آسیب‌پذیری‌های حیاتی هفته سوم مهر‌ماه

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Cisco گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد. همچنین در محصولات شرکت‌های Adobe، Apache، Fortinet، IBM، SAMSUNG، Google و کرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری	امتیاز مبنا	عنوان آسیب‌پذیری	ارزش روز صفر	رفع آسیب‌پذیری
CVE-2021-40726	۷.۸	Adobe Acrobat Reader AcroForms use after free	$۲۵k-$50k	Official Fix
CVE-2021-40725	۷.۸	Adobe Acrobat Reader AcroForms use after free	$۲۵k-$50k	Official Fix
CVE-2021-36051	۷.۸	Adobe XMP Toolkit SDK CPP File heap-based overflow	$۵k-$10k	Official Fix
CVE-2021-35504	۴.۷	Afian FileRun ffmpeg Binary Privilege Escalation	$۲k-$5k	Not Defined
CVE-2021-35506	۶.۱	Afian FileRun HTML Editor cross site scripting	$۰-$۱k	Not Defined
CVE-2021-35505	۴.۷	Afian FileRun magick Binary Privilege Escalation	$۲k-$5k	Not Defined
CVE-2021-35503	۶.۱	Afian FileRun X-Forwarded-For Header cross site scripting	$۰-$۱k	Not Defined
CVE-2021-41524	۵.۳	Apache HTTP Server HTTP2 Request null pointer dereference	$۱۰k-$25k	Official Fix
CVE-2021-42013	۷.۳	Apache HTTP Server Incomplete Fix CVE-2021-41773 path traversal	$۲۵k-$50k	Official Fix
CVE-2021-41773	۷.۳	Apache HTTP Server Path Normalization path traversal	$۲۵k-$50k	Official Fix
CVE-2021-28129	۶.۳	Apache OpenOffice deb Package access control	$۱۰k-$25k	Official Fix
CVE-2021-40439	۴.۳	Apache OpenOffice xml external entity reference	$۵k-$10k	Official Fix
CVE-2021-41554	۶.۳	ARCHIBUS Web Central Endpoint ab-edit-users.axvw permission	$۲k-$5k	Not Defined
CVE-2021-41555	۳.۵	ARCHIBUS Web Central HTTP Response workflow.runWorkflowRule.dwr cross site scripting	$۰-$۱k	Official Fix
CVE-2021-41553	۵.۶	ARCHIBUS Web Central login.axvw user session	$۲k-$5k	Official Fix
CVE-2021-3833	۵.۶	Artica Integria IMS authorization	$۲k-$5k	Not Defined
CVE-2021-3834	۴.۳	Artica Integria IMS login.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-31986	۵.۵	Axis OS SMTP Notification buffer overflow	$۲k-$5k	Official Fix
CVE-2021-31987	۵.۵	Axis OS SMTP Test access control	$۱k-$2k	Official Fix
CVE-2021-31988	۵.۵	Axis OS SMTP Test crlf injection	$۱k-$2k	Official Fix
CVE-2021-23857	۷.۸	Bosch Rexroth IndraMotion MLC/Rexroth IndraLogic XLC authentication replay	$۱k-$2k	Workaround
CVE-2021-23856	۷.۱	Bosch Rexroth IndraMotion MLC/Rexroth IndraLogic XLC URL cross site scripting	$۰-$۱k	Not Defined
CVE-2021-23855	۶.۱	Bosch Rexroth IndraMotion MLC/Rexroth IndraLogic XLC Web Server information disclosure	$۱k-$2k	Workaround
CVE-2021-23858	۶.۹	Bosch Rexroth IndraMotion MLC/Rexroth IndraLogic XLC Web Server information disclosure	$۱k-$2k	Workaround
CVE-2021-38394	۴.۰	Boston Scientific Zoom Latitude Model 3120 Hardware Key information disclosure	$۰-$۱k	Not Defined
CVE-2021-38398	۵.۴	Boston Scientific Zoom Latitude Model 3120 Local Privilege Escalation	$۰-$۱k	Not Defined
CVE-2021-38396	۵.۳	Boston Scientific Zoom Latitude Model 3120 Programmer Installation Utility improper validation of integrity check value	$۰-$۱k	Not Defined
CVE-2021-38392	۵.۳	Boston Scientific Zoom Latitude Model 3120 Settings access control	$۰-$۱k	Not Defined
CVE-2021-38400	۵.۰	Boston Scientific Zoom Latitude Model 3120 unknown vulnerability	$۰-$۱k	Not Defined
CVE-2021-40924	۴.۸	bugs Parameter index.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-40923	۴.۸	bugs Parameter index.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-40922	۴.۸	bugs Parameter index.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-34788	۷.۰	Cisco AnyConnect Secure Mobility Client Interprocess Communication toctou	$۵k-$10k	Official Fix
CVE-2021-34735	۸.۸	Cisco ATA 190 allocation of resources	$۵k-$10k	Official Fix
CVE-2021-34710	۸.۸	Cisco ATA 190 allocation of resources	$۵k-$10k	Official Fix
CVE-2021-34757	۴.۹	Cisco Business 220 Series Smart Switch source code	$۱۰k-$25k	Official Fix
CVE-2021-34744	۴.۹	Cisco Business 220 Series Smart Switch source code	$۱۰k-$25k	Official Fix
CVE-2021-34782	۴.۳	Cisco DNA Center API Endpoint information disclosure	$۵k-$10k	Official Fix
CVE-2021-1534	۵.۸	Cisco Email Security Appliance Antispam Protection Mechanism access control	$۲۵k-$50k	Official Fix
