آسیب‌پذیری‌های حیاتی هفته سوم اردیبهشت‌ماه

شناسه آسیب‌پذیری

امتیاز مبنا

عنوان آسیب‌پذیری

ارزش روز صفر

رفع آسیب‌پذیری

CVE-2021-27437

۴.۳

Advantech WISE-PaaS RMM WISE-PaaS Dashboard improper authentication

$۱k-$2k

Official Fix

CVE-2021-32020

۵.۵

Amazon Web Services FreeRTOS heap-based overflow

$۲k-$5k

Official Fix

CVE-2021-28359

۳.۵

Apache Airflow trigger cross site scripting

$۲k-$5k

Official Fix

CVE-2021-31164

۵.۵

Apache Unomi Log crlf injection

$۱۰k-$25k

Official Fix

CVE-2021-30666

۶.۳

Apple iOS WebKit buffer overflow

$۱۰۰k and more

Official Fix

CVE-2021-30661

۶.۳

Apple iOS WebKit Storage use after free

$۱۰۰k and more

Official Fix

CVE-2021-30663

۶.۳

Apple iOS/iPadOS WebKit integer overflow

$۱۰۰k and more

Official Fix

CVE-2021-30665

۶.۳

Apple iOS/iPadOS WebKit memory corruption

$۱۰۰k and more

Official Fix

CVE-2021-30663

۶.۳

Apple macOS WebKit integer overflow

$۱۰k-$25k

Official Fix

CVE-2021-30665

۶.۳

Apple macOS WebKit memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-30663

۶.۳

Apple Safari WebKit integer overflow

$۲۵k-$50k

Official Fix

CVE-2021-30665

۶.۳

Apple Safari WebKit memory corruption

$۲۵k-$50k

Official Fix

CVE-2021-30665

۶.۳

Apple watchOS WebKit memory corruption

$۵k-$10k

Official Fix

CVE-2021-32100

۵.۵

Artica Pandora FMS file inclusion

$۱k-$2k

Official Fix

CVE-2021-32099

۷.۳

Artica Pandora FMS pandora_console chart_generator.php sql injection

$۲k-$5k

Official Fix

CVE-2021-32098

۶.۳

Artica Pandora FMS Phar Deserialization deserialization

$۲k-$5k

Official Fix

CVE-2021-32030

۷.۳

ASUS GT-AC2900 httpd.c handle_request improper authentication

$۱k-$2k

Official Fix

CVE-2020-29444

۳.۵

Atlassian Confluence Server Team Calendar cross site scripting

$۰-$۱k

Official Fix

CVE-2020-29445

۵.۵

Atlassian Confluence Server Team Calendar server-side request forgery

$۱k-$2k

Official Fix

CVE-2021-29247

۳.۷

BTCPay Server cookie without 'httponly' flag

$۲k-$5k

Not Defined

CVE-2021-29245

۲.۶

BTCPay Server Legacy API Key Generator random values

$۰-$۱k

Not Defined

CVE-2021-29248

۳.۷

BTCPay Server missing secure attribute

$۱k-$2k

Not Defined

CVE-2021-29246

۴.۳

BTCPay Server Plugin pathname traversal

$۰-$۱k

Not Defined

CVE-2021-29250

۳.۵

BTCPay Server POS Add Products cross site scripting

$۰-$۱k

Not Defined

CVE-2021-24179

۳.۵

Business Directory Plugin & Easy Listing Directories cross-site request forgery

$۰-$۱k

Official Fix

CVE-2021-24178

۳.۵

Business Directory Plugin cross-site request forgery

$۰-$۱k

Official Fix

CVE-2021-24251

۳.۵

Business Directory Plugin cross-site request forgery

$۰-$۱k

Official Fix

CVE-2021-24249

۳.۵

Business Directory Plugin cross-site request forgery

$۰-$۱k

Official Fix

CVE-2021-24248

۶.۳

Business Directory Plugin File Import unrestricted upload

$۲k-$5k

Official Fix

CVE-2021-24250

۳.۵

Business Directory Plugin Form Field cross site scripting

$۰-$۱k

Official Fix

CVE-2021-26804

۶.۳

Centreon Web File Extension unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-31933

۴.۷

Chamilo fileUpload.lib.php pathname traversal

$۱k-$2k

Official Fix

CVE-2020-23128

۳.۵

Chamilo LMS cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-1519

۵.۵

Cisco AnyConnect Secure Mobility Client Interprocess Communication input validation

