آسیب‌پذیری‌های حیاتی هفته چهارم آبان‌ماه

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Microsoft گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد. همچنین در محصولات شرکت‌های Qualcomm، Apache، Siemens ، IBM، Palo Alto، Samba و کرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری	امتیاز مبنا	عنوان آسیب‌پذیری	ارزش روز صفر	رفع آسیب‌پذیری
CVE-2021-40518	۳.۵	Airangel HSMX Gateway cross-site request forgery	$۰-$۱k	Not Defined
CVE-2021-40519	۶.۳	Airangel HSMX Gateway hard-coded credentials	$۱k-$2k	Not Defined
CVE-2021-40520	۵.۵	Airangel HSMX Gateway improper authentication	$۱k-$2k	Not Defined
CVE-2021-40521	۶.۳	Airangel HSMX Gateway Privilege Escalation	$۲k-$5k	Not Defined
CVE-2021-40517	۳.۵	Airangel HSMX Gateway Table Update cross site scripting	$۰-$۱k	Not Defined
CVE-2021-26558	۵.۵	Apache ShardingSphere-UI deserialization	$۵k-$25k	Official Fix
CVE-2021-41972	۳.۵	Apache Superset Database Connection insufficiently protected credentials	$۰-$۵k	Not Defined
CVE-2021-43350	۶.۳	Apache Traffic Control API login ldap injection	$۵k-$25k	Not Defined
CVE-2021-25978	۴.۴	Apostrophe CMS Image Module cross site scripting	$۰-$۱k	Official Fix
CVE-2021-25979	۶.۷	Apostrophe CMS session expiration	$۱k-$2k	Official Fix
CVE-2021-41289	۵.۴	Asus P453UJ BIOS memory corruption	$۰-$۵k	Not Defined
CVE-2021-37910	۳.۷	ASUS Router WPA2/WPA3-SAE denial of service	$۰-$۵k	Not Defined
CVE-2021-42073	۴.۶	Barrier Cilent Label state issue	$۱k-$2k	Official Fix
CVE-2021-42072	۵.۵	Barrier Client Connection Privilege Escalation	$۲k-$5k	Official Fix
CVE-2021-42074	۴.۳	Barrier TCP Connection denial of service	$۰-$۱k	Official Fix
CVE-2021-42075	۵.۳	Barrier TCP Connection resource consumption	$۰-$۱k	Official Fix
CVE-2021-42076	۳.۵	Barrier TCP Message memory allocation	$۰-$۱k	Official Fix
CVE-2021-43611	۳.۵	Belledonne Belle-sip Header denial of service	$۰-$۵k	Official Fix
CVE-2021-43610	۴.۳	Belledonne Belle-sip Header denial of service	$۰-$۵k	Official Fix
CVE-2021-3792	۴.۵	Binatone Hubble Camera Communication Channel cleartext transmission	$۰-$۵k	Not Defined
CVE-2021-3788	۶.۸	Binatone Hubble Camera Debug Interface access control	$۰-$۵k	Not Defined
CVE-2021-3793	۵.۴	Binatone Hubble Camera Firmware Update direct request	$۰-$۵k	Not Defined
CVE-2021-3789	۳.۱	Binatone Hubble Camera Firmware Update insufficiently protected credentials	$۰-$۵k	Not Defined
CVE-2021-3791	۵.۴	Binatone Hubble Camera log file	$۰-$۵k	Not Defined
CVE-2021-3787	۴.۲	Binatone Hubble Camera MQTT Credentials credentials storage	$۰-$۵k	Not Defined
CVE-2021-3577	۸.۸	Binatone Hubble Camera os command injection	$۰-$۵k	Not Defined
CVE-2021-3790	۵.۴	Binatone Hubble Camera Web Server stack-based overflow	$۰-$۵k	Not Defined
CVE-2021-3641	۴.۷	Bitdefender GravityZone Endpoint Security Tools denial of service	$۰-$۱k	Not Defined
CVE-2021-42774	۷.۳	Broadcom Emulex HBA Manager Management Mode buffer overflow	$۰-$۵k	Official Fix
CVE-2021-42773	۳.۷	Broadcom Emulex HBA Manager Management Mode GetDumpFile information disclosure	$۰-$۵k	Official Fix
CVE-2021-42775	۷.۳	Broadcom Emulex HBA Manager Management Mode Remote Code Execution	$۰-$۵k	Official Fix
CVE-2021-22955	۵.۳	Citrix ADC/Gateway VPN Gateway/AAA Virtual Server resource consumption	$۲k-$5k	Official Fix
CVE-2021-22956	۳.۱	Citrix ADC/Gateway/SD-WAN WANOP Edition NSIP/SNIP resource consumption	$۲k-$5k	Official Fix
CVE-2021-29994	۴.۸	Cloudera HUE cross site scripting	$۰-$۱k	Not Defined
CVE-2021-32481	۴.۸	Cloudera Hue Parameter cross site scripting	$۰-$۱k	Not Defined
CVE-2021-30132	۷.۶	Cloudera Manager access control	$۱k-$2k	Not Defined
CVE-2021-29243	۳.۵	Cloudera Manager cross site scripting	$۰-$۱k	Not Defined
CVE-2021-32483	۵.۴	Cloudera Manager Dashboard access control	$۱k-$2k	Not Defined
CVE-2021-32482	۳.۵	Cloudera Manager Parameter cross site scripting	$۰-$۱k	Not Defined
CVE-2021-3907	۶.۵	Cloudflare OctoRPKI Cache Folder path traversal	$۰-$۵k	Not Defined
CVE-2021-3908	۴.۸	Cloudflare OctoRPKI Certificate Chain resource consumption	$۰-$۵k	Not Defined