CVE-2021-1594	۷.۵	Cisco Identity Services Engine REST API privileges assignment	$۱۰k-$25k	Official Fix
CVE-2021-34702	۴.۳	Cisco Identity Services Engine Web-based Management Interface information disclosure	$۵k-$10k	Official Fix
CVE-2021-34706	۶.۳	Cisco Identity Services Engine Web-based Management Interface xml external entity reference	$۵k-$10k	Official Fix
CVE-2021-34748	۸.۸	Cisco Intersight Virtual Appliance Web-based Management Interface command injection	$۱۰k-$25k	Official Fix
CVE-2021-34711	۵.۵	Cisco IP Phone Debug Shell Command path traversal	$۱۰k-$25k	Official Fix
CVE-2021-34772	۴.۷	Cisco Orbital Web-based Management Interface redirect	$۱۰k-$25k	Official Fix
CVE-2021-34780	۴.۳	Cisco Small Business 220 Link Layer Discovery Protocol buffer overflow	$۱۰k-$25k	Official Fix
CVE-2021-34779	۴.۳	Cisco Small Business 220 Link Layer Discovery Protocol buffer overflow	$۱۰k-$25k	Official Fix
CVE-2021-34778	۴.۳	Cisco Small Business 220 Link Layer Discovery Protocol buffer overflow	$۱۰k-$25k	Official Fix
CVE-2021-34777	۴.۳	Cisco Small Business 220 Link Layer Discovery Protocol buffer overflow	$۱۰k-$25k	Official Fix
CVE-2021-34776	۴.۳	Cisco Small Business 220 Link Layer Discovery Protocol buffer overflow	$۱۰k-$25k	Official Fix
CVE-2021-34775	۴.۳	Cisco Small Business 220 Link Layer Discovery Protocol buffer overflow	$۱۰k-$25k	Official Fix
CVE-2021-34766	۵.۴	Cisco Smart Software Manager On-Prem Web UI privileges management	$۱۰k-$25k	Official Fix
CVE-2021-34758	۴.۴	Cisco TelePresence Collaboration Endpoint/RoomOS permission assignment	$۱۰k-$25k	Official Fix
CVE-2021-34742	۶.۱	Cisco Vision Dynamic Signage Director Web-based Management Interface cross site scripting	$۵k-$10k	Official Fix
CVE-2021-34698	۸.۶	Cisco Web Security Appliance HTTPS Connection memory leak	$۱۰k-$25k	Official Fix
CVE-2021-40325	۵.۵	Cobbler Setting authorization	$۱k-$2k	Official Fix
CVE-2021-40323	۵.۴	Cobbler Template injection	$۲k-$5k	Official Fix
CVE-2021-22958	۵.۵	Concrete5 IP Address server-side request forgery	$۱k-$2k	Official Fix
CVE-2021-41463	۴.۸	concrete5-legacy group_combination.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-41464	۴.۸	concrete5-legacy Parameter collection_add.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-41462	۴.۸	concrete5-legacy Parameter collection_add.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-41461	۴.۸	concrete5-legacy Parameter collection_add.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-41465	۴.۸	concrete5-legacy Parameter collection_theme.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-38107	۴.۳	Corel DrawStandard CDR File CdrCore.dll out-of-bounds read	$۱k-$2k	Not Defined
CVE-2021-38109	۴.۳	Corel DrawStandard CDR File out-of-bounds read	$۱k-$2k	Not Defined
CVE-2021-38096	۷.۳	Corel PDF Fusion PDF File Coreip.dll out-of-bounds write	$۲k-$5k	Not Defined
CVE-2021-38098	۶.۳	Corel PDF Fusion PDF File heap-based overflow	$۲k-$5k	Not Defined
CVE-2021-38097	۶.۳	Corel PDF Fusion PDF File out-of-bounds write	$۲k-$5k	Not Defined
CVE-2021-38099	۶.۳	Corel PhotoPaint Standard CDRRip.dll out-of-bounds write	$۲k-$5k	Not Defined
CVE-2021-38101	۶.۳	Corel PhotoPaint Standard CPT File CDRRip.dll out-of-bounds write	$۲k-$5k	Not Defined
CVE-2021-38100	۶.۳	Corel PhotoPaint Standard CPT File out-of-bounds write	$۲k-$5k	Not Defined
CVE-2021-38105	۴.۳	Corel Presentations PPT File out-of-bounds read	$۱k-$2k	Not Defined
CVE-2021-38104	۴.۳	Corel Presentations PPT File out-of-bounds read	$۱k-$2k	Not Defined
CVE-2021-38102	۴.۳	Corel Presentations PPT File out-of-bounds read	$۱k-$2k	Not Defined
CVE-2021-38103	۶.۳	Corel Presentations PPT File out-of-bounds write	$۲k-$5k	Not Defined
CVE-2021-38106	۴.۳	Corel Presentations PPT File UAX200.dll out-of-bounds read	$۱k-$2k	Not Defined
CVE-2021-38108	۴.۳	Corel WordPerfect DOC File Word97Import200.dll out-of-bounds read	$۱k-$2k	Not Defined
CVE-2021-38110	۶.۳	Corel WordPerfect DOC File Word97Import200.dll out-of-bounds write	$۲k-$5k	Not Defined
CVE-2021-36298	۸.۱	Dell EMC InsightIQ SSH risky encryption	$۵k-$10k	Official Fix