$۲k-$5k

Official Fix

CVE-2021-1496

۷.۸

Cisco AnyConnect Secure Mobility Client temp file

$۱۰k-$25k

Official Fix

CVE-2021-1430

۷.۸

Cisco AnyConnect Secure Mobility Client temp file

$۱۰k-$25k

Official Fix

CVE-2021-1429

۷.۸

Cisco AnyConnect Secure Mobility Client temp file

$۱۰k-$25k

Official Fix

CVE-2021-1428

۷.۸

Cisco AnyConnect Secure Mobility Client temp file

$۱۰k-$25k

Official Fix

CVE-2021-1427

۷.۸

Cisco AnyConnect Secure Mobility Client temp file

$۱۰k-$25k

Official Fix

CVE-2021-1426

۷.۸

Cisco AnyConnect Secure Mobility Client temp file

$۱۰k-$25k

Official Fix

CVE-2021-1476

۶.۷

Cisco ASA/Firepower Threat Defense CLI os command injection

$۱۰k-$25k

Official Fix

CVE-2021-1504

۷.۵

Cisco ASA/Firepower Threat Defense HTTPS Request out-of-bounds write

$۲۵k-$50k

Official Fix

CVE-2021-1445

۷.۵

Cisco ASA/Firepower Threat Defense HTTPS Request out-of-bounds write

$۲۵k-$50k

Official Fix

CVE-2021-1501

۷.۵

Cisco ASA/Firepower Threat Defense SIP Inspection Engine denial of service

$۱۰k-$25k

Official Fix

CVE-2021-1488

۶.۷

Cisco ASA/Firepower Threat Defense Upgrade Package command injection

$۱۰k-$25k

Official Fix

CVE-2021-1493

۷.۱

Cisco ASA/Firepower Threat Defense Web Services Interface buffer overflow

$۲۵k-$50k

Official Fix

CVE-2021-1530

۵.۴

Cisco BroadWorks Messaging Server XML Data xml external entity reference

$۵k-$10k

Official Fix

CVE-2021-1447

۶.۷

Cisco Content Security Management Appliance Password Generator privileges management

$۱۰k-$25k

Official Fix

CVE-2021-1421

۷.۸

Cisco Enterprise NFV Infrastructure Software Configuration Command os command injection

$۱۰k-$25k

Official Fix

CVE-2021-1369

۵.۴

Cisco Firepower Device Manager REST API xml external entity reference

$۵k-$10k

Official Fix

CVE-2021-1489

۶.۵

Cisco Firepower Device Manager Web-based Management resource consumption

$۲k-$5k

Official Fix

CVE-2021-1477

۴.۳

Cisco FirePOWER Management Center access control

$۱۰k-$25k

Official Fix

CVE-2021-1458

۴.۸

Cisco FirePOWER Management Center Web-based Management Interface cross site scripting

$۵k-$10k

Official Fix

CVE-2021-1457

۴.۸

Cisco FirePOWER Management Center Web-based Management Interface cross site scripting

$۵k-$10k

Official Fix

CVE-2021-1456

۴.۸

Cisco FirePOWER Management Center Web-based Management Interface cross site scripting

$۵k-$10k

Official Fix

CVE-2021-1455

۴.۸

Cisco FirePOWER Management Center Web-based Management Interface cross site scripting

$۵k-$10k

Official Fix

CVE-2021-1256

۶.۰

Cisco Firepower Threat Defense CLI Command pathname traversal

$۵k-$10k

Official Fix

CVE-2021-1448

۷.۸

Cisco Firepower Threat Defense CLI input validation

$۱۰k-$25k

Official Fix

CVE-2021-1402

۸.۶

Cisco Firepower Threat Defense TLS Message memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1499

۵.۳

Cisco HyperFlex HX Data Platform Web-based Management Interface missing authentication

$۱۰k-$25k

Official Fix

CVE-2021-1498

۹.۸

Cisco HyperFlex HX Web-based Management Interface os command injection

$۱۰k-$25k

Official Fix

CVE-2021-1497

۹.۸

Cisco HyperFlex HX Web-based Management Interface os command injection

$۱۰k-$25k

Official Fix

CVE-2021-1397

۴.۷

Cisco Integrated Management Controller Web-based Management Interface redirect

$۱۰k-$25k

Official Fix

CVE-2021-1495

۵.۳

Cisco Open Source Snort 2 Snort Detection Engine access control

$۲۵k-$50k

Official Fix

CVE-2021-1520

۶.۷

Cisco RV340/RV340W/RV345/RV345P Internal Messaging Service write-what-where condition

$۱۰k-$25k

Official Fix

CVE-2021-1512

۴.۴

Cisco SD-WAN CLI Command file access

$۲k-$5k

Official Fix

CVE-2021-1514

۴.۴

Cisco SD-WAN CLI input validation

$۵k-$10k

Official Fix

CVE-2021-1513

۷.۵

Cisco SD-WAN vDaemon denial of service

$۵k-$10k

Official Fix

CVE-2021-1511

۷.۵

Cisco SD-WAN vEdge memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1510

۷.۵

Cisco SD-WAN vEdge memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1509

۷.۵

Cisco SD-WAN vEdge memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1275

۹.۸

Cisco SD-WAN vManage Software access control

$۱۰k-$25k

Official Fix

CVE-2021-1515

۴.۳

Cisco SD-WAN vManage Software API Endpoint access control

$۱۰k-$25k

Official Fix

CVE-2021-1508

۹.۸

Cisco SD-WAN vManage Software Application access control

$۱۰k-$25k

Official Fix

CVE-2021-1506

۹.۸

Cisco SD-WAN vManage Software Application access control

$۱۰k-$25k

Official Fix

CVE-2021-1505

۹.۸

Cisco SD-WAN vManage Software Application access control

$۱۰k-$25k

Official Fix

CVE-2021-1468

۹.۸

Cisco SD-WAN vManage Software Application access control

$۱۰k-$25k

Official Fix

CVE-2021-1535

۵.۳

Cisco SD-WAN vManage Software Cluster Management Interface information disclosure

