آسیبپذیریهای حیاتی هفته چهارم اسفندماه
این هفته آسیبپذیریهای «حیاتی» و «پرخطر» بسیاری در محصولات مهم Microsoft گزارش و وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شد. همچنین در محصولات شرکتهای Siemens، Adobe، Apache، Google، F5، IBM وکرنل لینوکس چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت.
لیست این آسیبپذیریها بههمراه سطح خطر آنها در جدول زیر آمده است.
|
شناسه آسیبپذیری |
امتیاز مبنا |
عنوان آسیبپذیری |
ارزش روز صفر |
رفع آسیبپذیری |
|---|---|---|---|---|
|
CVE-2021-21077 |
۶.۳ |
Adobe Animate heap-based overflow |
$۵k-$10k |
Official Fix |
|
CVE-2021-21071 |
۶.۳ |
Adobe Animate memory corruption |
$۵k-$10k |
Official Fix |
|
CVE-2021-21076 |
۴.۳ |
Adobe Animate out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-21075 |
۴.۳ |
Adobe Animate out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-21074 |
۴.۳ |
Adobe Animate out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-21073 |
۴.۳ |
Adobe Animate out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-21072 |
۴.۳ |
Adobe Animate out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-21080 |
۴.۳ |
Adobe Connect cross site scripting |
$۲k-$5k |
Official Fix |
|
CVE-2021-21079 |
۳.۵ |
Adobe Connect cross site scripting |
$۱k-$2k |
Official Fix |
|
CVE-2021-21085 |
۶.۳ |
Adobe Connect Registration Form injection |
$۵k-$10k |
Official Fix |
|
CVE-2021-21078 |
۳.۹ |
Adobe Creative Cloud Desktop Application CCXProcess untrusted search path |
$۱k-$2k |
Official Fix |
|
CVE-2021-21069 |
۵.۳ |
Adobe Creative Cloud Desktop Application Installer access control |
$۲k-$5k |
Official Fix |
|
CVE-2021-21068 |
۴.۵ |
Adobe Creative Cloud Desktop Application temp file |
$۰-$۱k |
Official Fix |
|
CVE-2021-21056 |
۶.۳ |
Adobe Framemaker out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-21067 |
۶.۳ |
Adobe Photoshop CoolType Library out-of-bounds write |
$۵k-$10k |
Official Fix |
|
CVE-2021-21082 |
۶.۳ |
Adobe Photoshop memory corruption |
$۵k-$10k |
Official Fix |
|
CVE-2020-35451 |
۴.۶ |
Apache Oozie OozieSharelibCLI temp file |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27576 |
۳.۵ |
Apache OpenMeetings NetTest Web Service resource consumption |
$۰-$۱k |
Not Defined |
|
CVE-2020-13936 |
۵.۵ |
Apache Velocity Engine Template command injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-13959 |
۳.۵ |
Apache Velocity Tools VelocityView cross site scripting |
$۲k-$5k |
Official Fix |
|
CVE-2021-1844 |
۶.۳ |
Apple iOS/iPadOS WebKit memory corruption |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-1844 |
۶.۳ |
Apple macOS WebKit memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-1844 |
۶.۳ |
Apple Safari WebKit memory corruption |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1844 |
۶.۳ |
Apple watchOS WebKit memory corruption |
$۵k-$10k |
Official Fix |
|
CVE-2021-27677 |
۳.۵ |
Batflat CMS Galleries cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-27679 |
۳.۵ |
Batflat CMS Navigation cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-27678 |
۳.۵ |
Batflat CMS Snippets cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-14989 |
۳.۵ |
Bloomreach Experience Manager cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2020-14988 |
۵.۵ |
Bloomreach Experience Manager Login Page unrestricted upload |
$۱k-$2k |
Not Defined |
|
CVE-2020-14987 |
۴.۷ |
Bloomreach Experience Manager Updater Editor Remote Privilege Escalation |
$۲k-$5k |
Not Defined |
|
CVE-2020-36279 |
۵.۵ |
Dan Bloomberg Leptonica adaptmap_reg.c rasteropGeneralLow heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2020-36278 |
۵.۵ |
Dan Bloomberg Leptonica ccbord.c findNextBorderPixel heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2020-36281 |
۵.۵ |
Dan Bloomberg Leptonica colorquant1.c pixFewColorsOctcubeQuantMixed heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2020-36277 |
۳.۵ |
Dan Bloomberg Leptonica pixconv.c pixConvert2To8 denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2020-36280 |
۵.۵ |
Dan Bloomberg Leptonica tiffio.c pixReadFromTiffStream heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-21506 |
۶.۳ |
Dell EMC PowerScale OneFS API Remote Privilege Escalation |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-21503 |
۷.۸ |
Dell EMC PowerScale OneFS os command injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-21510 |
۶.۳ |
Dell iDRAC8 Host Header injection |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-21518 |
۵.۳ |
Dell SupportAssist Client Costura Fody Plugin uncontrolled search path |
$۵k-$10k |
Not Defined |
|
CVE-2021-28144 |
۸.۸ |
D-Link DIR-3060 prog.cgi SetVirtualServerSettings command injection |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28143 |
۶.۳ |