CVE-2021-36309	۴.۸	Dell Enterprise SONiC OS TACACS/Radius credentials storage	$۵k-$10k	Not Defined
CVE-2021-35977	۵.۵	Digi RealPort ADDP Discovery Response Message buffer overflow	$۲k-$5k	Not Defined
CVE-2021-36767	۳.۱	Digi RealPort Challenge-Response hash without salt	$۰-$۱k	Not Defined
CVE-2021-35979	۴.۶	Digi RealPort Encrypted Mode channel accessible	$۱k-$2k	Not Defined
CVE-2020-21013	۶.۳	emlog comment.php sql injection	$۱k-$2k	Not Defined
CVE-2020-21014	۴.۶	emlog plugin.php denial of service	$۰-$۱k	Not Defined
CVE-2020-21654	۵.۵	emlog ZIP File template.php getshell os command injection	$۱k-$2k	Not Defined
CVE-2021-29110	۴.۸	Esri Portal for ArcGIS cross site scripting	$۰-$۱k	Not Defined
CVE-2021-29109	۵.۲	Esri Portal for ArcGIS cross site scripting	$۰-$۱k	Not Defined
CVE-2021-29108	۷.۵	Esri Portal for ArcGIS signature verification	$۱k-$2k	Not Defined
CVE-2021-24021	۴.۳	Fortinet FortiAnalyzer Logview cross site scripting	$۰-$۱k	Not Defined
CVE-2021-36170	۳.۲	Fortinet FortiAnalyzerVM/FortiManagerVM information disclosure	$۱k-$2k	Not Defined
CVE-2020-15941	۵.۴	Fortinet FortiClientEMS Deployment Package path traversal	$۱k-$2k	Not Defined
CVE-2021-24019	۸.۱	Fortinet FortiClientEMS session expiration	$۱k-$2k	Not Defined
CVE-2021-36175	۴.۱	Fortinet FortiWebManager cross site scripting	$۰-$۱k	Not Defined
CVE-2021-36178	۴.۳	FortiSDNConnector Configuration Page Lookup insufficiently protected credentials	$۱k-$2k	Not Defined
CVE-2021-33603	۵.۵	F-Secure Anti-Virus Engine AVPACK Module denial of service	$۲k-$5k	Not Defined
CVE-2021-40832	۵.۵	F-Secure Anti-Virus Engine AVRDL Unpacking Module denial of service	$۲k-$5k	Not Defined
CVE-2021-33602	۵.۵	F-Secure Anti-Virus Engine LZW Decompression denial of service	$۵k-$10k	Not Defined
CVE-2021-39486	۳.۵	Gila CMS File Upload cross site scripting	$۰-$۱k	Not Defined
CVE-2021-37777	۲.۶	Gila CMS Picture Name resource injection	$۱k-$2k	Not Defined
CVE-2021-21684	۳.۵	Git Plugin Git SHA-1 Checksum cross site scripting	$۰-$۱k	Not Defined
CVE-2021-39874	۴.۳	GitHub Community Edition/Enterprise Edition 2FA improper authentication	$۱k-$2k	Not Defined
CVE-2021-39880	۵.۴	GitHub Community Edition/Enterprise Edition apollo_upload_server Ruby Gem denial of service	$۰-$۱k	Not Defined
CVE-2021-39871	۴.۹	GitHub Community Edition/Enterprise Edition Bitbucket Server Import access control	$۱k-$2k	Not Defined
CVE-2021-39899	۴.۳	GitHub Community Edition/Enterprise Edition Change Password excessive authentication	$۱k-$2k	Not Defined
CVE-2021-39873	۴.۹	GitHub Community Edition/Enterprise Edition Error Response Privilege Escalation	$۲k-$5k	Not Defined
CVE-2021-39896	۴.۳	GitHub Community Edition/Enterprise Edition Impersonation access control	$۲k-$5k	Not Defined
CVE-2021-39891	۵.۹	GitHub Community Edition/Enterprise Edition Impersonation EE unknown vulnerability	$۲k-$5k	Not Defined
CVE-2021-39868	۴.۳	GitHub Community Edition/Enterprise Edition Repository resource consumption	$۰-$۱k	Not Defined
CVE-2021-39879	۲.۴	GitHub Community Edition/Enterprise Edition Two-factor Authentication missing authentication	$۰-$۱k	Not Defined
CVE-2021-39866	۵.۹	GitLab Business Logic access control	$۲k-$5k	Not Defined
CVE-2021-39882	۵.۳	GitLab Community Edition/Enterprise Edition Access Control access control	$۲k-$5k	Not Defined
CVE-2021-39875	۵.۳	GitLab Community Edition/Enterprise Edition Access Control access control	$۲k-$5k	Not Defined
CVE-2021-39870	۴.۸	GitLab Community Edition/Enterprise Edition API Endpoint authentication bypass	$۱k-$2k	Not Defined
CVE-2021-39881	۳.۵	GitLab Community Edition/Enterprise Edition Client Application unknown vulnerability	$۲k-$5k	Not Defined
CVE-2021-39894	۵.۹	GitLab Community Edition/Enterprise Edition Fogbugz Importer server-side request forgery	$۲k-$5k	Not Defined
CVE-2021-39867	۶.۵	GitLab Community Edition/Enterprise Edition Gitea Importer server-side request forgery	$۲k-$5k	Not Defined
CVE-2021-39887	۵.۴	GitLab Community Edition/Enterprise Edition Markdown cross site scripting	$۰-$۱k	Not Defined
CVE-2021-39872	۶.۵	GitLab Community Edition/Enterprise Edition Password Expiration access control	$۲k-$5k	Official Fix
