info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته سوم خردادماه

 

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Cisco  گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد.  همچنین در  محصولات شرکت‌های Nextcloud، McAfee، Apache، Huawei، IBM،  Fortinet  و کرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری

امتیاز مبنا

عنوان آسیب‌پذیری

ارزش روز صفر

رفع آسیب‌پذیری

CVE-2021-30474

۵.۵

AOMedia libaom grain_table.c use after free

$۲k-$5k

Official Fix

CVE-2021-30475

۵.۵

AOMedia libaom noise_model.c buffer overflow

$۲k-$5k

Official Fix

CVE-2021-25641

۷.۳

Apache Dubbo Byte Preamble Flag deserialization

$۱۰k-$25k

Official Fix

CVE-2021-30179

۶.۳

Apache Dubbo Java Reflection API deserialization

$۱۰k-$25k

Official Fix

CVE-2021-25640

۵.۵

Apache Dubbo parseURL server-side request forgery

$۱۰k-$25k

Official Fix

CVE-2021-30181

۵.۵

Apache Dubbo Script Routing unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2021-30180

۵.۵

Apache Dubbo Tag Routing unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-36005

۴.۶

AppCMS app.php denial of service

$۰-$۱k

Not Defined

CVE-2020-36004

۴.۳

AppCMS download_frame.php sql injection

$۱k-$2k

Not Defined

CVE-2020-36006

۴.۶

AppCMS info.php denial of service

$۰-$۱k

Not Defined

CVE-2020-36007

۳.۵

AppCMS tpl_app.php cross site scripting

$۰-$۱k

Not Defined

CVE-2021-32641

۳.۵

Auth0 auth0-lock Sign In cross site scripting

$۰-$۵k

Official Fix

CVE-2021-32662

۴.۳

Backstage TechDocs Documentation path traversal

$۱k-$2k

Official Fix

CVE-2021-32660

۴.۳

Backstage techdocs-common command injection

$۱k-$2k

Official Fix

CVE-2021-24320

۳.۵

Bello Directory & Listing Theme cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24319

۳.۵

Bello Directory & Listing Theme cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24321