D-Link DIR-841 ping/ping6/traceroute jsonrpc command injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-27225 |
۵.۳ |
Eclipse Help Subsystem missing authentication |
$۰-$۱k |
Not Defined |
|
CVE-2021-28161 |
۳.۵ |
Eclipse Theia Debug Console cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-28162 |
۳.۵ |
Eclipse Theia Notification Message cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-19417 |
۵.۵ |
Emerson Smart Wireless Gateway 1420 Administrative Task unknown vulnerability |
$۲k-$5k |
Not Defined |
|
CVE-2020-19419 |
۷.۳ |
Emerson Smart Wireless Gateway 1420 Administrator Console improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2021-22992 |
۸.۰ |
F5 BIG-IP Advanced WAF/ASM Data Plane buffer overflow |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-22993 |
۳.۰ |
F5 BIG-IP Advanced WAF/ASM TMUI cross site scripting |
$۲k-$5k |
Not Defined |
|
CVE-2021-22990 |
۶.۳ |
F5 BIG-IP Advanced WAF/ASM TMUI Remote Privilege Escalation |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-22989 |
۸.۰ |
F5 BIG-IP Advanced WAF/ASM TMUI unknown vulnerability |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-23002 |
۳.۵ |
F5 BIG-IP APM/BIG-IP APM Clients VPN information disclosure |
$۲k-$5k |
Not Defined |
|
CVE-2021-23001 |
۵.۵ |
F5 BIG-IP ASM iControl REST unrestricted upload |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-22991 |
۸.۰ |
F5 BIG-IP Data Plane buffer overflow |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-22999 |
۳.۵ |
F5 BIG-IP HTTP2 Profile resource consumption |
$۲k-$5k |
Not Defined |
|
CVE-2021-22994 |
۳.۰ |
F5 BIG-IP iControl REST cross site scripting |
$۲k-$5k |
Not Defined |
|
CVE-2021-22998 |
۴.۳ |
F5 BIG-IP SNAT resource consumption |
$۲k-$5k |
Not Defined |
|
CVE-2021-23003 |
۳.۵ |
F5 BIG-IP TCP Profile denial of service |
$۲k-$5k |
Not Defined |
|
CVE-2021-23004 |
۵.۵ |
F5 BIG-IP TCP Profile unknown vulnerability |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-23000 |
۳.۵ |
F5 BIG-IP TMM denial of service |
$۲k-$5k |
Not Defined |
|
CVE-2021-22988 |
۸.۸ |
F5 BIG-IP TMUI Remote Privilege Escalation |
$۲۵k-$50k |
Not Defined |
|
CVE-2021-22987 |
۸.۸ |
F5 BIG-IP TMUI Remote Privilege Escalation |
$۲۵k-$50k |
Not Defined |
|
CVE-2021-22986 |
۹.۸ |
F5 BIG-IP/BIG-IQ iControl REST Remote Code Execution |
$۲۵k-$50k |
Not Defined |
|
CVE-2021-22996 |
۳.۵ |
F5 BIG-IQ Data Collection denial of service |
$۱k-$2k |
Not Defined |
|
CVE-2021-23005 |
۳.۵ |
F5 BIG-IQ High Availability missing encryption |
$۱k-$2k |
Not Defined |
|
CVE-2021-22997 |
۶.۳ |
F5 BIG-IQ High Availability unknown vulnerability |
$۵k-$10k |
Not Defined |
|
CVE-2021-22995 |
۶.۳ |
F5 BIG-IQ High Availability unknown vulnerability |
$۵k-$10k |
Not Defined |
|
CVE-2021-23006 |
۳.۰ |
F5 BIG-IQ REST services cross site scripting |
$۱k-$2k |
Not Defined |
|
CVE-2021-24030 |
۵.۵ |
Facebook Gameroom fbgames Protocol argument injection |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-1921 |
۵.۵ |
Facebook HHVM crypt stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-1900 |
۵.۵ |
Facebook HHVM Dynamic Property use after free |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-1898 |
۵.۵ |
Facebook HHVM fb_unserialize recursion |
$۲k-$5k |
Official Fix |
|
CVE-2020-1918 |
۵.۵ |
Facebook HHVM In-Memory File buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-1916 |
۵.۵ |
Facebook HHVM ldap_escape heap-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-24025 |
۵.۵ |
Facebook HHVM preg_quote integer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-1919 |
۳.۵ |
Facebook HHVM substr_compare out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2020-1899 |
۵.۵ |
Facebook HHVM Type Code unserialize uninitialized pointer |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-1917 |
۵.۵ |
Facebook HHVM xbuf_format_converter heap-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-24033 |
۵.۵ |
Facebook react-dev-utils getProcessForPort os command injection |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28308 |
۵.۵ |
fltk Crate Constructor out-of-bounds read |
$۰-$۱k |
Official Fix |
|
CVE-2021-28306 |
۳.۵ |
fltk Crate Image null pointer dereference |
$۰-$۱k |
Official Fix |
|
CVE-2021-28307 |
۳.۵ |
fltk Crate Window Icon null pointer dereference |
$۰-$۱k |
Official Fix |
|
CVE-2020-24791 |
۶.۳ |
Fuel CMS 1 sql injection |
$۱k-$2k |
Official Fix |
|
CVE-2020-28705 |
۳.۵ |
Fuel CMS 3 cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2020-23721 |
۳.۵ |
Fuel CMS cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-23722 |
۵.۵ |
Fuel CMS unknown vulnerability |
$۲k-$5k |
Not Defined |
|
CVE-2021-21325 |
۳.۵ |
GLPI cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-21324 |
۴.۳ |
GLPI resource injection |
$۲k-$5k |
Official Fix |
|
CVE-2021-21326 |
