آسیبپذیریهای حیاتی هفته چهارم بهمنماه
این هفته آسیبپذیریهای «حیاتی» و «پرخطر» بسیاری در محصولات مهم Microsoft گزارش و وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شد. همچنین در محصولات شرکتهای Adobe، Dell، D-Link، F5، Fortinet، Foxit، Google، HPE، IBM، McAfee، Siemens، SUSE وکرنل لینوکس چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت.
لیست این آسیبپذیریها بههمراه سطح خطر آنها در جدول زیر آمده است.
|
شناسه آسیبپذیری |
امتیاز مبنا |
عنوان آسیبپذیری |
ارزش روز صفر |
رفع آسیبپذیری |
|---|---|---|---|---|
|
CVE-2020-13572 |
۶.۳ |
AccuSoft ImageGear GIF Parser heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2020-13585 |
۶.۳ |
AccuSoft ImageGear PSD Header out-of-bounds write |
$۲k-$5k |
Not Defined |
|
CVE-2020-13571 |
۶.۳ |
AccuSoft ImageGear SGI RLE Decompression out-of-bounds write |
$۲k-$5k |
Not Defined |
|
CVE-2020-13561 |
۵.۵ |
AccuSoft ImageGear TIFF Parser out-of-bounds write |
$۲k-$5k |
Not Defined |
|
CVE-2021-21060 |
۴.۶ |
Adobe Acrobat information disclosure |
$۱۰k-$25k |
|
|
CVE-2021-21061 |
۳.۳ |
Adobe Acrobat PDF File use after free |
$۲۵k-$50k |
|
|
CVE-2021-21045 |
۸.۲ |
Adobe Acrobat Reader access control |
$۲۵k-$50k |
|
|
CVE-2021-21017 |
۸.۸ |
Adobe Acrobat Reader heap-based overflow |
$۲۵k-$50k |
|
|
CVE-2021-21036 |
۷.۸ |
Adobe Acrobat Reader integer overflow |
$۱۰k-$25k |
|
|
CVE-2021-21044 |
۷.۸ |
Adobe Acrobat Reader JPEG File out-of-bounds write |
$۲۵k-$50k |
|
|
CVE-2021-21038 |
۷.۸ |
Adobe Acrobat Reader JPEG File out-of-bounds write |
$۲۵k-$50k |
|
|
CVE-2021-21046 |
۳.۳ |
Adobe Acrobat Reader memory corruption |
$۲۵k-$50k |
|
|
CVE-2021-21042 |
۶.۵ |
Adobe Acrobat Reader out-of-bounds read |
$۱۰k-$25k |
|
|
CVE-2021-21034 |
۴.۳ |
Adobe Acrobat Reader out-of-bounds read |
$۵k-$10k |
|
|
CVE-2021-21037 |
۷.۸ |
Adobe Acrobat Reader path traversal |
$۱۰k-$25k |
|
|
CVE-2021-21063 |
۷.۸ |
Adobe Acrobat Reader PDF File memory corruption |
$۲۵k-$50k |
|
|
CVE-2021-21062 |
۷.۸ |
Adobe Acrobat Reader PDF File memory corruption |
$۲۵k-$50k |
|
|
CVE-2021-21059 |
۷.۸ |
Adobe Acrobat Reader PDF File memory corruption |
$۲۵k-$50k |
|
|
CVE-2021-21058 |
۷.۸ |
Adobe Acrobat Reader PDF File memory corruption |
$۲۵k-$50k |
|
|
CVE-2021-21057 |
۶.۶ |
Adobe Acrobat Reader PDF File null pointer dereference |
$۱۰k-$25k |
|
|
CVE-2021-21041 |
۷.۸ |
Adobe Acrobat Reader use after free |
$۲۵k-$50k |
|
|
CVE-2021-21040 |
۷.۸ |
Adobe Acrobat Reader use after free |
$۲۵k-$50k |
|
|
CVE-2021-21039 |
۷.۸ |
Adobe Acrobat Reader use after free |
$۲۵k-$50k |
|
|
CVE-2021-21035 |
۸.۸ |
Adobe Acrobat Reader use after free |
$۲۵k-$50k |
|
|
CVE-2021-21033 |
۸.۸ |
Adobe Acrobat Reader use after free |
$۲۵k-$50k |
|
|
CVE-2021-21028 |
۸.۸ |
Adobe Acrobat Reader use after free |
$۲۵k-$50k |
|
|
CVE-2021-21021 |
۸.۸ |
Adobe Acrobat Reader use after free |
$۲۵k-$50k |
|
|
CVE-2021-21052 |
۷.۸ |
Adobe Animate out-of-bounds write |
$۵k-$10k |
|
|
CVE-2021-21055 |
۶.۲ |
Adobe Dreamweaver untrusted search path |
$۲k-$5k |
|
|
CVE-2021-21054 |
۷.۸ |
Adobe Illustrator out-of-bounds write |
$۵k-$10k |
|
|
CVE-2021-21053 |
۷.۸ |
Adobe Illustrator out-of-bounds write |
$۵k-$10k |
|
|
CVE-2021-21051 |
۷.۸ |
Adobe Photoshop Javascript File buffer overflow |
$۵k-$10k |
|
|
CVE-2021-21048 |
۷.۸ |
Adobe Photoshop memory corruption |
$۵k-$10k |
|
|
CVE-2021-21050 |
۷.۸ |
Adobe Photoshop out-of-bounds read |
$۲k-$5k |
|
|
CVE-2021-21049 |
۷.۸ |
Adobe Photoshop out-of-bounds read |
$۲k-$5k |
|
|
CVE-2021-21047 |
۷.۸ |
Adobe Photoshop out-of-bounds write |
$۵k-$10k |
|
|
CVE-2021-22652 |
۶.۳ |
Advantech iView Configuration missing authentication |
$۱k-$2k |
Official Fix |
|
CVE-2021-22656 |
۳.۵ |
Advantech iView pathname traversal |
$۱k-$2k |
Official Fix |
|
CVE-2021-22658 |
۵.۵ |
Advantech iView sql injection |
$۱k-$2k |
Official Fix |
|
CVE-2021-22654 |
۶.۳ |
Advantech iView sql injection |
$۱k-$2k |
Official Fix |
|
CVE-2020-13949 |
۳.۵ |
Apache Thrift Short Message denial of service |
$۲k-$5k |
Not Defined |
|
CVE-2020-36237 |
۵.۳ |
Atlassian JIRA Server/Data Center Custom Field information disclosure |
$۱k-$2k |
|
|
CVE-2020-36235 |
۵.۳ |
Atlassian JIRA Server/Data Center Custom Field information disclosure |
$۱k-$2k |
|
|
CVE-2020-36236 |
۳.۵ |
Atlassian JIRA Server/Data Center Endpoint ViewWorkflowSchemes.jspa cross site scripting |
$۰-$۱k |
|
|
CVE-2020-29451 |
۴.۳ |
Atlassian JIRA Server/Data Center Plugin Report Page information disclosure |
$۱k-$2k |
|
|
CVE-2020-36234 |
۳.۵ |
Atlassian JIRA Server/Data Center Screens Modal View cross site scripting |
$۰-$۱k |
|
|
CVE-2019-19004 |
۵.۵ |
AutoTrace Bitmap Image input-bmp.c malloc integer overflow |
$۲k-$5k |
|
|
CVE-2019-19005 |
۵.۵ |
AutoTrace Bitmap Image main.c use after free |
$۲k-$5k |
|
|
CVE-2020-22840 |
۶.۱ |
b2evolution email_passthrough.php redirect |
$۱k-$2k |
|
|
CVE-2020-22839 |
۶.۱ |
b2evolution evoadm.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-22841 |
۴.۸ |
b2evolution Plugin Module cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-26528 |
۶.۳ |
Cesanta Mongoose Connection Request mg_http_serve_file out-of-bounds write |
$۲k-$5k |
Not Defined |
|
CVE-2021-26530 |
۶.۳ |
Cesanta Mongoose Connection Request mg_tls_init out-of-bounds write |
$۲k-$5k |
Not Defined |
|
CVE-2021-26529 |
۶.۳ |
Cesanta Mongoose Connection Request mg_tls_init out-of-bounds write |
$۲k-$5k |
Not Defined |
|
CVE-2021-26675 |
۵.۵ |
ConnMan dnsproxy stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-26676 |
۳.۵ |
ConnMan gdhcp information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-25835 |
۶.۳ |