۶.۳

Bello Directory & Listing Theme sql injection

$۱k-$2k

Official Fix

CVE-2020-26668

۶.۳

BigTree CMS Create New Feed custom.php sql injection

$۱k-$2k

Not Defined

CVE-2020-26670

۵.۵

BigTree CMS Settings unknown vulnerability

$۲k-$5k

Not Defined

CVE-2020-26669

۳.۵

BigTree CMS update cross site scripting

$۰-$۱k

Not Defined

CVE-2020-36141

۵.۵

BloofoxCMS Content-Type unrestricted upload

$۱k-$2k

Not Defined

CVE-2020-36140

۳.۵

BloofoxCMS cross-site request forgery

$۰-$۱k

Not Defined

CVE-2020-36139

۳.۵

BloofoxCMS Parameter cross site scripting

$۰-$۱k

Not Defined

CVE-2020-36142

۵.۵

BloofoxCMS Parameter pathname traversal

$۱k-$2k

Not Defined

CVE-2021-31249

۵.۵

Chiyu BF-430/BF-431/BF-450M injection

$۰-$۵k

Not Defined

CVE-2021-31250

۳.۵

Chiyu BF-430/BF-431/BF-450M man.cgi cross site scripting

$۰-$۵k

Not Defined

CVE-2021-31251

۷.۳

Chiyu BF-430/BF431/BF-450M/SEMAC Telnet Server improper authentication

$۰-$۵k

Workaround

CVE-2021-31641

۴.۳

Chiyu BF-630 404 Error Message cross site scripting

$۱k-$2k

Official Fix

CVE-2021-31252

۶.۳

Chiyu BF-630 redirect

$۰-$۵k

Not Defined

CVE-2021-31642

۳.۵

Chiyu BIOSENSE/Webpass/BF-630/BF-631/SEMAC Web Portal denial of service

$۰-$۱k

Official Fix

CVE-2021-31643

۳.۵

Chiyu SEMAC/Biosense/BF-630/BF-631/Webpass if.cgi cross site scripting

$۰-$۱k

Official Fix

CVE-2021-1540

۸.۱

Cisco ASR 5000 CLI Command authorization

$۱۰k-$25k

Official Fix

CVE-2021-1539

۸.۱

Cisco ASR 5000 CLI Command authorization

$۱۰k-$25k

Official Fix

CVE-2021-1538

۴.۷

Cisco Common Services Platform Collector os command injection

$۱۰k-$25k

Official Fix

CVE-2021-1528

۷.۸

Cisco SD-WAN CLI unnecessary privileges

$۱۰k-$25k

Official Fix

CVE-2021-1537

۶.۲

Cisco ThousandEyes Recorder Installer insufficiently protected credentials

$۲k-$5k

Official Fix

CVE-2021-1564

۶.۵

Cisco Video Surveillance 7000 Cisco Discovery Protocol resource consumption

$۲k-$5k

Official Fix

CVE-2021-1563

۶.۵

Cisco Video Surveillance 7000 Cisco Discovery Protocol resource consumption

$۲k-$5k

Official Fix

CVE-2021-1544

۵.۵

Cisco Webex Meetings Client Logging information disclosure

$۲k-$5k

Official Fix

CVE-2021-1536

۴.۸

Cisco WebEx Meetings Desktop App uncontrolled search path

$۵k-$10k

Official Fix

CVE-2021-1517

۵.۰

Cisco WebEx Meetings Server Multimedia Viewer protection mechanism

$۱۰k-$25k

Official Fix

CVE-2021-1525

۴.۷

Cisco WebEx Meetings/WebEx Meetings Server Web UI redirect

$۵k-$10k

Official Fix

CVE-2021-1503

۷.۸

Cisco WebEx Network Recording Player/WebEx Player ARF/WRF File memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1502

۷.۸

Cisco WebEx Network Recording Player/WebEx Player ARF/WRF File memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1527

۵.۳

Cisco WebEx Player WRF File memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1526

