آسیبپذیریهای حیاتی هفته سوم شهریورماه
این هفته آسیبپذیریهای «حیاتی» و «پرخطر» بسیاری در محصولات مهم Cisco گزارش و وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شد. همچنین در محصولات شرکتهای Fortinet، Nextcloud، Apple، QNAP، Qualcomm و افزونههای WordPress چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت.
لیست این آسیبپذیریها بههمراه سطح خطر آنها در جدول زیر آمده است.
|
شناسه آسیبپذیری |
امتیاز مبنا |
عنوان آسیبپذیری |
ارزش روز صفر |
رفع آسیبپذیری |
|
CVE-2020-24672 |
۹.۸ |
ABB Base Software for SoftControl insufficient verification of data authenticity |
$۲k-$5k |
Not Defined |
|
CVE-2021-35526 |
۳.۳ |
ABB Power Grids System Data Manager DM600 Backup File cleartext storage |
$۰-$۱k |
Official Fix |
|
CVE-2021-31785 |
۲.۱ |
Actions ATS2815/ATS2819 Bluetooth Classic BrakTooth deadlock |
$۰-$۱k |
Not Defined |
|
CVE-2021-31786 |
۲.۱ |
Actions ATS2815/ATS2819 Bluetooth Classic BrakTooth deadlock |
$۰-$۱k |
Not Defined |
|
CVE-2021-28567 |
۵.۰ |
Adobe Magento Customers Module improper authorization |
$۵k-$10k |
Official Fix |
|
CVE-2021-38540 |
۷.۳ |
Apache Airflow Variable Import Endpoint privileges management |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-38555 |
۵.۵ |
Apache Any23 StreamUtils.java xml external entity reference |
$۵k-$25k |
Official Fix |
|
CVE-2021-40146 |
۶.۳ |
Apache Any23 YAMLExtractor.java Privilege Escalation |
$۵k-$25k |
Official Fix |
|
CVE-2021-37579 |
۵.۵ |
Apache Dubbo Configuration deserialization |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-36163 |
۵.۵ |
Apache Dubbo Hessian Protocol access control |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-36162 |
۶.۳ |
Apache Dubbo SnakeYAML Privilege Escalation |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-36161 |
۶.۳ |
Apache Dubbo toString format string |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-30675 |
۵.۳ |
Apple Boot Camp State Management memory corruption |
$۵k-$10k |
Official Fix |
|
CVE-2021-30742 |
۶.۳ |
Apple iOS/iPadOS Audio File memory corruption |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-1833 |
۳.۳ |
Apple iOS/iPadOS denial of service |
$۵k-$10k |
Official Fix |
|
CVE-2021-30703 |
۷.۸ |
Apple iOS/iPadOS double free |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-30664 |
۶.۳ |
Apple iOS/iPadOS File out-of-bounds write |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-30764 |
۶.۳ |
Apple iOS/iPadOS File Remote Code Execution |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-30662 |
۶.۳ |
Apple iOS/iPadOS File Remote Code Execution |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-30753 |
۴.۳ |
Apple iOS/iPadOS Font out-of-bounds read |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-30733 |
۴.۳ |
Apple iOS/iPadOS Font out-of-bounds read |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-30706 |
۴.۳ |
Apple iOS/iPadOS Image information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-30752 |
۶.۳ |
Apple iOS/iPadOS Image out-of-bounds read |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-30743 |
۶.۳ |
Apple iOS/iPadOS Image out-of-bounds write |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-1838 |
۶.۳ |
Apple iOS/iPadOS Image Remote Code Execution |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-1812 |
۷.۸ |
Apple iOS/iPadOS Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-30756 |
۴.۰ |
Apple iOS/iPadOS Lock Screen information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1863 |
۴.۳ |
Apple iOS/iPadOS NFC Tag improper authentication |
$۵k-$10k |
Official Fix |
|
CVE-2021-1862 |
۲.۴ |
Apple iOS/iPadOS Siri Search information disclosure |
$۲k-$5k |
Official Fix |
|
CVE-2021-30750 |
۵.۳ |
Apple macOS Contact permission |
$۵k-$10k |
Official Fix |
|
CVE-2021-30703 |
۷.۸ |
Apple macOS double free |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-30664 |
۶.۳ |
Apple macOS File out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-30755 |
۴.۳ |
Apple macOS Font out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-30753 |
۴.۳ |
Apple macOS Font out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-30733 |
۴.۳ |
Apple MacOS Font out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-30706 |
۴.۳ |
Apple macOS Image information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-30752 |
۶.۳ |
Apple macOS Image out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-30743 |
۶.۳ |
Apple macOS Image out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-30756 |
