آسیب‌پذیری‌های حیاتی هفته چهارم مردادماه

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Cisco گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد. همچنین در محصولات شرکت‌های Apache، Adobe، Google، IBM، Mozilla، افزونه‌های WordPress و کرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری	امتیاز مبنا	عنوان آسیب‌پذیری	ارزش روز صفر	رفع آسیب‌پذیری
CVE-2021-35992	۳.۳	Adobe Bridge out-of-bounds read	$۰-$۵k	Official Fix
CVE-2021-35990	۷.۸	Adobe Bridge out-of-bounds write	$۵k-$25k	Official Fix
CVE-2021-35989	۷.۸	Adobe Bridge out-of-bounds write	$۵k-$25k	Official Fix
CVE-2021-35991	۳.۳	Adobe Bridge uninitialized pointer	$۰-$۵k	Official Fix
CVE-2021-36000	۷.۸	Adobe Character Animator memory corruption	$۵k-$25k	Official Fix
CVE-2021-36001	۳.۳	Adobe Character Animator out-of-bounds read	$۰-$۵k	Official Fix
CVE-2021-28624	۷.۸	Adobe Context heap-based overflow	$۵k-$25k	Official Fix
CVE-2021-28595	۷.۸	Adobe Dimension uncontrolled search path	$۵k-$25k	Official Fix
CVE-2021-36009	۶.۳	Adobe Illustrator memory corruption	$۵k-$25k	Official Fix
CVE-2021-36011	۵.۰	Adobe Illustrator os command injection	$۵k-$25k	Official Fix
CVE-2021-36010	۴.۳	Adobe Illustrator out-of-bounds read	$۰-$۵k	Official Fix
CVE-2021-28592	۶.۳	Adobe Illustrator out-of-bounds write	$۵k-$25k	Official Fix
CVE-2021-28591	۶.۳	Adobe Illustrator out-of-bounds write	$۵k-$25k	Official Fix
CVE-2021-36008	۴.۳	Adobe Illustrator use after free	$۵k-$25k	Official Fix
CVE-2021-28593	۴.۳	Adobe Illustrator use after free	$۵k-$25k	Official Fix
CVE-2021-36015	۶.۳	Adobe Media Encoder memory corruption	$۵k-$25k	Official Fix
CVE-2021-36016	۴.۳	Adobe Media Encoder out-of-bounds read	$۰-$۵k	Official Fix
CVE-2021-28590	۴.۳	Adobe Media Encoder out-of-bounds read	$۰-$۵k	Official Fix
CVE-2021-28589	۴.۳	Adobe Media Encoder out-of-bounds read	$۰-$۵k	Official Fix
CVE-2021-36014	۴.۳	Adobe Media Encoder uninitialized pointer	$۰-$۵k	Official Fix
CVE-2021-36006	۴.۳	Adobe Photoshop input validation	$۵k-$25k	Official Fix
CVE-2021-36005	۵.۵	Adobe Photoshop stack-based overflow	$۵k-$25k	Official Fix
CVE-2021-35999	۶.۳	Adobe Prelude memory corruption	$۵k-$25k	Official Fix
CVE-2021-36007	۴.۳	Adobe Prelude uninitialized pointer	$۰-$۵k	Official Fix
CVE-2021-35997	۶.۳	Adobe Premiere Pro memory corruption	$۵k-$25k	Official Fix
CVE-2021-35936	۵.۳	Apache Airflow CeleryExecutor/LocalExecutor information disclosure	$۵k-$10k	Official Fix
CVE-2021-33193	۷.۳	Apache HTTP Server mod_proxy access control	$۲۵k-$50k	Official Fix
CVE-2021-37608	۶.۳	Apache OFBiz unrestricted upload	$۱۰k-$25k	Official Fix
CVE-2021-30785	۶.۳	Apple iCloud ImageIO buffer overflow	$۱۰k-$25k	Official Fix
CVE-2021-30779	۶.۳	Apple iCloud ImageIO Remote Code Execution	$۱۰k-$25k	Official Fix
CVE-2021-21814	۵.۵	AT&T Xmill Command Line HandleFileArg buffer overflow	$۲k-$5k	Not Defined
CVE-2021-21815	۵.۵	AT&T Xmill Command Line HandleFileArg stack-based overflow	$۲k-$5k	Not Defined
CVE-2021-21813	۵.۵	AT&T Xmill Command Line HandleFileArg stack-based overflow	$۲k-$5k	Not Defined