$۵k-$10k

Official Fix

CVE-2021-1486

۵.۳

Cisco SD-WAN vManage Software HTTP Header information exposure

$۵k-$10k

Official Fix

CVE-2021-1507

۶.۴

Cisco SD-WAN vManage Software Web-based Interface cross site scripting

$۲k-$5k

Official Fix

CVE-2021-1284

۸.۸

Cisco SD-WAN vManage Software Web-based Messaging Service Interface access control

$۱۰k-$25k

Official Fix

CVE-2021-1400

۸.۸

Cisco Small Business Web-based Management Interface injection

$۱۰k-$25k

Official Fix

CVE-2021-1401

۸.۸

Cisco Small Business Web-based Management Interface privileges management

$۱۰k-$25k

Official Fix

CVE-2021-1532

۶.۵

Cisco TelePresence Collaboration Endpoint/RoomOS Video Endpoint API path traversal

$۵k-$10k

Official Fix

CVE-2021-1365

۷.۱

Cisco Unified Communications Manager & Presence Service Web-based Management Interface sql injection

$۱۰k-$25k

Official Fix

CVE-2021-1363

۷.۱

Cisco Unified Communications Manager IM & Presence Service Web-based Management Interface sql injection

$۱۰k-$25k

Official Fix

CVE-2021-1478

۵.۳

Cisco Unified Communications Manager JMX denial of service

$۵k-$10k

Official Fix

CVE-2021-1521

۶.۵

Cisco Video Surveillance 8000 Discovery Protocol Packet memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1490

۴.۷

Cisco Web Security Appliance Web-based Management Interface cross site scripting

$۱۰k-$25k

Official Fix

CVE-2021-1438

۵.۵

Cisco Wide Area Application Services CLI exposure of resource

$۲k-$5k

Official Fix

CVE-2021-29238

۳.۵

CODESYS Automation Server cross-site request forgery

$۰-$۱k

Official Fix

CVE-2021-29242

۵.۵

CODESYS Control Runtime System Packet input validation

$۱k-$2k

Official Fix

CVE-2021-29239

۵.۵

CODESYS Development System Library injection

$۱k-$2k

Official Fix

CVE-2021-29240

۵.۵

CODESYS Development System Package Manager unknown vulnerability

$۲k-$5k

Official Fix

CVE-2021-29241

۳.۵

CODESYS Gateway denial of service

$۰-$۱k

Official Fix

CVE-2021-21551

۷.۸

Dell DBUtil BIOS Driver dbutil_2_3.sys improper authorization

$۱۰k-$25k

Not Defined

CVE-2021-21544

۷.۸

Dell EMC iDRAC9 Comment improper authentication

$۵k-$10k

Official Fix

CVE-2021-21540

۵.۹

Dell EMC iDRAC9 Configuration stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-21541

۶.۱

Dell EMC iDRAC9 cross site scripting

$۵k-$10k

Official Fix

CVE-2021-21543

۴.۸

Dell EMC iDRAC9 cross site scripting

$۲k-$5k

Official Fix

CVE-2021-21542

۴.۸

Dell EMC iDRAC9 cross site scripting

$۲k-$5k

Official Fix

CVE-2021-21539

۵.۹

Dell EMC iDRAC9 Web Interface toctou

$۵k-$10k

Official Fix

CVE-2021-21505

۸.۰

Dell EMC Integrated System for Microsoft Azure Stack Hub hard-coded credentials

$۱۰k-$25k

Workaround

CVE-2021-21507

۸.۸

Dell EMC Networking X-Series/PowerEdge VRTX Switch Module access control

$۱۰k-$25k

Official Fix

CVE-2021-21550

۶.۰

Dell EMC PowerScale OneFS os command injection

$۱۰k-$25k

Not Defined

CVE-2021-21527

۶.۰

Dell EMC PowerScale OneFS os command injection

$۱۰k-$25k

Not Defined

CVE-2021-21547

۶.۴

Dell EMC Unity/UnityVSA/Unity XT Upgrade Readiness Utility cleartext storage

$۰-$۱k

Official Fix

CVE-2021-21537

۵.۵

Dell Hybrid Client access control

$۵k-$10k

Official Fix

CVE-2021-21534

۳.۳

Dell Hybrid Client Local API information disclosure

$۲k-$5k

Official Fix

CVE-2021-21535

۷.۸

Dell Hybrid Client missing authentication

$۵k-$10k

Official Fix

CVE-2021-21536

۵.۵

Dell Hybrid Client Register information disclosure

$۲k-$5k

Official Fix

CVE-2021-21530

۸.۳

Dell OpenManage Enterprise-Modular Environment os command injection

$۱۰k-$25k

Official Fix

CVE-2021-21531

۸.۱

Dell Unisphere for PowerMax Monitor Role authorization

$۵k-$10k

Official Fix

CVE-2021-31542

۵.۵

Django File Name FieldFile pathname traversal

$۵k-$10k

Official Fix

CVE-2021-32052

۵.۵

Django URLValidator injection

$۱۰k-$25k

Official Fix

CVE-2020-15225

۷.۵

django-filter numeric conversion

$۰-$۱k

Official Fix

CVE-2020-13664

۶.۳

Drupal Directory Remote Code Execution

$۲k-$5k

Official Fix

CVE-2020-13662

۶.۳

Drupal External URL redirect

$۱k-$2k

Not Defined

CVE-2020-13665

۴.۳

Drupal JSON API access control

$۱k-$2k

Official Fix

CVE-2021-24256

۳.۵

Elementor - Header, Footer & Blocks Template Plugin Widget cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24259