۴.۰ |
Apple macOS Lock Screen information disclosure |
$۲k-$5k |
Official Fix |
|
CVE-2021-30751 |
۵.۳ |
Apple macOS Privacy Preferences Local Privilege Escalation |
$۵k-$10k |
Official Fix |
|
CVE-2021-30672 |
۷.۸ |
Apple macOS State Management memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-30731 |
۶.۳ |
Apple macOS USB Device Privilege Escalation |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-27940 |
۵.۵ |
Apple TV App File Privilege Escalation |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-30703 |
۷.۸ |
Apple tvOS double free |
$۵k-$10k |
Official Fix |
|
CVE-2021-30664 |
۶.۳ |
Apple tvOS File out-of-bounds write |
$۵k-$10k |
Official Fix |
|
CVE-2021-30764 |
۶.۳ |
Apple tvOS File Remote Code Execution |
$۵k-$10k |
Official Fix |
|
CVE-2021-30755 |
۴.۳ |
Apple tvOS Font out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-30753 |
۴.۳ |
Apple tvOS Font out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-30733 |
۴.۳ |
Apple tvOS Font out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-30752 |
۶.۳ |
Apple tvOS Image out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-30743 |
۶.۳ |
Apple tvOS Image out-of-bounds write |
$۵k-$10k |
Official Fix |
|
CVE-2021-30703 |
۷.۸ |
Apple watchOS double free |
$۵k-$10k |
Official Fix |
|
CVE-2021-30664 |
۶.۳ |
Apple watchOS File out-of-bounds write |
$۵k-$10k |
Official Fix |
|
CVE-2021-30764 |
۶.۳ |
Apple watchOS File Remote Code Execution |
$۵k-$10k |
Official Fix |
|
CVE-2021-30755 |
۴.۳ |
Apple watchOS Font out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-30753 |
۴.۳ |
Apple watchOS Font out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-30733 |
۴.۳ |
Apple watchOS Font out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-30706 |
۴.۳ |
Apple watchOS Image information disclosure |
$۲k-$5k |
Official Fix |
|
CVE-2021-30752 |
۶.۳ |
Apple watchOS Image out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-30743 |
۶.۳ |
Apple watchOS Image out-of-bounds write |
$۵k-$10k |
Official Fix |
|
CVE-2021-28497 |
۵.۴ |
Arista Metamako Operating System Bash Shell access control |
$۲k-$5k |
Official Fix |
|
CVE-2021-28499 |
۵.۳ |
Arista Metamako Operating System credentials management |
$۲k-$5k |
Not Defined |
|
CVE-2021-28498 |
۸.۸ |
Arista Metamako Operating System credentials management |
$۲k-$5k |
Not Defined |
|
CVE-2021-28493 |
۸.۶ |
Arista Metamako Operating System improper authentication |
$۲k-$5k |
Not Defined |
|
CVE-2021-28495 |
۷.۳ |
Arista Metamako Operating System JSON-RPC APIs improper authentication |
$۱k-$2k |
Official Fix |
|
CVE-2021-28494 |
۷.۹ |
Arista Metamako Operating System Web UI improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2019-5318 |
۳.۵ |
Aruba Operating System Software cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2021-37728 |
۶.۳ |
Aruba Operating System Software path traversal |
$۱k-$2k |
Official Fix |
|
CVE-2021-37724 |
۶.۳ |
Aruba Operating System Software Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2021-37733 |
۶.۳ |
Aruba SD-WAN Software and Gateways path traversal |
$۱k-$2k |
Official Fix |
|
CVE-2021-37716 |
۶.۳ |
Aruba SD-WAN Software and Gateways/ArubaOS buffer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-37725 |
۳.۵ |
Aruba SD-WAN Software and Gateways/ArubaOS cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2021-37731 |
۵.۳ |
Aruba SD-WAN Software and Gateways/ArubaOS path traversal |
$۰-$۱k |
Official Fix |
|
CVE-2021-37729 |
۶.۳ |
Aruba SD-WAN Software and Gateways/ArubaOS path traversal |
$۱k-$2k |
Official Fix |
|
CVE-2021-37722 |
۶.۳ |
Aruba SD-WAN Software and Gateways/ArubaOS Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2021-37721 |
۶.۳ |
Aruba SD-WAN Software and Gateways/ArubaOS Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2021-37720 |
۶.۳ |
Aruba SD-WAN Software and Gateways/ArubaOS Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2021-37719 |
۶.۳ |
Aruba SD-WAN Software and Gateways/ArubaOS Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2021-37718 |
۶.۳ |
Aruba SD-WAN Software and Gateways/ArubaOS Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2021-37717 |
۶.۳ |
Aruba SD-WAN Software and Gateways/ArubaOS Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2021-39122 |
۴.۳ |
Atlassian JIRA Server Search Endpoint search information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2021-39116 |
۴.۳ |