CVE-2021-39869	۶.۵	GitLab Community Edition/Enterprise Edition Permission access control	$۲k-$5k	Not Defined
CVE-2021-39886	۳.۱	GitLab Community Edition/Enterprise Edition Permissions permission	$۲k-$5k	Official Fix
CVE-2021-39888	۵.۳	GitLab Enterprise Edition API Endpoint access control	$۲k-$5k	Not Defined
CVE-2021-22259	۴.۳	GitLab Enterprise Edition Dependencies API denial of service	$۰-$۱k	Not Defined
CVE-2021-39884	۴.۳	GitLab Enterprise Edition Endpoint information disclosure	$۱k-$2k	Not Defined
CVE-2021-39885	۶.۱	GitLab Enterprise Edition Merge Request Creation Page cross site scripting	$۰-$۱k	Not Defined
CVE-2021-39889	۴.۳	GitLab Enterprise Edition Object Reference resource injection	$۲k-$5k	Official Fix
CVE-2021-39883	۴.۳	GitLab Enterprise Edition Parent Subgroup improper authorization	$۲k-$5k	Not Defined
CVE-2021-39893	۵.۳	GitLab File Parser denial of service	$۰-$۱k	Not Defined
CVE-2021-22264	۵.۹	GitLab Invited Group Member access control	$۲k-$5k	Official Fix
CVE-2021-22264	۶.۸	GitLab Invited Group Member unknown vulnerability	$۲k-$5k	Official Fix
CVE-2021-22262	۵.۹	GitLab Jira Cloud Integration access control	$۲k-$5k	Not Defined
CVE-2021-22261	۴.۶	GitLab Jira Integration cross site scripting	$۰-$۱k	Not Defined
CVE-2021-39878	۴.۶	GitLab Jira Integration cross site scripting	$۰-$۱k	Not Defined
CVE-2021-22258	۴.۳	GitLab Project Import access control	$۲k-$5k	Not Defined
CVE-2021-39877	۶.۰	GitLab resource consumption	$۰-$۱k	Not Defined
CVE-2021-22257	۵.۳	GitLab Route user.keys information disclosure	$۱k-$2k	Official Fix
CVE-2021-39900	۲.۰	GitLab SendEntry information disclosure	$۰-$۱k	Not Defined
CVE-2021-0683	۷.۸	Google Android ActivityManagerShellCommand.java runTraceIpcStop Local Privilege Escalation	$۲۵k-$50k	Official Fix
CVE-2021-0636	۷.۸	Google Android AVI File memory corruption	$۵۰k-$100k	Official Fix
CVE-2021-0598	۷.۳	Google Android Bluetooth ConfirmConnectActivity.java onCreate improper restriction of rendered ui layers	$۲۵k-$50k	Official Fix
CVE-2021-0692	۷.۸	Google Android FirstScreenBroadcast.java sendBroadcastToInstaller privileges management	$۲۵k-$50k	Official Fix
CVE-2021-0635	۷.۰	Google Android FLV File memory corruption	$۵۰k-$100k	Official Fix
CVE-2021-0693	۴.۴	Google Android HeapDumpProvider.java openFile information disclosure	$۱۰k-$25k	Official Fix
CVE-2021-0690	۶.۴	Google Android ih264d_parse_pslice.c ih264d_mark_err_slice_skip out-of-bounds write	$۵۰k-$100k	Official Fix
CVE-2021-0687	۴.۱	Google Android Layout.java ellipsize denial of service	$۵k-$10k	Official Fix
CVE-2021-0682	۴.۵	Google Android NotificationManagerService.java sendAccessibilityEvent information disclosure	$۱۰k-$25k	Official Fix
CVE-2021-0685	۶.۵	Google Android ParsedIntentInfo.java ParsedtentInfo deserialization	$۲۵k-$50k	Official Fix
CVE-2021-0688	۵.۴	Google Android PhoneWindowManager.java lockNow race condition	$۲k-$5k	Official Fix
CVE-2021-0691	۶.۷	Google Android SELinux Policy system_app.te system_app privileges management	$۲۵k-$50k	Official Fix
CVE-2021-0689	۴.۴	Google Android SkSwizzler_opts.h RGB_to_BGR1_portable out-of-bounds read	$۱۰k-$25k	Official Fix
CVE-2021-0686	۴.۴	Google Android SMS App RoleManagerService.java getDefaultSmsPackage information disclosure	$۱۰k-$25k	Official Fix
CVE-2021-0644	۴.۵	Google Android SubscriptionController.java information disclosure	$۱۰k-$25k	Official Fix
CVE-2021-0681	۴.۹	Google Android System Proper information disclosure	$۲۵k-$50k	Official Fix
CVE-2021-0680	۴.۹	Google Android System Properties information disclosure	$۲۵k-$50k	Official Fix
CVE-2021-0684	۶.۵	Google Android TouchInputMapper.cpp sync out-of-bounds write	$۲۵k-$50k	Official Fix
CVE-2021-0595	۶.۵	Google Android Work Profile RootWindowContainer.java lockAllProfileTasks access control	$۲۵k-$50k	Official Fix
CVE-2021-0695	۴.۴	Google Android xt_qtaguid.c get_sock_stat out-of-bounds read	$۱۰k-$25k	Official Fix
CVE-2021-37976	۴.۳	Google Chrome Core information disclosure	$۲۵k-$50k	Official Fix
CVE-2021-37974	۶.۳	Google Chrome Safe Browsing use after free	$۵۰k-$100k	Official Fix
CVE-2021-37975	۶.۳	Google Chrome V8 use after free	$۵۰k-$100k	Official Fix