۳.۵

Elementor Addon Elements Plugin Widget cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24263

۳.۵

Elementor Addons PowerPack Addons for Elementor Plugin Widget cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24258

۳.۵

Elements Kit Lite Plugin/Elements Kit Pro Plugin Widget cross site scripting

$۰-$۱k

Official Fix

CVE-2021-27571

۵.۳

Emote Remote Mouse missing encryption

$۱k-$2k

Not Defined

CVE-2021-27572

۵.۶

Emote Remote Mouse Packet authentication replay

$۱k-$2k

Not Defined

CVE-2021-27570

۳.۷

Emote Remote Mouse Packet cleartext transmission

$۰-$۱k

Not Defined

CVE-2021-27569

۳.۷

Emote Remote Mouse Packet cleartext transmission

$۰-$۱k

Not Defined

CVE-2021-27573

۷.۳

Emote Remote Mouse UDP Packet Remote Code Execution

$۲k-$5k

Workaround

CVE-2021-27574

۳.۷

Emote Remote Mouse Update missing encryption

$۰-$۱k

Not Defined

CVE-2020-28019

۶.۳

Exim BDAT Error memory corruption

$۲k-$5k

Official Fix

CVE-2020-28022

۶.۳

Exim extract_option out-of-bounds write

$۲k-$5k

Official Fix

CVE-2020-28014

۵.۵

Exim File Creation unknown vulnerability

$۲k-$5k

Official Fix

CVE-2020-28009

۶.۳

Exim get_stdinput integer overflow

$۲k-$5k

Official Fix

CVE-2020-28026

۵.۴

Exim Line spool_read_header injection

$۲k-$5k

Official Fix

CVE-2020-28007

۸.۸

Exim Log Directory Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2020-28010

۶.۳

Exim main out-of-bounds write

$۲k-$5k

Official Fix

CVE-2020-28013

۶.۳

Exim parse_fix_phrase heap-based overflow

$۲k-$5k

Official Fix

CVE-2020-28016

۶.۳

Exim parse_fix_phrase out-of-bounds write

$۲k-$5k

Official Fix

CVE-2020-28025

۴.۳

Exim pdkim_finish_bodyhash out-of-bounds read

$۱k-$2k

Official Fix

CVE-2020-28012

۶.۳

Exim Pipe Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2020-28011

۶.۳

Exim queue_run heap-based overflow

$۲k-$5k

Official Fix

CVE-2020-28017

۵.۶

Exim receive_add_recipient integer overflow

$۲k-$5k

Official Fix

CVE-2020-28020

۷.۳

Exim receive_msg integer overflow

$۲k-$5k

Official Fix

CVE-2020-28023

۴.۳

Exim smtp_setup_msg out-of-bounds read

$۱k-$2k

Official Fix

CVE-2020-28024

۶.۳

Exim smtp_ungetc heap-based overflow

$۲k-$5k

Official Fix

CVE-2020-28008

۸.۸

Exim Spool Directory Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2020-28021

۵.۴

Exim Spool Header File injection

$۲k-$5k

Official Fix

CVE-2020-28015

۵.۴

Exim Spool Header File injection

$۲k-$5k

Official Fix

CVE-2020-28018

۶.۳

Exim tls-openssl.c use after free

$۲k-$5k

Official Fix

CVE-2021-27216

۵.۴

Exim unknown vulnerability

$۲k-$5k

Official Fix

CVE-2020-23263

۳.۵

Fork CMS add cross site scripting

$۰-$۱k

Not Defined

CVE-2020-23264

۳.۵

ForkCMS cross-site request forgery

$۰-$۱k

Official Fix

CVE-2021-31455

۷.۸

Foxit Reader XFA Form use after free

$۲k-$5k

Not Defined

CVE-2021-31458

۷.۸

Foxit Reader Annotation Object use after free

$۲k-$5k

Not Defined

CVE-2021-31457

۷.۸

Foxit Reader Annotation Object use after free

$۲k-$5k

Not Defined

CVE-2021-31456

۷.۸

Foxit Reader Annotation Object use after free

$۲k-$5k

Not Defined

CVE-2021-31451

۷.۸

Foxit Reader Annotation Object use after free

$۲k-$5k

Not Defined

CVE-2021-31441

۷.۸

Foxit Reader Annotation Object use after free

$۲k-$5k

Not Defined

CVE-2021-31461

۷.۸

Foxit Reader app.media Object type confusion

$۲k-$5k

Not Defined

CVE-2021-31454

۷.۸

Foxit Reader Decimal Element heap-based overflow

$۲k-$5k

Not Defined

CVE-2021-31468

۷.۸

Foxit Reader U3D File out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-31467

۷.۸

Foxit Reader U3D File out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-31449