Atlassian JIRA Server/Data Center GIF Image Reader denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-39121 |
۴.۳ |
Atlassian JIRA Server/Data Center Private Project key information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2021-28911 |
۳.۷ |
BAB eibPort BMX Interface tmp excessive authentication |
$۱k-$2k |
Not Defined |
|
CVE-2021-28914 |
۳.۱ |
BAB eibPort Configuration weak password |
$۱k-$2k |
Not Defined |
|
CVE-2021-28909 |
۳.۷ |
BAB eibPort SecurityModule excessive authentication |
$۱k-$2k |
Not Defined |
|
CVE-2021-28910 |
۶.۳ |
BAB eibPort server-side request forgery |
$۲k-$5k |
Official Fix |
|
CVE-2021-28913 |
۶.۳ |
BAB eibPort SSH SecurityModule improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2021-31610 |
۲.۱ |
Bluetrum AB32VG1 Bluetooth Classic LMP_AU_rand BrakTooth denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-34150 |
۴.۳ |
Bluetrum AB5301A Bluetooth Classic BrakTooth denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-3768 |
۳.۵ |
BookStack Web Page Generation cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-3767 |
۳.۵ |
BookStack Web Page Generation cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-34786 |
۶.۵ |
Cisco BroadWorks CommPilot Application Software weak authentication |
$۵k-$10k |
Official Fix |
|
CVE-2021-34785 |
۶.۵ |
Cisco BroadWorks CommPilot Application Software weak authentication |
$۵k-$10k |
Official Fix |
|
CVE-2021-34771 |
۵.۵ |
Cisco IOS XR CLI insertion of sensitive information into sent data |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-34728 |
۷.۸ |
Cisco IOS XR CLI os command injection |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-34719 |
۷.۸ |
Cisco IOS XR CLI os command injection |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-34722 |
۶.۷ |
Cisco IOS XR CLI os command injection |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-34721 |
۶.۷ |
Cisco IOS XR CLI os command injection |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-34737 |
۵.۸ |
Cisco IOS XR DHCPv4 Server null pointer dereference |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-34713 |
۷.۴ |
Cisco IOS XR Ethernet Frame resource management |
$۵k-$10k |
Official Fix |
|
CVE-2021-34709 |
۶.۰ |
Cisco IOS XR Image Verification signature verification |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-34720 |
۸.۶ |
Cisco IOS XR IP SLA/TWAMP resource consumption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-34708 |
۶.۰ |
Cisco IOS XR NCS signature verification |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-34718 |
۸.۱ |
Cisco IOS XR SSH Server argument injection |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-38705 |
۳.۵ |
ClinicCases cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2021-38706 |
۵.۰ |
ClinicCases messages_load.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-38707 |
۳.۵ |
ClinicCases Session Token cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-38704 |
۴.۳ |
ClinicCases Session Token cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-40530 |
۲.۶ |
Crypto++ ElGamal Encryption inadequate encryption |
$۰-$۱k |
Not Defined |
|
CVE-2021-38321 |
۵.۲ |
Custom Menu Plugin Plugin Parameter custom-menus.php cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-38347 |
۵.۲ |
Custom Website Data Plugin Parameter edit.php cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-34146 |
۲.۱ |
Cypress CYW920735Q60EVB Bluetooth Classic BrakTooth denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-34148 |
۲.۱ |
Cypress WICED BT Stack Bluetooth Classic BrakTooth denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-34145 |
۲.۱ |
Cypress WICED BT Stack Bluetooth Classic BrakTooth denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-34147 |
۲.۱ |
Cypress WICED BT Stack Bluetooth Classic BrakTooth denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-33045 |
۸.۱ |
Dahua IPC-HX3XXX Data Packet improper authentication |
$۰-$۵k |
Official Fix |
|
CVE-2021-33044 |
۸.۱ |
Dahua IPC-HX3XXX Data Packet improper authentication |
$۰-$۵k |
Official Fix |
|
CVE-2021-36695 |
۳.۵ |
Deskpro Cloud/On-Premise Download File cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-36696 |
۳.۵ |
Deskpro Cloud/On-Premise User Profile cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-40284 |
۴.۳ |
D-Link DSL-3782 Web Interface Igmp.asp denial of service |
$۲k-$5k |
Not Defined |
|
CVE-2020-19266 |
۳.۵ |