CVE-2021-21812	۵.۵	AT&T Xmill Command Line HandleFileArg stack-based overflow	$۲k-$5k	Not Defined
CVE-2021-21828	۶.۳	AT&T Xmill XML Decompression AddLabel heap-based overflow	$۰-$۵k	Not Defined
CVE-2021-21826	۶.۳	AT&T Xmill XML Decompression DecodeTreeBlock heap-based overflow	$۰-$۵k	Not Defined
CVE-2021-21827	۶.۳	AT&T Xmill XML Decompression heap-based overflow	$۰-$۵k	Not Defined
CVE-2021-21830	۶.۳	AT&T Xmill XML Decompression Load heap-based overflow	$۲k-$5k	Not Defined
CVE-2021-21825	۶.۳	AT&T Xmill XML Decompression UncompressItem heap-based overflow	$۲k-$5k	Not Defined
CVE-2021-21829	۶.۳	AT&T Xmill XML Decompression UncompressItem heap-based overflow	$۲k-$5k	Not Defined
CVE-2021-21810	۶.۳	AT&T Xmill XML File heap-based overflow	$۲k-$5k	Not Defined
CVE-2021-26086	۴.۳	Atlassian JIRA Server/Data Center Endpoint web.xml path traversal	$۱k-$2k	Official Fix
CVE-2020-23334	۳.۵	Bento4 AP4_NullTerminatedStringAtom memory corruption	$۱k-$2k	Not Defined
CVE-2020-21066	۳.۵	Bento4 Ap4Dec3Atom.cpp AP4_Dec3Atom heap-based overflow	$۱k-$2k	Not Defined
CVE-2020-23331	۳.۵	Bento4 Ap4Descriptor.h WriteFields null pointer dereference	$۰-$۱k	Not Defined
CVE-2020-21064	۳.۵	Bento4 Ap4RtpAtom.cpp AP4_RtpAtom buffer overflow	$۱k-$2k	Not Defined
CVE-2020-23332	۳.۵	Bento4 Ap4StdCFileByteStream.cpp ReadPartial heap-based overflow	$۱k-$2k	Not Defined
CVE-2020-23330	۳.۵	Bento4 Ap4Stz2Atom.cpp GetSampleSize null pointer dereference	$۰-$۱k	Not Defined
CVE-2020-23333	۳.۵	Bento4 Ap4Utils.h AP4_CttsAtom heap-based overflow	$۱k-$2k	Not Defined
CVE-2021-23423	۳.۳	bikeshed Source File code injection	$۱k-$2k	Official Fix
CVE-2021-23422	۴.۸	bikeshed Source File os command injection	$۱k-$2k	Official Fix
CVE-2021-34715	۴.۷	Cisco Expressway/TelePresence Video Communication Server Administrative Web Interface signature verification	$۵k-$10k	Official Fix
CVE-2021-34716	۷.۲	Cisco Expressway/TelePresence Video Communication Server Web-based Management Interface unrestricted upload	$۱۰k-$25k	Official Fix
CVE-2021-34730	۹.۸	Cisco RV110W/RV130/RV130W/RV215W UPnP Request stack-based overflow	$۲۵k-$50k	Official Fix
CVE-2021-1561	۶.۳	Cisco Secure Email and Web Manager Spam Quarantine access control	$۱۰k-$25k	Official Fix
CVE-2021-34734	۴.۳	Cisco Video Surveillance 7000 Link Layer Discovery Protocol double free	$۱۰k-$25k	Official Fix
CVE-2021-34749	۷.۳	Cisco Web Security Appliance SNI Filter access control	$۲۵k-$50k	Official Fix
CVE-2021-22932	۲.۶	Citrix ShareFile Storage Zones Controller Mitigation Tool missing encryption	$۲k-$5k	Not Defined
CVE-2021-21867	۶.۳	CODESYS Development System ObjectStream.ProfileByteArray deserialization	$۲k-$5k	Not Defined
CVE-2021-21868	۶.۳	CODESYS Development System Project.get_MissingTypes deserialization	$۲k-$5k	Not Defined
CVE-2021-24536	۳.۵	Custom Login Redirect Plugin cross-site request forgery	$۰-$۱k	Not Defined
CVE-2021-34655	۴.۳	Custom Post Type Relations Plugin Parameter admin-page.php cross site scripting	$۰-$۱k	Official Fix