Cosmos Ethermint EVM Module authentication replay |
$۱k-$2k |
Not Defined |
|
CVE-2021-25834 |
۶.۳ |
Cosmos Ethermint EVM Module authentication replay |
$۱k-$2k |
Not Defined |
|
CVE-2021-25836 |
۵.۵ |
Cosmos Ethermint EVM Module state issue |
$۱k-$2k |
Not Defined |
|
CVE-2021-25837 |
۵.۵ |
Cosmos Ethermint EVM Module unknown vulnerability |
$۲k-$5k |
Not Defined |
|
CVE-2020-26195 |
۵.۳ |
Dell EMC PowerScale OneFS Directory insufficient permissions or privileges |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-26196 |
۵.۵ |
Dell EMC PowerScale OneFS File System permission assignment |
$۵k-$10k |
|
|
CVE-2020-26191 |
۷.۸ |
Dell EMC PowerScale OneFS Job privileges management |
$۵k-$10k |
|
|
CVE-2020-26192 |
۷.۸ |
Dell EMC PowerScale OneFS missing authentication |
$۲k-$5k |
|
|
CVE-2020-26193 |
۷.۸ |
Dell EMC PowerScale OneFS os command injection |
$۵k-$10k |
|
|
CVE-2020-26194 |
۷.۸ |
Dell EMC PowerScale OneFS permission assignment |
$۵k-$10k |
|
|
CVE-2021-21502 |
۹.۸ |
Dell EMC PowerScale OneFS Remote Code Execution |
$۱۰k-$25k |
|
|
CVE-2020-27864 |
۸.۸ |
D-Link DAP-1860 HNAP Service command injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-27865 |
۸.۸ |
D-Link DAP-1860 uhttpd authentication bypass |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-27863 |
۶.۵ |
D-Link DVA-2800/DSL-2888A dhttpd authentication bypass |
$۵k-$10k |
Not Defined |
|
CVE-2020-27862 |
۸.۸ |
D-Link DVA-2800/DSL-2888A dhttpd command injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-20651 |
۶.۳ |
Elecom File Manager pathname traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-20643 |
۶.۳ |
Elecom LD-PS-U1 access control |
$۲k-$5k |
Not Defined |
|
CVE-2021-20650 |
۳.۵ |
Elecom NCC-EWF100RMWH2 cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2021-20644 |
۳.۵ |
Elecom WRC-1467GHBK-A Web Setup Page cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-20645 |
۳.۵ |
Elecom WRC-300FEBK-A cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-20646 |
۳.۵ |
Elecom WRC-300FEBK-A cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2021-20649 |
۵.۶ |
Elecom WRC-300FEBK-S certificate validation |
$۱k-$2k |
Not Defined |
|
CVE-2021-20647 |
۳.۵ |
Elecom WRC-300FEBK-S cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2021-20648 |
۴.۳ |
Elecom WRC-300FEBK-S os command injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-26222 |
۵.۵ |
ezXML XML File ezxml_new out-of-bounds write |
$۲k-$5k |
Not Defined |
|
CVE-2021-26221 |
۵.۵ |
ezXML XML File ezxml_new out-of-bounds write |
$۲k-$5k |
Not Defined |
|
CVE-2021-26220 |
۵.۵ |
ezXML XML File ezxml_toxml out-of-bounds write |
$۲k-$5k |
Not Defined |
|
CVE-2021-22983 |
۳.۵ |
F5 BIG-IP AFM Configuration Utility cross site scripting |
$۲k-$5k |
|
|
CVE-2021-22980 |
۷.۳ |
F5 BIG-IP APM Client Troubleshooting Utility Edge Client untrusted search path |
$۱۰k-$25k |
|
|
CVE-2021-22985 |
۳.۵ |
F5 BIG-IP APM VPN Traffic memory allocation |
$۲k-$5k |
|
|
CVE-2021-22984 |
۴.۳ |
F5 BIG-IP ASM/Advanced WAF Client Request redirect |
$۵k-$10k |
|
|
CVE-2021-22976 |
۳.۵ |
F5 BIG-IP ASM/Advanced WAF Websocket resource consumption |
$۲k-$5k |
|
|
CVE-2021-22979 |
۳.۵ |
F5 BIG-IP Configuration utility cross site scripting |
$۲k-$5k |
|
|
CVE-2021-22982 |
۵.۵ |
F5 BIG-IP DNS/BIG-IP GTM big3d buffer overflow |
$۱۰k-$25k |
|
|
CVE-2021-22978 |
۳.۵ |
F5 BIG-IP iControl REST Endpoint cross site scripting |
$۲k-$5k |
|
|
CVE-2021-22973 |
۳.۵ |
F5 BIG-IP JSON Parser out-of-bounds read |
$۲k-$5k |
|
|
CVE-2021-22981 |
۳.۷ |
F5 BIG-IP TLS Protocol certificate validation |
$۵k-$10k |
Not Defined |
|
CVE-2021-22977 |
۳.۵ |
F5 BIG-IP TMM denial of service |
$۲k-$5k |
Not Defined |
|
CVE-2021-22975 |
۳.۵ |
F5 BIG-IP Traffic Management Microkernel denial of service |
$۲k-$5k |
|
|
CVE-2021-22974 |
۵.۵ |
F5 BIG-IP/BIG-IQ iControl REST race condition |
$۲k-$5k |
|
|
CVE-2021-27169 |
۵.۵ |
FiberHome AN5506-04-FA hard-coded password |
$۱k-$2k |
Not Defined |
|
CVE-2021-27173 |
۶.۳ |
FiberHome HG6245D API improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2021-27171 |
۸.۰ |
FiberHome HG6245D CLI unknown vulnerability |
$۲k-$5k |
Not Defined |
|
CVE-2021-27170 |
۷.۳ |
FiberHome HG6245D Firewall access control |
$۲k-$5k |
Workaround |
|
CVE-2021-27168 |
۶.۳ |
FiberHome HG6245D hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27166 |
۵.۵ |
FiberHome HG6245D hard-coded password |
$۱k-$2k |
Not Defined |
|
CVE-2021-27139 |
۴.۳ |
FiberHome HG6245D info.asp information disclosure |
$۱k-$2k |
Not Defined |
|
CVE-2021-27167 |
۵.۵ |
FiberHome HG6245D libci_adaptation_layer.so init_3bb_password unknown vulnerability |
$۲k-$5k |
Not Defined |
|
CVE-2021-27178 |
۲.۳ |
FiberHome HG6245D NVRAM missing encryption |
$۰-$۱k |
Not Defined |
|
CVE-2021-27142 |
۵.۵ |
FiberHome HG6245D Private Key permission |
$۱k-$2k |
Not Defined |
|
CVE-2021-27172 |
۴.۳ |
FiberHome HG6245D system-config.sh hard-coded password |
$۱k-$2k |
Not Defined |
|
CVE-2021-27179 |
۴.۳ |
FiberHome HG6245D Telnet Daemon denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-27165 |
۷.۳ |
FiberHome HG6245D Telnet Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27177 |
۷.۳ |
FiberHome HG6245D Telnet Server improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2021-27141 |
۴.۳ |
FiberHome HG6245D umconfig.txt hard-coded key |
$۰-$۱k |
Not Defined |
|
CVE-2021-27164 |
۷.۳ |
FiberHome HG6245D Web Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27163 |
۷.۳ |
FiberHome HG6245D Web Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27162 |
۷.۳ |