Dswjcms articleList cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-19265 |
۳.۵ |
Dswjcms links cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-19267 |
۶.۳ |
Dswjcms PHP File resources unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2020-19268 |
۳.۵ |
Dswjcms tfAdd cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2021-32834 |
۵.۰ |
Eclipse Keti RESTfuls API code injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-32835 |
۷.۳ |
Eclipse Keti RESTfuls API sandbox |
$۲k-$5k |
Not Defined |
|
CVE-2021-38616 |
۶.۳ |
Eigen NLP PATCH Request access control |
$۲k-$5k |
Not Defined |
|
CVE-2021-38615 |
۵.۵ |
Eigen NLP SSO Configuration Endpoint access control |
$۱k-$2k |
Not Defined |
|
CVE-2021-38617 |
۶.۳ |
Eigen NLP User Creation Endpoint access control |
$۲k-$5k |
Not Defined |
|
CVE-2021-28135 |
۲.۱ |
Espressif ESP-IDF Bluetooth Classic BrakTooth denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-28139 |
۴.۱ |
Espressif ESP-IDF Bluetooth Classic BrakTooth Local Privilege Escalation |
$۰-$۱k |
Not Defined |
|
CVE-2021-28136 |
۲.۱ |
Espressif ESP-IDF Bluetooth Classic BrakTooth memory corruption |
$۰-$۱k |
Not Defined |
|
CVE-2021-39496 |
۳.۵ |
EyouCms cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-39501 |
۶.۳ |
EyouCms Logout redirect |
$۱k-$2k |
Not Defined |
|
CVE-2021-39499 |
۳.۵ |
EyouCMS Parameter bind_email cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-39500 |
۵.۵ |
EyouCms path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-39497 |
۵.۰ |
EyouCms URL saveRemote server-side request forgery |
$۲k-$5k |
Not Defined |
|
CVE-2021-24040 |
۶.۳ |
Facebook ParlAI YAML deserialization |
$۵k-$25k |
Official Fix |
|
CVE-2021-39207 |
۶.۷ |
Facebook ParlAI YAML deserialization |
$۵k-$25k |
Official Fix |
|
CVE-2021-33981 |
۴.۳ |
Fish Hunt FL App direct request |
$۲k-$5k |
Not Defined |
|
CVE-2021-33982 |
۴.۳ |
Fish Hunt FL App session expiration |
$۱k-$2k |
Not Defined |
|
CVE-2021-24006 |
۸.۸ |
Fortinet FortiManager SD-WAN Orchestrator Panel access control |
$۱k-$2k |
Official Fix |
|
CVE-2020-15939 |
۴.۳ |
Fortinet FortiSandbox Recovery URL information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2020-29012 |
۵.۶ |
Fortinet FortiSandbox User Session session expiration |
$۱k-$2k |
Official Fix |
|
CVE-2021-36179 |
۸.۰ |
Fortinet FortiWeb CLI Command stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-36182 |
۸.۸ |
Fortinet FortiWeb HTTP Request command injection |
$۲k-$5k |
Official Fix |
|
CVE-2021-33599 |
۵.۵ |
F-Secure Anti-Virus Engine WIM Archive File infinite loop |
$۵k-$10k |
Not Defined |
|
CVE-2021-38727 |
۶.۳ |
Fuel CMS items sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-38723 |
۶.۳ |
Fuel CMS items sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-38721 |
۳.۵ |
Fuel CMS login.php cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2021-38725 |
۳.۷ |
Fuel CMS Login.php excessive authentication |
$۱k-$2k |
Official Fix |
|
CVE-2021-22239 |
۵.۲ |
GitHub Community Edition/Enterprise Edition Metadata unknown vulnerability |
$۲k-$5k |
Not Defined |
|
CVE-2021-40347 |
۵.۵ |
GNU Mailman Postorius POST Request list.py access control |
$۱k-$2k |
Official Fix |
|
CVE-2021-38354 |
۵.۲ |
GNU-Mailman Integration Plugin Parameter mailing-lists-page.php cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-30605 |
۶.۳ |
Google ChromeOS Readiness Tool Installer access control |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-19750 |
۵.۵ |
GPAC box_code_base.c strdup heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2020-19751 |
۵.۵ |
GPAC odf_code.c gf_odf_del_ipmp_tool heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-37219 |
۵.۵ |
HashiCorp Consul/Consul Enterprise Raft RPC Layer Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2021-38698 |
۵.۵ |
HashiCorp Consul/Consul Enterprise Txn.Apply endpoint authorization |
$۱k-$2k |
Official Fix |
|
CVE-2021-37218 |
۵.۵ |
HashiCorp Nomad/Nomad Enterprise Raft RPC Layer Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2021-37101 |
۴.۱ |
Huawei AIS-BW50-00 improper authorization |
$۰-$۱k |
Not Defined |
|
CVE-2020-19285 |
۳.۵ |
Jeesns apply cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-19293 |
۳.۵ |
Jeesns Article add cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-19284 |
۳.۵ |
Jeesns comment cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-19294 |
۳.۵ |
Jeesns Comments comment cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-19280 |
