info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته سوم تیرماه

 

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Cisco  گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد.  همچنین در  محصولات شرکت‌های SAMSUNG، Fortinet، Foxit، IBM،  Joomla!  و کرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری

امتیاز مبنا

عنوان آسیب‌پذیری

ارزش روز صفر

رفع آسیب‌پذیری

CVE-2021-21807

۵/۵

AccuSoft ImageGear DICOM Parser parse_dicom_meta_info stack-based overflow

$۲k-$5k

Not Defined

CVE-2021-21793

۶/۳

AccuSoft ImageGear JPG Header sof_nb_comp out-of-bounds write

$۲k-$5k

Not Defined

CVE-2021-21821

۶/۳

AccuSoft ImageGear PDF process_fontname stack-based overflow

$۲k-$5k

Not Defined

CVE-2021-21794

۶/۳

AccuSoft ImageGear TIF bits_per_sample out-of-bounds write

$۲k-$5k

Not Defined

CVE-2021-33192

۳/۵

Apache Jena Fuseki HTML Page cross site scripting

$۲k-$5k

Not Defined

CVE-2021-29107

۴/۳

ArcGIS Server cross site scripting

$۰-$۱k

Official Fix

CVE-2021-29106

۴/۳

ArcGIS Server cross site scripting

$۰-$۱k

Official Fix

CVE-2021-34616

۶/۳

Aruba ClearPass Policy Manager command injection

$۲k-$5k

Official Fix

CVE-2021-34615

۶/۳

Aruba ClearPass Policy Manager command injection

$۲k-$5k

Official Fix

CVE-2021-34614

۶/۳

Aruba ClearPass Policy Manager command injection

$۲k-$5k

Official Fix

CVE-2021-34613

۶/۳

Aruba ClearPass Policy Manager command injection

$۲k-$5k

Official Fix

CVE-2021-34612

۶/۳

Aruba ClearPass Policy Manager command injection

$۲k-$5k

Official Fix

CVE-2021-34611

۶/۳

Aruba ClearPass Policy Manager command injection

$۲k-$5k

Official Fix

CVE-2021-34610

۶/۳

Aruba ClearPass Policy Manager command injection

$۲k-$5k

Official Fix

CVE-2021-29152

۴/۳

Aruba ClearPass Policy Manager denial of service

$۰-$۱k

Official Fix

CVE-2021-29150

۶/۳

Aruba ClearPass Policy Manager deserialization

$۲k-$5k

Official Fix

CVE-2021-29151

۷/۳

Aruba ClearPass Policy Manager improper authentication

$۱k-$2k

Official Fix

CVE-2021-34609

۶/۳

Aruba ClearPass Policy Manager sql injection

$۱k-$2k

Official Fix

CVE-2021-27033

۶/۳

Autodesk Design Review PDF File double free

$۲k-$5k

Not Defined

CVE-2021-27036

۶/۳

Autodesk File buffer overflow

$۲k-$5k

Not Defined

CVE-2021-27035

۶/۳

Autodesk File buffer overflow

$۲k-$5k

Not Defined

CVE-2021-27037

۶/۳

Autodesk File double free

$۲k-$5k

Not Defined

CVE-2021-27038

۶/۳

Autodesk PDF File type confusion

$۲k-$5k

Not Defined

CVE-2021-27034

۶/۳

Autodesk PICT File heap-based overflow

$۲k-$5k

Not Defined

CVE-2021-27039

۶/۳

Autodesk TIFF File buffer overflow

$۲k-$5k

Not Defined

CVE-2021-1585

۷/۵

Cisco Adaptive Security Device Manager Signature Verification code injection

$۱۰k-$25k

Official Fix

CVE-2021-1562

۴/۳

Cisco BroadWorks Application Server XSI-Actions Interface information disclosure

$۵k-$10k

Official Fix

CVE-2021-1576

۶/۳

Cisco Business Process Automation Web-based Management Interface improper authorization

$۱۰k-$25k

Official Fix

CVE-2021-1574

۶/۳

Cisco Business Process Automation Web-based Management Interface improper authorization

$۱۰k-$25k

Official Fix

CVE-2021-1607

۳/۵

Cisco Identity Services Engine Web-based Management Interface cross site scripting