۶.۳ |
GLPI Self-Service Interface authorization |
$۲k-$5k |
Official Fix |
|
CVE-2021-0394 |
۳.۳ |
Google Android android_os_Parcel.cpp android_os_Parcel_readString8 out-of-bounds read |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0368 |
۴.۳ |
Google Android bitwise.c oggpack_look out-of-bounds read |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0388 |
۵.۳ |
Google Android Broadcast ImsPhoneCallTracker.java onReceive Local Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0396 |
۶.۳ |
Google Android builtins-arm.cc Generate_ArgumentsAdaptorTrampoline out-of-bounds write |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-0383 |
۵.۳ |
Google Android CaptivePortalLoginActivity.java done Local Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0456 |
۶.۷ |
Google Android Citadel Chip Firmware out-of-bounds write |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-0455 |
۶.۷ |
Google Android Citadel Chip Firmware out-of-bounds write |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-0454 |
۶.۷ |
Google Android Citadel Chip Firmware out-of-bounds write |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-0463 |
۳.۳ |
Google Android convert.cpp convertToHidl out-of-bounds read |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0377 |
۵.۳ |
Google Android delta_performer.cc Write input validation |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0465 |
۵.۳ |
Google Android face.cc GenerateFaceMask out-of-bounds write |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0460 |
۲.۳ |
Google Android FingerTipS Touch Screen Driver out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-0458 |
۲.۳ |
Google Android FingerTipS Touch Screen Driver out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-0457 |
۶.۷ |
Google Android FingerTipS Touch Screen Driver out-of-bounds write |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-0398 |
۵.۳ |
Google Android Foreground ActiveServices.java bindServiceLocked Local Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0459 |
۲.۳ |
Google Android fts_proc.c fts_driver_test_write out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-0374 |
۲.۵ |
Google Android IAudioPolicyService.cpp onTransact out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-0461 |
۶.۷ |
Google Android iaxxx-module.c iaxxx_core_sensor_change_state out-of-bounds write |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-0384 |
۴.۳ |
Google Android jdapistd.c read_and_discard_scanlines denial of service |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0392 |
۵.۳ |
Google Android main.cpp main double free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0376 |
۵.۳ |
Google Android MediaProvider.java checkUriPermission permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0371 |
۷.۸ |
Google Android nci_hrcv.cc nci_proc_rf_management_ntf out-of-bounds read |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0370 |
۷.۸ |
Google Android NFC Server NxpMfcReader.cc Write out-of-bounds write |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-0462 |
۶.۷ |
Google Android NXP NFC Firmware Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-0393 |
۷.۳ |
Google Android PAC File scanner.cc NewCapacity out-of-bounds write |
$۵۰k-$100k |
Official Fix |
|
CVE-2020-0025 |
۴.۱ |
Google Android PackageManagerService.java deletePackageVersionedInternal permission |
$۰-$۱k |
Official Fix |
|
CVE-2021-0381 |
۳.۳ |
Google Android Pendingetent DeviceStorageMonitorService.java updateNotifications information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0372 |
۵.۳ |
Google Android Pendingetent RemoteMediaSlice.java getMediaOutputSliceAction permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0464 |
۵.۳ |
Google Android platform.h sound_trigger_event_alloc out-of-bounds write |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0391 |
۳.۳ |
Google Android Privileges ChooseTypeAndAccountActivity.java onCreate information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0380 |
۵.۳ |
Google Android Provisioning URL DcTracker.java onReceive permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0378 |
۴.۳ |
Google Android pvmp3_getbits.cpp getNbits out-of-bounds read |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0379 |
۴.۳ |
Google Android pvmp3_getbits.cpp getUpTo17bits out-of-bounds read |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0387 |
۶.۷ |
Google Android QuotaUtils.cpp FindQuotaDeviceForUuid use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-0395 |
۵.۳ |
Google Android reboot.cpp StopServicesAndLogViolations use after free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0397 |
۶.۳ |
Google Android sdp_discovery.cc sdp_copy_raw_data double free |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-0369 |