CVE-2021-34654	۴.۳	Custom Post Type Relations Plugin Parameter admin-page.php cross site scripting	$۰-$۱k	Official Fix
CVE-2021-20756	۴.۳	Cybozu Garoon Address access control	$۲k-$5k	Not Defined
CVE-2021-20764	۵.۴	Cybozu Garoon Attachment access control	$۲k-$5k	Not Defined
CVE-2021-20772	۴.۳	Cybozu Garoon Bulletin Title information disclosure	$۱k-$2k	Not Defined
CVE-2021-20775	۴.۳	Cybozu Garoon Comment access control	$۲k-$5k	Not Defined
CVE-2021-20774	۳.۵	Cybozu Garoon cross site scripting	$۰-$۱k	Not Defined
CVE-2021-20771	۳.۵	Cybozu Garoon cross site scripting	$۰-$۱k	Not Defined
CVE-2021-20770	۳.۵	Cybozu Garoon cross site scripting	$۰-$۱k	Not Defined
CVE-2021-20769	۳.۵	Cybozu Garoon cross site scripting	$۰-$۱k	Not Defined
CVE-2021-20766	۳.۵	Cybozu Garoon cross site scripting	$۰-$۱k	Not Defined
CVE-2021-20765	۳.۵	Cybozu Garoon cross site scripting	$۰-$۱k	Not Defined
CVE-2021-20753	۳.۵	Cybozu Garoon cross site scripting	$۰-$۱k	Not Defined
CVE-2021-20762	۵.۴	Cybozu Garoon E-Mail access control	$۲k-$5k	Not Defined
CVE-2021-20761	۳.۸	Cybozu Garoon E-Mail access control	$۱k-$2k	Not Defined
CVE-2021-20767	۳.۵	Cybozu Garoon Full Text Search cross site scripting	$۰-$۱k	Not Defined
CVE-2021-20755	۴.۳	Cybozu Garoon Portal access control	$۲k-$5k	Not Defined
CVE-2021-20763	۶.۳	Cybozu Garoon Portal Data access control	$۲k-$5k	Not Defined
CVE-2021-20759	۶.۳	Cybozu Garoon Portal Data access control	$۲k-$5k	Not Defined
CVE-2021-20757	۶.۳	Cybozu Garoon Portal Data access control	$۲k-$5k	Not Defined
CVE-2021-20773	۵.۴	Cybozu Garoon Route access control	$۲k-$5k	Not Defined
CVE-2021-20768	۶.۳	Cybozu Garoon Scheduler/MultiReport access control	$۲k-$5k	Not Defined
CVE-2021-20760	۵.۴	Cybozu Garoon User Profile access control	$۲k-$5k	Not Defined
CVE-2021-20754	۶.۳	Cybozu Garoon Workflow Data access control	$۲k-$5k	Not Defined
CVE-2021-20758	۳.۵	Cybozu Request cross-site request forgery	$۰-$۱k	Not Defined
CVE-2021-36792	۵.۵	dated_news Extension access control	$۱k-$2k	Not Defined
CVE-2021-36791	۳.۵	dated_news Extension Application Registration information disclosure	$۰-$۱k	Not Defined
CVE-2021-36790	۳.۵	dated_news Extension cross site scripting	$۰-$۱k	Not Defined
CVE-2021-36789	۶.۳	dated_news Extension sql injection	$۱k-$2k	Not Defined
CVE-2021-36281	۵.۵	Dell EMC PowerScale OneFS default permission	$۱۰k-$25k	Not Defined
CVE-2021-21592	۴.۳	Dell EMC PowerScale OneFS exceptional condition	$۱۰k-$25k	Not Defined
CVE-2021-21594	۵.۳	Dell EMC PowerScale OneFS GET Request information disclosure	$۵k-$10k	Not Defined
CVE-2021-36282	۳.۱	Dell EMC PowerScale OneFS ifs uninitialized resource	$۵k-$10k	Not Defined
CVE-2021-21568	۴.۳	Dell EMC PowerScale OneFS Log denial of service	$۲k-$5k	Not Defined
CVE-2021-36278	۵.۴	Dell EMC PowerScale OneFS Log File log file	$۵k-$10k	Not Defined
CVE-2021-36280	۶.۳	Dell EMC PowerScale OneFS permission assignment	$۱۰k-$25k	Not Defined
CVE-2021-36279	۶.۳	Dell EMC PowerScale OneFS permission assignment	$۱۰k-$25k	Not Defined