$۲k-$5k

Official Fix

CVE-2021-1606

۳/۵

Cisco Identity Services Engine Web-based Management Interface cross site scripting

$۲k-$5k

Official Fix

CVE-2021-1605

۳/۵

Cisco Identity Services Engine Web-based Management Interface cross site scripting

$۲k-$5k

Official Fix

CVE-2021-1604

۳/۵

Cisco Identity Services Engine Web-based Management Interface cross site scripting

$۲k-$5k

Official Fix

CVE-2021-1603

۳/۵

Cisco Identity Services Engine Web-based Management Interface cross site scripting

$۲k-$5k

Official Fix

CVE-2021-1598

۶/۵

Cisco Video Surveillance 7000 Link Layer Discovery Protocol memory leak

$۲k-$5k

Official Fix

CVE-2021-1597

۶/۵

Cisco Video Surveillance 7000 Link Layer Discovery Protocol memory leak

$۲k-$5k

Official Fix

CVE-2021-1596

۶/۵

Cisco Video Surveillance 7000 Link Layer Discovery Protocol memory leak

$۲k-$5k

Official Fix

CVE-2021-1595

۶/۵

Cisco Video Surveillance 7000 Link Layer Discovery Protocol memory leak

$۲k-$5k

Official Fix

CVE-2021-1575

۴/۳

Cisco Virtualized Voice Browser Web-based Management Interface cross site scripting

$۵k-$10k

Official Fix

CVE-2021-1359

۸/۸

Cisco Web Security Appliance Web Interface command injection

$۲۵k-$50k

Official Fix

CVE-2020-25879

۳/۵

Codoforum Manage Users cross site scripting

$۰-$۱k

Not Defined

CVE-2020-25876

۳/۵

Codoforum Pages cross site scripting

$۰-$۱k

Not Defined

CVE-2020-25875

۳/۵

Codoforum Smileys cross site scripting

$۰-$۱k

Not Defined

CVE-2021-33221

۶/۳

CommScope Ruckus IoT Controller API Endpoint missing authentication

$۱k-$2k

Not Defined

CVE-2021-33220

۶/۳

CommScope Ruckus IoT Controller API hard-coded credentials

$۱k-$2k

Not Defined

CVE-2021-33215

۵/۵

CommScope Ruckus IoT Controller API pathname traversal

$۱k-$2k

Not Defined

CVE-2021-33217

۸

CommScope Ruckus IoT Controller API unknown vulnerability

$۲k-$5k

Not Defined

CVE-2021-33216

۵/۵

CommScope Ruckus IoT Controller backdoor

$۱k-$2k

Not Defined

CVE-2021-33219

۵/۵

CommScope Ruckus IoT Controller hard-coded password

$۱k-$2k

Not Defined

CVE-2021-33218

۸

CommScope Ruckus IoT Controller hard-coded password

$۱k-$2k

Not Defined

CVE-2020-24145

۳/۵

Creative Minds CM Download Manager Plugin deletescreenshot cross site scripting

$۰-$۱k

Not Defined

CVE-2020-24146

۴/۶

Creative Minds CM Download Manager Plugin Parameter deletescreenshot pathname traversal