۳.۵ |
Jeesns cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2020-19286 |
۳.۵ |
Jeesns Editor detail cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-19282 |
۳.۵ |
Jeesns Error Message cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-19281 |
۳.۵ |
Jeesns loginusername cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-19289 |
۳.۵ |
Jeesns New Album Tab album cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-19283 |
۳.۵ |
Jeesns newVersion cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-19287 |
۳.۵ |
Jeesns post cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-19288 |
۳.۵ |
Jeesns Private Message u cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-19291 |
۳.۵ |
Jeesns publishdata cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-19292 |
۳.۵ |
Jeesns Question ask cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-19295 |
۳.۵ |
Jeesns topic cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-19290 |
۳.۵ |
Jeesns Weibo Comment comment cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-25735 |
۴.۱ |
Kubernetes kube-apiserver state issue |
$۱k-$2k |
Not Defined |
|
CVE-2021-25737 |
۲.۷ |
Kubernetes Pod Traffic incomplete blacklist |
$۱k-$2k |
Not Defined |
|
CVE-2020-19143 |
۳.۵ |
LibTIFF tif_dir.c TIFFVGetField buffer overflow |
$۱k-$2k |
Not Defined |
|
CVE-2020-19144 |
۳.۵ |
LibTIFF tif_unix.c _TIFFmemcpy buffer overflow |
$۱k-$2k |
Not Defined |
|
CVE-2020-19131 |
۴.۳ |
LibTIFF tiffcrop invertImage buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-36215 |
۳.۵ |
LINE Address clickjacking |
$۱k-$2k |
Not Defined |
|
CVE-2021-36216 |
۶.۳ |
LINE uncontrolled search path |
$۲k-$5k |
Not Defined |
|
CVE-2021-32487 |
۷.۵ |
MediaTek Modem 2G RRM denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-32486 |
۴.۳ |
MediaTek Modem 2G RRM denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-32485 |
۴.۳ |
MediaTek Modem 2G RRM denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-32484 |
۶.۳ |
MediaTek Modem 2G RRM heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-38123 |
۶.۳ |
Micro Focus Network Automation improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2021-40444 |
۸.۸ |
Microsoft Windows MSHTML Remote Code Execution |
$۱۰۰k and more |
Workaround |
|
CVE-2020-19264 |
۳.۵ |
MipCMS cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2020-19263 |
۳.۵ |
MipCMS cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2021-39278 |
۳.۵ |
Moxa WAC-2004 Config Import Menu cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-39279 |
۵.۵ |
Moxa WAC-2004 web_importTFTP command injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-37630 |
۶.۵ |
Nextcloud Circle Secret Circle authorization |
$۲k-$5k |
Official Fix |
|
CVE-2021-32782 |
۵.۴ |
Nextcloud Circles cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-37631 |
۶.۵ |
Nextcloud Deck Circle Membership authorization |
$۲k-$5k |
Official Fix |
|
CVE-2021-37628 |
۷.۵ |
Nextcloud Richdocuments File Drop authorization |
$۲k-$5k |
Official Fix |
|
CVE-2021-37629 |
۵.۳ |
Nextcloud Richdocuments OCS endpoint information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2021-32801 |
۵.۵ |
Nextcloud Server Encryption-at-Rest log file |
$۱k-$2k |
Official Fix |
|
CVE-2021-32802 |
۹.۳ |
Nextcloud Server Image Preview config.php unknown vulnerability |
$۲k-$5k |
Official Fix |
|
CVE-2021-32800 |
۸.۱ |
Nextcloud Server Two Factor Authentication improper authentication |
$۱k-$2k |
Official Fix |
|
CVE-2021-32766 |
۵.۳ |
Nextcloud Text information exposure |
$۱k-$2k |
Official Fix |
|
CVE-2021-33483 |
۳.۵ |
OnyakTech Comments Pro JSON Request CommentsService.ashx cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-33484 |
۲.۶ |
OnyakTech Comments Pro POST Request CommentsService.ashx inadequate encryption |
$۰-$۱k |
Not Defined |
|
CVE-2021-36094 |
۳.۵ |
OTRS Community Edition Appointment Edit Screen cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-36093 |
۵.۳ |
OTRS Community Edition Email denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-36096 |
۲.۷ |
OTRS Community Edition Folder information disclosure |
$۰-$۱k |
Not Defined |
|
CVE-2021-36095 |
۳.۷ |
OTRS Community Edition Lost Password information disclosure |
$۱k-$2k |
Not Defined |
|
CVE-2021-35946 |
۵.۵ |
ownCloud Federated Share permission |
$۱k-$2k |
Official Fix |
|
CVE-2021-35948 |
۶.۳ |
ownCloud Server Password Protected Public Links session fixiation |