CVE-2021-3909	۳.۳	Cloudflare OctoRPKI HTTP Request resource consumption	$۰-$۵k	Not Defined
CVE-2021-3911	۳.۱	Cloudflare OctoRPKI Repository denial of service	$۰-$۵k	Not Defined
CVE-2021-3910	۳.۳	Cloudflare OctoRPKI Repository denial of service	$۰-$۵k	Not Defined
CVE-2021-3912	۳.۱	Cloudflare OctoRPKI Repository resource consumption	$۰-$۵k	Not Defined
CVE-2021-36325	۶.۹	Dell BIOS SMRAM input validation	$۵k-$25k	Not Defined
CVE-2021-36324	۶.۹	Dell BIOS SMRAM input validation	$۵k-$25k	Not Defined
CVE-2021-36323	۶.۹	Dell BIOS SMRAM input validation	$۵k-$25k	Not Defined
CVE-2021-36315	۶.۸	Dell EMC PowerScale Nodes access control	$۵k-$25k	Not Defined
CVE-2021-21528	۶.۴	Dell EMC PowerScale OneFS file information disclosure	$۵k-$25k	Not Defined
CVE-2021-36305	۵.۴	Dell EMC PowerScale OneFS SMB CA denial of service	$۰-$۵k	Not Defined
CVE-2021-3945	۶.۵	django-helpdesk Web Page Generation cross site scripting	$۰-$۵k	Official Fix
CVE-2021-33618	۳.۵	Dolibarr Attribute cross site scripting	$۰-$۵k	Official Fix
CVE-2021-33816	۶.۳	Dolibarr Website Builder protection mechanism	$۰-$۵k	Not Defined
CVE-2021-37850	۵.۱	ESET Cyber Security Daemon denial of service	$۰-$۱k	Official Fix
CVE-2021-24835	۶.۳	Frontend Manager for WooCommerce Plugin sql injection	$۱k-$2k	Official Fix
CVE-2021-22870	۴.۳	GitHub Enterprise Server Pages path traversal	$۱k-$2k	Official Fix
CVE-2021-43414	۸.۸	GNU Hurd Authentication Protocol access control	$۲k-$5k	Official Fix
CVE-2021-43412	۷.۸	GNU Hurd libports use after free	$۲k-$5k	Official Fix
CVE-2021-43413	۸.۸	GNU Hurd Pager Port access control	$۲k-$5k	Official Fix
CVE-2021-43411	۷.۵	GNU Hurd setuid info.c race condition	$۱k-$2k	Official Fix
CVE-2021-43332	۳.۱	GNU Mailman admindb.py insufficiently protected credentials	$۰-$۵k	Official Fix
CVE-2021-43331	۳.۵	GNU Mailman Options Page options.py cross site scripting	$۰-$۵k	Official Fix
CVE-2021-43618	۳.۵	GNU Multiple Precision Arithmetic Library inp_raw.c integer overflow	$۰-$۵k	Official Fix
CVE-2021-41771	۳.۵	Google Go Slice ImportedSymbols out-of-bounds read	$۲k-$5k	Official Fix
CVE-2021-41772	۳.۵	Google Go ZIP Archive denial of service	$۲k-$5k	Official Fix
CVE-2021-24594	۲.۴	Google Language Translator Plugin Setting cross site scripting	$۰-$۱k	Official Fix
CVE-2021-43561	۳.۵	google_for_jobs Extension cross site scripting	$۰-$۱k	Official Fix
CVE-2021-42838	۵.۲	Grand Vice webopac7 Search Field cross site scripting	$۰-$۵k	Not Defined
CVE-2021-42839	۷.۵	Grand Vice webopac7 unrestricted upload	$۰-$۵k	Not Defined
CVE-2021-34684	۸.۵	Hitachi Vantara Pentaho Business Analytics Data Source editor sql injection	$۲k-$5k	Not Defined
CVE-2021-34685	۴.۵	Hitachi Vantara Pentaho Business Analytics UploadService unrestricted upload	$۲k-$5k	Not Defined
CVE-2021-31599	۷.۵	Hitachi Vantara Pentaho Report File injection	$۲k-$5k	Not Defined
CVE-2021-31602	۵.۳	Hitachi Vantara Pentaho Security Model applicationContext-spring-security.xml access control	$۲k-$5k	Not Defined
CVE-2021-31601	۵.۷	Hitachi Vantara Pentaho SOAP information disclosure	$۱k-$2k	Not Defined
CVE-2021-31600	۴.۳	Hitachi Vantara Pentaho SOAP information disclosure	$۱k-$2k	Not Defined
CVE-2020-28419	۵.۵	HP LaserJet Installation Privilege Escalation	$۱۰k-$25k	Not Defined
CVE-2019-18916	۵.۵	HP LaserJet Solution Software Privilege Escalation	$۱۰k-$25k	Not Defined
CVE-2019-16240	۶.۶	HP Officejet Pro/PageWide Managed Printer Print File buffer overflow	$۱۰k-$25k	Official Fix
CVE-2019-18912	۵.۶	HP Printer/MFP FutureSmart denial of service	$۲k-$5k	Not Defined
CVE-2019-18914	۳.۵	HP Printer/MFP Link cross site scripting	$۲k-$5k	Not Defined
CVE-2021-29843	۵.۰	IBM IBM MQ Message Property denial of service	$۲k-$5k	Official Fix
CVE-2021-38887	۴.۳	IBM InfoSphere Information Server Application Response information disclosure	$۵k-$10k	Official Fix
CVE-2021-3723	۷.۲	IBM Integrated Management Module SSH/Telnez os command injection	$۵k-$25k	Not Defined
CVE-2020-4160	۵.۲	IBM QRadar Network Security cleartext transmission	$۵k-$10k	Official Fix