$۱k-$2k

Not Defined

CVE-2020-25392

۳/۵

CSZ CMS Article Plugin cross site scripting

$۰-$۱k

Not Defined

CVE-2020-25391

۳/۵

CSZ CMS Pages Content cross site scripting

$۰-$۱k

Not Defined

CVE-2021-35358

۳/۵

dotCMS c_Images cross site scripting

$۰-$۱k

Not Defined

CVE-2021-35360

۳/۵

dotCMS containers cross site scripting

$۰-$۱k

Not Defined

CVE-2021-35361

۳/۵

dotCMS links cross site scripting

$۰-$۱k

Not Defined

CVE-2021-20738

۴/۳

Elecom WRC-1167FS-W/WRC-1167FS-B/WRC-1167FSA information disclosure

$۱k-$2k

Not Defined

CVE-2021-20739

۶/۳

Elecom WRC-300FEBK os command injection

$۲k-$5k

Not Defined

CVE-2021-23401

۶/۳

Flask-User URL Validation redirect

$۱k-$2k

Not Defined

CVE-2021-28931

۵/۵

Fork CMS Themes Panel themes unrestricted upload

$۱k-$2k

Not Defined

CVE-2021-26106

۸/۸

Fortinet FortiAP CLI Command os command injection

$۲k-$5k

Not Defined

CVE-2021-24005

۲/۷

Fortinet FortiAuthenticator Configuration hard-coded key

$۰-$۱k

Official Fix

CVE-2021-22129

۶/۳

Fortinet FortiMail Administrative Interface buffer overflow

$۲k-$5k

Official Fix

CVE-2021-24020

۵/۶

Fortinet FortiMail Hash signature verification

$۱k-$2k

Not Defined

CVE-2021-24007

۷/۳

Fortinet FortiMail HTTPS sql injection

$۲k-$5k

Official Fix

CVE-2021-26100

۳/۷

Fortinet FortiMail Identity-Based Encryption Service inadequate encryption

$۰-$۱k

Official Fix

CVE-2020-29014

۶/۳

Fortinet FortiSandbox Command Shell race condition

$۰-$۱k

Official Fix

CVE-2021-33795

۵

Foxit Reader/PhantomPDF PDF Document certificate validation

$۱k-$2k

Official Fix

CVE-2021-33792

۶/۳

Foxit Reader/PhantomPDF Trailer Dictionary out-of-bounds write

$۲k-$5k

Official Fix

CVE-2021-22232

۳/۵

GitLab Community Edition injection

$۱k-$2k

Official Fix

CVE-2021-22229

۳/۷

GitLab Community Edition/Enterprise Edition access control

$۲k-$5k

Not Defined

CVE-2021-22223

۶/۳

GitLab Community Edition/Enterprise Edition code injection

$۲k-$5k

Not Defined

CVE-2021-22230

۴/۳

GitLab Community Edition/Enterprise Edition Merge Request code injection

$۲k-$5k

Not Defined

CVE-2021-22231

۴/۳

GitLab Community Edition/Enterprise Edition Profile Page denial of service

$۰-$۱k

Not Defined

CVE-2021-22226

۴/۷

GitLab Community Edition/Enterprise Edition Push Remote Privilege Escalation

$۲k-$5k

Not Defined

CVE-2021-22227

۴/۳

GitLab cross site scripting

$۰-$۱k

Official Fix

CVE-2021-22233

۴/۳

GitLab Enterprise Edition Project information disclosure

$۱k-$2k

Not Defined

CVE-2021-22228

۴/۳

GitLab GraphQL access control

$۲k-$5k

Not Defined

CVE-2021-22224

۵/۴

GitLab GraphQL API cross-site request forgery

$۰-$۱k

Official Fix

CVE-2021-22225

۴/۸

GitLab Makrdown cross site scripting

$۰-$۱k

Not Defined

CVE-2012-2666

۵

Google Go pclntab_test.go dotest temp file

$۱۰k-$25k

Official Fix

CVE-2021-36153

۴/۳

gRPC Swift GRPCWebToHTTP2ServerCodec.swift state issue

$۲k-$5k

Not Defined

CVE-2021-36154

۴/۳

gRPC Swift HTTP2 Frame HTTP2ToRawGRPCServerCodec recursion

$۰-$۱k

Not Defined

CVE-2021-36155

۴/۳

gRPC Swift LengthPrefixedMessageReader buffer overflow