$۱k-$2k |
Official Fix |
|
CVE-2021-35947 |
۵.۳ |
ownCloud Server Public Share Controller information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2021-35949 |
۵.۵ |
ownCloud Server Shareinfo Controller permission |
$۱k-$2k |
Official Fix |
|
CVE-2021-40537 |
۵.۵ |
ownCloud user_ldap server-side request forgery |
$۱k-$2k |
Official Fix |
|
CVE-2021-3049 |
۳.۱ |
Palo Alto Cortex XSOAR improper authorization |
$۱k-$2k |
Official Fix |
|
CVE-2021-39503 |
۶.۳ |
PHPMyWind config.cache.php WriteConfig code injection |
$۲k-$5k |
Not Defined |
|
CVE-2020-19855 |
۳.۵ |
phpwcms image_zoom.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-39206 |
۷.۹ |
Pomerium authorization |
$۲k-$5k |
Official Fix |
|
CVE-2021-39162 |
۶.۹ |
Pomerium SETTINGS Frame unusual condition |
$۲k-$5k |
Official Fix |
|
CVE-2021-39204 |
۶.۴ |
Pomerium Stream Reset iteration |
$۰-$۱k |
Official Fix |
|
CVE-2021-32028 |
۴.۳ |
PostgreSQL CONFLICT information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2021-32029 |
۴.۳ |
PostgreSQL UPDATE information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2021-34346 |
۹.۸ |
QNAP NVR Storage Expansion stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-34345 |
۹.۸ |
QNAP NVR Storage Expansion stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-34344 |
۹.۸ |
QNAP QTS/QuTS Hero/QUSBCam2 stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2018-19957 |
۶.۳ |
QNAP QTS/QuTS Hero/QuTScloud improper restriction of rendered ui layers |
$۲k-$5k |
Official Fix |
|
CVE-2021-34343 |
۵.۳ |
QNAP QTS/QuTS Hero/QuTScloud stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-28816 |
۷.۴ |
QNAP QTS/QuTS Hero/QuTScloud stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-28813 |
۷.۹ |
QNAP QuNetSwitch insufficiently protected credentials |
$۱k-$2k |
Official Fix |
|
CVE-2021-1957 |
۶.۵ |
Qualcomm Snapdragon Auto ACL Link Encryption access control |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1934 |
۸.۴ |
Qualcomm Snapdragon Auto Application Loader Object memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1960 |
۶.۵ |
Qualcomm Snapdragon Auto ASB-C Broadcast Packet resource consumption |
$۵k-$10k |
Official Fix |
|
CVE-2021-1956 |
۶.۵ |
Qualcomm Snapdragon Auto ASB-U Packet denial of service |
$۵k-$10k |
Official Fix |
|
CVE-2021-1948 |
۷.۵ |
Qualcomm Snapdragon Auto Beacon out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-1929 |
۴.۳ |
Qualcomm Snapdragon Auto Bootmode information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-1961 |
۶.۷ |
Qualcomm Snapdragon Auto buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1909 |
۵.۹ |
Qualcomm Snapdragon Auto buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1916 |
۹.۸ |
Qualcomm Snapdragon Auto buffer overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1904 |
۴.۳ |
Qualcomm Snapdragon Auto Child Process information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-1958 |
۷.۲ |
Qualcomm Snapdragon Auto fastrpc Kernel Driver use after free |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-11264 |
۷.۳ |
Qualcomm Snapdragon Auto Handshake improper authentication |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-30295 |
۸.۱ |
Qualcomm Snapdragon Auto heap-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1914 |
۷.۵ |
Qualcomm Snapdragon Auto infinite loop |
$۵k-$10k |
Official Fix |
|
CVE-2021-1962 |
۶.۷ |
Qualcomm Snapdragon Auto IOCTL buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1974 |
۷.۵ |
Qualcomm Snapdragon Auto IPA SMMU/WLAN SMMU buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-30294 |
۸.۱ |
Qualcomm Snapdragon Auto KGSL GPU Auxiliary Command null pointer dereference |
$۵k-$10k |
Official Fix |
|
CVE-2021-1935 |
۵.۵ |
Qualcomm Snapdragon Auto null pointer dereference |
$۲k-$5k |
Official Fix |
|
CVE-2021-1930 |
۴.۳ |
Qualcomm Snapdragon Auto out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-1972 |
۹.۸ |
Qualcomm Snapdragon Auto P2P Search buffer overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1971 |
۷.۵ |
Qualcomm Snapdragon Auto Physical Layer State assertion |
$۵k-$10k |
Official Fix |
|
CVE-2021-1952 |
۷.۸ |
Qualcomm Snapdragon Auto Request Buffer buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1919 |
۹.۸ |
Qualcomm Snapdragon Auto RTCP integer underflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1920 |
۹.۸ |