FiberHome HG6245D Web Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27161 |
۷.۳ |
FiberHome HG6245D Web Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27160 |
۷.۳ |
FiberHome HG6245D Web Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27159 |
۷.۳ |
FiberHome HG6245D Web Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27158 |
۷.۳ |
FiberHome HG6245D Web Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27157 |
۷.۳ |
FiberHome HG6245D Web Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27156 |
۷.۳ |
FiberHome HG6245D Web Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27155 |
۷.۳ |
FiberHome HG6245D Web Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27154 |
۷.۳ |
FiberHome HG6245D Web Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27153 |
۷.۳ |
FiberHome HG6245D Web Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27152 |
۷.۳ |
FiberHome HG6245D Web Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27151 |
۷.۳ |
FiberHome HG6245D Web Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27150 |
۷.۳ |
FiberHome HG6245D Web Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27149 |
۷.۳ |
FiberHome HG6245D Web Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27148 |
۷.۳ |
FiberHome HG6245D Web Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27147 |
۷.۳ |
FiberHome HG6245D Web Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27146 |
۷.۳ |
FiberHome HG6245D Web Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27145 |
۷.۳ |
FiberHome HG6245D Web Daemon hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-27144 |
۶.۳ |
FiberHome HG6245D Web Daemon hard-coded password |
$۱k-$2k |
Not Defined |
|
CVE-2021-27143 |
۶.۳ |
FiberHome HG6245D Web Daemon hard-coded password |
$۱k-$2k |
Not Defined |
|
CVE-2021-27140 |
۴.۳ |
FiberHome HG6245D web.log log file |
$۱k-$2k |
Not Defined |
|
CVE-2021-27174 |
۴.۳ |
FiberHome HG6245D wifi_custom.cfg permission |
$۲k-$5k |
Not Defined |
|
CVE-2021-27175 |
۴.۳ |
FiberHome HG6245D wifictl_2g.cfg permission |
$۲k-$5k |
Not Defined |
|
CVE-2021-27176 |
۴.۳ |
FiberHome HG6245D wifictl_5g.cfg permission |
$۲k-$5k |
Not Defined |
|
CVE-2020-6649 |
۹.۸ |
Fortinet FortiIsolator session expiration |
$۱k-$2k |
|
|
CVE-2021-22122 |
۶.۱ |
Fortinet FortiWeb API Endpoint cross site scripting |
$۰-$۱k |
|
|
CVE-2020-17423 |
۷.۸ |
Foxit Studio Photo ARW File heap-based overflow |
$۲k-$5k |
|
|
CVE-2020-17434 |
۷.۸ |
Foxit Studio Photo ARW File out-of-bounds read |
$۱k-$2k |
|
|
CVE-2020-17436 |
۷.۸ |
Foxit Studio Photo CMP File out-of-bounds read |
$۱k-$2k |
|
|
CVE-2020-17433 |
۷.۸ |
Foxit Studio Photo CMP File out-of-bounds read |
$۱k-$2k |
|
|
CVE-2020-17429 |
۷.۸ |
Foxit Studio Photo CMP File out-of-bounds read |
$۱k-$2k |
|
|
CVE-2020-17428 |
۳.۳ |
Foxit Studio Photo CMP File out-of-bounds read |
$۱k-$2k |
|
|
CVE-2020-17426 |
۷.۸ |
Foxit Studio Photo CR2 File memory corruption |
$۲k-$5k |
|
|
CVE-2020-27856 |
۷.۸ |
Foxit Studio Photo CR2 File out-of-bounds read |
$۱k-$2k |
|
|
CVE-2020-17435 |
۷.۸ |
Foxit Studio Photo CR2 File out-of-bounds read |
$۱k-$2k |
|
|
CVE-2020-17432 |
۷.۸ |
Foxit Studio Photo CR2 File out-of-bounds read |
$۱k-$2k |
|
|
CVE-2020-17431 |
۷.۸ |
Foxit Studio Photo CR2 File out-of-bounds write |
$۲k-$5k |
|
|
CVE-2020-17430 |
۷.۸ |
Foxit Studio Photo CR2 File out-of-bounds write |
$۲k-$5k |
|
|
CVE-2020-17422 |
۳.۳ |
Foxit Studio Photo EPS File out-of-bounds read |
$۱k-$2k |
|
|
CVE-2020-17425 |
۷.۸ |
Foxit Studio Photo EPS File out-of-bounds write |
$۲k-$5k |
|
|
CVE-2020-17424 |
۷.۸ |
Foxit Studio Photo EZI File out-of-bounds write |
$۲k-$5k |
|
|
CVE-2020-17418 |
۷.۸ |
Foxit Studio Photo EZIX File buffer overflow |
$۲k-$5k |
|
|
CVE-2020-17427 |
۷.۸ |
Foxit Studio Photo NEF File out-of-bounds read |
$۱k-$2k |
|
|
CVE-2020-17420 |
۳.۳ |
Foxit Studio Photo NEF File out-of-bounds read |
$۱k-$2k |
|
|
CVE-2020-27857 |
۷.۸ |
Foxit Studio Photo NEF File out-of-bounds write |
$۲k-$5k |
|
|
CVE-2020-17421 |
۷.۸ |
Foxit Studio Photo NEF File out-of-bounds write |
$۲k-$5k |
|
|
CVE-2020-17419 |
۷.۸ |
Foxit Studio Photo NEF File out-of-bounds write |
$۲k-$5k |
|
|
CVE-2020-27855 |
۷.۸ |
Foxit Studio Photo SR2 File out-of-bounds read |
$۱k-$2k |
|
|
CVE-2020-13574 |
۷.۵ |
Genivia gSOAP SOAP Request denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2020-13575 |
۷.۵ |
Genivia gSOAP WS-Addressing Plugin denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2020-13576 |
۹.۸ |
Genivia gSOAP WS-Addressing Plugin Remote Privilege Escalation |
$۲k-$5k |
Not Defined |
|
CVE-2020-13578 |
۷.۵ |
Genivia gSOAP WS-Security Plugin denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2020-13577 |
۷.۵ |
Genivia gSOAP WS-Security Plugin denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-0327 |
۷.۸ |
Google Android ActivityManagerService.java getContentProviderImpl permission |
$۲۵k-$50k |
|
|
CVE-2021-0329 |
۷.۸ |
Google Android Bluetooth AdvertiseManager.java out-of-bounds write |
$۲۵k-$50k |
|
|
CVE-2021-0333 |
۷.۳ |
Google Android Bluetooth BluetoothPermissionActivity.java onCreate permission |
$۲۵k-$50k |
|
|
CVE-2021-0328 |
۷.۸ |
Google Android Bluetooth Scan GattService.java deliverBatchScan permission |
$۲۵k-$50k |
|
|
CVE-2021-0336 |
۷.۸ |
Google Android BluetoothPermissionRequest.java onReceive permission |
$۲۵k-$50k |
|
|
CVE-2021-0335 |
۶.۵ |
Google Android C2SoftHevcDec.cpp process out-of-bounds write |
$۵۰k-$100k |
|
|
CVE-2021-0325 |
۸.۸ |
Google Android ih264d_parse_pslice.c ih264d_parse_pslice out-of-bounds write |
$۵۰k-$100k |
|
|
CVE-2021-0340 |
۸.۸ |
Google Android IsoInterface.java parseNextBox information disclosure |