CVE-2020-4152	۵.۵	IBM QRadar Network Security Communication Channel cleartext transmission	$۵k-$10k	Official Fix
CVE-2020-4153	۴.۸	IBM QRadar Network Security Web UI cross site scripting	$۲k-$5k	Official Fix
CVE-2021-29735	۴.۲	IBM Security Guardium Web UI cross site scripting	$۲k-$5k	Official Fix
CVE-2020-4146	۳.۸	IBM Security SiteProtector System cookie without 'httponly' flag	$۵k-$25k	Official Fix
CVE-2020-4140	۴.۴	IBM Security SiteProtector System Web UI cross site scripting	$۰-$۵k	Official Fix
CVE-2021-38985	۴.۳	IBM Tivoli Key Lifecycle Manager input validation	$۵k-$25k	Official Fix
CVE-2021-38973	۲.۶	IBM Tivoli Key Lifecycle Manager input validation	$۵k-$25k	Official Fix
CVE-2021-38972	۴.۳	IBM Tivoli Key Lifecycle Manager input validation	$۵k-$25k	Official Fix
CVE-2021-33086	۴.۷	Intel NUC out-of-bounds write	$۵k-$25k	Official Fix
CVE-2021-43183	۴.۳	JetBrains Hub Authentication Throttling excessive authentication	$۱k-$2k	Official Fix
CVE-2021-43180	۵.۵	JetBrains Hub Avatar Metadata information disclosure	$۰-$۱k	Official Fix
CVE-2021-43181	۴.۸	JetBrains Hub cross site scripting	$۰-$۱k	Official Fix
CVE-2021-43182	۵.۵	JetBrains Hub User Information denial of service	$۰-$۱k	Official Fix
CVE-2021-43203	۶.۵	JetBrains Ktor OAuth2 Authentication improper authentication	$۱k-$2k	Official Fix
CVE-2021-43200	۸.۵	JetBrains TeamCity Agent Push permission	$۲k-$5k	Official Fix
CVE-2021-43193	۸.۰	JetBrains TeamCity Agent Push Privilege Escalation	$۲k-$5k	Official Fix
CVE-2021-43199	۶.۳	JetBrains TeamCity Create Patch default permission	$۲k-$5k	Official Fix
CVE-2021-43198	۴.۴	JetBrains TeamCity cross site scripting	$۰-$۱k	Official Fix
CVE-2021-43196	۶.۴	JetBrains TeamCity Docker Registry Connection Dialog exposure of resource	$۱k-$2k	Official Fix
CVE-2021-43197	۵.۲	JetBrains TeamCity Email Notification cross site scripting	$۰-$۱k	Official Fix
CVE-2021-43195	۵.۳	JetBrains TeamCity HTTP Security Header unknown vulnerability	$۲k-$5k	Official Fix
CVE-2021-43194	۴.۴	JetBrains TeamCity information disclosure	$۰-$۱k	Official Fix
CVE-2021-43201	۵.۳	JetBrains TeamCity Project unknown vulnerability	$۲k-$5k	Official Fix
CVE-2021-43186	۴.۴	JetBrains YouTrack cross site scripting	$۰-$۱k	Official Fix
CVE-2021-43184	۳.۵	JetBrains YouTrack cross site scripting	$۰-$۱k	Official Fix
CVE-2021-43185	۵.۵	JetBrains YouTrack Header injection	$۱k-$2k	Official Fix
CVE-2021-43189	۵.۵	JetBrains YouTrack Mobile Access Token Privilege Escalation	$۲k-$5k	Official Fix
CVE-2021-43188	۵.۵	JetBrains YouTrack Mobile Access Token Privilege Escalation	$۲k-$5k	Official Fix
CVE-2021-43187	۳.۳	JetBrains YouTrack Mobile Cache information disclosure	$۰-$۱k	Official Fix
CVE-2021-43191	۵.۶	JetBrains YouTrack Mobile Security Screen missing authentication	$۱k-$2k	Official Fix
CVE-2021-43190	۵.۴	JetBrains YouTrack Mobile Task access control	$۱k-$2k	Official Fix
CVE-2021-43192	۵.۴	JetBrains YouTrack Mobile URL Scheme Privilege Escalation	$۲k-$5k	Official Fix
CVE-2021-3918	۸.۵	json-schema Object Prototype code injection	$۰-$۵k	Official Fix
CVE-2021-3840	۸.۸	Lenovo Antilles Installation uncontrolled search path	$۰-$۵k	Official Fix
CVE-2021-3519	۶.۶	Lenovo Desktop Boot Menu improper authentication	$۰-$۵k	Not Defined
CVE-2021-3720	۴.۴	Lenovo Legion Phone Pro/Legion Phone2 Pro Time Weather System widget default permission	$۰-$۵k	Not Defined
CVE-2021-3786	۴.۴	Lenovo Notebook/ThinkPad SMRAM input validation	$۰-$۵k	Not Defined
CVE-2021-3719	۶.۷	Lenovo ThinkCentre/ThinkStation SMI Callback input validation	$۰-$۵k	Not Defined
CVE-2021-3718	۴.۳	Lenovo ThinkPad Enhanced Biometrics Setting denial of service	$۰-$۵k	Not Defined
CVE-2021-3599	۶.۷	Lenovo ThinkPad SMI Callback input validation	$۰-$۵k	Not Defined
CVE-2021-3843	۶.۷	Lenovo ThinkPad SMI input validation	$۰-$۵k	Not Defined
CVE-2021-31853	۸.۳	McAfee Drive Encryption DLL Loader uncontrolled search path	$۱۰k-$25k	Official Fix
CVE-2021-43209	۷.۰	Microsoft 3D Viewer Remote Code Execution	$۱۰k-$25k	Official Fix
CVE-2021-43208	۷.۰	Microsoft 3D Viewer Remote Code Execution	$۱۰k-$25k	Official Fix