CVE-2021-22557	۵.۳	Google SLO Generator YAML File code injection	$۵k-$10k	Official Fix
CVE-2021-39226	۹.۸	Grafana Labs Permission improper authentication	$۲k-$5k	Official Fix
CVE-2021-42044	۳.۵	GrowthExperiments Extension Mentor Dashboard cross site scripting	$۰-$۱k	Not Defined
CVE-2021-42042	۳.۵	GrowthExperiments Extension Message SpecialEditGrowthConfig cross site scripting	$۰-$۱k	Not Defined
CVE-2021-41865	۳.۵	HashiCorp Nomad/Nomad Enterprise Job Submission denial of service	$۰-$۱k	Official Fix
CVE-2021-41802	۲.۶	Hashicorp Vault/Vault Enterprise Identity permission	$۰-$۵k	Official Fix
CVE-2021-20604	۵.۳	Huawei GT2107-WTBD denial of service	$۵k-$10k	Not Defined
CVE-2021-29906	۴.۱	IBM App Connect Enterprise Certified Container information disclosure	$۵k-$25k	Official Fix
CVE-2021-29760	۵.۴	IBM IBM Sterling B2B Integrator Standard Edition Dashboard access control	$۱۰k-$25k	Official Fix
CVE-2021-29700	۴.۳	IBM IBM Sterling B2B Integrator Standard Edition information disclosure	$۵k-$10k	Official Fix
CVE-2021-38923	۸.۰	IBM PowerVM Hypervisor WWPN privileges assignment	$۱۰k-$25k	Official Fix
CVE-2021-29758	۴.۳	IBM Sterling B2B Integrator Standard Edition access control	$۱۰k-$25k	Official Fix
CVE-2021-29903	۶.۳	IBM Sterling B2B Integrator Standard Edition Back-End Database sql injection	$۱۰k-$25k	Official Fix
CVE-2021-29798	۶.۳	IBM Sterling B2B Integrator Standard Edition Back-End Database sql injection	$۱۰k-$25k	Official Fix
CVE-2021-29837	۴.۳	IBM Sterling B2B Integrator Standard Edition cross-site request forgery	$۵k-$10k	Official Fix
CVE-2021-38925	۵.۹	IBM Sterling B2B Integrator Standard Edition Cryptographic Algorithm inadequate encryption	$۵k-$10k	Official Fix
CVE-2021-29761	۴.۳	IBM Sterling B2B Integrator Standard Edition Dashboard access control	$۱۰k-$25k	Official Fix
CVE-2021-29855	۵.۴	IBM Sterling B2B Integrator Standard Edition Web UI cross site scripting	$۵k-$10k	Official Fix
CVE-2021-29836	۴.۴	IBM Sterling B2B Integrator Standard Edition Web UI cross site scripting	$۲k-$5k	Official Fix
CVE-2021-29764	۴.۹	IBM Sterling B2B Integrator Standard Edition Web UI cross site scripting	$۲k-$5k	Official Fix
CVE-2021-20571	۴.۲	IBM Sterling B2B Integrator Web UI cross site scripting	$۲k-$5k	Official Fix
CVE-2021-20489	۴.۳	IBM Sterling File Gateway cross-site request forgery	$۵k-$10k	Official Fix
CVE-2021-20584	۶.۴	IBM Sterling File Gateway File Upload access control	$۱۰k-$25k	Official Fix
CVE-2020-4654	۳.۱	IBM Sterling File Gateway information disclosure	$۵k-$25k	Official Fix
CVE-2021-20552	۴.۳	IBM Sterling File Gateway information exposure	$۵k-$10k	Official Fix
CVE-2021-20376	۴.۳	IBM Sterling File Gateway information exposure	$۵k-$10k	Official Fix
CVE-2021-20375	۶.۴	IBM Sterling File Gateway Messages access control	$۱۰k-$25k	Official Fix
CVE-2021-20372	۴.۳	IBM Sterling File Gateway permission	$۱۰k-$25k	Official Fix
CVE-2021-20473	۶.۳	IBM Sterling File Gateway session expiration	$۵k-$10k	Official Fix
CVE-2021-20561	۴.۴	IBM Sterling File Gateway Web UI cross site scripting	$۲k-$5k	Official Fix
CVE-2021-20481	۴.۴	IBM Sterling File Gateway Web UI cross site scripting	$۲k-$5k	Official Fix
CVE-2021-29908	۹.۱	IBM TS7700 Management Interface Authentication improper authentication	$۱۰k-$25k	Official Fix
CVE-2021-38822	۳.۵	IceHrm File Upload cross site scripting	$۰-$۱k	Not Defined
CVE-2021-38823	۵.۰	IceHrm user session	$۲k-$5k	Not Defined
CVE-2021-21682	۵.۵	Jenkins Dot Character path traversal	$۱k-$2k	Not Defined
CVE-2021-21683	۵.۵	Jenkins File Browser path traversal	$۱k-$2k	Not Defined
CVE-2021-37330	۳.۵	Laravel Booking System Booking Core Avatar Upload cross site scripting	$۰-$۱k	Not Defined
CVE-2021-37333	۴.۶	Laravel Booking System Booking Core Password Change change-password user session	$۱k-$2k	Not Defined
CVE-2021-37331	۳.۵	Laravel Booking System Booking Core Verification Page access control	$۱k-$2k	Not Defined
CVE-2021-3436	۴.۳	Linux Foundation zephyr Key Distribution denial of service	$۲k-$5k	Official Fix
CVE-2021-42008	۸.۸	Linux Kernel 6pack.c decode_data out-of-bounds write	$۲۵k-$50k	Official Fix