۷.۸

Foxit Reader U3D Object double free

$۲k-$5k

Not Defined

CVE-2021-31466

۷.۸

Foxit Reader U3D Object out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-31471

۷.۸

Foxit Reader U3D Object out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-31469

۷.۸

Foxit Reader U3D Object out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-31464

۷.۸

Foxit Reader U3D Object out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-31463

۳.۳

Foxit Reader U3D Object out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-31462

۳.۳

Foxit Reader U3D Object out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-31448

۳.۳

Foxit Reader U3D Object out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-31447

۳.۳

Foxit Reader U3D Object out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-31446

۳.۳

Foxit Reader U3D Object out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-31445

۳.۳

Foxit Reader U3D Object out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-31444

۳.۳

Foxit Reader U3D Object out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-31443

۳.۳

Foxit Reader U3D Object out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-31472

۳.۳

Foxit Reader U3D Object out-of-bounds write

$۲k-$5k

Not Defined

CVE-2021-31465

۳.۳

Foxit Reader U3D Object out-of-bounds write

$۲k-$5k

Not Defined

CVE-2021-31442

۳.۳

Foxit Reader U3D Object out-of-bounds write

$۲k-$5k

Not Defined

CVE-2021-31470

۳.۳

Foxit Reader U3D Object use after free

$۲k-$5k

Not Defined

CVE-2021-31452

۷.۸

Foxit Reader XFA Form out-of-bounds write

$۲k-$5k

Not Defined

CVE-2021-31459

۷.۸

Foxit Reader XFA Form use after free

$۲k-$5k

Not Defined

CVE-2021-31453

۷.۸

Foxit Reader XFA Form use after free

$۲k-$5k

Not Defined

CVE-2021-31450

۷.۸

Foxit Reader XFA Form use after free

$۲k-$5k

Not Defined

CVE-2021-31460

۷.۸

Foxit Reader XFA Template use after free

$۲k-$5k

Not Defined

CVE-2021-22211

۵.۵

GitLab Community Edition/Enterprise Edition Dependency Proxy unknown vulnerability

$۲k-$5k

Not Defined

CVE-2021-22209

۵.۳

GitLab Community Edition/Enterprise Edition GraphQL unknown vulnerability

$۲k-$5k

Not Defined

CVE-2021-22210

۵.۳

GitLab Community Edition/Enterprise Edition Query Parameter denial of service

$۰-$۱k

Not Defined

CVE-2021-22206

۴.۳

GitLab Pull Mirror Credential information disclosure

$۱k-$2k

Not Defined

CVE-2021-22208

۶.۳

GitLab Timestamp permission

$۲k-$5k

Not Defined

CVE-2021-21233

۸.۸

Google Chrome ANGLE heap-based overflow

$۵۰k-$100k

Official Fix

CVE-2021-21232

۸.۸

Google Chrome Dev Tools use after free

$۵۰k-$100k

Official Fix

CVE-2021-21229

۶.۵

Google Chrome Downloads clickjacking

$۵۰k-$100k

Official Fix

CVE-2021-21228

۴.۳

Google Chrome Extensions access control

$۵۰k-$100k

Official Fix

CVE-2021-21231

۸.۸

Google Chrome V8 heap-based overflow

$۵۰k-$100k

Official Fix

CVE-2021-21227

۸.۸

Google Chrome V8 heap-based overflow

$۵۰k-$100k

Official Fix

CVE-2021-21230

۸.۸

Google Chrome V8 type confusion

$۵۰k-$100k

Official Fix

CVE-2021-28150

۳.۵

Hongdian H8922 cli.conf information disclosure

$۰-$۱k

Not Defined

CVE-2021-28149

۴.۳

Hongdian H8922 log_download.cgi pathname traversal

$۱k-$2k

Not Defined

CVE-2021-28152

۶.۳

Hongdian H8922 Telnet Service hard-coded credentials

$۱k-$2k

Workaround

CVE-2021-28151

۵.۵

Hongdian H8922 tools.cgi os command injection

$۱k-$2k

Not Defined

CVE-2021-29203

۷.۳

HPE Edgeline Infrastructure Manager improper authentication

$۱۰k-$25k

Official Fix

CVE-2020-4987

۳.۵

IBM FlashSystem 900 User Management GUI cross site scripting

$۲k-$5k

Not Defined

CVE-2021-20515

۶.۷

IBM Informix Dynamic Server stack-based overflow

$۱۰k-$25k

Not Defined

CVE-2021-20401

۲.۵

IBM QRadar SIEM hard-coded credentials

$۲k-$5k

Not Defined

CVE-2020-4932

۵.۳

IBM QRadar SIEM hard-coded credentials

$۵k-$10k

Not Defined

CVE-2020-4883

۴.۳

IBM QRadar SIEM information disclosure

$۵k-$10k

Not Defined

CVE-2020-4979

۵.۶

IBM QRadar SIEM Inter-Deployment Communication Remote Code Execution

$۱۰k-$25k

Not Defined

CVE-2021-20397

۴.۳

IBM QRadar SIEM Web UI cross site scripting

$۵k-$10k

Not Defined

CVE-2020-4929

۳.۵

IBM QRadar SIEM Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2020-5013

۶.۳

IBM QRadar SIEM XML Data xml external entity reference

$۵k-$10k

Not Defined

CVE-2020-4993

۴.۷

IBM QRadar SIEM ZIP File Decompression path traversal

$۵k-$10k

Not Defined

CVE-2020-4901

۶.۳

IBM Robotic Process Automation with Automation Anywhere unknown vulnerability

$۱۰k-$25k

Not Defined

CVE-2020-28198

۵.۵

IBM Tivoli Storage Manager Command Line Administrative Interface dsmadmc.exe buffer overflow