CVE-2021-42323	۳.۸	Microsoft Azure RTOS information disclosure	$۵k-$10k	Official Fix
CVE-2021-42301	۳.۳	Microsoft Azure RTOS information disclosure	$۲k-$5k	Official Fix
CVE-2021-26444	۲.۷	Microsoft Azure RTOS information disclosure	$۰-$۱k	Official Fix
CVE-2021-42304	۵.۷	Microsoft Azure RTOS Local Privilege Escalation	$۵k-$10k	Official Fix
CVE-2021-42303	۵.۷	Microsoft Azure RTOS Local Privilege Escalation	$۵k-$10k	Official Fix
CVE-2021-42302	۵.۷	Microsoft Azure RTOS Local Privilege Escalation	$۵k-$10k	Official Fix
CVE-2021-41376	۲.۵	Microsoft Azure Sphere information disclosure	$۵k-$10k	Official Fix
CVE-2021-41375	۳.۵	Microsoft Azure Sphere information disclosure	$۵k-$10k	Official Fix
CVE-2021-41374	۶.۵	Microsoft Azure Sphere information disclosure	$۵k-$10k	Official Fix
CVE-2021-42300	۵.۸	Microsoft Azure Sphere Local Privilege Escalation	$۵k-$10k	Official Fix
CVE-2021-42316	۷.۶	Microsoft Dynamics 365 Privilege Escalation	$۱۰k-$25k	Official Fix
CVE-2021-41351	۴.۳	Microsoft Edge IE Mode information disclosure	$۲۵k-$50k	Official Fix
CVE-2021-41349	۵.۴	Microsoft Exchange Server information disclosure	$۱۰k-$25k	Official Fix
CVE-2021-42321	۸.۸	Microsoft Exchange Server Privilege Escalation	$۵۰k-$100k	Official Fix
CVE-2021-42305	۶.۴	Microsoft Exchange Server Remote Code Execution	$۲۵k-$50k	Official Fix
CVE-2021-41373	۴.۹	Microsoft FSLogix information disclosure	$۵k-$10k	Official Fix
CVE-2021-42298	۸.۳	Microsoft Malware Protection Engine Defender Remote Code Execution	$۲۵k-$50k	Official Fix
CVE-2021-41368	۶.۲	Microsoft Office Access Remote Code Execution	$۱۰k-$25k	Official Fix
CVE-2021-42292	۷.۳	Microsoft Office Excel authorization	$۱۰k-$25k	Official Fix
CVE-2021-40442	۷.۰	Microsoft Office Excel Remote Code Execution	$۱۰k-$25k	Official Fix
CVE-2021-42296	۷.۰	Microsoft Office Word Remote Code Execution	$۱۰k-$25k	Official Fix
CVE-2021-41372	۷.۰	Microsoft Power BI Report Server Privilege Escalation	$۱۰k-$25k	Official Fix
CVE-2021-42322	۶.۴	Microsoft Visual Studio Code Remote Code Execution	$۱۰k-$25k	Official Fix
CVE-2021-42319	۳.۹	Microsoft Visual Studio denial of service	$۱k-$2k	Official Fix
CVE-2021-3711	۷.۶	Microsoft Visual Studio OpenSSL buffer overflow	$۱۰k-$25k	Official Fix
CVE-2021-42291	۷.۵	Microsoft Windows Active Directory Domain Services Privilege Escalation	$۵۰k-$100k	Official Fix
CVE-2021-42287	۷.۵	Microsoft Windows Active Directory Domain Services Privilege Escalation	$۵۰k-$100k	Official Fix
CVE-2021-42282	۷.۵	Microsoft Windows Active Directory Domain Services Privilege Escalation	$۵۰k-$100k	Official Fix
CVE-2021-42278	۷.۵	Microsoft Windows Active Directory Domain Services Privilege Escalation	$۵۰k-$100k	Official Fix
CVE-2021-42279	۴.۶	Microsoft Windows Chakra Scripting Engine Remote Code Execution	$۵۰k-$100k	Official Fix
CVE-2021-42275	۸.۸	Microsoft Windows COM for Windows Remote Privilege Escalation	$۱۰۰k and more	Official Fix
CVE-2021-42286	۸.۳	Microsoft Windows Core Shell SI Host Extension Framework Privilege Escalation	$۱۰۰k and more	Official Fix
CVE-2021-41366	۸.۳	Microsoft Windows Credential Security Support Provider Protocol Privilege Escalation	$۱۰۰k and more	Official Fix
CVE-2021-41356	۷.۵	Microsoft Windows denial of service	$۱۰k-$25k	Official Fix
CVE-2021-36957	۸.۳	Microsoft Windows Desktop Bridge Privilege Escalation	$۱۰۰k and more	Official Fix
CVE-2021-42277	۴.۹	Microsoft Windows Diagnostics Hub Standard Collector denial of service	$۱۰k-$25k	Official Fix
CVE-2021-41377	۸.۳	Microsoft Windows Fast FAT File System Driver Privilege Escalation	$۱۰۰k and more	Official Fix
CVE-2021-42280	۶.۰	Microsoft Windows Feedback Hub denial of service	$۱۰k-$25k	Official Fix
CVE-2021-42288	۶.۱	Microsoft Windows Hello Security improper authentication	$۱۰k-$25k	Official Fix
CVE-2021-42284	۶.۸	Microsoft Windows Hyper-V denial of service	$۱۰k-$25k	Official Fix
CVE-2021-42274	۶.۸	Microsoft Windows Hyper-V Discrete Device Assignment denial of service	$۱۰k-$25k	Official Fix
CVE-2021-41379	۵.۹	Microsoft Windows Installer Privilege Escalation	$۵۰k-$100k	Official Fix