۷.۸

Cisco WebEx Player WRF File memory corruption

$۱۰k-$25k

Official Fix

CVE-2020-27377

۳.۵

CMS Made Simple Setting News Module cross site scripting

$۰-$۱k

Not Defined

CVE-2021-24322

۳.۵

Database Backup Plugin cross site scripting

$۰-$۱k

Official Fix

CVE-2020-29321

۲.۶

D-Link DIR-868L Telnet Service information disclosure

$۰-$۵k

Not Defined

CVE-2020-29322

۲.۶

D-Link DIR-880L Telnet Service information disclosure

$۰-$۵k

Not Defined

CVE-2020-29323

۲.۶

D-Link DIR-885L-MFC Telnet Service information disclosure

$۰-$۵k

Not Defined

CVE-2020-29324

۲.۶

D-Link DIR-895L MFC Telnet Service information disclosure

$۰-$۵k

Not Defined

CVE-2020-6950

۵.۵

Eclipse Mojarra pathname traversal

$۱k-$2k

Official Fix

CVE-2021-32647

۴.۷

Emissary REST Endpoint injection

$۱k-$2k

Official Fix

CVE-2021-32198

۵.۵

EmTec ZOC unknown vulnerability

$۰-$۵k

Official Fix

CVE-2021-24311

۶.۳

External Media Plugin AJAX Action unrestricted upload

$۲k-$5k

Official Fix

CVE-2020-35442

۶.۳

FDCMS FindexAction.class.php backdoor

$۲k-$5k

Not Defined

CVE-2020-35441

۶.۳

FDCMS Front-End FloginAction.class.php sql injection

$۱k-$2k

Not Defined

CVE-2020-22056

۳.۵

FFmpeg af_acrossover.c config_input memory leak

$۰-$۱k

Not Defined

CVE-2020-22041

۴.۳

FFmpeg av_buffersrc_add_frame_flags memory leak

$۰-$۱k

Not Defined

CVE-2020-22044

۴.۳

FFmpeg aviobuf.c url_open_dyn_buf_internal memory leak

$۰-$۱k

Not Defined

CVE-2020-22054

۴.۳

FFmpeg dict.c av_dict_set memory leak

$۰-$۱k

Not Defined

CVE-2021-33815

۴.۳

FFmpeg exr.c dwa_uncompress out-of-bounds read

$۱k-$2k

Official Fix

CVE-2020-22043

۴.۳

FFmpeg fifo.c fifo_alloc_common memory leak

$۰-$۱k

Not Defined

CVE-2020-22046

۴.۳

FFmpeg float_dsp.c avpriv_float_dsp_allocl memory leak

$۰-$۱k

Not Defined

CVE-2020-22040

۴.۳

FFmpeg frame.c v_frame_alloc memory leak

$۰-$۱k

Not Defined

CVE-2020-22048

۴.۳

FFmpeg framepool.c ff_frame_pool_get memory leak

$۰-$۱k

Not Defined

CVE-2020-22042

۴.۳

FFmpeg graphparser.c link_filter_inouts memory leak

$۰-$۱k

Not Defined

CVE-2020-22039

۴.۳

FFmpeg inavi_add_ientry denial of service

$۰-$۱k

Not Defined

CVE-2020-22037

۴.۳

FFmpeg options.c avcodec_alloc_context3 denial of service

$۰-$۱k

Not Defined

CVE-2020-22038

۴.۳

FFmpeg v4l2_m2m.c ff_v4l2_m2m_create_context memory leak

$۰-$۱k

Not Defined

CVE-2020-22035

۷.۳

FFmpeg vf_bm3d.c get_block_row heap-based overflow

$۲k-$5k

Not Defined

CVE-2020-22036

۶.۳

FFmpeg vf_bwdif.c filter_intra heap-based overflow

$۲k-$5k

Not Defined

CVE-2020-22051

۴.۳

FFmpeg vf_tile.c filter_frame memory leak

$۰-$۱k

Official Fix

CVE-2020-22049

۴.۳

FFmpeg wtvdec.c wtvfile_open_sector memory leak

$۰-$۱k

Official Fix

CVE-2009-0947

۵.۰

file cdf_read_sat integer overflow

$۲k-$5k

Official Fix

CVE-2009-0948

۶.۳

file cdf_read_ssat buffer overflow

$۲k-$5k

Official Fix

CVE-2021-24023

۷.۸

Fortinet FortiAI diagnose Command input validation

$۱k-$2k

Not Defined

CVE-2021-24012

۶.۵

Fortinet FortiGate SSLVPN certificate validation

$۱k-$2k

Not Defined

CVE-2020-6641

۴.۳

Fortinet FortiPresence Administration Interface authorization

$۲k-$5k

Not Defined

CVE-2021-22130

۶.۷

Fortinet FortiProxy CLI stack-based overflow

$۲k-$5k

Not Defined

CVE-2021-26111

۶.۵

Fortinet FortiSwitch Packet resource consumption

$۰-$۱k

Not Defined

CVE-2021-22123

۷.۶

Fortinet FortiWeb Management Interface os command injection

$۲k-$5k

Not Defined

CVE-2021-3530

۳.۵

GNU libiberty Symbol rust-demangle.c demangle_path recursion

$۰-$۱k

Not Defined

CVE-2021-30510

۶.۳

Google Chrome Aura use after free

$۲۵k-$100k

Official Fix

CVE-2021-30514

۵.۰

Google Chrome Autofill use after free

$۲۵k-$100k

Official Fix

CVE-2021-30515

۶.۳

Google Chrome File API use after free

$۲۵k-$100k

Official Fix

CVE-2021-30516

۶.۳

Google Chrome History heap-based overflow

$۲۵k-$100k

Official Fix

CVE-2021-30508

۵.۰

Google Chrome Media Feeds heap-based overflow

$۲۵k-$100k

Official Fix

CVE-2021-30512

۵.۰

Google Chrome Notifications use after free

$۲۵k-$100k

Official Fix

CVE-2021-30507

۵.۰

Google Chrome Offline access control

$۲۵k-$100k

Official Fix