CVE-2021-41864	۷.۸	Linux Kernel eBPF stackmap.c prealloc_elems_and_freelist out-of-bounds write	$۱۰k-$25k	Official Fix
CVE-2020-21387	۴.۸	Maccms cross site scripting	$۰-$۱k	Not Defined
CVE-2020-21386	۳.۵	maccms info.html cross-site request forgery	$۰-$۱k	Not Defined
CVE-2020-21434	۴.۴	Maccms Member Module cross site scripting	$۰-$۱k	Not Defined
CVE-2021-23893	۸.۸	McAfee Drive Encryption privileges management	$۱۰k-$25k	Official Fix
CVE-2021-42041	۳.۵	MediaWiki CentralAuth cross site scripting	$۰-$۱k	Not Defined
CVE-2021-42040	۳.۵	MediaWiki Parser memory allocation	$۰-$۱k	Not Defined
CVE-2021-20603	۵.۳	Mitsubishi Electric GT2107-WTBD denial of service	$۰-$۱k	Not Defined
CVE-2021-20605	۵.۳	Mitsubishi Electric GT2107-WTBD Packet denial of service	$۰-$۱k	Not Defined
CVE-2021-20602	۵.۳	Mitsubishi Electric GT2107-WTBD Packet denial of service	$۰-$۱k	Not Defined
CVE-2021-20600	۵.۳	Mitsubishi Electric MELSEC iQ-R Module Startup resource consumption	$۰-$۵k	Not Defined
CVE-2021-41457	۳.۵	MP4Box dmx_nhml.c nhmldmx_init_parsing stack-based overflow	$۱k-$2k	Not Defined
CVE-2021-41459	۳.۵	MP4Box Parameter dmx_nhml.c nhmldmx_send_sample stack-based overflow	$۱k-$2k	Not Defined
CVE-2021-41456	۳.۵	MP4Box Parameter dmx_nhml.c nhmldmx_send_sample stack-based overflow	$۱k-$2k	Not Defined
CVE-2020-21650	۶.۳	Myucms Config.php add Privilege Escalation	$۲k-$5k	Not Defined
CVE-2020-21652	۶.۳	Myucms Config.php addqq Privilege Escalation	$۲k-$5k	Not Defined
CVE-2020-21653	۵.۵	Myucms index.php sj server-side request forgery	$۱k-$2k	Not Defined
CVE-2020-21649	۵.۵	Myucms index.php sql server-side request forgery	$۱k-$2k	Not Defined
CVE-2020-21651	۶.۳	Myucms point.php add Privilege Escalation	$۲k-$5k	Not Defined
CVE-2021-22930	۵.۵	Node.js use after free	$۲k-$5k	Official Fix
CVE-2021-41867	۵.۳	OnionShare Chat information disclosure	$۱k-$2k	Official Fix
CVE-2021-41868	۷.۳	OnionShare Receive unrestricted upload	$۲k-$5k	Official Fix
CVE-2021-41648	۷.۳	online-shopping-system-advanced POST Request action.php sql injection	$۲k-$5k	Not Defined
CVE-2020-21726	۵.۰	OpenSNS ChinaCityController.class.php sql injection	$۱k-$2k	Not Defined
CVE-2020-21725	۵.۰	OpenSNS ChinaCityController.class.php sql injection	$۱k-$2k	Not Defined
CVE-2021-21706	۵.۰	PHP extractTo path traversal	$۱۰k-$25k	Official Fix
CVE-2021-21704	۵.۳	PHP PDO Driver Extension fetch out-of-bounds read	$۵k-$10k	Official Fix
CVE-2021-21705	۵.۳	PHP URL Validation filter_var input validation	$۱۰k-$25k	Official Fix
CVE-2021-41099	۶.۲	Redis Configuration Parameter integer overflow	$۲k-$5k	Official Fix
CVE-2021-32687	۶.۲	Redis Configuration Parameter integer overflow	$۲k-$5k	Official Fix
CVE-2021-32627	۶.۲	Redis Configuration Parameter integer overflow	$۲k-$5k	Official Fix
CVE-2021-32672	۴.۲	Redis Lua Debugging out-of-bounds read	$۰-$۱k	Official Fix
CVE-2021-32626	۶.۲	Redis Lua Stack out-of-bounds write	$۲k-$5k	Official Fix
CVE-2021-32762	۶.۲	Redis redis-cli/redis-sentinel Service calloc integer overflow	$۲k-$5k	Official Fix
CVE-2021-32675	۶.۴	Redis RESP Request allocation of resources	$۰-$۱k	Official Fix
CVE-2021-32628	۶.۲	Redis ziplist Data Structure integer overflow	$۲k-$5k	Official Fix
CVE-2021-25472	۴.۷	Samsung BluetoothSettingsProvider access control	$۱k-$2k	Official Fix
CVE-2021-25482	۵.۱	Samsung CMFA Framework cross site scripting	$۰-$۱k	Official Fix
CVE-2021-25475	۵.۳	Samsung DSP Kernel Driver heap-based overflow	$۲k-$5k	Official Fix
CVE-2021-25481	۵.۸	Samsung Exynos CP Booting Driver unusual condition	$۱k-$2k	Official Fix
CVE-2021-25479	۷.۲	Samsung Exynos CP Chipset heap-based overflow	$۲k-$5k	Official Fix
CVE-2021-25478	۷.۲	Samsung Exynos CP Chipset stack-based overflow	$۲k-$5k	Official Fix
CVE-2021-25485	۶.۵	Samsung FactoryAirCommnadManger BT Remote Socket path traversal	$۱k-$2k	Official Fix
CVE-2021-25499	۶.۲	Samsung Galaxy Store SamsungAccountSDKSigninActivity improper authorization	$۱k-$2k	Official Fix
CVE-2021-25484	۵.۰	Samsung InputManagerService Touch Event improper authentication	$۱k-$2k	Official Fix
CVE-2021-25486	۲.۵	Samsung ipcdump information disclosure	$۰-$۱k	Official Fix