CVE-2021-42285	۸.۳	Microsoft Windows Kernel Privilege Escalation	$۱۰۰k and more	Official Fix
CVE-2021-42276	۷.۰	Microsoft Windows Media Foundation Remote Code Execution	$۵۰k-$100k	Official Fix
CVE-2021-42283	۹.۴	Microsoft Windows NTFS Privilege Escalation	$۱۰۰k and more	Official Fix
CVE-2021-41378	۸.۳	Microsoft Windows NTFS Privilege Escalation	$۱۰۰k and more	Official Fix
CVE-2021-41370	۸.۳	Microsoft Windows NTFS Privilege Escalation	$۱۰۰k and more	Official Fix
CVE-2021-41367	۸.۳	Microsoft Windows NTFS Privilege Escalation	$۱۰۰k and more	Official Fix
CVE-2021-38666	۸.۸	Microsoft Windows Remote Desktop Client Remote Code Execution	$۱۰۰k and more	Official Fix
CVE-2021-38665	۶.۰	Microsoft Windows Remote Desktop Protocol Client information disclosure	$۲۵k-$50k	Official Fix
CVE-2021-41371	۳.۵	Microsoft Windows Remote Desktop Protocol information disclosure	$۱۰k-$25k	Official Fix
CVE-2021-38631	۳.۵	Microsoft Windows Remote Desktop Protocol information disclosure	$۱۰k-$25k	Official Fix
CVE-2021-26443	۹.۰	Microsoft Windows Virtual Machine Bus Privilege Escalation	$۵۰k-$100k	Official Fix
CVE-2021-43174	۳.۵	Nlnet Labs Routinator gzip Transfer Encoding resource consumption	$۰-$۱k	Not Defined
CVE-2021-43173	۳.۵	Nlnet Labs Routinator RRDP Repository exceptional condition	$۱k-$2k	Official Fix
CVE-2021-43172	۳.۵	Nlnet Labs Routinator RRDP Repository recursion	$۰-$۱k	Official Fix
CVE-2021-37157	۴.۳	OGP-Agent-Linux Config.pm missing encryption	$۰-$۱k	Not Defined
CVE-2021-37158	۵.۵	OGP-Agent-Linux Counter-Strike Server os command injection	$۱k-$2k	Official Fix
CVE-2021-43273	۵.۵	Open Design Alliance Drawings SDK DGN File out-of-bounds read	$۰-$۵k	Official Fix
CVE-2021-43390	۵.۵	Open Design Alliance Drawings SDK DGN File out-of-bounds write	$۰-$۵k	Official Fix
CVE-2021-43275	۵.۵	Open Design Alliance Drawings SDK DGN File use after free	$۰-$۵k	Official Fix
CVE-2021-43274	۵.۵	Open Design Alliance Drawings SDK DWF File Parser use after free	$۰-$۵k	Official Fix
CVE-2021-43280	۵.۵	Open Design Alliance Drawings SDK DWF File stack-based overflow	$۰-$۵k	Official Fix
CVE-2021-43391	۵.۵	Open Design Alliance Drawings SDK DXF File out-of-bounds read	$۰-$۵k	Official Fix
CVE-2021-43336	۵.۵	Open Design Alliance Drawings SDK DXF File out-of-bounds write	$۰-$۵k	Official Fix
CVE-2021-43278	۵.۵	Open Design Alliance Drawings SDK OBJ File out-of-bounds read	$۰-$۵k	Official Fix
CVE-2021-43276	۵.۵	Open Design Alliance ODA Viewer DWF File out-of-bounds read	$۰-$۵k	Official Fix
CVE-2021-43272	۵.۵	Open Design Alliance ODA Viewer DWF File Privilege Escalation	$۰-$۵k	Official Fix
CVE-2021-43277	۵.۵	Open Design Alliance PRC SDK U3D File out-of-bounds read	$۰-$۵k	Official Fix
CVE-2021-43279	۵.۵	Open Design Alliance PRC SDK U3D File out-of-bounds write	$۰-$۵k	Official Fix
CVE-2021-43494	۳.۵	OpenCV-REST-API pathname traversal	$۰-$۵k	Not Defined
CVE-2021-43577	۵.۵	OWASP Dependency-Check Plugin XML Parser xml external entity reference	$۰-$۵k	Not Defined
CVE-2021-3061	۶.۵	Palo Alto PAN-OS Command Line Interface os command injection	$۲k-$5k	Official Fix
CVE-2021-3056	۸.۸	Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow	$۲k-$5k	Official Fix
CVE-2021-3062	۷.۲	Palo Alto PAN-OS GlobalProtect Portal access control	$۲k-$5k	Official Fix
CVE-2021-3063	۶.۴	Palo Alto PAN-OS GlobalProtect Portal exceptional condition	$۲k-$5k	Official Fix
CVE-2021-3064	۹.۸	Palo Alto PAN-OS GlobalProtect Portal stack-based overflow	$۲k-$5k	Official Fix
CVE-2021-3059	۸.۱	Palo Alto PAN-OS Management Interface os command injection	$۲k-$5k	Official Fix
CVE-2021-3060	۸.۱	Palo Alto PAN-OS Simple Certificate Enrollment Protocol os command injection	$۲k-$5k	Official Fix
CVE-2021-3058	۸.۰	Palo Alto PAN-OS Web Interface os command injection	$۲k-$5k	Official Fix
CVE-2020-23878	۵.۵	pdf2json fetch stack-based overflow	$۰-$۵k	Not Defined
CVE-2020-23879	۳.۵	pdf2json getObject null pointer dereference	$۰-$۵k	Not Defined
CVE-2020-23874	۵.۵	pdf2xml addAttributsNode heap-based overflow	$۰-$۵k	Not Defined
