official Fix
CVE-2021-25345	۴.۳	Samsung Mobile Device hwcomposer denial of service	$۰-$۱k	Official Fix
CVE-2021-25340	۴.۳	Samsung Mobile Device Keyboard access control	$۰-$۱k	Official Fix
CVE-2021-25344	۳.۳	Samsung Mobile Device knox_custom Service permission	$۰-$۱k	Official Fix
CVE-2021-25343	۶.۱	Samsung Mobile Device memory corruption	$۰-$۱k	Official Fix
CVE-2021-25346	۶.۳	Samsung Mobile Device quram Library memory corruption	$۲k-$5k	Official Fix
CVE-2021-25334	۵.۰	Samsung Mobile Devices Application denial of service	$۰-$۱k	Official Fix
CVE-2021-25337	۴.۸	Samsung Mobile Devices Clipboard Service access control	$۱k-$2k	Official Fix
CVE-2021-25339	۶.۱	Samsung Mobile Devices HArx memory corruption	$۰-$۱k	Official Fix
CVE-2021-25335	۲.۴	Samsung Mobile Devices Lockscreen access control	$۰-$۱k	Official Fix
CVE-2021-25336	۴.۸	Samsung Mobile Devices NotificationManagerService privileges management	$۱k-$2k	Official Fix
CVE-2021-25338	۶.۱	Samsung Mobile Devices RKP access control	$۰-$۱k	Official Fix
CVE-2021-25330	۳.۵	Samsung MobileWips App denial of service	$۰-$۱k	Official Fix
CVE-2021-25333	۲.۱	Samsung Pay Mini Application Lockscreen access control	$۰-$۱k	Official Fix
CVE-2021-25332	۲.۴	Samsung Pay Mini Application Lockscreen access control	$۰-$۱k	Official Fix
CVE-2021-25331	۲.۴	Samsung Pay Mini Application Lockscreen access control	$۰-$۱k	Official Fix
CVE-2021-25341	۳.۷	Samsung S Assistant denial of service	$۰-$۱k	Official Fix
CVE-2021-25342	۳.۳	Samsung SMP SDK Provider denial of service	$۰-$۱k	Official Fix
CVE-2019-18351	۷.۳	Sangoma Asterisk SIP Request chan_sip.c improper authentication	$۱k-$2k	Not Defined
CVE-2021-28031	۹.۸	scratchpad Crate move_elements double free	$۲k-$5k	Official Fix
CVE-2020-29032	۸.۴	Secomea GateManager Firmware improper validation of integrity check value	$۰-$۵k	Official Fix
CVE-2020-29029	۷.۳	Secomea GateManager Web GUI cross site scripting	$۰-$۵k	Official Fix
CVE-2020-29028	۶.۳	Secomea GateManager Web GUI cross site scripting	$۰-$۵k	Official Fix
CVE-2020-29030	۸.۱	Secomea GateManager Web GUI cross-site request forgery	$۰-$۵k	Official Fix
CVE-2020-29020	۹.۱	Secomea SiteManager Web UI access control	$۰-$۵k	Official Fix
CVE-2020-5148	۷.۳	SonicWALL Directory Services Connector SSO Agent improper authentication	$۱k-$2k	Official Fix
CVE-2021-27964	۶.۳	SonLogger POST Request SaveUploadedHotspotLogoFile unrestricted upload	$۲k-$5k	Official Fix
CVE-2021-27963	۷.۳	SonLogger POST Request saveUser improper authentication	$۱k-$2k	Official Fix
CVE-2021-27098	۶.۳	SPIFFE SPIRE FetchX509SVID RPC certificate validation	$۰-$۵k	Official Fix
CVE-2021-27099	۵.۵	SPIFFE SPIRE Node Attestor unknown vulnerability	$۰-$۵k	Official Fix
CVE-2021-28034	۹.۸	stack_dst Crate push_inner double free	$۲k-$5k	Official Fix
CVE-2021-28035	۹.۸	stack_dst Crate push_inner uninitialized pointer	$۲k-$5k	Official Fix
CVE-2021-25315	۹.۸	SuSE Linux Enterprise Server salt improper authentication	$۱۰k-$25k	Official Fix
CVE-2021-25313	۷.۱	SUSE Rancher cross site scripting	$۵k-$10k	Official Fix
CVE-2021-20076	۶.۳	Tenable Tenable.sc/Tenable.sc Core Hypertext Preprocessor Remote Privilege Escalation	$۲k-$5k	Not Defined
CVE-2021-28028	۹.۸	toodee Crate Row Insert double free	$۲k-$5k	Official Fix
CVE-2021-28029	۷.۵	toodee Crate Row Insert uninitialized pointer	$۰-$۱k	Official Fix
CVE-2021-27877	۹.۸	Veritas Backup Exec SHA Authentication improper authentication	$۱k-$2k	Official Fix
CVE-2021-27878	۸.۸	Veritas Backup Exec TLS Communication improper authentication	$۱k-$2k	Official Fix
CVE-2021-27876	۸.۱	Veritas Backup Exec TLS Communication improper authentication	$۱k-$2k	Official Fix
CVE-2021-22114	۴.۶	VMware Spring-integration-zip Incomplete Fix CVE-2018-1263 path traversal	$۵k-$10k	Official Fix
CVE-2021-21978	۶.۳	VMware View Planner logupload Web Application improper authorization	$۱۰k-$25k	Official Fix
CVE-2021-28039	۶.۵	Xen Dom0/Driver Domain denial of service	$۰-$۵k	Not Defined
CVE-2021-28038	۶.۵	Xen Netback Driver denial of service	$۰-$۵k	Not Defined
CVE-2019-18628	۴.۹	Xerox AltaLink C8070 cleartext transmission	$۱k-$2k	Official Fix
CVE-2019-18629	۴.۶	Xerox AltaLink C8070 Clone Install unknown vulnerability	$۲k-$5k	Official Fix
CVE-2019-18630	۳.۳	Xerox AltaLink C8070 Drive Encryption cleartext storage	$۰-$۱k	Official Fix
CVE-2021-3404	۶.۳	ytnef File ytnef.c SwapWord heap-based overflow	$۲k-$5k	Not Defined
CVE-2021-3403	۶.۳	ytnef ytnef.c TNEFSubjectHandler double free	$۲k-$5k	Not Defined
CVE-2020-35594	۳.۵	Zoho ManageEngine ADManager Plus cross site scripting	$۰-$۵k	Official Fix
CVE-2020-29658	۵.۵	Zoho ManageEngine Application Control Plus Nginx Configuration Setting access control	$۱k-$2k	Official Fix
CVE-2020-28050	۶.۳	Zoho ManageEngine Desktop Central Authentication Secret improper authentication	$۰-$۵k	Official Fix
CVE-2021-21725	۳.۵	ZTE H196Q Product information disclosure	$۰-$۵k	Not Defined

خدمات آپا

سایر آسیب پذیری ها

آسیب‌پذیری‌های حیاتی هفته سوم اسفند‌ماه