CVE-2021-25490	۴.۹	Samsung keymaster improper authentication	$۰-$۱k	Official Fix
CVE-2021-25483	۳.۶	Samsung livfivextractor out-of-bounds read	$۰-$۱k	Official Fix
CVE-2021-25477	۳.۳	Samsung Mediatek RRC Protocol Stack Modem double free	$۱k-$2k	Official Fix
CVE-2021-25491	۲.۳	Samsung MFC Driver null pointer dereference	$۰-$۱k	Official Fix
CVE-2021-25489	۴.۹	Samsung Modem Interface Driver Radio format string	$۲k-$5k	Official Fix
CVE-2021-25488	۴.۴	Samsung Modem Interface Driver recv_data out-of-bounds read	$۰-$۱k	Official Fix
CVE-2021-25487	۶.۸	Samsung Modem Interface Driver set_skb_priv out-of-bounds read	$۱k-$2k	Official Fix
CVE-2021-25495	۶.۸	Samsung Note heap-based overflow	$۲k-$5k	Official Fix
CVE-2021-25497	۶.۸	Samsung Note libSPenBase maetd_cpy_slice buffer overflow	$۲k-$5k	Official Fix
CVE-2021-25496	۶.۸	Samsung Note libSPenBase maetd_dec_slice buffer overflow	$۲k-$5k	Official Fix
CVE-2021-25498	۶.۸	Samsung Note libSPenBase maetd_eco_cb_mode buffer overflow	$۲k-$5k	Official Fix
CVE-2021-25493	۳.۶	Samsung Note libSPenBase out-of-bounds read	$۰-$۱k	Official Fix
CVE-2021-25494	۴.۲	Samsung Note libSPenBase out-of-bounds read	$۱k-$2k	Official Fix
CVE-2021-25492	۶.۳	Samsung Note libSPenBase out-of-bounds write	$۱k-$2k	Official Fix
CVE-2021-25480	۴.۹	Samsung Qualcomm Modem Network Connection authentication replay	$۱k-$2k	Official Fix
CVE-2021-25471	۳.۷	Samsung Security Mode Command Process Network Connection denial of service	$۰-$۱k	Official Fix
CVE-2021-25474	۴.۴	Samsung SystemUI exceptional condition	$۰-$۱k	Official Fix
CVE-2021-25473	۳.۳	Samsung SystemUI exceptional condition	$۰-$۱k	Official Fix
CVE-2021-25470	۶.۰	Samsung TEEGRIS Secure OS TEE code injection	$۰-$۱k	Official Fix
CVE-2021-25467	۶.۳	Samsung Vision DSP Kernel Driver buffer overflow	$۲k-$5k	Official Fix
CVE-2021-25476	۳.۱	Samsung Widevine TA Log TEE information disclosure	$۰-$۱k	Official Fix
CVE-2021-25468	۳.۳	Samsung Widevine Trustlet memory corruption	$۰-$۱k	Official Fix
CVE-2021-25469	۶.۶	Samsung Widevine Trustlet stack-based overflow	$۲k-$5k	Official Fix
CVE-2021-36150	۳.۵	SilverStripe cross site scripting	$۰-$۱k	Not Defined
CVE-2021-28661	۵.۵	SilverStripe GraphQL Server permission	$۱k-$2k	Not Defined
CVE-2021-25271	۸.۸	Sophos HitmanPro Privilege Escalation	$۲k-$5k	Official Fix
CVE-2021-25270	۸.۸	Sophos HitmanPro.Alert Privilege Escalation	$۲k-$5k	Official Fix
CVE-2020-21012	۷.۳	Sourcecodester Hotel and Lodge Management System Parameter sql injection	$۲k-$5k	Not Defined
CVE-2021-41511	۶.۳	SourceCodester Lodging Reservation Management System Login sql injection	$۱k-$2k	Not Defined
CVE-2021-40972	۴.۸	spotwe Parameter step-004.inc.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-40973	۴.۸	spotweb Parameter step-004.inc.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-40971	۴.۸	spotweb Parameter step-004.inc.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-40970	۴.۸	spotweb Parameter step-004.inc.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-40969	۵.۲	spotweb Parameter step-004.inc.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-40968	۴.۸	spotweb Parameter step-004.inc.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-41869	۵.۵	SuiteCRM access control	$۱k-$2k	Official Fix
CVE-2021-41596	۳.۵	SuiteCRM Import RefreshMapping pathname traversal	$۱k-$2k	Official Fix
CVE-2021-41595	۳.۵	SuiteCRM Step3 Import pathname traversal	$۱k-$2k	Official Fix
CVE-2021-41861	۳.۳	Telegram App Image Self-Destruction information disclosure	$۰-$۱k	Not Defined
CVE-2021-41113	۷.۱	TYPO3 Deep Link Sharing cross-site request forgery	$۵k-$10k	Official Fix
CVE-2021-41114	۴.۸	TYPO3 HTTP Host Header input validation	$۱۰k-$25k	Official Fix
CVE-2021-42071	۷.۳	Visual Tools DVR VX16 HTTP Header login.py os command injection	$۲k-$5k	Not Defined
CVE-2021-41122	۳.۹	Vyper calculation	$۱k-$2k	Official Fix
CVE-2021-41121	۶.۰	Vyper memory corruption	$۲k-$5k	Official Fix
CVE-2020-21505	۳.۵	Waimai Super CMS addsave cross site scripting	$۰-$۱k	Not Defined
CVE-2020-21506	۳.۵	Waimai Super CMS cross site scripting	$۰-$۱k	Not Defined
CVE-2020-21504	۳.۵	Waimai Super CMS cross site scripting	$۰-$۱k	Not Defined