CVE-2020-23873	۵.۵	pdf2xml dump heap-based overflow	$۰-$۵k	Not Defined
CVE-2020-23877	۵.۵	pdf2xml getObjectStream stack-based overflow	$۰-$۵k	Not Defined
CVE-2020-23872	۴.۳	pdf2xml restoreState null pointer dereference	$۰-$۵k	Not Defined
CVE-2020-23876	۳.۵	pdf2xml testLinkedText memory leak	$۰-$۵k	Not Defined
CVE-2021-34598	۶.۴	Phoenix Contact FL MGUARD 1102/FL MGUARD 1105 Remote Logging memory leak	$۰-$۱k	Not Defined
CVE-2021-34582	۵.۴	Phoenix Contact FL MGUARD 1102/FL MGUARD 1105 Web-based Management/REST API cross site scripting	$۰-$۱k	Not Defined
CVE-2021-24816	۴.۹	Phoenix Media Rename Plugin AJAX Action phoenix_media_rename access control	$۱k-$2k	Official Fix
CVE-2021-42078	۳.۵	PHP Event Calendar Parameter events_manager.php cross site scripting	$۰-$۱k	Official Fix
CVE-2021-42077	۷.۳	PHP Event Calendar user_manager.php sql injection	$۲k-$5k	Official Fix
CVE-2021-24669	۷.۵	Preloader Builder Plugin mzldr Shortcode sql injection	$۱k-$2k	Official Fix
CVE-2021-25975	۴.۴	Publify File Upload cross site scripting	$۰-$۱k	Official Fix
CVE-2021-25974	۴.۴	Publify Page cross site scripting	$۰-$۱k	Official Fix
CVE-2021-3572	۵.۰	python-pip Unicode input validation	$۲k-$5k	Official Fix
CVE-2021-38684	۸.۱	QNAP Multimedia Console stack-based overflow	$۰-$۵k	Official Fix
CVE-2021-34357	۵.۶	QNAP QmailAgent cross site scripting	$۰-$۵k	Official Fix
CVE-2021-1903	۵.۳	Qualcomm Snapdragon Auto Channel Switch Announcement IE denial of service	$۵k-$25k	Official Fix
CVE-2021-1912	۸.۶	Qualcomm Snapdragon Auto Count integer overflow	$۲۵k-$100k	Official Fix
CVE-2021-30266	۷.۰	Qualcomm Snapdragon Auto Interface Add Command use after free	$۵k-$25k	Official Fix
CVE-2021-30265	۷.۰	Qualcomm Snapdragon Auto Statistics memory corruption	$۵k-$25k	Official Fix
CVE-2021-30264	۷.۰	Qualcomm Snapdragon Auto use after free	$۵k-$25k	Official Fix
CVE-2021-30321	۹.۸	Qualcomm Snapdragon Compute MBSSID Scan buffer overflow	$۲۵k-$100k	Official Fix
CVE-2021-30263	۷.۰	Qualcomm Snapdragon Compute On-Device Logging race condition	$۵k-$25k	Official Fix
CVE-2021-43573	۵.۵	Realtek RTL8195AM Response Frame buffer overflow	$۰-$۵k	Official Fix
CVE-2021-24767	۳.۵	Redirect 404 Error Page to Homepage or Custom Page with Logs Plugin Log cross-site request forgery	$۰-$۱k	Official Fix
CVE-2021-24766	۳.۵	Redirect, Log and Notify 404 Errors Plugin cross-site request forgery	$۰-$۱k	Official Fix
CVE-2021-24731	۶.۳	Registration Forms Plugin REST API Endpoint login sql injection	$۱k-$2k	Official Fix
CVE-2021-24647	۵.۶	Registration Forms Plugin Social Login improper authentication	$۱k-$2k	Official Fix
CVE-2020-25722	۸.۸	Samba AD DC access control	$۲k-$5k	Official Fix
CVE-2021-3738	۶.۳	Samba AD DC RPC Server use after free	$۲k-$5k	Official Fix
CVE-2020-25718	۷.۵	Samba AD DC sandbox	$۲k-$5k	Official Fix
CVE-2020-25717	۸.۸	Samba AD Domain Privilege Escalation	$۲k-$5k	Official Fix
CVE-2020-25721	۵.۵	Samba AD Identifier Privilege Escalation	$۲k-$5k	Official Fix
CVE-2021-23192	۵.۶	Samba DCE/RPC injection	$۲k-$5k	Official Fix
CVE-2020-25719	۷.۲	Samba Kerberos Ticket Privilege Escalation	$۲k-$5k	Official Fix
CVE-2016-2124	۳.۷	Samba SMB1 Client Connection cleartext transmission	$۰-$۱k	Official Fix
CVE-2021-40501	۵.۵	SAP ABAP Platform Kernel authorization	$۱۰k-$25k	Official Fix
CVE-2021-40502	۶.۳	SAP Commerce B2B Unit improper authorization	$۱۰k-$25k	Official Fix
CVE-2021-42062	۳.۵	SAP ERP HCM Portugal Report authorization	$۵k-$10k	Official Fix
CVE-2021-40503	۳.۵	SAP GUI information disclosure	$۲k-$5k	Official Fix
CVE-2021-40504	۵.۵	SAP NetWeaver Application Server for ABAP Template Role authorization	$۱۰k-$25k	Official Fix
CVE-2021-28024	۸.۰	ServiceTonic Helpdesk Login Form improper authentication	$۱k-$2k	Official Fix
CVE-2021-28022	۶.۲	ServiceTonic Helpdesk Login Form sql injection	$۱k-$2k	Official Fix
CVE-2021-28023	۷.۶	ServiceTonic Helpdesk Service Import path traversal	$۱k-$2k	Official Fix
CVE-2021-3776	۴.۳	ShowDoc cross-site request forgery	$۰-$۵k	Official Fix