Qualcomm Snapdragon Auto RTCP Packet integer underflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1933 |
۹.۸ |
Qualcomm Snapdragon Auto SDP Body assertion |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1946 |
۹.۸ |
Qualcomm Snapdragon Auto SDP Body null pointer dereference |
$۵k-$10k |
Official Fix |
|
CVE-2021-30290 |
۸.۱ |
Qualcomm Snapdragon Auto Time Fence null pointer dereference |
$۵k-$10k |
Official Fix |
|
CVE-2021-1923 |
۸.۸ |
Qualcomm Snapdragon Auto Trusted Application memory corruption |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1941 |
۷.۵ |
Qualcomm Snapdragon Auto WPA IE String buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1963 |
۶.۷ |
Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables IPA Driver use after free |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1928 |
۴.۶ |
Qualcomm Snapdragon Connectivity EMMC Device buffer overflow |
$۱k-$2k |
Official Fix |
|
CVE-2021-40223 |
۳.۵ |
Rittal CMC PU III Configuration cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-40222 |
۸.۸ |
Rittal CMC PU III Web Management command injection |
$۲k-$5k |
Official Fix |
|
CVE-2021-25461 |
۴.۳ |
Samsung APAService stack-based overflow |
$۱k-$2k |
Official Fix |
|
CVE-2021-25460 |
۳.۶ |
Samsung BlockchainTZService sspExit improper authorization |
$۰-$۱k |
Official Fix |
|
CVE-2021-25459 |
۴.۷ |
Samsung BlockchainTZService sspInit improper authorization |
$۱k-$2k |
Official Fix |
|
CVE-2021-25453 |
۴.۲ |
Samsung Bluetooth API information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-25452 |
۵.۵ |
Samsung DSP driver path traversal |
$۰-$۱k |
Official Fix |
|
CVE-2021-25466 |
۵.۴ |
Samsung Internet Account Token improper authentication |
$۱k-$2k |
Official Fix |
|
CVE-2021-25458 |
۴.۳ |
Samsung ION driver null pointer dereference |
$۰-$۱k |
Official Fix |
|
CVE-2021-25449 |
۶.۰ |
Samsung libsapeextractor heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-25455 |
۴.۳ |
Samsung libsaviextractor.so Library AVI File out-of-bounds read |
$۰-$۱k |
Official Fix |
|
CVE-2021-25456 |
۵.۴ |
Samsung libswmfextractor WMF File out-of-bounds read |
$۰-$۱k |
Official Fix |
|
CVE-2021-25451 |
۳.۳ |
Samsung NetworkPolicyManagerService Pendingetent improper authentication |
$۰-$۱k |
Official Fix |
|
CVE-2021-25462 |
۴.۳ |
Samsung NPU Driver null pointer dereference |
$۰-$۱k |
Official Fix |
|
CVE-2021-25463 |
۴.۷ |
Samsung PENUP Webview access control |
$۱k-$2k |
Official Fix |
|
CVE-2021-25464 |
۳.۳ |
Samsung SamsungCapture File Management information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-25465 |
۴.۳ |
Samsung Themes Scheme input validation |
$۱k-$2k |
Official Fix |
|
CVE-2021-38339 |
۵.۲ |
Simple Matted Thumbnails Plugin simple-matted-thumbnail.php cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-38340 |
۵.۲ |
Simple Shop Plugin Parameter add_product.php cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-38320 |
۵.۲ |
simpleSAMLphp Authentication Plugin simplesamlphp-authentication.php cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-24588 |
۳.۵ |
SMS Alert Order Notifications Plugin Setting Page cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-38357 |
۵.۲ |
SMS OVH Plugin Parameter sms-ovh-sent.php cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-38840 |
۶.۳ |
SourceCodester Simple Water Refilling Station Management System Login.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-38841 |
۶.۳ |
SourceCodester Simple Water Refilling Station Management System system_info SystemSettings.php update_settings Privilege Escalation |
$۲k-$5k |
Not Defined |
|
CVE-2021-40532 |
۵.۵ |
Telegram Web K Alpha Document Extension Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2021-20118 |
۴.۷ |
Tenable Nessus Agent access control |
$۱k-$2k |
Not Defined |
|
CVE-2021-20117 |
۴.۷ |
Tenable Nessus Agent access control |
$۱k-$2k |
Not Defined |
|
CVE-2021-36744 |
۶.۳ |
Trend Micro Security Privilege Escalation |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-35268 |
۴.۱ |
Tuxera ntfs-3g Inode Loader ntfs_inode_real_open heap-based overflow |
$۰-$۱k |
Official Fix |
|
CVE-2021-33289 |
۴.۱ |
Tuxera ntfs-3g MFT Section heap-based overflow |
$۰-$۱k |
Official Fix |
|
CVE-2021-33287 |
۴.۱ |
Tuxera ntfs-3g NTFS Attribute ntfs_attr_pread_i heap-based overflow |
$۰-$۱k |
Official Fix |
|
CVE-2021-35269 |
۴.۱ |
Tuxera ntfs-3g NTFS Attribute ntfs_attr_setup_flag heap-based overflow |
$۰-$۱k |
Official Fix |
|
CVE-2021-33285 |
۴.۱ |