$۲۵k-$50k |
|
|
CVE-2021-0337 |
۷.۸ |
Google Android Metadata FileSystemProvider.java moveInMediaStore Local Privilege Escalation |
$۲۵k-$50k |
|
|
CVE-2021-0331 |
۷.۳ |
Google Android Notification NotificationAccessConfirmationActivity.java onCreate Local Privilege Escalation |
$۲۵k-$50k |
|
|
CVE-2021-0341 |
۷.۵ |
Google Android OkHostnameVerifier.java verifyHostName certificate validation |
$۲۵k-$50k |
|
|
CVE-2021-0305 |
۷.۸ |
Google Android PackageInstaller permission |
$۲۵k-$50k |
|
|
CVE-2021-0302 |
۷.۸ |
Google Android PackageInstaller permission |
$۲۵k-$50k |
|
|
CVE-2021-0334 |
۷.۸ |
Google Android ResolverActivity.java onTargetSelected Local Privilege Escalation |
$۲۵k-$50k |
|
|
CVE-2021-0330 |
۷.۸ |
Google Android storaged.cpp remove_user_ce use after free |
$۲۵k-$50k |
|
|
CVE-2021-0332 |
۷.۸ |
Google Android SurfaceFlinger.cpp bootFinished use after free |
$۲۵k-$50k |
|
|
CVE-2021-0338 |
۵.۵ |
Google Android SystemSettingsValidators denial of service |
$۵k-$10k |
|
|
CVE-2021-0314 |
۷.۳ |
Google Android UninstallerActivity onCreate Local Privilege Escalation |
$۵۰k-$100k |
|
|
CVE-2021-0326 |
۹.۸ |
Google Android WiFi-Direct p2p.c p2p_copy_client_info out-of-bounds write |
$۵۰k-$100k |
|
|
CVE-2021-0339 |
۷.۸ |
Google Android WindowContainer.java loadAnimation Local Privilege Escalation |
$۲۵k-$50k |
|
|
CVE-2021-21128 |
۸.۸ |
Google Chrome Blink heap-based overflow |
$۵۰k-$100k |
|
|
CVE-2021-21122 |
۸.۸ |
Google Chrome Blink use after free |
$۵۰k-$100k |
|
|
CVE-2021-21117 |
۷.۸ |
Google Chrome Cryptohome access control |
$۲۵k-$50k |
|
|
CVE-2021-21137 |
۶.۵ |
Google Chrome DevTools information disclosure |
$۲۵k-$50k |
|
|
CVE-2021-21132 |
۹.۶ |
Google Chrome DevTools sandbox |
$۵۰k-$100k |
|
|
CVE-2021-21138 |
۸.۶ |
Google Chrome DevTools use after free |
$۲۵k-$50k |
|
|
CVE-2021-21133 |
۶.۵ |
Google Chrome Download Remote Code Execution |
$۵۰k-$100k |
|
|
CVE-2021-21127 |
۸.۸ |
Google Chrome Extension access control |
$۵۰k-$100k |
|
|
CVE-2021-21143 |
۸.۸ |
Google Chrome Extension heap-based overflow |
$۵۰k-$100k |
|
|
CVE-2021-21141 |
۶.۵ |
Google Chrome File System API Remote Code Execution |
$۵۰k-$100k |
|
|
CVE-2021-21131 |
۶.۵ |
Google Chrome File System API Remote Code Execution |
$۵۰k-$100k |
|
|
CVE-2021-21130 |
۶.۵ |
Google Chrome File System API Remote Code Execution |
$۵۰k-$100k |
|
|
CVE-2021-21129 |
۶.۵ |
Google Chrome File System API Remote Code Execution |
$۵۰k-$100k |
|
|
CVE-2021-21125 |
۸.۱ |
Google Chrome File System API Remote Code Execution |
$۵۰k-$100k |
|
|
CVE-2021-21123 |
۶.۵ |
Google Chrome File System API Remote Code Execution |
$۵۰k-$100k |
|
|
CVE-2021-21145 |
۸.۸ |
Google Chrome Font use after free |
$۵۰k-$100k |
|
|
CVE-2021-21139 |
۶.۵ |
Google Chrome iFrame Sandbox access control |
$۵۰k-$100k |
|
|
CVE-2021-21119 |
۸.۸ |
Google Chrome Media use after free |
$۵۰k-$100k |
|
|
CVE-2021-21146 |
۹.۶ |
Google Chrome Navigation use after free |
$۵۰k-$100k |
|
|
CVE-2021-21121 |
۹.۶ |
Google Chrome Omnibox use after free |
$۵۰k-$100k |
|
|
CVE-2021-21134 |
۶.۵ |
Google Chrome Page Info Remote Code Execution |
$۵۰k-$100k |
|
|
CVE-2021-21142 |
۹.۶ |
Google Chrome Payment use after free |
$۵۰k-$100k |
|
|
CVE-2021-21135 |
۶.۵ |
Google Chrome Performance API unknown vulnerability |
$۵۰k-$100k |
|
|
CVE-2021-21126 |
۶.۵ |
Google Chrome Policy Enforcement access control |
$۵۰k-$100k |
|
|
CVE-2020-16044 |
۸.۸ |
Google Chrome SCTP Packet use after free |
$۵۰k-$100k |
|
|
CVE-2021-21147 |
۴.۳ |
Google Chrome Skia clickjacking |
$۵۰k-$100k |
|
|
CVE-2021-21144 |
۸.۸ |
Google Chrome Tab Group heap-based overflow |
$۵۰k-$100k |
|
|
CVE-2021-21140 |
۶.۸ |
Google Chrome USB Device uninitialized pointer |
$۲۵k-$50k |
|
|
CVE-2021-21118 |
۸.۸ |
Google Chrome V8 out-of-bounds read |
$۲۵k-$50k |
|
|
CVE-2021-21120 |
۸.۸ |
Google Chrome WebSQL use after free |
$۵۰k-$100k |
|
|
CVE-2021-21136 |
۶.۵ |
Google Chrome WebView unknown vulnerability |
$۵۰k-$100k |
|
|
CVE-2021-21124 |
۹.۶ |
Google Speech Recognizer use after free |
$۱۰k-$25k |
|
|
CVE-2021-25141 |
۳.۵ |
HPE 3500/6200/8200 Management Interface denial of service |
$۲k-$5k |
Not Defined |
|
CVE-2021-26577 |
۷.۸ |
HPE Apollo 70 Baseboard Management Controller libifc.so uploadsshkey buffer overflow |
$۵k-$10k |
|
|
CVE-2021-26576 |
۷.۸ |
HPE Apollo 70 Baseboard Management Controller libifc.so uploadsshkey command injection |
$۱۰k-$25k |
|
|
CVE-2021-26575 |
۷.۸ |
HPE Apollo 70 Baseboard Management Controller libifc.so webdeletesolvideofile path traversal |
$۵k-$10k |
|
|
CVE-2021-26574 |
۷.۸ |
HPE Apollo 70 Baseboard Management Controller libifc.so webdeletevideofile path traversal |
$۵k-$10k |
|
|
CVE-2021-26573 |
۷.۸ |
HPE Apollo 70 Baseboard Management Controller libifc.so webgeneratesslcfg buffer overflow |
$۵k-$10k |
|
|
CVE-2021-26572 |
۷.۸ |
HPE Apollo 70 Baseboard Management Controller libifc.so webgetactivexcfg buffer overflow |
$۵k-$10k |
|
|
CVE-2021-26571 |
۷.۸ |
HPE Apollo 70 Baseboard Management Controller libifc.so webgetactivexcfg buffer overflow |
$۵k-$10k |
|
|
CVE-2021-26570 |
۷.۸ |
HPE Apollo 70 Baseboard Management Controller libifc.so webifc_setadconfig buffer overflow |
$۵k-$10k |
|
|
CVE-2021-25172 |
۷.۸ |
HPE Apollo 70 Baseboard Management Controller libifc.so websetdefaultlangcfg command injection |
$۱۰k-$25k |
|
|
CVE-2021-25171 |
۷.۸ |
HPE Apollo 70 Baseboard Management Controller libifc.so websetlicensecfg buffer overflow |
$۵k-$10k |
|
|
CVE-2021-25170 |
۷.۸ |
HPE Apollo 70 Baseboard Management Controller libifc.so websetremoteimageinfo buffer overflow |