CVE-2021-3775	۴.۳	ShowDoc cross-site request forgery	$۰-$۵k	Official Fix
CVE-2021-3683	۴.۸	ShowDoc cross-site request forgery	$۰-$۵k	Official Fix
CVE-2021-31883	۵.۳	Siemens APOGEE MBC DHCP ACK Message memory corruption	$۱۰k-$25k	Official Fix
CVE-2021-31882	۵.۳	Siemens APOGEE MBC DHCP ACK Packet memory corruption	$۱۰k-$25k	Official Fix
CVE-2021-31881	۵.۳	Siemens APOGEE MBC DHCP OFFER Message out-of-bounds read	$۵k-$10k	Official Fix
CVE-2021-31884	۷.۳	Siemens APOGEE MBC DHCP Option out-of-bounds write	$۱۰k-$25k	Official Fix
CVE-2021-31888	۷.۳	Siemens APOGEE MBC FTP Server stack-based overflow	$۱۰k-$25k	Official Fix
CVE-2021-31887	۷.۳	Siemens APOGEE MBC FTP Server stack-based overflow	$۱۰k-$25k	Official Fix
CVE-2021-31886	۷.۳	Siemens APOGEE MBC FTP Server stack-based overflow	$۱۰k-$25k	Official Fix
CVE-2021-31344	۷.۳	Siemens APOGEE MBC ICMP Echo Packet type confusion	$۱۰k-$25k	Official Fix
CVE-2021-31346	۷.۳	Siemens APOGEE MBC ICMP Packet buffer overflow	$۱۰k-$25k	Official Fix
CVE-2021-31890	۷.۳	Siemens APOGEE MBC TCP buffer overflow	$۱۰k-$25k	Official Fix
CVE-2021-31889	۷.۳	Siemens APOGEE MBC TCP SACK Packet integer underflow	$۱۰k-$25k	Official Fix
CVE-2021-31885	۴.۳	Siemens APOGEE MBC TFTP Server buffer overflow	$۱۰k-$25k	Official Fix
CVE-2021-31345	۷.۳	Siemens APOGEE MBC UDP Protocol buffer overflow	$۱۰k-$25k	Official Fix
CVE-2021-40366	۳.۷	Siemens Climatix POL909 Web Server missing encryption	$۵k-$10k	Official Fix
CVE-2021-42026	۳.۵	Siemens Mendix authorization	$۵k-$10k	Official Fix
CVE-2021-42025	۵.۵	Siemens Mendix authorization	$۱۰k-$25k	Official Fix
CVE-2021-42015	۳.۳	Siemens Mendix Cache information disclosure	$۲k-$5k	Official Fix
CVE-2021-37207	۵.۳	Siemens SENTRON powermanager Configuration Folder permission assignment	$۵k-$10k	Official Fix
CVE-2021-40364	۳.۵	Siemens SIMATIC PCS 7/SIMATIC WinCC log file	$۲k-$5k	Not Defined
CVE-2021-40358	۵.۵	Siemens SIMATIC PCS 7/SIMATIC WinCC Pathname path traversal	$۵k-$10k	Official Fix
CVE-2021-40359	۳.۵	Siemens SIMATIC PCS 7/SIMATIC WinCC Pathname path traversal	$۵k-$10k	Not Defined
CVE-2020-10053	۳.۳	Siemens SIMATIC RTLS Locating Manager Configuration File cleartext storage	$۲k-$5k	Official Fix
CVE-2020-10054	۳.۳	Siemens SIMATIC RTLS Locating Manager Configuration File Import denial of service	$۱k-$2k	Official Fix
CVE-2020-10052	۳.۳	Siemens SIMATIC RTLS Locating Manager log file	$۲k-$5k	Official Fix
CVE-2021-42021	۵.۳	Siemens Siveillance Video DLNA Server path traversal	$۱۰k-$25k	Not Defined
CVE-2021-24698	۴.۶	Simple Download Monitor Plugin access control	$۱k-$2k	Official Fix
CVE-2021-24697	۳.۵	Simple Download Monitor Plugin cross site scripting	$۰-$۱k	Official Fix
CVE-2021-24693	۳.۵	Simple Download Monitor Plugin File Thumbnail cross site scripting	$۰-$۱k	Official Fix
CVE-2021-24695	۴.۳	Simple Download Monitor Plugin Log information disclosure	$۱k-$2k	Official Fix
CVE-2021-3931	۴.۳	Snipe-IT cross-site request forgery	$۰-$۵k	Official Fix
CVE-2021-3938	۳.۷	snipe-it Web Page Generation cross site scripting	$۰-$۵k	Official Fix
CVE-2021-40871	۶.۵	Softing OPC UA C++ SDK Message type confusion	$۰-$۵k	Official Fix
CVE-2021-40873	۶.۵	Softing OPC UA C++ SDK/uaToolkit Embedded Message double free	$۰-$۵k	Official Fix
CVE-2021-40872	۶.۳	Softing uaToolkit Embedded Message type confusion	$۰-$۵k	Official Fix
CVE-2021-40577	۳.۵	Sourcecodester Online Enrollment Management System in PHP Add-Users Page cross site scripting	$۰-$۱k	Not Defined
CVE-2021-40260	۳.۵	SourceCodester Tailor Management cross site scripting	$۰-$۱k	Not Defined
CVE-2021-43569	۴.۶	Stark Bank ecdsa-dotnet Message signature verification	$۱k-$2k	Official Fix
CVE-2021-43568	۴.۶	Stark Bank ecdsa-elixir Message signature verification	$۱k-$2k	Official Fix
CVE-2021-43570	۴.۶	Stark Bank ecdsa-java Message verify signature verification	$۱k-$2k	Official Fix
CVE-2021-43571	۴.۶	Stark Bank ecdsa-node Message verify signature verification	$۱k-$2k	Official Fix
CVE-2021-43572	۵.۵	Stark Bank ecdsa-python improper validation of integrity check value	$۲k-$5k	Official Fix