۵.۳ |
Google Android Setting UI CrossProfileAppsServiceImpl.java state issue |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0382 |
۴.۰ |
Google Android SliceManagerService.java checkSlicePermission information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0453 |
۲.۳ |
Google Android Titan M Chip Firmware information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-0452 |
۳.۳ |
Google Android Titan M Chip Firmware information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0451 |
۲.۳ |
Google Android Titan M Chip Firmware information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-0450 |
۲.۳ |
Google Android Titan M Chip Firmware information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-0449 |
۲.۳ |
Google Android Titan M Chip Firmware information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-0389 |
۵.۳ |
Google Android UiModeManagerService.java setNightModeActivated permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0386 |
۵.۳ |
Google Android UsbConfirmActivity improper restriction of rendered ui layers |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0375 |
۵.۳ |
Google Android VoiceInteractionManagerService.java onPackageModified Local Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0385 |
۵.۹ |
Google Android WiFi ConnectToNetworkNotificationBuilder.java createConnectToAvailableNetworkNotification Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-0390 |
۵.۳ |
Google Android WifiNetworkSuggestionsManager.java permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0399 |
۵.۳ |
Google Android xt_qtaguid.c qtaguid_untag use after free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-27918 |
۳.۵ |
Google Go Token Reader Skip infinite loop |
$۲k-$5k |
Official Fix |
|
CVE-2021-27919 |
۳.۵ |
Google Go ZIP Archive denial of service |
$۲k-$5k |
Official Fix |
|
CVE-2021-20667 |
۳.۵ |
GROWI Content Security Policy cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-20673 |
۳.۵ |
GROWI cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-20672 |
۳.۵ |
GROWI cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-20671 |
۴.۷ |
GROWI File Validation Remote Privilege Escalation |
$۲k-$5k |
Not Defined |
|
CVE-2021-20670 |
۵.۳ |
GROWI or access control |
$۲k-$5k |
Not Defined |
|
CVE-2021-20669 |
۴.۳ |
GROWI path traversal |
$۰-$۱k |
Not Defined |
|
CVE-2021-20668 |
۲.۴ |
GROWI path traversal |
$۰-$۱k |
Not Defined |
|
CVE-2020-27278 |
۴.۳ |
Hamilton Medical T1-Ventillator Configuration Interface hard-coded credentials |
$۰-$۱k |
Not Defined |
|
CVE-2020-27282 |
۲.۴ |
Hamilton Medical T1-Ventillator XML Validation denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2020-4695 |
۳.۷ |
IBM API Connect Database Replication cleartext transmission |
$۵k-$10k |
Not Defined |
|
CVE-2020-4903 |
۳.۷ |
IBM API Connect Registration Invitation Link information disclosure |
$۵k-$10k |
Not Defined |
|
CVE-2021-20341 |
۵.۳ |
IBM Cloud Pak for Multicloud Management Monitoring Header information disclosure |
$۵k-$10k |
Not Defined |
|
CVE-2020-4831 |
۳.۷ |
IBM DataPower Gateway inadequate encryption |
$۵k-$10k |
Not Defined |
|
CVE-2020-5014 |
۴.۲ |
IBM DataPower Gateway server-side request forgery |
$۲k-$5k |
Not Defined |
|
CVE-2020-5025 |
۸.۸ |
IBM DB2/DB2 Connect Server buffer overflow |
$۲۵k-$50k |
Not Defined |
|
CVE-2020-4976 |
۶.۳ |
IBM DB2/DB2 Connect Server permission |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-5024 |
۵.۳ |
IBM DB2/DB2 Connect Server SSL Handshake denial of service |
$۵k-$10k |
Not Defined |
|
CVE-2021-21488 |
۶.۳ |
IBM Knowledge Management deserialization |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-4717 |
۵.۳ |
IBM SPSS Modeler Subscription Installer symlink |
$۵k-$10k |
Official Fix |
|
CVE-2021-20336 |
۳.۵ |
IBM Tivoli Netcool/OMNIbus_GUI Web UI cross site scripting |
$۲k-$5k |
Not Defined |
|
CVE-2020-5016 |
۳.۱ |
IBM WebSphere Application Server JAX-RPC Application path traversal |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-20241 |
۴.۳ |
ImageMagick jp2.c divide by zero |
$۰-$۱k |
Official Fix |
|
CVE-2021-20246 |
۴.۳ |
ImageMagick resample.c divide by zero |
$۰-$۱k |
Not Defined |
|
CVE-2021-20243 |
۴.۳ |
ImageMagick resize.c divide by zero |
$۰-$۱k |
Official Fix |
|
CVE-2021-20244 |
۴.۳ |
ImageMagick visual-effects.c divide by zero |
$۰-$۱k |
Official Fix |
|
CVE-2021-20245 |
۴.۳ |
ImageMagick webp.c divide by zero |
$۰-$۱k |
Official Fix |
|
CVE-2020-27838 |
۶.۳ |
KeyCloak Client Registration Endpoint missing authentication |
$۱k-$2k |
Official Fix |
|
CVE-2021-20262 |
۴.۳ |
Keycloak Password Update missing authentication |
$۰-$۱k |
Not Defined |
|
CVE-2021-3417 |
۴.۳ |
Lenovo LXCO FFDC Service Log log file |