$۵k-$10k |
|
|
CVE-2021-25169 |
۷.۸ |
HPE Apollo 70 Baseboard Management Controller libifc.so websetservicecfg buffer overflow |
$۵k-$10k |
|
|
CVE-2021-25142 |
۷.۸ |
HPE Apollo 70 Baseboard Management Controller libifc.so webstartflash buffer overflow |
$۵k-$10k |
|
|
CVE-2021-25168 |
۷.۸ |
HPE Apollo 70 Baseboard Management Controller libifc.so webupdatecomponent buffer overflow |
$۵k-$10k |
|
|
CVE-2021-25140 |
۷.۳ |
HPE Moonshot Provisioning Manager khuploadfile.cgi pathname traversal |
$۱۰k-$25k |
Workaround |
|
CVE-2021-25139 |
۷.۳ |
HPE Moonshot Provisioning Manager khuploadfile.cgi stack-based overflow |
$۱۰k-$25k |
Workaround |
|
CVE-2021-22267 |
۷.۳ |
HPE T0662H01 Idelji Web ViewPoint Suite authentication replay |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-3191 |
۶.۳ |
HPE T0986H01 Idelji Web ViewPoint Suite access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-4768 |
۵.۴ |
IBM Case Manager/Business Automation Workflow Web UI cross site scripting |
$۲k-$5k |
|
|
CVE-2021-20358 |
۶.۵ |
IBM Cloud Pak for Automation API Connection log file |
$۵k-$10k |
|
|
CVE-2021-20359 |
۶.۵ |
IBM Cloud Pak for Automation Business Automation Application Designer log file |
$۵k-$10k |
|
|
CVE-2020-4996 |
۵.۵ |
IBM Security Identity Governance and Intelligence Authentication information disclosure |
$۵k-$10k |
|
|
CVE-2020-4791 |
۵.۳ |
IBM Security Identity Governance and Intelligence certificate validation |
$۵k-$10k |
|
|
CVE-2020-4795 |
۸.۲ |
IBM Security Identity Governance and Intelligence HTTP Request information disclosure |
$۵k-$10k |
|
|
CVE-2020-4995 |
۵.۳ |
IBM Security Identity Governance and Intelligence session expiration |
$۵k-$10k |
|
|
CVE-2020-4790 |
۶.۵ |
IBM Security Identity Governance and Intelligence URL denial of service |
$۲k-$5k |
|
|
CVE-2021-20410 |
۵.۳ |
IBM Security Verify Information Queue cleartext storage |
$۲k-$5k |
|
|
CVE-2021-20404 |
۵.۳ |
IBM Security Verify Information Queue Cookie denial of service |
$۵k-$10k |
|
|
CVE-2021-20403 |
۸.۸ |
IBM Security Verify Information Queue cross-site request forgery |
$۲k-$5k |
|
|
CVE-2021-20408 |
۵.۵ |
IBM Security Verify Information Queue Cryptographic Key cleartext storage |
$۵k-$10k |
|
|
CVE-2021-20405 |
۷.۵ |
IBM Security Verify Information Queue encoding error |
$۱۰k-$25k |
|
|
CVE-2021-20412 |
۷.۵ |
IBM Security Verify Information Queue hard-coded credentials |
$۵k-$10k |
|
|
CVE-2021-20409 |
۷.۵ |
IBM Security Verify Information Queue HSTS information disclosure |
$۵k-$10k |
|
|
CVE-2021-20402 |
۲.۷ |
IBM Security Verify Information Queue information exposure |
$۵k-$10k |
|
|
CVE-2021-20406 |
۴.۹ |
IBM Security Verify Information Queue risky encryption |
$۵k-$10k |
|
|
CVE-2021-20411 |
۸.۱ |
IBM Security Verify Information Queue Session Identifier resource transfer |
$۱۰k-$25k |
|
|
CVE-2021-20407 |
۷.۵ |
IBM Security Verify Information Queue Source Code cleartext storage |
$۵k-$10k |
|
|
CVE-2020-5023 |
۷.۵ |
IBM Spectrum Protect Plus resource consumption |
$۵k-$10k |
|
|
CVE-2021-20353 |
۸.۲ |
IBM WebSphere Application Server xml external entity reference |
$۱۰k-$25k |
|
|
CVE-2020-1717 |
۳.۵ |
KeyCloak Email information exposure |
$۰-$۱k |
Not Defined |
|
CVE-2020-10734 |
۳.۵ |
Keycloak OIDC Logout Endpoint cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2020-8355 |
۴.۹ |
Lenovo XClarity Administrator FFDC Service Log cleartext transmission |
$۰-$۱k |
|
|
CVE-2020-36149 |
۵.۵ |
libmysofa changeAttribute null pointer dereference |
$۰-$۱k |
Not Defined |
|
CVE-2020-36152 |
۵.۵ |
libmysofa dataobject.c readDataVar buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2020-36150 |
۵.۵ |
libmysofa loudness heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2020-36151 |
۵.۵ |
libmysofa mysofa_resampler_reset_mem heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2020-36148 |
۵.۵ |
libmysofa verifyAttribute null pointer dereference |
$۰-$۱k |
Not Defined |
|
CVE-2020-16120 |
۵.۱ |
Linux Kernel User Namespace ovl_path_open privileges assignment |
$۱۰k-$25k |
|
|
CVE-2021-20640 |
۴.۳ |
Logitec LAN-W300N-PGRB buffer overflow |
$۱k-$2k |
Not Defined |
|
CVE-2021-20639 |
۴.۳ |
Logitec LAN-W300N-PGRB os command injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-20638 |
۴.۳ |
Logitec LAN-W300N-PGRB os command injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-20636 |
۳.۵ |
Logitec LAN-W300N-PR5B cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2021-20637 |
۴.۳ |
Logitec LAN-W300N-PR5B URL denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-20641 |
۳.۵ |
Logitec LAN-W300N-RS cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2021-20642 |
۴.۳ |
Logitec LAN-W300N-RS URL denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-20635 |
۲.۱ |
Logitec LAN-WH450N-GR information disclosure |
$۰-$۱k |
Not Defined |
|
CVE-2021-21029 |
۳.۵ |
Magento Admin Console cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-21023 |
۲.۴ |
Magento Admin Console cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-21030 |
۴.۳ |
Magento Customer Address Upload cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-21015 |
۵.۵ |
Magento Customer Attribute os command injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-21027 |
۴.۳ |
Magento GraphQL API cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2021-21026 |
۵.۰ |
Magento Integrations Module improper authorization |
$۲k-$5k |
Not Defined |
|
CVE-2021-21020 |
۵.۶ |
Magento Login as Customer Module access control |
$۲k-$5k |
Not Defined |
|
CVE-2021-21025 |
۴.۷ |