$۲k-$5k

Not Defined

CVE-2021-32715

۳/۷

hyper Crate HTTP Proxy request smuggling

$۲k-$5k

Official Fix

CVE-2021-32714

۵/۳

hyper Crate Transfer-Encoding integer overflow

$۲k-$5k

Official Fix

CVE-2021-29759

۴/۳

IBM App Connect Enterprise Certified Container log file

$۵k-$10k

Official Fix

CVE-2021-20416

۳/۷

IBM Guardium Data Encryption cookie without 'httponly' flag

$۱۰k-$25k

Official Fix

CVE-2021-20474

۷/۳

IBM Guardium Data Encryption improper authentication

$۱۰k-$25k

Official Fix

CVE-2021-20379

۳/۷

IBM Guardium Data Encryption inadequate encryption

$۵k-$10k

Official Fix

CVE-2021-20417

۴/۳

IBM Guardium Data Encryption information exposure

$۵k-$10k

Official Fix

CVE-2021-20415

۳/۷

IBM Guardium Data Encryption Login excessive authentication

$۵k-$10k

Official Fix

CVE-2021-20378

۳/۷

IBM Guardium Data Encryption session expiration

$۵k-$10k

Official Fix

CVE-2021-29730

۶/۳

IBM InfoSphere Information Server Back-End Database sql injection

$۱۰k-$25k

Official Fix

CVE-2021-29712

۴/۳

IBM InfoSphere Information Server Web UI cross site scripting

$۵k-$10k

Official Fix

CVE-2021-29711

۶/۳

IBM UrbanCode Deploy CLI Interface permission

$۱۰k-$25k

Official Fix

CVE-2021-21789

۵/۳

IObit Advanced SystemCare Ultimate IOCTL access control

$۱k-$2k

Not Defined

CVE-2021-21788

۵/۳

IObit Advanced SystemCare Ultimate IOCTL access control

$۱k-$2k

Not Defined

CVE-2021-21787

۵/۳

IObit Advanced SystemCare Ultimate IOCTL access control

$۱k-$2k

Not Defined

CVE-2021-21786

۵/۵

IObit Advanced SystemCare Ultimate IRP Packet access control

$۱k-$2k

Not Defined

CVE-2021-27930

۳/۵

IRIS IRISNext Folder Name cross site scripting

$۰-$۱k

Not Defined

CVE-2021-26038

۵/۵

Joomla com_installer access control

$۱۰k-$25k

Not Defined

CVE-2021-26039

۵/۲

Joomla com_media cross site scripting

$۵k-$10k

Not Defined

CVE-2021-26035

۵/۲

Joomla JForm API cross site scripting

$۵k-$10k

Not Defined

CVE-2021-26037

۶/۳

Joomla user session

$۱۰k-$25k

Not Defined

CVE-2021-26036

۴/۶

Joomla Usergroup Table input validation

$۱۰k-$25k

Not Defined

CVE-2021-24384

۷/۳

JoomSport Plugin POST Parameter joomsport_md_load deserialization

$۲k-$5k

Official Fix

CVE-2021-30116

۳/۵

Kaseya Virtual System Administrator information disclosure

$۰-$۱k

Official Fix

CVE-2021-30118

۶/۳

Kaseya Virtual System Administrator Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-30120

۵

Kaseya VSA 2FA improper authentication

$۱k-$2k

Not Defined

CVE-2021-30119

۳/۵

Kaseya VSA cross site scripting

$۰-$۱k

Official Fix

CVE-2021-30121

۵/۵

Kaseya VSA file inclusion

$۱k-$2k

Official Fix

CVE-2021-30117

۶/۳

Kaseya VSA sql injection

$۱k-$2k

Official Fix

CVE-2021-30201

۵/۵

Kaseya VSA XML xml external entity reference

$۱k-$2k

Official Fix

CVE-2021-3637

۴/۳

Keycloak keycloak-model-infinispan RootAuthenticationSessionEntity allocation of resources

$۰-$۱k

Official Fix

CVE-2021-3612

۶/۳

Linux Kernel Joystick Devices Subsystem out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-35039