$۱k-$2k |
Official Fix |
|
CVE-2020-8356 |
۳.۵ |
Lenovo LXCO FFDC Service Log log file |
$۰-$۱k |
Official Fix |
|
CVE-2020-8357 |
۳.۳ |
Lenovo PCManager Configuration denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2020-35523 |
۶.۳ |
LibTIFF tif_getimage.c integer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2020-35522 |
۴.۳ |
LibTIFF tif_pixarlog.c memory corruption |
$۲k-$5k |
Not Defined |
|
CVE-2020-35521 |
۴.۳ |
LibTIFF tif_read.c memory corruption |
$۲k-$5k |
Not Defined |
|
CVE-2020-35524 |
۶.۳ |
LibTIFF TIFF2PDF heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-20268 |
۵.۳ |
Linux Kernel eBPF Code Verifier sock_map_alloc out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-20261 |
۵.۰ |
Linux Kernel Floppy Disk Drive Controller Driver fd0 race condition |
$۵k-$10k |
Official Fix |
|
CVE-2021-27365 |
۴.۳ |
Linux Kernel iSCSI Data Structure iscsi_host_get_param information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-27363 |
۴.۳ |
Linux Kernel iSCSI Transport scsi_transport_iscsi.c information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-3411 |
۵.۵ |
Linux Kernel Linking State code injection |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27364 |
۵.۵ |
Linux Kernel Netlink Message scsi_transport_iscsi.c iscsi_if_recv_msg unknown vulnerability |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28375 |
۵.۵ |
Linux Kernel RPC Message fastrpc.c fastrpc_internal_invoke unknown vulnerability |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-20265 |
۶.۵ |
Linux Kernel Signal unix_stream_recvmsg resource consumption |
$۲k-$5k |
Official Fix |
|
CVE-2009-20001 |
۵.۶ |
MantisBT session expiration |
$۱k-$2k |
Official Fix |
|
CVE-2020-27574 |
۳.۵ |
Maxum Rumpus cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2020-27576 |
۳.۵ |
Maxum Rumpus Folder Name cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-27575 |
۴.۳ |
Maxum Rumpus Web Administration command injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-27058 |
۷.۰ |
Microsoft 365 Apps for Enterprise ClickToRun Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27080 |
۹.۰ |
Microsoft Azure Sphere Local Privilege Escalation |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27074 |
۵.۸ |
Microsoft Azure Sphere unknown vulnerability |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27075 |
۶.۸ |
Microsoft Azure Spring Cloud information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-26411 |
۷.۵ |
Microsoft Edge memory corruption |
Calculating |
Official Fix |
|
CVE-2021-27062 |
۷.۰ |
Microsoft HEVC Video Extensions Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27061 |
۷.۰ |
Microsoft HEVC Video Extensions Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27051 |
۷.۰ |
Microsoft HEVC Video Extensions Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27050 |
۷.۰ |
Microsoft HEVC Video Extensions Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27049 |
۷.۰ |
Microsoft HEVC Video Extensions Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27048 |
۷.۰ |
Microsoft HEVC Video Extensions Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27047 |
۷.۰ |
Microsoft HEVC Video Extensions Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-26902 |
۷.۰ |
Microsoft HEVC Video Extensions Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-24110 |
۷.۰ |
Microsoft HEVC Video Extensions Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-24089 |
۷.۰ |
Microsoft HEVC Video Extensions Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-26411 |
۷.۵ |
Microsoft Internet Explorer memory corruption |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-27085 |
۷.۵ |
Microsoft Internet Explorer Remote Code Execution |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-27054 |
۷.۰ |
Microsoft Office Excel Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27053 |
۷.۰ |
Microsoft Office Excel Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27056 |
۷.۰ |
Microsoft Office PowerPoint Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27059 |
۶.۹ |
Microsoft Office Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27057 |
۷.۰ |
Microsoft Office Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-24108 |
۷.۰ |
Microsoft Office Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27055 |
۵.۷ |
Microsoft Office/Visio/365 Apps for Enterprise Local Privilege Escalation |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-26859 |
۶.۰ |
Microsoft Power BI Report Server information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-27082 |
۷.۰ |
Microsoft Quantum Development Kit for Visual Studio Code Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27052 |
۴.۲ |
Microsoft SharePoint Server/Office Web Apps information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-27076 |