CVE-2021-30519

۵.۰

Google Chrome Payments use after free

$۲۵k-$100k

Official Fix

CVE-2021-30518

۶.۳

Google Chrome Reader Mode heap-based overflow

$۲۵k-$100k

Official Fix

CVE-2021-30511

۵.۰

Google Chrome Tab Groups out-of-bounds read

$۲۵k-$100k

Official Fix

CVE-2021-30509

۵.۰

Google Chrome Tab Strip out-of-bounds write

$۲۵k-$100k

Official Fix

CVE-2021-30520

۵.۰

Google Chrome Tab Strip use after free

$۲۵k-$100k

Official Fix

CVE-2021-30517

۶.۳

Google Chrome V8 type confusion

$۲۵k-$100k

Official Fix

CVE-2021-30513

۶.۳

Google Chrome V8 type confusion

$۲۵k-$100k

Official Fix

CVE-2021-30506

۳.۱

Google Chrome Web App Installs cross site scripting

$۵k-$25k

Official Fix

CVE-2021-26584

۳.۵

HPE OneView for VMware vCenter cross site scripting

$۲k-$5k

Official Fix

CVE-2021-22334

۵.۵

Huawei Smart Phone App access control

$۱۰k-$25k

Not Defined

CVE-2021-22333

۵.۵

Huawei Smart Phone array index

$۱۰k-$25k

Not Defined

CVE-2021-22324

۳.۵

Huawei Smart Phone credentials management

$۵k-$10k

Not Defined

CVE-2021-22317

۳.۵

Huawei Smart Phone Data information disclosure

$۲k-$5k

Not Defined

CVE-2021-22336

۴.۸

Huawei Smart Phone denial of service

$۲k-$5k

Not Defined

CVE-2021-22335

۵.۵

Huawei Smart Phone Image buffer overflow

$۱۰k-$25k

Not Defined

CVE-2021-22313

۳.۵

Huawei Smart Phone information disclosure

$۲k-$5k

Not Defined

CVE-2021-22316

۴.۱

Huawei Smart Phone missing authentication

$۰-$۱k

Not Defined

CVE-2021-22322

۳.۵

Huawei Smart Phone missing authentication

$۵k-$10k

Not Defined

CVE-2021-22308

۳.۳

Huawei Smart Phone Screenshot information disclosure

$۲k-$5k

Not Defined

CVE-2021-22337

۳.۵

Huawei Smart Phone User Click Data information disclosure

$۲k-$5k

Not Defined

CVE-2021-22325

۴.۳

Huawei Smart Phone Video Stream Transmission information disclosure

$۵k-$10k

Not Defined

CVE-2019-4723

۴.۳

IBM Cognos Analytics Autocomplete information disclosure

$۵k-$10k

Not Defined

CVE-2020-4520

۳.۵

IBM Cognos Analytics cross site scripting

$۲k-$5k

Not Defined

CVE-2020-4561

۷.۳

IBM Cognos Analytics DQM API Remote Code Execution

$۱۰k-$25k

Not Defined

CVE-2019-4471

۳.۷

IBM Cognos Analytics missing secure attribute

$۵k-$10k

Not Defined

CVE-2019-4724

۴.۳

IBM Cognos Analytics New Content Backup Page information disclosure

$۵k-$10k

Not Defined

CVE-2019-4722

۴.۳

IBM Cognos Analytics Stack Trace information exposure

$۵k-$10k

Not Defined

CVE-2020-4354

۳.۵

IBM Cognos Analytics Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2019-4653

۳.۵

IBM Cognos Analytics Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2020-4300

۷.۳

IBM Cognos Analytics xml external entity reference

$۱۰k-$25k

Not Defined

CVE-2019-4730

۶.۳

IBM Cognos Analytics xml external entity reference

$۵k-$10k

Not Defined

CVE-2020-4977

۳.۵

IBM Engineering Lifecycle Optimization Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2020-4732

۴.۳

IBM Jazz Foundation/Engineering information disclosure

$۵k-$10k

Not Defined

CVE-2021-20371

۴.۳

IBM Jazz Foundation/Engineering information exposure

$۵k-$10k

Not Defined

CVE-2020-4495

۶.۳

IBM Jazz Foundation/Engineering REST API access control

$۱۰k-$25k

Not Defined

CVE-2021-20348

۶.۳

IBM Jazz Foundation/Engineering server-side request forgery

$۱۰k-$25k

Not Defined

CVE-2021-20347

۶.۳

IBM Jazz Foundation/Engineering server-side request forgery

$۱۰k-$25k

Not Defined

CVE-2021-20346

۶.۳

IBM Jazz Foundation/Engineering server-side request forgery

$۱۰k-$25k

Not Defined

CVE-2021-20345

۶.۳

IBM Jazz Foundation/Engineering server-side request forgery

$۱۰k-$25k

Not Defined

CVE-2021-20343

۶.۳

IBM Jazz Foundation/Engineering server-side request forgery

$۱۰k-$25k

Not Defined

CVE-2021-29670

۳.۵

IBM Jazz Foundation/Engineering Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2021-29668

۳.۵

IBM Jazz Foundation/Engineering Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2021-20338

۳.۵

IBM Jazz Foundation/Engineering Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2020-5030

۳.۵

IBM Jazz Foundation/Engineering Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2021-20380