Magento Product Layout Update xml injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-21022 |
۵.۳ |
Magento Product Module resource injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-21018 |
۴.۷ |
Magento Scheduled Operation Module os command injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-21024 |
۷.۳ |
Magento Search Module sql injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-21032 |
۵.۶ |
Magento session expiration |
$۱k-$2k |
Not Defined |
|
CVE-2021-21031 |
۵.۶ |
Magento session expiration |
$۱k-$2k |
Not Defined |
|
CVE-2021-21014 |
۴.۷ |
Magento unrestricted upload |
$۱k-$2k |
Not Defined |
|
CVE-2021-21016 |
۴.۱ |
Magento WebAPI os command injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-21019 |
۴.۷ |
Magento Widgets Module xml injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-23878 |
۷.۳ |
McAfee Endpoint Security cleartext storage |
$۲k-$5k |
|
|
CVE-2021-23882 |
۸.۲ |
McAfee Endpoint Security ENS File privileges management |
$۲k-$5k |
|
|
CVE-2021-23881 |
۴.۸ |
McAfee Endpoint Security ePO Extension cross site scripting |
$۲k-$5k |
|
|
CVE-2021-23883 |
۴.۴ |
McAfee Endpoint Security null pointer dereference |
$۱k-$2k |
|
|
CVE-2021-23880 |
۴.۴ |
McAfee Endpoint Security privileges management |
$۲k-$5k |
|
|
CVE-2021-23874 |
۷.۸ |
McAfee Total Protection MTP Self-Defense privileges management |
$۵k-$10k |
|
|
CVE-2021-23873 |
۷.۸ |
McAfee Total Protection privileges management |
$۱۰k-$25k |
|
|
CVE-2021-23876 |
۷.۸ |
McAfee Total Protection Remote Procedure Call privileges management |
$۱۰k-$25k |
|
|
CVE-2021-22502 |
۹.۸ |
Micro Focus Operation Bridge Reporter OBR Server Remote Code Execution |
$۲k-$5k |
|
|
CVE-2021-22504 |
۶.۳ |
Micro Focus Operations Bridge Manager Remote Privilege Escalation |
$۲k-$5k |
Not Defined |
|
CVE-2021-24112 |
۸.۱ |
Microsoft .NET Core Remote Code Execution |
$۲۵k-$50k |
|
|
CVE-2021-26701 |
۸.۱ |
Microsoft .NET Core Remote Code Execution |
$۲۵k-$50k |
|
|
CVE-2021-1721 |
۶.۵ |
Microsoft .NET Core/Visual Studio denial of service |
$۵k-$10k |
|
|
CVE-2021-24111 |
۷.۵ |
Microsoft .NET Framework denial of service |
$۵k-$10k |
|
|
CVE-2021-24087 |
۷.۰ |
Microsoft Azure IoT CLI Extension Local Privilege Escalation |
$۱۰k-$25k |
|
|
CVE-2021-24109 |
۶.۸ |
Microsoft Azure Kubernetes Service Remote Privilege Escalation |
$۱۰k-$25k |
|
|
CVE-2021-24101 |
۶.۵ |
Microsoft Dynamics 365 information disclosure |
$۵k-$10k |
|
|
CVE-2021-1724 |
۶.۱ |
Microsoft Dynamics NAV/Dynamics 365 Business Central cross site scripting |
$۲k-$5k |
|
|
CVE-2021-24100 |
۵.۰ |
Microsoft Edge information disclosure |
$۵k-$10k |
|
|
CVE-2021-24085 |
۶.۵ |
Microsoft Exchange Server Remote Privilege Escalation |
$۲۵k-$50k |
|
|
CVE-2021-1730 |
۵.۴ |
Microsoft Exchange Server unknown vulnerability |
$۲۵k-$50k |
|
|
CVE-2021-24099 |
۶.۵ |
Microsoft Lync Server/Skype for Business Server denial of service |
$۵k-$10k |
|
|
CVE-2021-24073 |
۶.۵ |
Microsoft Lync Server/Skype for Business Server unknown vulnerability |
$۲۵k-$50k |
|
|
CVE-2021-24070 |
۷.۸ |
Microsoft Office Remote Code Execution |
$۱۰k-$25k |
|
|
CVE-2021-24069 |
۷.۸ |
Microsoft Office Remote Code Execution |
$۱۰k-$25k |
|
|
CVE-2021-24068 |
۷.۸ |
Microsoft Office Remote Code Execution |
$۱۰k-$25k |
|
|
CVE-2021-24067 |
۷.۸ |
Microsoft Office Remote Code Execution |
$۱۰k-$25k |
|
|
CVE-2021-24105 |
۸.۴ |
Microsoft Package Manager Configurations Local Privilege Escalation |
$۱۰k-$25k |
|
|
CVE-2021-24071 |
۵.۳ |
Microsoft SharePoint information disclosure |
$۵k-$10k |
|
|
CVE-2021-24072 |
۸.۸ |
Microsoft SharePoint Remote Privilege Escalation |
$۲۵k-$50k |
|
|
CVE-2021-24066 |
۸.۸ |
Microsoft SharePoint Remote Privilege Escalation |
$۲۵k-$50k |
|
|
CVE-2021-1726 |
۸.۰ |
Microsoft SharePoint Remote Privilege Escalation |
$۱۰k-$25k |
|
|
CVE-2021-1733 |
۷.۸ |
Microsoft Sysinternals PsExec Local Privilege Escalation |
$۱۰k-$25k |
|
|
CVE-2021-1728 |
۸.۸ |
Microsoft System Center Operations Manager Remote Privilege Escalation |
$۲۵k-$50k |
|
|
CVE-2021-24114 |
۵.۷ |
Microsoft Teams information disclosure |
$۵k-$10k |
|
|
CVE-2021-26700 |
۷.۸ |
Microsoft Visual Studio Code npm-script Extension Remote Code Execution |
$۱۰k-$25k |
|
|
CVE-2021-1639 |
۷.۰ |
Microsoft Visual Studio Remote Code Execution |
$۱۰k-$25k |
|
|
CVE-2021-24083 |
۷.۸ |
Microsoft Windows Address Book Remote Code Execution |
$۵۰k-$100k |
|
|
CVE-2021-24079 |
۷.۸ |
Microsoft Windows Backup Engine information disclosure |
$۱۰k-$25k |
|
|
CVE-2021-24081 |
۷.۸ |
Microsoft Windows Codecs Library Remote Code Execution |
$۱۰۰k and more |
|
|
CVE-2021-24098 |
۵.۵ |
Microsoft Windows Console Driver denial of service |
$۱۰k-$25k |
|
|
CVE-2021-24092 |
۷.۸ |
Microsoft Windows Defender Local Privilege Escalation |
$۵۰k-$100k |
|
|
CVE-2021-24106 |
۵.۵ |
Microsoft Windows DirectX information disclosure |
$۱۰k-$25k |
|
|
CVE-2021-24078 |
۹.۸ |
Microsoft Windows DNS Server Remote Code Execution |
$۱۰۰k and more |
|
|
CVE-2021-24103 |
۷.۸ |
Microsoft Windows Event Tracing Local Privilege Escalation |
$۵۰k-$100k |
|
|
CVE-2021-24102 |
۷.۸ |
Microsoft Windows Event Tracing Local Privilege Escalation |
$۵۰k-$100k |
|
|
CVE-2021-1722 |
۸.۱ |
Microsoft Windows Fax Service Remote Code Execution |
$۱۰۰k and more |
|
|
CVE-2021-24077 |
۹.۸ |
Microsoft Windows Fax Service Remote Code Execution |
$۱۰۰k and more |
|
|
CVE-2021-24093 |
۸.۸ |
Microsoft Windows Graphics Remote Code Execution |
$۱۰۰k and more |
|
|
CVE-2021-1727 |
۷.۸ |
Microsoft Windows Installer Local Privilege Escalation |
$۵۰k-$100k |
|
|
CVE-2021-24096 |
۷.۸ |