۴/۳

Linux Kernel module.c init_module signature verification

$۵k-$10k

Official Fix

CVE-2021-22555

۸/۸

Linux Kernel Netfilter x_tables.c out-of-bounds write

$۲۵k-$50k

Official Fix

CVE-2021-3571

۶/۳

linuxptp ptp4l memory corruption

$۲k-$5k

Official Fix

CVE-2021-3570

۶/۳

linuxptp ptp4l memory corruption

$۲k-$5k

Official Fix

CVE-2020-20211

۵/۴

MikroTik RouterOS console denial of service

$۰-$۱k

Not Defined

CVE-2020-20212

۵/۴

MikroTik RouterOS console null pointer dereference

$۰-$۱k

Not Defined

CVE-2020-20215

۵/۴

MikroTik RouterOS diskd memory corruption

$۲k-$5k

Not Defined

CVE-2020-20216

۶/۴

MikroTik RouterOS graphing use after free

$۲k-$5k

Not Defined

CVE-2020-20213

۵/۴

MikroTik RouterOS net resource consumption

$۰-$۱k

Not Defined

CVE-2020-20217

۴/۳

MikroTik RouterOS route resource consumption

$۰-$۱k

Official Fix

CVE-2020-20225

۵/۴

MikroTik RouterOS user denial of service

$۰-$۱k

Official Fix

CVE-2020-20582

۵/۵

MipCMS ApiAdminDomainSettings.php server-side request forgery

$۱k-$2k

Not Defined

CVE-2021-36212

۴/۸

MISP Sharing Groups View view.ctp cross site scripting

$۰-$۱k

Official Fix

CVE-2021-26273

۶/۶

NinjaRMM Agent access control

$۱k-$2k

Not Defined

CVE-2021-26274

۶/۳

NinjaRMM Agent permission

$۱k-$2k

Not Defined

CVE-2021-31817

۳/۵

Octopus Server OctopusServer.txt log file

$۰-$۱k

Not Defined

CVE-2021-31816

۳/۵

Octopus Server OctopusServer.txt log file

$۰-$۱k

Not Defined

CVE-2021-3598

۳/۵

OpenEXR ImfDeepScanLineInputFile out-of-bounds read

$۰-$۱k

Official Fix

CVE-2021-32972

۶/۳

Panasonic FPWIN Pro Project File xml external entity reference

$۲k-$5k

Not Defined

CVE-2020-20363

۳/۵

PbootCMS admin.php cross site scripting

$۰-$۱k

Not Defined

CVE-2020-23580

۶/۳

PbootCMS Remote Privilege Escalation

$۲k-$5k

Not Defined

CVE-2020-22535

۵/۵

PbootCMS upgradecontroller.php access control

$۱k-$2k

Not Defined

CVE-2021-31925

۵/۳

Pexip Infinity Administrative Web Interface denial of service

$۰-$۱k

Official Fix

CVE-2020-25868

۵/۳

Pexip Infinity Call Setup denial of service

$۰-$۱k

Official Fix

CVE-2020-23702

۳/۵

PHP-Fusion New Shout shoutbox_admin.php cross site scripting

$۰-$۱k

Not Defined

CVE-2020-22251

۴/۱

phpList Manage Administrators cross site scripting

$۰-$۱k

Not Defined

CVE-2020-22249

۶/۳

PHPList unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-34624

۷/۳

ProfilePress Plugin File Uploader FileUploader.php unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-34623

۷/۳

ProfilePress Plugin Image Uploader ImageUploader.php unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-34622

۷/۳

ProfilePress Plugin User Profile Update EditUserProfile.php privileges management