$۱۰k-$25k

Not Defined

CVE-2021-30170

۳.۵

Junhe ERP POS Customer Profile Page cross site scripting

$۰-$۱k

Official Fix

CVE-2021-30171

۳.۵

Junhe ERP POS News Page cross site scripting

$۰-$۱k

Official Fix

CVE-2021-30173

۶.۳

Junhe Omnidirectional Communication System path traversal

$۱k-$2k

Official Fix

CVE-2021-30172

۳.۵

Junhe Omnidirectional Communication System Picture Preview Page cross site scripting

$۰-$۱k

Official Fix

CVE-2021-31870

۵.۵

klibc calloc integer overflow

$۲k-$5k

Official Fix

CVE-2021-31872

۵.۵

klibc cpio Command integer overflow

$۲k-$5k

Official Fix

CVE-2021-31871

۵.۵

klibc cpio Command integer overflow

$۲k-$5k

Official Fix

CVE-2021-31873

۵.۵

klibc malloc integer overflow

$۲k-$5k

Official Fix

CVE-2020-35757

۵.۳

Libre Wireless LS9 ADB over TCP improper authentication

$۱k-$2k

Workaround

CVE-2020-35756

۴.۳

Libre Wireless LS9 luci_service Daemon information disclosure

$۱k-$2k

Workaround

CVE-2020-35755

۳.۵

Libre Wireless LS9 luci_service Daemon Read_ information disclosure

$۰-$۱k

Not Defined

CVE-2020-35758

۶.۳

Libre Wireless LS9 Web Interface improper authentication

$۱k-$2k

Workaround

CVE-2020-35519

۷.۱

Linux Kernel af_x25.c x25_bind out-of-bounds read

$۵k-$10k

Not Defined

CVE-2021-31829

۲.۶

Linux Kernel BPF Stack verifier.c information disclosure

$۲k-$5k

Official Fix

CVE-2021-3501

۵.۵

Linux Kernel KVM API out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-31916

۶.۳

Linux Kernel Multi-device Driver Module dm-ioctl.c list_devices out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-26122

۳.۵

LivingLogic XIST4C Feedback feedback.htm cross site scripting

$۰-$۱k

Official Fix

CVE-2021-26123

۳.۵

LivingLogic XIST4C Login login.htm cross site scripting

$۰-$۱k

Official Fix

CVE-2020-20247

۴.۳

MikroTik RouterOS Traceroute traceroute memory corruption

$۲k-$5k

Official Fix

CVE-2020-20218

۴.۳

MikroTik RouterOS Traceroute traceroute memory corruption

$۲k-$5k

Not Defined

CVE-2021-28860

۳.۵

mixme merge denial of service

$۰-$۱k

Official Fix

CVE-2021-29491

۵.۴

mixme merge dynamically-managed code resources

$۲k-$5k

Official Fix

CVE-2021-20326

۶.۵

MongoDB Server Find Query denial of service

$۰-$۱k

Official Fix

CVE-2021-29951

۶.۳

Mozilla Firefox ESR/Thunderbird Mozilla Maintenance Service access control

$۲۵k-$50k

Official Fix

CVE-2021-32093

۳.۵

NSA Emissary ConfigFileAction information disclosure

$۰-$۱k

Not Defined

CVE-2021-32096

۳.۵

NSA Emissary ConsoleAction cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-32092

۳.۵

NSA Emissary cross site scripting

$۰-$۱k

Not Defined

CVE-2021-32095

۴.۶

NSA Emissary unknown vulnerability

$۱k-$2k

Not Defined

CVE-2021-32094

۵.۵

NSA Emissary unrestricted upload

$۱k-$2k

Not Defined

CVE-2021-1081

۷.۸

NVIDIA vGPU Software Kernel Mode Driver buffer overflow

$۲k-$5k

Official Fix

CVE-2021-1086

۷.۱

NVIDIA Virtual GPU Manager access control

$۲k-$5k

Official Fix

CVE-2021-1087

۵.۵

NVIDIA Virtual GPU Manager Address Space Layout Randomization information disclosure

$۰-$۱k

Official Fix

CVE-2021-1084

۷.۱

NVIDIA Virtual GPU Manager Kernel Mode Driver buffer overflow

$۲k-$5k

Official Fix

CVE-2021-1083

۷.۸

NVIDIA Virtual GPU Manager Kernel Mode Driver buffer overflow

$۲k-$5k

Official Fix

CVE-2021-1082

۷.۸

NVIDIA Virtual GPU Manager Local Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-1080

۷.۸

NVIDIA Virtual GPU Manager Local Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-1085