Microsoft Windows Kernel Local Privilege Escalation |
$۵۰k-$100k |
|
|
CVE-2021-24088 |
۸.۸ |
Microsoft Windows Local Spooler Remote Privilege Escalation |
$۱۰۰k and more |
|
|
CVE-2021-24082 |
۴.۳ |
Microsoft Windows Microsoft.PowerShell.Utility Module protection mechanism |
$۵۰k-$100k |
|
|
CVE-2021-24084 |
۵.۵ |
Microsoft Windows Mobile Device Management information disclosure |
$۱۰k-$25k |
|
|
CVE-2021-24075 |
۶.۸ |
Microsoft Windows Network File System denial of service |
$۱۰k-$25k |
|
|
CVE-2021-1731 |
۵.۵ |
Microsoft Windows PFX Encryption Security protection mechanism |
$۲۵k-$50k |
|
|
CVE-2021-25195 |
۷.۸ |
Microsoft Windows PKU2U Local Privilege Escalation |
$۵۰k-$100k |
|
|
CVE-2021-24091 |
۷.۸ |
Microsoft Windows Remote Code Execution |
$۱۰۰k and more |
|
|
CVE-2021-1734 |
۷.۵ |
Microsoft Windows Remote Procedure Call information disclosure |
$۲۵k-$50k |
|
|
CVE-2021-24086 |
۷.۵ |
Microsoft Windows TCP/IP denial of service |
$۱۰k-$25k |
|
|
CVE-2021-24094 |
۹.۸ |
Microsoft Windows TCP/IP Remote Code Execution |
$۱۰۰k and more |
|
|
CVE-2021-24074 |
۹.۸ |
Microsoft Windows TCP/IP Remote Code Execution |
$۱۰۰k and more |
|
|
CVE-2021-24080 |
۶.۵ |
Microsoft Windows Trust Verification API denial of service |
$۱۰k-$25k |
|
|
CVE-2021-24076 |
۵.۵ |
Microsoft Windows VMSwitch information disclosure |
$۱۰k-$25k |
|
|
CVE-2021-1698 |
۷.۸ |
Microsoft Windows Win32 Win32k Local Privilege Escalation |
$۵۰k-$100k |
|
|
CVE-2021-1732 |
۷.۸ |
Microsoft Windows Win32k Local Privilege Escalation |
$۵۰k-$100k |
|
|
CVE-2021-20335 |
۶.۷ |
MongoDB Ops Manager SSL cleartext transmission |
$۰-$۱k |
|
|
CVE-2021-26751 |
۶.۳ |
NeDi Monitoring History Monitoring-History.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-26752 |
۵.۵ |
NeDi Nodes Traffic Nodes-Traffic.php os command injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-26753 |
۵.۵ |
NeDi System Files System-Files.php injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-8590 |
۳.۳ |
NetApp Clustered Data ONTAP AutoSupport Bundle information disclosure |
$۰-$۱k |
|
|
CVE-2020-8578 |
۳.۳ |
NetApp Clustered Data ONTAP AutoSupport Bundle information disclosure |
$۰-$۱k |
|
|
CVE-2020-8587 |
۵.۵ |
NetApp OnCommand System Manager Cache unknown vulnerability |
$۲k-$5k |
|
|
CVE-2020-27866 |
۸.۸ |
Netgear Nighthawk AC2400 mini_httpd authentication bypass |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-27867 |
۶.۸ |
Netgear Nighthawk AC2400 mini_httpd command injection |
$۱۰k-$25k |
|
|
CVE-2020-27861 |
۸.۸ |
Netgear Orbi UA_Parser Utility os command injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-26915 |
۹.۸ |
NetMotion Mobility Java deserialization |
$۲k-$5k |
|
|
CVE-2021-26913 |
۹.۸ |
NetMotion Mobility Java deserialization |
$۲k-$5k |
|
|
CVE-2021-26912 |
۹.۸ |
NetMotion Mobility Java SupportRpcServlet deserialization |
$۲k-$5k |
|
|
CVE-2021-26914 |
۹.۸ |
NetMotion Mobility Java valueStringToObject deserialization |
$۲k-$5k |
|
|
CVE-2020-35943 |
۶.۵ |
NextGEN Gallery cross-site request forgery |
$۰-$۱k |
|
|
CVE-2020-35942 |
۸.۸ |
NextGEN Gallery cross-site request forgery |
$۰-$۱k |
|
|
CVE-2020-27259 |
۶.۳ |
Omron CX-One memory corruption |
$۲k-$5k |
Not Defined |
|
CVE-2020-27261 |
۶.۳ |
Omron CX-One stack-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2020-27257 |
۵.۳ |
Omron CX-One type confusion |
$۱k-$2k |
Not Defined |
|
CVE-2020-35498 |
۵.۷ |
Open vSwitch Packet resource consumption |
$۰-$۱k |
Not Defined |
|
CVE-2021-27212 |
۳.۵ |
OpenLDAP slapd schema_init.c issuerAndThisUpdateCheck denial of service |
$۰-$۱k |
|
|
CVE-2013-20001 |
۴.۶ |
OpenZFS NFS Share access control |
$۱k-$2k |
Not Defined |
|
CVE-2020-28644 |
۳.۵ |
ownCloud API Endpoint core cross-site request forgery |
$۰-$۱k |
|
|
CVE-2020-16144 |
۴.۶ |
ownCloud File Store files_antivirus permission |
$۱k-$2k |
|
|
CVE-2020-28645 |
۴.۶ |
ownCloud unknown vulnerability |
$۲k-$5k |
|
|
CVE-2021-3033 |
۹.۱ |
Palo Alto Prisma Cloud Compute SAML Authentication signature verification |
$۱k-$2k |
|
|
CVE-2020-7071 |
۵.۳ |
PHP URL Validation filter_var input validation |
$۱۰k-$25k |
|
|
CVE-2020-13565 |
۵.۵ |
phpGACL/OpenEMR HTTP Request return_page redirect |
$۱k-$2k |
Not Defined |
|
CVE-2020-18215 |
۶.۳ |
PHPSHE admin.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-28595 |
۵.۵ |
Prusa Research PrusaSlicer OBJ File Obj.cpp load_obj out-of-bounds write |
$۲k-$5k |
Not Defined |
|
CVE-2020-28596 |
۵.۵ |
Prusa Research PrusaSlicer OBJ File objparse buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2020-27868 |
۹.۸ |
Qognify Ocularis EventCoordinator Endpoint deserialization |
$۲k-$5k |
|
|
CVE-2021-21444 |
۴.۳ |
SAP Business Objects BI Platform X-Frame-Options Header clickjacking |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-21477 |
۶.۳ |
SAP Commerce Cloud Drools Rule injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-21474 |
۵.۰ |
SAP HANA Database SAML Token signature verification |
$۵k-$10k |
Not Defined |
|
CVE-2021-21475 |
۵.۶ |
SAP Master Data Management File API pathname traversal |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-21479 |
۸.۱ |
SAP SCIMono Java Expression injection |
$۱۰k-$25k |
|
|
CVE-2021-21472 |
۵.۶ |
SAP Software Provisioning Manager missing authentication |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-21476 |
۶.۳ |
SAP UI5 redirect |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-21478 |
۶.۳ |
SAP Web Dynpro ABAP redirect |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-25245 |
۷.۸ |
Siemens DIGSI 4 default permission |
$۱۰k-$25k |
|
|
CVE-2020-27000 |