$۲k-$5k

Not Defined

CVE-2021-34621

۷/۳

ProfilePress Plugin User Registration RegistrationAuth.php privileges management

$۲k-$5k

Not Defined

CVE-2021-28809

۷/۳

QNAP QTS Legacy HBS 3 access control

$۲k-$5k

Official Fix

CVE-2021-32534

۹/۸

QSAN SANOS Factory Reset os command injection

$۲k-$5k

Not Defined

CVE-2021-32535

۵/۳

QSAN SANOS hard-coded credentials

$۱k-$2k

Not Defined

CVE-2021-32533

۹/۸

QSAN SANOS Settings os command injection

$۲k-$5k

Not Defined

CVE-2021-32510

۴/۳

QSAN Storage Manager Antivirus information disclosure

$۱k-$2k

Not Defined

CVE-2021-32525

۷/۲

QSAN Storage Manager Control Interface hard-coded password

$۱k-$2k

Not Defined

CVE-2021-32527

۵/۳

QSAN Storage Manager Download path traversal

$۱k-$2k

Not Defined

CVE-2021-32517

۵/۳

QSAN Storage Manager Download share_link access control

$۲k-$5k

Not Defined

CVE-2021-32514

۷/۵

QSAN Storage Manager Firmware Upgrade access control

$۲k-$5k

Not Defined

CVE-2021-32520

۵/۳

QSAN Storage Manager hard-coded key

$۱k-$2k

Not Defined

CVE-2021-32523

۷/۲

QSAN Storage Manager improper authorization

$۲k-$5k

Not Defined

CVE-2021-32528

۳/۱

QSAN Storage Manager information exposure

$۰-$۱k

Not Defined

CVE-2021-32524

۷/۲

QSAN Storage Manager os command injection

$۲k-$5k

Not Defined

CVE-2021-32512

۹/۸

QSAN Storage Manager os command injection

$۲k-$5k

Not Defined

CVE-2021-32526

۴/۳

QSAN Storage Manager permission

$۲k-$5k

Not Defined

CVE-2021-32513

۹/۸

QSAN Storage Manager QsanTorture os command injection

$۲k-$5k

Not Defined

CVE-2021-32515

۵/۳

QSAN Storage Manager share_link information disclosure

$۱k-$2k

Not Defined

CVE-2021-32516

۵/۳

QSAN Storage Manager share_link path traversal

$۱k-$2k

Not Defined

CVE-2021-32518

۵/۳

QSAN Storage Manager share_link symlink

$۲k-$5k

Not Defined

CVE-2021-32507

۴/۳

QSAN Storage Manager URL FileDownload path traversal

$۱k-$2k

Not Defined

CVE-2021-32508

۴/۳

QSAN Storage Manager URL FileStreaming path traversal

$۱k-$2k

Not Defined

CVE-2021-32509

۴/۳

QSAN Storage Manager URL FileviewDoc path traversal

$۱k-$2k

Not Defined

CVE-2021-32506

۶/۳

QSAN Storage Manager URL GetImage path traversal

$۱k-$2k

Not Defined

CVE-2021-32511

۴/۳

QSAN Storage Manager ViewBroserList information disclosure

$۱k-$2k

Not Defined

CVE-2021-32522

۳/۷

QSAN Storage Manager/XEVO/SANOS excessive authentication

$۱k-$2k

Not Defined

CVE-2021-32521

۸/۵

QSAN Storage Manager/XEVO/SANOS MAC Address hard-coded password

$۱k-$2k

Not Defined

CVE-2021-32519

۳/۷

QSAN Storage Manager/XEVO/SANOS unknown vulnerability

$۱k-$2k

Not Defined

CVE-2021-32530

۹/۸

QSAN XEVO Array os command injection

$۲k-$5k

Not Defined

CVE-2021-32532

۵/۳

QSAN XEVO Back-End Analysis path traversal

$۱k-$2k

Not Defined

CVE-2021-32531

۹/۸

QSAN XEVO Init os command injection

$۲k-$5k

Not Defined

CVE-2021-32529

۹/۸

QSAN XEVO/SANOS command injection

$۲k-$5k

Not Defined

CVE-2021-32537

۴/۳

Realtek HDA Driver denial of service

$۰-$۱k

Not Defined

CVE-2020-35987

۳/۵

Rukovoditel Entities List cross site scripting

$۰-$۱k

Not Defined

CVE-2020-35985

۳/۵

Rukovoditel Global Lists cross site scripting

$۰-$۱k

Not Defined

CVE-2020-35986

۳/۵

Rukovoditel Users Access Groups cross site scripting

$۰-$۱k

Not Defined

CVE-2020-35984

۳/۵

Rukovoditel Users Alerts cross site scripting

$۰-$۱k

Not Defined

CVE-2021-25441

۵/۳

Samsung AR Emoji Editor access control

$۱k-$2k

Official Fix

CVE-2021-25431

۵/۳

Samsung Cameralyzer access control

$۱k-$2k