۷.۸

NVIDIA Virtual GPU Manager Shared Memory buffer overflow

$۲k-$5k

Official Fix

CVE-2020-19113

۶.۳

Online Book Store admin_add.php unrestricted upload

$۲k-$5k

Not Defined

CVE-2020-19112

۸.۰

Online Book Store admin_delete.php sql injection

$۱k-$2k

Not Defined

CVE-2020-19109

۸.۰

Online Book Store admin_edit.php sql injection

$۱k-$2k

Not Defined

CVE-2020-19111

۷.۳

Online Book Store admin_verify.php improper authentication

$۱k-$2k

Not Defined

CVE-2020-19110

۸.۰

Online Book Store book.php sql injection

$۱k-$2k

Not Defined

CVE-2020-19108

۸.۰

Online Book Store bookPerPub.php sql injection

$۱k-$2k

Not Defined

CVE-2020-19114

۸.۰

Online Book Store edit_book.php sql injection

$۱k-$2k

Not Defined

CVE-2020-19107

۸.۰

Online Book Store edit_book.php sql injection

$۱k-$2k

Not Defined

CVE-2021-31828

۶.۳

Open Distro for Elasticsearch Alerting Plugin server-side request forgery

$۲k-$5k

Official Fix

CVE-2021-32102

۶.۳

OpenEMR ajax_code.php sql injection

$۱k-$2k

Official Fix

CVE-2021-32101

۶.۳

OpenEMR Patient Portal _machine_config.php access control

$۲k-$5k

Official Fix

CVE-2021-32104

۶.۳

OpenEMR save.php sql injection

$۱k-$2k

Official Fix

CVE-2021-32103

۲.۴

OpenEMR usergroup_admin.php cross site scripting

$۰-$۱k

Official Fix

CVE-2021-25319

۷.۸

openSUSE Factory Virtualbox default permission

$۱k-$2k

Not Defined

CVE-2021-31934

۶.۱

OX Software OX App Suite Contact Object cross site scripting

$۰-$۱k

Not Defined

CVE-2021-31935

۶.۱

OX Software OX App Suite Distribution List cross site scripting

$۰-$۱k

Not Defined

CVE-2020-28945

۶.۱

OX Software OX App Suite Note Item cross site scripting

$۰-$۱k

Not Defined

CVE-2020-28943

۶.۵

OX Software OX App Suite Snippet server-side request forgery

$۱k-$2k

Not Defined

CVE-2020-28944

۷.۵

OX Software OX Guard WKS Server denial of service

$۰-$۱k

Not Defined

CVE-2020-36125

۶.۳

PAX Technology PAXSTORE Endpoint access control

$۲k-$5k

Not Defined

CVE-2020-36126

۶.۳

PAX Technology PAXSTORE Marketplace Endpoint access control

$۲k-$5k

Not Defined

CVE-2020-36127

۳.۵

PAX Technology PAXSTORE PUK Signature information disclosure

$۰-$۱k

Not Defined

CVE-2020-36128

۳.۷

PAX Technology PAXSTORE Session Token information disclosure

$۱k-$2k

Not Defined

CVE-2020-36124

۶.۳

PAX Technology PAXSTORE XML Data xml external entity reference

$۱k-$2k

Not Defined

CVE-2020-18888

۵.۴

puppyCMS Folder unknown vulnerability

$۲k-$5k

Not Defined

CVE-2020-18890

۶.۳

puppyCMS functions.php permission

$۲k-$5k

Not Defined

CVE-2020-18889

۳.۵

puppyCMS settings.php cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-1891

۸.۴

Qualcomm Snapdragon Auto Audio Driver use after free

$۱۰k-$25k

Official Fix

CVE-2020-11295

۶.۸

Qualcomm Snapdragon Auto Camera use after free

$۱۰k-$25k

Official Fix

CVE-2020-11254

۶.۲

Qualcomm Snapdragon Auto CTX Pointer memory corruption

$۵k-$10k

Official Fix

CVE-2021-1910

۷.۳

Qualcomm Snapdragon Auto double free

$۱۰k-$25k

Official Fix

CVE-2021-1927

۸.۴

Qualcomm Snapdragon Auto FastRPC Driver use after free

$۱۰k-$25k

Official Fix

CVE-2021-1906

۶.۲

Qualcomm Snapdragon Auto GPU Address allocation of resources

$۲k-$5k

Official Fix

CVE-2021-1925

۷.۵

Qualcomm Snapdragon Auto Group Management Action Frame denial of service

$۵k-$10k

Official Fix

CVE-2020-11273

۷.۵

Qualcomm Snapdragon Auto Histogram null pointer dereference

$۵k-$10k

Official Fix

CVE-2020-11294

۵.۹

Qualcomm Snapdragon Auto Logging out-of-bounds write

$۵k-$10k

Official Fix

CVE-2021-1905

۸.۴

Qualcomm Snapdragon Auto Memory Mapping use after free

$۱۰k-$25k

Official Fix

CVE-2020-11274

۷.۵

Qualcomm Snapdragon Auto Modem denial of service

$۵k-$10k

Official Fix

CVE-2021-1915

۷.۸

Qualcomm Snapdragon Auto NDP Application Information buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11288

۷.۸

Qualcomm Snapdragon Auto Playready out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2020-11285

۸.۲

Qualcomm Snapdragon Auto RTCP Packet buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11279