۸.۸ |
Microsoft SharePoint Server/Office Web Apps Remote Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-27081 |
۷.۰ |
Microsoft Visual Studio Code ESLint Extension Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27084 |
۷.۰ |
Microsoft Visual Studio Code Java Extension Pack Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27060 |
۷.۰ |
Microsoft Visual Studio Code Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27083 |
۷.۰ |
Microsoft Visual Studio Code Remote Containers Extension Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-21300 |
۷.۵ |
Microsoft Visual Studio Git Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-26887 |
۷.۸ |
Microsoft Windows 10 Version 2004 for 32-bit Systems unknown vulnerability |
Calculating |
Official Fix |
|
CVE-2021-26869 |
۴.۴ |
Microsoft Windows ActiveX Installer Service information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27066 |
۴.۳ |
Microsoft Windows Admin Center information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-26890 |
۸.۳ |
Microsoft Windows Application Virtualization Remote Code Execution |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-26860 |
۷.۸ |
Microsoft Windows App-V Overlay Filter Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26891 |
۷.۸ |
Microsoft Windows Container Execution Agent Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26865 |
۸.۸ |
Microsoft Windows Container Execution Agent Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-24095 |
۷.۰ |
Microsoft Windows DirectX Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-27063 |
۷.۵ |
Microsoft Windows DNS Server denial of service |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-26896 |
۷.۵ |
Microsoft Windows DNS Server denial of service |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-26897 |
۹.۸ |
Microsoft Windows DNS Server Remote Code Execution |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-26895 |
۹.۸ |
Microsoft Windows DNS Server Remote Code Execution |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-26894 |
۹.۸ |
Microsoft Windows DNS Server Remote Code Execution |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-26893 |
۹.۸ |
Microsoft Windows DNS Server Remote Code Execution |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-26877 |
۹.۸ |
Microsoft Windows DNS Server Remote Code Execution |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-24090 |
۷.۸ |
Microsoft Windows Error Reporting Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-24107 |
۴.۴ |
Microsoft Windows Event Tracing information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-26901 |
۷.۸ |
Microsoft Windows Event Tracing Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26898 |
۷.۸ |
Microsoft Windows Event Tracing Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26872 |
۷.۸ |
Microsoft Windows Event Tracing Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26892 |
۵.۸ |
Microsoft Windows Extensible Firmware Interface unknown vulnerability |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-26861 |
۷.۸ |
Microsoft Windows Graphics Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26868 |
۷.۸ |
Microsoft Windows Graphics Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26867 |
۹.۹ |
Microsoft Windows Hyper-V Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-26862 |
۶.۷ |
Microsoft Windows Installer Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26881 |
۷.۵ |
Microsoft Windows Media Foundation Remote Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26884 |
۴.۴ |
Microsoft Windows Media Photo Codec information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-26879 |
۷.۵ |
Microsoft Windows NAT denial of service |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-26876 |
۷.۵ |
Microsoft Windows OpenType Font Parser Remote Code Execution |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26874 |
۷.۸ |
Microsoft Windows Overlay Filter Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26878 |
۷.۸ |
Microsoft Windows Print Spooler Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-1640 |
۷.۸ |
Microsoft Windows Print Spooler Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26870 |
۷.۸ |
Microsoft Windows Projected File System Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26882 |
۸.۳ |
Microsoft Windows Remote Access API Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-26880 |
۷.۸ |
Microsoft Windows Storage Spaces Controller Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-27070 |
۷.۶ |
Microsoft Windows Update Assistant Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26866 |
۷.۵ |
Microsoft Windows Update Service Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26889 |