Not Defined

CVE-2021-25440

۵/۳

Samsung FactoryCameraFB Access Control access control

$۱k-$2k

Official Fix

CVE-2021-25442

۵/۵

Samsung KME Module MDM Policy Management privileges management

$۱k-$2k

Official Fix

CVE-2021-25439

۵/۳

Samsung Members access control

$۱k-$2k

Not Defined

CVE-2021-25432

۳/۵

Samsung Members Chat Data information disclosure

$۰-$۱k

Not Defined

CVE-2021-25438

۵/۳

Samsung Members file inclusion

$۱k-$2k

Not Defined

CVE-2021-25426

۵/۵

Samsung Message SmsViewerActivity access control

$۱k-$2k

Official Fix

CVE-2021-25427

۴/۳

Samsung Mobile Phone Bluetooth sql injection

$۱k-$2k

Official Fix

CVE-2021-25428

۵/۵

Samsung PackageManager permission

$۱k-$2k

Official Fix

CVE-2021-25430

۵/۵

Samsung Smart Phone Bluetooth Application improper authentication

$۱k-$2k

Official Fix

CVE-2021-25429

۵/۳

Samsung Smart Phone Bluetooth privileges management

$۱k-$2k

Official Fix

CVE-2021-25434

۵/۵

Samsung Tizen Bootloader input validation

$۱k-$2k

Official Fix

CVE-2021-25433

۵/۵

Samsung Tizen Factory Reset Policy improper authorization

$۱k-$2k

Official Fix

CVE-2021-25435

۵/۵

Samsung Tizen Firmware Download Mode input validation

$۱k-$2k

Official Fix

CVE-2021-25437

۵/۵

Samsung Tizen FOTA Service access control

$۱k-$2k

Official Fix

CVE-2021-25436

۵/۵

Samsung Tizen FOTA Service input validation

$۱k-$2k

Official Fix

CVE-2021-32233

۳/۵

SmarterTools SmarterMail cross site scripting

$۰-$۱k

Official Fix

CVE-2021-35440

۴/۸

Smashing Widget cross site scripting

$۰-$۱k

Official Fix

CVE-2021-20024

۵/۵

SonicWALL Switch LLDP Protocol out-of-bounds read

$۰-$۱k

Not Defined

CVE-2021-32462

۸/۸

Trend Micro Password Manager improper authentication

$۱۰k-$25k

Not Defined

CVE-2021-32461

۵/۳

Trend Micro Password Manager Integer Truncation buffer overflow

$۵k-$10k

Not Defined

CVE-2021-32742

۵

Vapor Data.init(base32Encoded:) deserialization

$۲k-$5k

Official Fix

CVE-2020-24143

۵/۵

Video Downloader for TikTok Plugin Parameter pathname traversal

$۱k-$2k

Not Defined

CVE-2020-24142

۵/۵

Video Downloader for TikTok Plugin server-side request forgery

$۱k-$2k

Not Defined

CVE-2021-21775

۶/۳

WebKit WebKitGTK Event use after free

$۲k-$5k

Not Defined

CVE-2021-21779

۶/۳

WebKit WebKitGTK GraphicsContext use after free

$۲k-$5k

Not Defined

CVE-2021-21806

۶/۳

WebKit WebKitGTK Web Page use after free

$۲k-$5k

Not Defined

CVE-2021-34620

۳/۵

WP Fluent Forms Plugin cross-site request forgery

$۰-$۱k

Official Fix

CVE-2021-24389

۴/۳

WP Foodbakery Plugin Parameter cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24494

۳/۵

WP Offload SES Lite Plugin Admin Dashboard cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24387

۴/۳

WP Pro Real Estate 7 Theme Parameter cross site scripting

$۰-$۱k

Official Fix

CVE-2020-24147

۵/۵

WP Smart Import Plugin server-side request forgery

$۱k-$2k

Not Defined

CVE-2021-24386

۴/۳

WP SVG Images Plugin SVG Image cross site scripting

$۰-$۱k

Official Fix

CVE-2021-34626

۵/۴

WP Upload Restriction Plugin deleteCustomType access control

$۲k-$5k

Not Defined

CVE-2021-34627

۴/۳

WP Upload Restriction Plugin Extension getSelectedMimeTypesByRole access control

$۲k-$5k

Not Defined

CVE-2021-34625

۴/۴

WP Upload Restriction Plugin saveCustomType cross site scripting

$۰-$۱k

Not Defined

CVE-2020-24141

۶/۳

WP-DownloadManager Plugin download-add.php server-side request forgery

$۲k-$5k

Not Defined

CVE-2021-24406

۴/۹

wpForo Forum Plugin Login Form redirect

$۱k-$2k

Official Fix