۳.۷

IBM QRadar Advisor with Watson App cleartext transmission

$۵k-$10k

Not Defined

CVE-2021-20576

۵.۳

IBM Security Verify Access HTTP GET Request denial of service

$۵k-$10k

Not Defined

CVE-2021-20585

۵.۳

IBM Security Verify Access HTTP Header information disclosure

$۵k-$10k

Not Defined

CVE-2021-20575

۳.۳

IBM Security Verify Access information disclosure

$۲k-$5k

Not Defined

CVE-2021-29665

۵.۳

IBM Security Verify Access stack-based overflow

$۵k-$10k

Not Defined

CVE-2021-29740

۷.۳

IBM Spectrum Scale System Core format string

$۱۰k-$25k

Not Defined

CVE-2021-31855

۳.۱

KDE Messagelib Encrypted Message viewer_p.cpp deleteAttachment missing encryption

$۰-$۱k

Not Defined

CVE-2020-17541

۶.۳

libjpeg-turbo Transform stack-based overflow

$۲k-$5k

Not Defined

CVE-2020-24870

۵.۵

LibRaw identify.cpp identify_process_dng_fields stack-based overflow

$۲k-$5k

Official Fix

CVE-2021-3569

۵.۵

libtpms stack-based overflow

$۲k-$5k

Official Fix

CVE-2020-10742

۶.۸

Linux Kernel Direct IO Write buffer overflow

$۱۰k-$25k

Not Defined

CVE-2021-3490

۷.۸

Linux Kernel eBPF ALU32 Bounds Tracking out-of-bounds read

$۱۰k-$25k

Official Fix

CVE-2021-3489

۷.۸

Linux Kernel eBPF RINGBUF bpf_ringbuf_reserve out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-3491

۷.۸

Linux Kernel io_uring Subsystem mem heap-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-3543