CVE-2020-21503	۴.۶	Waimai Super CMS Form Submission injection	$۱k-$2k	Not Defined
CVE-2020-21658	۳.۵	WDJA CMS cross-site request forgery	$۰-$۱k	Not Defined
CVE-2020-21648	۴.۶	WDJA CMS manage.php denial of service	$۰-$۱k	Not Defined
CVE-2021-41918	۳.۵	webTareas cross site scripting	$۰-$۵k	Not Defined
CVE-2021-41917	۳.۵	webTareas editclient.php cross site scripting	$۰-$۵k	Not Defined
CVE-2021-41916	۳.۵	webTareas New Profile cross-site request forgery	$۰-$۵k	Not Defined
CVE-2021-41919	۶.۳	webTareas Personal Profile Picture upload.php unrestricted upload	$۰-$۵k	Not Defined
CVE-2021-41920	۷.۳	webTareas POST Parameter library.php sql injection	$۰-$۵k	Not Defined
CVE-2021-41093	۷.۳	Wire Email improper authorization	$۲k-$5k	Official Fix
CVE-2021-41094	۳.۱	Wire exposure of resource	$۰-$۱k	Official Fix
CVE-2021-41100	۶.۵	Wire-server Authorization Header improper authorization	$۲k-$5k	Official Fix
CVE-2021-35491	۳.۵	Wowza Streaming Engine User Account delete.htm cross-site request forgery	$۰-$۱k	Not Defined
CVE-2021-35492	۴.۳	Wowza Streaming Engine Web-based Management historical.jsdata resource consumption	$۰-$۱k	Not Defined
CVE-2020-21496	۳.۵	Xiuno BBS cross site scripting	$۰-$۱k	Not Defined
CVE-2020-21495	۳.۵	Xiuno BBS cross site scripting	$۰-$۱k	Not Defined
CVE-2020-21494	۳.۵	Xiuno BBS install.sql cross site scripting	$۰-$۱k	Not Defined
CVE-2020-21493	۳.۵	Xiuno BBS user.php information disclosure	$۰-$۱k	Not Defined
CVE-2021-42087	۲.۴	Zammad API information disclosure	$۰-$۱k	Official Fix
CVE-2021-42092	۳.۵	Zammad Article cross site scripting	$۰-$۱k	Official Fix
CVE-2021-42088	۳.۵	Zammad Chat cross site scripting	$۰-$۱k	Official Fix
CVE-2021-42085	۳.۵	Zammad Custom Avatar cross site scripting	$۰-$۱k	Official Fix
CVE-2021-42094	۵.۵	Zammad Custom Package command injection	$۱k-$2k	Official Fix
CVE-2021-42084	۴.۳	Zammad denial of service	$۰-$۱k	Official Fix
CVE-2021-42090	۶.۳	Zammad deserialization	$۲k-$5k	Official Fix
CVE-2021-42091	۵.۵	Zammad GitHub/GitLab server-side request forgery	$۱k-$2k	Official Fix
CVE-2021-42093	۴.۳	Zammad Privilege Escalation	$۱k-$2k	Official Fix
CVE-2021-42086	۶.۳	Zammad Privilege Escalation	$۲k-$5k	Official Fix
CVE-2021-42089	۳.۵	Zammad REST API information disclosure	$۰-$۱k	Official Fix
CVE-2021-3581	۶.۷	zephyrproject-rtos buffer overflow	$۱k-$2k	Not Defined
CVE-2021-3319	۶.۲	zephyrproject-rtos Frame Validation null pointer dereference	$۰-$۱k	Not Defined
CVE-2021-3510	۶.۴	zephyrproject-rtos JSON Decoder denial of service	$۰-$۱k	Not Defined
CVE-2021-3625	۹.۲	zephyrproject-rtos USB DFU DNLOAD heap-based overflow	$۲k-$5k	Not Defined
CVE-2021-33849	۳.۵	Zoho CRM Lead Magnet Form cross site scripting	$۰-$۱k	Not Defined
CVE-2021-37922	۵.۵	Zoho ManageEngine ADManager Plus File Copy path traversal	$۱k-$2k	Official Fix
CVE-2021-37762	۶.۳	Zoho ManageEngine ADManager Plus Privilege Escalation	$۲k-$5k	Official Fix
CVE-2021-37931	۶.۳	Zoho ManageEngine ADManager Plus unrestricted upload	$۲k-$5k	Official Fix
CVE-2021-37930	۶.۳	Zoho ManageEngine ADManager Plus unrestricted upload	$۲k-$5k	Official Fix
CVE-2021-37929	۶.۳	Zoho ManageEngine ADManager Plus unrestricted upload	$۲k-$5k	Official Fix
CVE-2021-37928	۶.۳	Zoho ManageEngine ADManager Plus unrestricted upload	$۲k-$5k	Official Fix
CVE-2021-37926	۶.۳	Zoho ManageEngine ADManager Plus unrestricted upload	$۲k-$5k	Official Fix
CVE-2021-37924	۶.۳	Zoho ManageEngine ADManager Plus unrestricted upload	$۲k-$5k	Official Fix
CVE-2021-37923	۶.۳	Zoho ManageEngine ADManager Plus unrestricted upload	$۲k-$5k	Official Fix
CVE-2021-37921	۶.۳	Zoho ManageEngine ADManager Plus unrestricted upload	$۲k-$5k	Official Fix
CVE-2021-37920	۶.۳	Zoho ManageEngine ADManager Plus unrestricted upload	$۲k-$5k	Official Fix
CVE-2021-37919	۶.۳	Zoho ManageEngine ADManager Plus unrestricted upload	$۲k-$5k	Official Fix
CVE-2021-37918	۶.۳	Zoho ManageEngine ADManager Plus unrestricted upload	$۲k-$5k	Official Fix
CVE-2021-38298	۴.۶	Zoho ManageEngine ADManager Plus xml external entity reference	$۱k-$2k	Official Fix

خدمات آپا

سایر آسیب پذیری ها

آسیب‌پذیری‌های حیاتی هفته سوم مهر‌ماه