CVE-2021-41653	۶.۳	TP-LINK TL-WR840N EU ping Privilege Escalation	$۰-$۵k	Not Defined
CVE-2021-24829	۶.۳	Visitor Traffic Real Time Statistics Plugin AJAX Action today_traffic_index sql injection	$۱k-$2k	Official Fix
CVE-2020-12488	۴.۷	Vivo Jovi Smart Scene access control	$۱k-$2k	Official Fix
CVE-2021-22051	۶.۰	VMware Spring Cloud Gateway Downstream Service authorization	$۱۰k-$25k	Official Fix
CVE-2021-22048	۴.۶	VMware vCenter Server/Cloud Foundation IWA access control	$۱۰k-$25k	Not Defined
CVE-2020-23889	۴.۳	WildBit Viewer ICO File denial of service	$۰-$۵k	Not Defined
CVE-2020-23890	۴.۳	WildBit Viewer JPG File JPGCodec buffer overflow	$۰-$۵k	Not Defined
CVE-2020-23888	۴.۳	WildBit Viewer PSD File denial of service	$۰-$۵k	Not Defined
CVE-2020-23902	۴.۳	WildBit Viewer TGA File buffer overflow	$۰-$۵k	Not Defined
CVE-2020-23900	۴.۳	WildBit Viewer TGA File buffer overflow	$۰-$۵k	Not Defined
CVE-2020-23901	۴.۳	WildBit Viewer TGA File denial of service	$۰-$۵k	Not Defined
CVE-2020-23899	۴.۳	WildBit Viewer TGA File denial of service	$۰-$۵k	Not Defined
CVE-2020-23898	۴.۳	WildBit Viewer TGA File denial of service	$۰-$۵k	Not Defined
CVE-2020-23897	۴.۳	WildBit Viewer TGA File denial of service	$۰-$۵k	Not Defined
CVE-2020-23896	۴.۳	WildBit Viewer TIFF File denial of service	$۰-$۵k	Not Defined
CVE-2020-23895	۴.۳	WildBit Viewer TIFF File denial of service	$۰-$۵k	Not Defined
CVE-2020-23894	۴.۳	WildBit Viewer TIFF File denial of service	$۰-$۵k	Not Defined
CVE-2020-23891	۴.۳	WildBit Viewer TIFF File denial of service	$۰-$۵k	Not Defined
CVE-2020-23893	۴.۳	WildBit Viewer TIFF File denial of service	$۰-$۵k	Not Defined
CVE-2021-24798	۳.۵	WP Header Images Plugin Settings Page cross site scripting	$۰-$۱k	Official Fix
CVE-2021-24832	۴.۳	WP SEO Redirect 301 Plugin cross-site request forgery	$۰-$۱k	Official Fix
CVE-2021-24801	۳.۵	WP Survey Plus Plugin AJAX A cross site scripting	$۰-$۱k	Not Defined
CVE-2021-24806	۳.۹	wpDiscuz Plugin Comments cross-site request forgery	$۰-$۱k	Official Fix
CVE-2021-24664	۴.۱	WPSchoolPress Attribute sanitize_text_field cross site scripting	$۰-$۱k	Official Fix
CVE-2021-24575	۶.۳	WPSchoolPress Plugin POST Variable sql injection	$۱k-$2k	Official Fix
CVE-2020-23903	۳.۵	Xiph Speex WAV File read_samples divide by zero	$۰-$۵k	Not Defined
CVE-2020-23904	۵.۵	Xiph Speex WAV File speexenc.c stack-based overflow	$۰-$۵k	Not Defined
CVE-2020-23887	۴.۳	XnView MP ICO File SmartStretchDIBits denial of service	$۰-$۵k	Not Defined
CVE-2020-23886	۴.۳	XnView MP PICT File RtlpLowFragHeapFree denial of service	$۰-$۵k	Not Defined
CVE-2021-42370	۳.۵	XoruX LPAR2RRD/STOR2RRD Device Property missing encryption	$۰-$۱k	Official Fix
CVE-2021-42371	۶.۳	XoruX LPAR2RRD/STOR2RRD hard-coded credentials	$۱k-$2k	Official Fix
CVE-2021-42372	۶.۳	XoruX LPAR2RRD/STOR2RRD SNMP os command injection	$۲k-$5k	Official Fix
CVE-2021-42847	۵.۵	Zoho ManageEngine ADAudit Plus Privilege Escalation	$۰-$۵k	Official Fix
CVE-2021-42002	۶.۳	Zoho ManageEngine ADManager Plus unrestricted upload	$۰-$۵k	Official Fix
CVE-2021-41081	۶.۳	Zoho ManageEngine Network Configuration Manager Configuration Search sql injection	$۰-$۵k	Official Fix
CVE-2021-41080	۶.۳	Zoho ManageEngine Network Configuration Manager Hardware Details Search sql injection	$۰-$۵k	Official Fix
CVE-2021-41833	۷.۳	Zoho ManageEngine Patch Connect Plus Remote Code Execution	$۰-$۵k	Official Fix
CVE-2021-34419	۳.۴	Zoom Client for Meetings Screen Sharing injection	$۵k-$25k	Official Fix
CVE-2021-34420	۴.۹	Zoom Client for Meetings signature verification	$۵k-$25k	Official Fix
CVE-2021-34421	۳.۷	Zoom Keybase Client Message information disclosure	$۰-$۵k	Official Fix
CVE-2021-34422	۷.۳	Zoom Keybase Client Team Folder path traversal	$۵k-$25k	Official Fix
CVE-2021-34418	۴.۲	Zoom On-Premise Meeting Connector Controller Authentication denial of service	$۰-$۵k	Official Fix
CVE-2021-34417	۶.۳	Zoom On-Premise Meeting Connector Controller Web Portal command injection	$۵k-$25k	Official Fix

خدمات آپا

سایر آسیب پذیری ها

آسیب‌پذیری‌های حیاتی هفته چهارم آبان‌ماه