۷.۵

Qualcomm Snapdragon Auto SDES Packet memory corruption

$۱۰k-$25k

Official Fix

CVE-2020-11284

۸.۴

Qualcomm Snapdragon Auto System Call Local Privilege Escalation

$۱۰k-$25k

Official Fix

CVE-2020-11289

۷.۸

Qualcomm Snapdragon Auto TZ Command out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2020-11293

۵.۱

Qualcomm Snapdragon Auto Widevine TA out-of-bounds read

$۲k-$5k

Official Fix

CVE-2020-11268

۷.۵

Qualcomm Snapdragon Auto/Snapdragon Mobile SIB1 denial of service

$۵k-$10k

Official Fix

CVE-2021-1895

۶.۸

Qualcomm Snapdragon Consumer IOT Image Flashing integer overflow

$۱۰k-$25k

Official Fix

CVE-2021-31918

۳.۵

Red Hat Openstack tripleo-ansible information disclosure

$۲k-$5k

Not Defined

CVE-2021-29477

۵.۰

Redis Command integer overflow

$۲k-$5k

Official Fix

CVE-2021-29478

۵.۰

Redis redis-server integer overflow

$۲k-$5k

Official Fix

CVE-2021-20254

۵.۰

Samba smbd File Server out-of-bounds read

$۱k-$2k

Official Fix

CVE-2020-22428

۳.۵

SolarWinds Serv-U Directory Name cross site scripting

$۰-$۱k

Official Fix

CVE-2021-25179

۳.۵

SolarWinds Serv-U HTTP Host Header cross site scripting

$۰-$۱k

Official Fix

CVE-2021-3154

۴.۳

SolarWinds Serv-U Macro injection

$۲k-$5k

Official Fix

CVE-2021-32091

۳.۵

StackLift LocalStack cross site scripting

$۰-$۱k

Not Defined

CVE-2021-32090

۵.۵

StackLift LocalStack Dashboard os command injection

$۱k-$2k

Not Defined

CVE-2021-24276

۳.۵

Supsystic Contact Form Plugin Options Page cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24275

۳.۵

Supsystic Popup Plugin Options Page cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24274

۳.۵

Supsystic Ultimate Maps Plugin Options Page cross site scripting

$۰-$۱k

Official Fix

CVE-2021-25317

۴.۰

SUSE Linux Enterprise Server default permission

$۵k-$10k

Not Defined

CVE-2021-31755

۵.۵

Tenda AC11 POST Request setmac stack-based overflow

$۲k-$5k

Not Defined

CVE-2021-31758

۵.۵

Tenda AC11 POST Request setportList stack-based overflow

$۲k-$5k

Not Defined

CVE-2021-31757

۵.۵

Tenda AC11 POST Request setVLAN stack-based overflow

$۲k-$5k

Not Defined

CVE-2021-31756

۵.۵

Tenda AC11 POST Request setwanType stack-based overflow

$۲k-$5k

Not Defined

CVE-2021-22675

۷.۲

Texas Instruments SimpleLink Wi-Fi CC3100 Over-the-Air Firmware Update File integer overflow

$۲k-$5k

Official Fix

CVE-2021-22671

۷.۳

Texas Instruments SimpleLink Wi-Fi MSP432E4 SDK Domain Name integer overflow

$۲k-$5k

Official Fix

CVE-2021-22679

۶.۳

Texas Instruments SimpleLink Wi-Fi MSP432E4 SDK HTTP Header integer overflow

$۲k-$5k

Official Fix

CVE-2021-22677

۵.۵

Texas Instruments SimpleLink Wi-Fi MSP432E4 SDK MCU API integer overflow

$۲k-$5k

Not Defined

CVE-2021-22673

۶.۳

Texas Instruments SimpleLink Wi-Fi MSP432E4 SDK Over-the-Air Firmware Update stack-based overflow

$۲k-$5k

Official Fix

CVE-2020-36334

۳.۵

themegrill-demo-importer Database Wipe cross-site request forgery

$۰-$۱k

Official Fix

CVE-2020-36333

۵.۴

themegrill-demo-importer Database Wipe improper authentication

$۱k-$2k

Official Fix

CVE-2021-31518

۵.۳

Trend Micro Home Network Security File Parser denial of service

$۵k-$10k

Official Fix

CVE-2021-31517

۵.۳

Trend Micro Home Network Security File Parser denial of service

$۵k-$10k

Official Fix

CVE-2021-31409

۵.۳

Vaadin EmailValidator resource consumption

$۰-$۱k

Official Fix

CVE-2021-31411

۴.۳

Vaadin Frontend temp file

$۲k-$5k

Official Fix

CVE-2021-21984

۶.۳

VMware vRealize Business for Cloud Remote Privilege Escalation

$۱۰k-$25k

Official Fix

CVE-2021-24244

۵.۵

WPBakery Page Builder Clipboard Plugin AJAX Action authorization

$۱k-$2k

Official Fix

CVE-2021-24243

۳.۵

WPBakery Page Builder Clipboard Plugin AJAX Action cross site scripting

$۰-$۱k

Official Fix

CVE-2021-28959

۷.۳

Zoho ManageEngine EventLog Analyzer ZIP Archive pathname traversal

$۲k-$5k

Not Defined