۷.۵ |
Microsoft Windows Update Stack Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-1729 |
۷.۱ |
Microsoft Windows Update Stack Setup unknown vulnerability |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-26899 |
۷.۸ |
Microsoft Windows UPnP Device Host Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26886 |
۵.۵ |
Microsoft Windows User Profile Service denial of service |
$۵k-$10k |
Official Fix |
|
CVE-2021-26873 |
۷.۰ |
Microsoft Windows User Profile Service Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26864 |
۸.۶ |
Microsoft Windows Virtual Registry Provider Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26885 |
۷.۸ |
Microsoft Windows WalletService Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26871 |
۷.۸ |
Microsoft Windows WalletService Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26900 |
۷.۸ |
Microsoft Windows Win32k Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26875 |
۷.۸ |
Microsoft Windows Win32k Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26863 |
۷.۰ |
Microsoft Windows Win32k Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-27077 |
۷.۸ |
Microsoft Windows Win32k Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-24104 |
۴.۶ |
Microsoft Word unknown vulnerability |
$۵k-$10k |
Official Fix |
|
CVE-2021-21362 |
۶.۳ |
MinIO MC Share Upload URL improper authorization |
$۲k-$5k |
Official Fix |
|
CVE-2020-35222 |
۵.۳ |
Netgear GS516PE/GS116Ev2 NSDP Protocol information disclosure |
$۵k-$10k |
Not Defined |
|
CVE-2020-35227 |
۵.۵ |
Netgear JGS516PE/GS116Ev2 Administration Web Panel buffer overflow |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-35228 |
۳.۵ |
Netgear JGS516PE/GS116Ev2 Administration Web Panel cross site scripting |
$۲k-$5k |
Not Defined |
|
CVE-2020-35226 |
۶.۳ |
Netgear JGS516PE/GS116Ev2 DHCP Configuration unknown vulnerability |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-35229 |
۵.۰ |
Netgear JGS516PE/GS116Ev2 NSDP improper authentication |
$۵k-$10k |
Not Defined |
|
CVE-2020-35221 |
۳.۷ |
Netgear JGS516PE/GS116Ev2 NSDP Passwort unknown vulnerability |
$۵k-$10k |
Not Defined |
|
CVE-2020-35224 |
۵.۳ |
Netgear JGS516PE/GS116Ev2 NSDP Protocol buffer overflow |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-35225 |
۳.۵ |
Netgear JGS516PE/GS116Ev2 NSDP Protocol denial of service |
$۲k-$5k |
Not Defined |
|
CVE-2020-35231 |
۸.۸ |
Netgear JGS516PE/GS116Ev2 NSDP Protocol improper authentication |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-35232 |
۸.۸ |
Netgear JGS516PE/GS116Ev2 TFTP Firmware Update Remote Privilege Escalation |
$۲۵k-$50k |
Not Defined |
|
CVE-2020-35233 |
۵.۳ |
Netgear JGS516PE/GS116Ev2 TFTP Server denial of service |
$۵k-$10k |
Workaround |
|
CVE-2020-35220 |
۸.۸ |
Netgear JGS516PE/GS116Ev2 TFTP Server Remote Privilege Escalation |
$۲۵k-$50k |
Not Defined |
|
CVE-2020-35223 |
۳.۵ |
Netgear JGS516PE/GS116Ev2 Web Administration Panel cross-site request forgery |
$۲k-$5k |
Not Defined |
|
CVE-2020-35230 |
۳.۵ |
Netgear JGS516PE/GS116Ev2 Web Administration Panel integer overflow |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-3034 |
۳.۵ |
Palo Alto Cortex XSOAR SSO log file |
$۰-$۱k |
Official Fix |
|
CVE-2020-15260 |
۳.۷ |
PJSIP certificate validation |
$۱k-$2k |
Official Fix |
|
CVE-2021-21375 |
۵.۳ |
PJSIP INVITE denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-20272 |
۳.۵ |
Privoxy CGI Request assertion |
$۰-$۱k |
Official Fix |
|
CVE-2021-20273 |
۳.۵ |
Privoxy CGI Request denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-20275 |
۳.۵ |
Privoxy chunked_body_is_complete memory corruption |
$۱k-$2k |
Official Fix |
|
CVE-2021-20276 |
۳.۵ |
Privoxy pcre_compile memory corruption |
$۱k-$2k |
Official Fix |
|
CVE-2021-20274 |
۳.۵ |
Privoxy Socks Server null pointer dereference |
$۰-$۱k |
Official Fix |
|
CVE-2021-21360 |
۵.۳ |
Products.GenericSetup Generic Setup Tool information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2021-21337 |
۵.۵ |
Products.PluggableAuthService redirect |
$۱k-$2k |
Official Fix |
|
CVE-2021-20255 |
۳.۵ |
QEMU eepro100 i8255x Device Emulator infinite loop |
$۲k-$5k |
Not Defined |
|
CVE-2021-20263 |
۴.۶ |
QEMU virtio-fs Shared File System Daemon permissions |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-24984 |
۳.۵ |
Quadbase EspressReports ES File Upload cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2020-24985 |
۵.۵ |
Quadbase EspressReports ES MenuPage Section unknown vulnerability |
$۲k-$5k |
Not Defined |
|
CVE-2020-24983 |
۴.۳ |
Quadbase EspressReports ES POST Request cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2020-24982 |
۳.۵ |
Quadbase ExpressDashboard cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2021-27585 |
۴.۳ |