۴.۳

Linux Kernel Nitro Enclaves Driver null pointer dereference

$۲k-$5k

Not Defined

CVE-2021-24318

۴.۶

Listeo Theme resource injection

$۱k-$2k

Official Fix

CVE-2021-24317

۳.۵

Listeo Theme Search/Booking Confirmation/Personal Message cross site scripting

$۰-$۱k

Official Fix

CVE-2021-33838

۴.۳

Luca App Check-In State information disclosure

$۱k-$2k

Workaround

CVE-2021-33839

۴.۳

Luca App QR Code information disclosure

$۱k-$2k

Workaround

CVE-2021-33840

۵.۴

Luca Server Phone Number improper validation of integrity check value

$۲k-$5k

Workaround

CVE-2021-23896

۳.۲

McAfee Database Security Administrator Interface cleartext transmission

$۲k-$5k

Official Fix

CVE-2021-23895

۹.۰

McAfee Database Security deserialization

$۱۰k-$25k

Official Fix

CVE-2021-23894

۹.۶

McAfee Database Security deserialization

$۱۰k-$25k

Official Fix

CVE-2021-31831

۴.۹

McAfee Database Security REST API file access

$۱۰k-$25k

Official Fix

CVE-2021-31830

۵.۹

McAfee Database Security Web Page Generation cross site scripting

$۲k-$5k

Official Fix

CVE-2021-22516

۳.۵

Micro Focus Secure API Manager log file

$۰-$۱k

Not Defined

CVE-2021-31701

۵.۵

Mintty Bracketed Paste Mode unknown vulnerability

$۰-$۵k

Official Fix

CVE-2021-28848

۳.۱

Mintty GUI denial of service

$۰-$۱k

Official Fix

CVE-2011-3656

۴.۳

Mozilla Firefox HTTP 0.‎9 Error cross site scripting

$۱۰k-$25k

Official Fix

CVE-2021-26994

۳.۵

NetApp Clustered Data ONTAP denial of service

$۰-$۱k

Official Fix

CVE-2021-32652

۸.۸

NextCloud Mail Mail Metadata permission

$۲k-$5k

Official Fix

CVE-2021-32656

۸.۶

Nextcloud Server Federated Share information disclosure

$۱k-$2k

Official Fix

CVE-2021-32655

۳.۵

Nextcloud Server Federated Share information disclosure

$۰-$۱k

Official Fix

CVE-2021-32653

۲.۷

Nextcloud Server Lookup insertion of sensitive information into sent data

$۱k-$2k

Official Fix

CVE-2021-32654

۸.۱

Nextcloud Server Public Link authorization

$۲k-$5k

Official Fix

CVE-2021-32657

۴.۳

Nextcloud Server User Administration Page denial of service

$۰-$۱k

Official Fix

CVE-2021-23021

۶.۳

Nginx Controller Agent Configuration File agent.conf permission

$۲k-$5k

Official Fix

CVE-2021-23018

۳.۱

Nginx Controller Intra-Cluster Communication cleartext transmission

$۰-$۱k

Official Fix

CVE-2021-23020

۲.۶

Nginx Controller NAAS API Key Generation random values

$۰-$۱k

Official Fix

CVE-2021-23019

۳.۵

Nginx Controller systemd.txt insertion of sensitive information into sent data

$۱k-$2k

Official Fix

CVE-2021-23017

۵.۵

Nginx Open Source/Plus/Ingress Controller Resolver off-by-one

$۲k-$5k

Not Defined

CVE-2020-36009

۳.۵

OBottle g.php information disclosure

$۰-$۱k

Not Defined

CVE-2020-36008

۴.۶

OBottle t.php unknown vulnerability

$۱k-$2k

Not Defined

CVE-2021-32651

۳.۱

OneDev LDAP External Authentication ldap injection

$۱k-$2k

Official Fix

CVE-2021-25932

۳.۵

OpenNMS Horizon/Meridian validateFormInput cross site scripting

$۰-$۱k

Official Fix

CVE-2020-14336

۳.۵

Openshift Container Platform Restricted Security Context Constraints allocation of resources

$۰-$۱k

Not Defined

CVE-2020-35514

۵.۵

OpenShift kubeconfig privileges assignment

$۱k-$2k

Official Fix

CVE-2017-8761

۳.۵

OpenStack Swift Proxy-Server Log information disclosure

$۰-$۱k

Not Defined

CVE-2020-36382

۴.۳

OpenVPN Access Server Authentication Token unusual condition

$۲k-$5k

Not Defined

CVE-2020-15077

۴.۳

OpenVPN Access Server Control Channel Data authentication bypass

$۱k-$2k

Not Defined

CVE-2021-28678

۳.۵

Pillow BLP Data BlpImagePlugin denial of service

$۰-$۱k

Official Fix

CVE-2021-28675

۳.۵

Pillow Data Block PSDImagePlugin.PsdImageFile denial of service

$۰-$۱k

Official Fix

CVE-2021-28677

۳.۵

Pillow EPS File EPSImageFile resource consumption

$۰-$۱k

Official Fix

CVE-2021-28676

۳.۵

Pillow FLI Data FliDecode infinite loop

$۰-$۱k

Official Fix

CVE-2021-25288

۳.۵

Pillow j2ku_gray_i out-of-bounds read

$۰-$۱k

Official Fix

CVE-2021-25287

۳.۵

Pillow j2ku_graya_la out-of-bounds read

$۰-$۱k

Official Fix

CVE-2021-32027

۵.۵

PostgreSQL integer overflow

$۲k-$5k

Official Fix

CVE-2021-3515

۵.۵

PostgreSQL pglogical pglogical.create_subscription command injection

$۱k-$2k

Official Fix

CVE-2021-24333

۳.۵

Prevent Image Save Plugin cross-site request forgery

$۰-$۱k

Not Defined

CVE-2019-12067

۳.۵

QEMU ahci.c ahci_commit_buf denial of service

$۲k-$5k

Not Defined

CVE-2020-27661

۳.۵

QEMU hcd-dwc2 USB Host Controller Emulation hcd-dwc2.c dwc2_handle_packet divide by zero

$۲k-$5k

Official Fix

CVE-2021-3546

۸.۰

QEMU vhost-user-gpu out-of-bounds write

$۱۰k-$25k

Not Defined

CVE-2021-3544

۳.۵

QEMU virtio vhost-user GPU Device vhost-user-gpu.c memory leak

$۲k-$5k

Not Defined

CVE-2021-3545

۳.۵

QEMU virtio vhost-user GPU Device virgl.c virgl_cmd_get_capset_info information disclosure