Tuxera ntfs-3g NTFS Attribute ntfs_get_attribute_value heap-based overflow |
$۰-$۱k |
Official Fix |
|
CVE-2021-39255 |
۲.۱ |
Tuxera ntfs-3g NTFS Image ntfs_attr_find_in_attrdef out-of-bounds read |
$۰-$۱k |
Official Fix |
|
CVE-2021-39257 |
۲.۱ |
Tuxera ntfs-3g NTFS Image ntfs_attr_pwrite infinite loop |
$۰-$۱k |
Official Fix |
|
CVE-2021-39254 |
۴.۱ |
Tuxera ntfs-3g NTFS Image ntfs_attr_record_resize integer overflow |
$۰-$۱k |
Official Fix |
|
CVE-2021-39261 |
۴.۱ |
Tuxera ntfs-3g NTFS Image ntfs_compressed_pwrite heap-based overflow |
$۰-$۱k |
Official Fix |
|
CVE-2021-39262 |
۲.۱ |
Tuxera ntfs-3g NTFS Image ntfs_decompress out-of-bounds read |
$۰-$۱k |
Official Fix |
|
CVE-2021-39251 |
۱.۹ |
Tuxera ntfs-3g NTFS Image ntfs_extent_inode_open null pointer dereference |
$۰-$۱k |
Official Fix |
|
CVE-2021-39258 |
۲.۱ |
Tuxera ntfs-3g NTFS Image ntfs_external_attr_find out-of-bounds read |
$۰-$۱k |
Official Fix |
|
CVE-2021-39263 |
۴.۱ |
Tuxera ntfs-3g NTFS Image ntfs_get_attribute_value heap-based overflow |
$۰-$۱k |
Official Fix |
|
CVE-2021-39252 |
۲.۱ |
Tuxera ntfs-3g NTFS Image ntfs_ie_lookup out-of-bounds read |
$۰-$۱k |
Official Fix |
|
CVE-2021-39256 |
۴.۱ |
Tuxera ntfs-3g NTFS Image ntfs_inode_lookup_by_name heap-based overflow |
$۰-$۱k |
Official Fix |
|
CVE-2021-39259 |
۲.۱ |
Tuxera ntfs-3g NTFS Image ntfs_inode_lookup_by_name out-of-bounds read |
$۰-$۱k |
Official Fix |
|
CVE-2021-39260 |
۲.۱ |
Tuxera ntfs-3g NTFS Image ntfs_inode_sync_standard_information out-of-bounds read |
$۰-$۱k |
Official Fix |
|
CVE-2021-39253 |
۲.۱ |
Tuxera ntfs-3g NTFS Image ntfs_runlists_merge_i out-of-bounds read |
$۰-$۱k |
Official Fix |
|
CVE-2021-35266 |
۴.۱ |
Tuxera ntfs-3g NTFS Inode Pathname heap-based overflow |
$۰-$۱k |
Official Fix |
|
CVE-2021-35267 |
۴.۱ |
Tuxera ntfs-3g stack-based overflow |
$۰-$۱k |
Official Fix |
|
CVE-2021-33286 |
۴.۱ |
Tuxera ntfs-3g Unicode String heap-based overflow |
$۰-$۱k |
Official Fix |
|
CVE-2021-38355 |
۶.۱ |
WordPress Bug Library Plugin Parameter bug-library.php cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-39201 |
۵.۵ |
WordPress Editor cross site scripting |
$۲k-$5k |
Official Fix |
|
CVE-2021-39203 |
۴.۹ |
WordPress Private Post information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-38325 |
۵.۲ |
WordPress User Activation Email Plugin user-activation-email.php cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-39202 |
۵.۵ |
WordPress Widget Editor cross site scripting |
$۲k-$5k |
Official Fix |
|
CVE-2021-39200 |
۴.۵ |
WordPress wp_die information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-38360 |
۸.۳ |
WordPress wp-publications Plugin Archive bibtexbrowser.php path traversal |
$۲k-$5k |
Official Fix |
|
CVE-2021-38316 |
۵.۲ |
WP Academic People List Plugin Parameter admin-panel.php cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-38334 |
۵.۲ |
WP Design Maps & Places Plugin Parameter wpdmp-admin.php cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-36870 |
۳.۹ |
WP Google Maps Plugin cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-36871 |
۳.۹ |
WP Google Maps Pro Premium Plugin cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-38333 |
۵.۲ |
WP Scrippets Plugin wp-scrippets.php cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-24601 |
۲.۴ |
WPFront Notification Bar Plugin cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-34143 |
۲.۱ |
Zhuhai Jieli AC6366C Bluetooth Classic deadlock |
$۰-$۱k |
Not Defined |
|
CVE-2021-34144 |
۴.۳ |
Zhuhai Jieli AC6366C BT SDK Bluetooth Classic BrakTooth denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-31612 |
۲.۱ |
Zhuhai Jieli AC690X Bluetooth Classic BrakTooth deadlock |
$۰-$۱k |
Not Defined |
|
CVE-2021-31611 |
۴.۳ |
Zhuhai Jieli AC690X/AC692X Bluetooth Classic BrakTooth deadlock |
$۰-$۱k |
Not Defined |
|
CVE-2021-31613 |
۲.۱ |
Zhuhai Jieli AC690X/AC692X Bluetooth Classic BrakTooth denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-37422 |
۶.۳ |
Zoho ManageEngine ADSelfService Plus Database Linking sql injection |
$۱k-$2k |
Official Fix |
|
CVE-2021-37423 |
۵.۵ |
Zoho ManageEngine ADSelfService Plus Linked Application Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2021-40539 |
۷.۳ |
Zoho ManageEngine ADSelfService Plus REST API improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2021-37414 |
۶.۳ |
Zoho ManageEngine DesktopCentral API Key improper authentication |
$۱k-$2k |
Not Defined |