۷.۸ |
Siemens JT2Go/Teamcenter Visualization BMP File memory corruption |
$۱۰k-$25k |
|
|
CVE-2020-27004 |
۷.۱ |
Siemens JT2Go/Teamcenter Visualization CGM File out-of-bounds read |
$۲k-$5k |
|
|
CVE-2020-27007 |
۷.۱ |
Siemens JT2Go/Teamcenter Visualization HPG File out-of-bounds read |
$۲k-$5k |
|
|
CVE-2020-27002 |
۷.۱ |
Siemens JT2Go/Teamcenter Visualization PAR File out-of-bounds read |
$۲k-$5k |
|
|
CVE-2020-26999 |
۵.۵ |
Siemens JT2Go/Teamcenter Visualization PAR File out-of-bounds read |
$۲k-$5k |
|
|
CVE-2020-26998 |
۵.۵ |
Siemens JT2Go/Teamcenter Visualization PAR File out-of-bounds read |
$۲k-$5k |
|
|
CVE-2020-27001 |
۷.۸ |
Siemens JT2Go/Teamcenter Visualization PAR File stack-based overflow |
$۱۰k-$25k |
|
|
CVE-2020-27006 |
۷.۸ |
Siemens JT2Go/Teamcenter Visualization PCT File memory corruption |
$۱۰k-$25k |
|
|
CVE-2020-27008 |
۷.۱ |
Siemens JT2Go/Teamcenter Visualization PLT File out-of-bounds read |
$۲k-$5k |
|
|
CVE-2020-28394 |
۵.۵ |
Siemens JT2Go/Teamcenter Visualization RAS File out-of-bounds read |
$۲k-$5k |
|
|
CVE-2020-27005 |
۷.۸ |
Siemens JT2Go/Teamcenter Visualization TGA File out-of-bounds write |
$۱۰k-$25k |
|
|
CVE-2020-27003 |
۷.۸ |
Siemens JT2Go/Teamcenter Visualization TIFF File null pointer dereference |
$۲k-$5k |
|
|
CVE-2020-28388 |
۵.۳ |
Siemens Nucleus NET/Nucleus ReadyStart ISN predictable value |
$۵k-$10k |
|
|
CVE-2020-25238 |
۷.۸ |
Siemens PCS neo/TIA Portal access control |
$۱۰k-$25k |
|
|
CVE-2021-25666 |
۴.۳ |
Siemens SCALANCE W740/SCALANCE W780 ARP allocation of resources |
$۲k-$5k |
|
|
CVE-2020-28392 |
۷.۸ |
Siemens SIMARIS Configuration Folder default permission |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-15798 |
۹.۸ |
Siemens SIMATIC HMI Comfort Panel Telnet Service missing authentication |
$۱۰k-$25k |
|
|
CVE-2020-10048 |
۵.۵ |
Siemens SIMATIC PCS 7/SIMATIC WinCC authentication bypass |
$۵k-$10k |
|
|
CVE-2020-25237 |
۵.۵ |
Siemens SINEC NMS/SINEMA Server ZIP File path traversal |
$۵k-$10k |
|
|
CVE-2021-26549 |
۳.۵ |
SmartFoxServer AdminTool Console cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-26551 |
۵.۵ |
SmartFoxServer Console Module javashell.py protection mechanism |
$۱k-$2k |
Not Defined |
|
CVE-2021-26550 |
۳.۵ |
SmartFoxServer Password server.xml missing encryption |
$۰-$۱k |
Not Defined |
|
CVE-2020-13581 |
۵.۵ |
SoftMaker Office PlanMaker Document heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2020-27250 |
۶.۳ |
SoftMaker Office PlanMaker Document Parser heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2020-13546 |
۶.۳ |
SoftMaker Office TextMaker Document Parser heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2020-27869 |
۸.۸ |
SolarWinds Network Performance Monitor WriteToFile sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-27870 |
۷.۵ |
SolarWinds Orion Platform ExportToPDF.aspx information disclosure |
$۱k-$2k |
Not Defined |
|
CVE-2020-27871 |
۷.۲ |
SolarWinds Orion Platform VulnerabilitySettings.aspx improper authentication |
$۲k-$5k |
|
|
CVE-2021-27188 |
۴.۳ |
Sovremennye Delovye Tekhnologii FX Aggregator Terminal Client denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-27187 |
۴.۳ |
Sovremennye Delovye Tekhnologii FX Aggregator Terminal Client login.sav credentials storage |
$۲k-$5k |
Not Defined |
|
CVE-2020-8029 |
۲.۹ |
SuSE CaaS Platform permission assignment |
$۲k-$5k |
|
|
CVE-2020-8030 |
۳.۶ |
SuSE CaaS Platform temp file |
$۵k-$10k |
Not Defined |
|
CVE-2020-8027 |
۷.۳ |
SUSE Linux Enterprise Server/OpenSUSE temp file |
$۱k-$2k |
|
|
CVE-2020-8031 |
۶.۳ |
SuSE Open Build Service Web Page Generation cross site scripting |
$۲k-$5k |
|
|
CVE-2021-27205 |
۵.۵ |
Telegram information disclosure |
$۱k-$2k |
|
|
CVE-2021-27204 |
۵.۵ |
Telegram Passcode credentials storage |
$۲k-$5k |
|
|
CVE-2020-13185 |
۶.۳ |
Teradici Cloud Access Connector Web Application Pages authentication bypass |
$۱k-$2k |
|
|
CVE-2020-13186 |
۳.۵ |
Teradici Cloud Access Connector Web Form cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2021-25688 |
۳.۵ |
Teradici PCoIP Agent log file |
$۰-$۱k |
|
|
CVE-2021-25690 |
۳.۵ |
Teradici PCoIP Soft Client null pointer dereference |
$۰-$۱k |
|
|
CVE-2021-25689 |
۶.۳ |
Teradici PCoIP Soft Client out-of-bounds write |
$۲k-$5k |
|
|
CVE-2021-27210 |
۴.۳ |
TP-LINK Archer C5v information disclosure |
$۱k-$2k |
Not Defined |
|
CVE-2021-27209 |
۳.۷ |
TP-LINK Archer C5v missing encryption |
$۰-$۱k |
Not Defined |
|
CVE-2020-13462 |
۷.۵ |
Tufin SecureChange resource injection |
$۱k-$2k |
|
|
CVE-2020-13409 |
۹.۶ |
Tufin SecureTrack cross site scripting |
$۰-$۱k |
|
|
CVE-2020-13408 |
۹.۶ |
Tufin SecureTrack cross site scripting |
$۰-$۱k |
|
|
CVE-2020-13407 |
۹.۶ |
Tufin SecureTrack cross site scripting |
$۰-$۱k |
|
|
CVE-2020-13460 |
۸.۸ |
Tufin SecureTrack cross-site request forgery |
$۰-$۱k |
|
|
CVE-2020-13461 |
۳.۵ |
Tufin SecureTrack information disclosure |
$۰-$۱k |
Workaround |
|
CVE-2021-21976 |
۶.۳ |
VMware vSphere Replication command injection |
$۱۰k-$25k |
|
|
CVE-2020-13117 |
۷.۳ |
WAVLINK WN575A4/WN579X3 Login command injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-20654 |
۳.۵ |
Wekan Fieldbleed cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-26958 |
۵.۵ |
xcb Crate cast_event unknown vulnerability |
$۲k-$5k |
Not Defined |
|
CVE-2021-26957 |
۳.۵ |
xcb Crate change_property out-of-bounds read |
$۰-$۱k |
Not Defined |
|
CVE-2021-26955 |
۵.۵ |
xcb Crate name unknown vulnerability |
$۲k-$5k |
Not Defined |
|
CVE-2021-26956 |
۵.۵ |
xcb Crate value unknown vulnerability |
$۲k-$5k |
Not Defined |