$۲k-$5k

Not Defined

CVE-2021-28807

۳.۵

QNAP Q'center cross site scripting

$۰-$۱k

Official Fix

CVE-2021-28806

۳.۵

QNAP QTS/QuTS Hero cross site scripting

$۰-$۱k

Official Fix

CVE-2021-28812

۶.۳

QNAP Video Station os command injection

$۲k-$5k

Official Fix

CVE-2020-27301

۶.۳

Realtek RTL8710 WPA2 Handshake AES_UnWRAP stack-based overflow

$۲k-$5k

Not Defined

CVE-2020-27302

۶.۳

Realtek RTL8710 WPA2 Handshake memcpy stack-based overflow

$۲k-$5k

Not Defined

CVE-2020-14388

۶.۳

Red Hat 3scale API Management Platform API Admin Portal permission

$۱۰k-$25k

Not Defined

CVE-2021-3425

۳.۵

Red Hat AMQ Broker log file

$۲k-$5k

Not Defined

CVE-2020-14317

۳.۵

Red Hat JBoss Enterprise Application Platform race condition

$۲k-$5k

Not Defined

CVE-2020-35510

۳.۵

Red Hat jboss-remoting Message resource consumption

$۲k-$5k

Official Fix

CVE-2020-14380

۷.۳

Red Hat Satellite improper authentication

$۱۰k-$25k

Not Defined

CVE-2020-14335

۳.۵

Red Hat Satellite OMAPI Secret information disclosure

$۲k-$5k

Not Defined

CVE-2020-14371

۴.۳

Red Hat Satellite VM information disclosure

$۵k-$10k

Not Defined

CVE-2021-3424

۵.۱

Red Hat Single Sign-On IDN Homograph improper authentication

$۵k-$10k

Not Defined

CVE-2021-33054

۶.۳

SOGo SAML Assertion signature verification

$۱k-$2k

Official Fix

CVE-2020-25362

۵.۰

SourceCodester Online Shopping Alphaware details.php sql injection

$۱k-$2k

Not Defined

CVE-2021-33180

۶.۳

Subsonic Media Server CGI sql injection

$۲k-$5k

Official Fix

CVE-2021-33181

۶.۳

Synolody Video Station WebAPI server-side request forgery

$۲k-$5k

Official Fix

CVE-2021-29088

۵.۳

Synology DiskStation Manager CGI path traversal

$۰-$۱k

Official Fix

CVE-2021-33183

۴.۲

Synology Docker Container Volume Management path traversal

$۲k-$5k

Official Fix

CVE-2021-33184

۴.۳

Synology Download Station Task Management server-side request forgery

$۲k-$5k

Official Fix

CVE-2021-33182

۴.۳

Synology DSM PDF Viewer path traversal

$۱k-$2k

Official Fix

CVE-2021-29091

۵.۴

Synology Photo Station File Management path traversal

$۱k-$2k

Official Fix

CVE-2021-29089

۷.۳

Synology Photo Station Thumbnail sql injection

$۲k-$5k

Official Fix

CVE-2021-29092

۶.۳

Synology Photo Station unrestricted upload

$۲k-$5k

Official Fix

CVE-2021-32460

۵.۳

Trend Micro Maximum Security Installer access control

$۵k-$10k

Not Defined

CVE-2021-32665

۴.۳

Wire Conversation Verification insufficient verification of data authenticity

$۱k-$2k

Official Fix

CVE-2021-32666

۴.۳

Wire Profile Picture denial of service

$۰-$۱k

Official Fix

CVE-2021-24328

۳.۵

WP Login Security and History Plugin cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-24313

۳.۵

WP Prayer Plugin Engine cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24312

۶.۳

WP Super Cache Plugin Incomplete Fix CVE-2021-24209 code injection

$۲k-$5k

Official Fix

CVE-2021-24329

۳.۵

WP Super Cache Plugin Settings cross site scripting

$۰-$۱k

Official Fix

CVE-2020-27748

۳.۱

xdg-utils xdg-email insertion of sensitive information into sent data

$۲k-$5k

Not Defined

CVE-2015-1877

۶.۳

Xdg-utils xdg-open open_generic_xdg_mime Remote Privilege Escalation

$۲k-$5k

Not Defined

CVE-2020-35970

۳.۵

YzmCMS Background Collection Management server-side request forgery

$۱k-$2k

Not Defined

CVE-2020-35971

۳.۵

YzmCMS HTML Page user_config_edit.html cross site scripting

$۰-$۱k

Not Defined

CVE-2020-35972

۳.۵

YzmCMS Member User add.html cross-site request forgery

$۰-$۱k

Not Defined

CVE-2020-35973

۳.۵

zzcms manage.php cross site scripting

$۰-$۱k

Not Defined