SAP 3D Visual Enterprise Viewer CGM File denial of service |
$۵k-$10k |
Not Defined |
|
CVE-2021-21493 |
۴.۳ |
SAP 3D Visual Enterprise Viewer GIF File denial of service |
$۵k-$10k |
Not Defined |
|
CVE-2021-27588 |
۴.۳ |
SAP 3D Visual Enterprise Viewer HPGL File denial of service |
$۵k-$10k |
Not Defined |
|
CVE-2021-27586 |
۴.۳ |
SAP 3D Visual Enterprise Viewer IFF File denial of service |
$۵k-$10k |
Not Defined |
|
CVE-2021-27587 |
۴.۳ |
SAP 3D Visual Enterprise Viewer JT File denial of service |
$۵k-$10k |
Not Defined |
|
CVE-2021-27591 |
۴.۳ |
SAP 3D Visual Enterprise Viewer PDF File denial of service |
$۵k-$10k |
Not Defined |
|
CVE-2021-27584 |
۴.۳ |
SAP 3D Visual Enterprise Viewer PSD File denial of service |
$۵k-$10k |
Not Defined |
|
CVE-2021-27589 |
۴.۳ |
SAP 3D Visual Enterprise Viewer SVG File denial of service |
$۵k-$10k |
Not Defined |
|
CVE-2021-27590 |
۴.۳ |
SAP 3D Visual Enterprise Viewer TIFF File denial of service |
$۵k-$10k |
Not Defined |
|
CVE-2021-27592 |
۴.۳ |
SAP 3D Visual Enterprise Viewer U3D File denial of service |
$۵k-$10k |
Not Defined |
|
CVE-2021-21486 |
۵.۰ |
SAP Enterprise Financial Services improper authorization |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-21484 |
۵.۶ |
SAP HANA Database LDAP Authentication improper authentication |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-21480 |
۶.۳ |
SAP MII Dashboard access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-21491 |
۶.۳ |
SAP NetWeaver Application Server Java redirect |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-21481 |
۹.۶ |
SAP NetWeaver MigrationService improper authorization |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-21487 |
۴.۱ |
SAP Payment Engine improper authorization |
$۵k-$10k |
Not Defined |
|
CVE-2021-22712 |
۵.۵ |
Schneider Electric Interactive Graphical SCADA System Configuration Group File Def.exe buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-22711 |
۵.۵ |
Schneider Electric Interactive Graphical SCADA System Configuration Group File Def.exe buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-22710 |
۶.۳ |
Schneider Electric Interactive Graphical SCADA System Configuration Group File Def.exe buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-22709 |
۶.۳ |
Schneider Electric Interactive Graphical SCADA System Configuration Group File Def.exe buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-22713 |
۳.۵ |
Schneider Electric PowerLogic ION8600 memory corruption |
$۱k-$2k |
Not Defined |
|
CVE-2021-22714 |
۶.۳ |
Schneider Electric PowerLogic ION9000 memory corruption |
$۲k-$5k |
Official Fix |
|
CVE-2020-25236 |
۳.۵ |
Siemens LOGO! 8 BM exceptional condition |
$۵k-$10k |
Not Defined |
|
CVE-2020-27632 |
۵.۶ |
Siemens SIMATIC MV400 ISN Generator initialization |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-25241 |
۵.۳ |
Siemens SIMATIC MV400 TCP Stack denial of service |
$۵k-$10k |
Official Fix |
|
CVE-2020-25239 |
۶.۳ |
Siemens SINEMA Remote Connect Server UMC Authorization Server authorization |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-25240 |
۵.۰ |
Siemens SINEMA Remote Connect Server URL authorization |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-20018 |
۳.۵ |
SonicWALL SMA100 Configuration File information disclosure |
$۰-$۱k |
Not Defined |
|
CVE-2021-20017 |
۶.۳ |
SonicWALL SMA100 os command injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-27891 |
۲.۶ |
SSH Tectia Client ConnectSecure entropy |
$۰-$۱k |
Official Fix |
|
CVE-2021-27893 |
۵.۰ |
SSH Tectia Client ConnectSecure Remote Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2021-27892 |
۶.۳ |
SSH Tectia Client ConnectSecure Remote Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2021-21364 |
۴.۳ |
swagger-codegen Directory temp file |
$۲k-$5k |
Official Fix |
|
CVE-2021-21363 |
۶.۳ |
swagger-codegen temp file |
$۲k-$5k |
Official Fix |
|
CVE-2021-26569 |
۷.۳ |
Synology DiskStation Manager Thread iscsi_snapshot_comm_core race condition |
$۱k-$2k |
Official Fix |
|
CVE-2021-27647 |
۷.۳ |
Synology DiskStation Manager Web Request iscsi_snapshot_comm_core out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-27646 |
۷.۳ |
Synology DiskStation Manager Web Request iscsi_snapshot_comm_core use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-28006 |
۳.۵ |
Web Based Quiz System admin.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-28007 |
۳.۵ |
Web Based Quiz System register.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-35682 |
۶.۳ |
Zoho ManageEngine ServiceDesk Plus SAML Login improper authentication |
$۱k-$2k |
Official Fix |
|
CVE-2021-21726 |
۵.۵ |
ZTE ZXONE 9700 /ZXONE 8700/ZXONE 19700 Diagnostic Function Interface unknown vulnerability |
$۲k-$5k |
Not Defined |