CVE-2021-21595	۳.۸	Dell EMC PowerScale OneFS Smartlock WORM Compliance Mode command injection	$۱۰k-$25k	Official Fix
CVE-2021-21599	۷.۲	Dell EMC PowerScale OneFS Smartlock WORM Compliance Mode os command injection	$۱۰k-$25k	Official Fix
CVE-2021-37693	۵.۶	Discourse Email session expiration	$۱k-$2k	Official Fix
CVE-2021-37703	۴.۳	Discourse information disclosure	$۱k-$2k	Official Fix
CVE-2020-18704	۶.۳	Django-Widgy Change Widgy Page unrestricted upload	$۲k-$5k	Not Defined
CVE-2021-3707	۵.۵	D-Link DSL-2750U Configuration os command injection	$۱۰k-$25k	Not Defined
CVE-2021-3708	۶.۳	D-Link DSL-2750U os command injection	$۱۰k-$25k	Not Defined
CVE-2021-25956	۴.۷	Dolibarr access control	$۱k-$2k	Official Fix
CVE-2021-25955	۳.۵	Dolibarr ERP WYSIWYG Editor Module cross site scripting	$۰-$۱k	Official Fix
CVE-2021-25957	۶.۳	Dolibarr password recovery	$۲k-$5k	Official Fix
CVE-2020-18759	۳.۵	Dut Computer Control Engineering PLC MAC1100 EPA Protocol information disclosure	$۰-$۱k	Not Defined
CVE-2020-18756	۳.۵	Dut Computer Control Engineering PLC MAC1100 EPA Protocol memory corruption	$۱k-$2k	Not Defined
CVE-2020-18754	۳.۵	Dut Computer Control Engineering PLC MAC1100 information disclosure	$۰-$۱k	Not Defined
CVE-2020-18757	۳.۵	Dut Computer Control Engineering PLC MAC1100 Packet denial of service	$۰-$۱k	Not Defined
CVE-2020-18753	۵.۵	Dut Computer Control Engineering PLC MAC1100 Packet Privilege Escalation	$۲k-$5k	Not Defined
CVE-2020-18758	۵.۵	Dut Computer Control Engineering PLC MAC1100 Privilege Escalation	$۲k-$5k	Not Defined
CVE-2020-18899	۳.۵	Exiv2 DataBufdata resource consumption	$۰-$۵k	Not Defined
CVE-2020-18898	۴.۳	Exiv2 printIFDStructure denial of service	$۰-$۵k	Not Defined
CVE-2020-20645	۳.۵	EyouCMS cross site scripting	$۰-$۵k	Not Defined
CVE-2020-20642	۳.۵	EyouCMS cross-site request forgery	$۰-$۵k	Not Defined
CVE-2020-19669	۳.۵	Eyoucms cross-site request forgery	$۰-$۱k	Not Defined
CVE-2020-28146	۳.۵	Eyoucms Parameter cross site scripting	$۰-$۱k	Not Defined
CVE-2021-24038	۵.۳	Facebook Oculus Desktop Handle Management OVRServiceLauncher.exe privileges management	$۵k-$10k	Official Fix
CVE-2021-38171	۵.۵	FFmpeg Argument adtsenc.c adts_decode_extradata return value	$۰-$۵k	Official Fix
CVE-2021-32602	۴.۳	Fortinet FortiPortal GUI Web Page Generation cross site scripting	$۰-$۱k	Official Fix
CVE-2021-32588	۹.۸	Fortinet FortiPortal hard-coded credentials	$۲k-$5k	Official Fix
CVE-2021-22254	۳.۱	GitLab Community Edition/Enterprise Edition Shell information disclosure	$۰-$۵k	Not Defined
CVE-2021-22238	۳.۵	GitLab Design Feature cross site scripting	$۰-$۵k	Not Defined
CVE-2021-22246	۴.۳	GitLab Webhook denial of service	$۰-$۵k	Official Fix
CVE-2021-0574	۵.۳	Google Android ASF Extractor out-of-bounds write	$۲۵k-$50k	Official Fix
CVE-2021-0573	۵.۳	Google Android ASF Extractor out-of-bounds write	$۲۵k-$50k	Official Fix
CVE-2021-0591	۵.۳	Google Android BluetoothPermissionActivity.java sendReplyIntentToReceiver permission	$۲۵k-$50k	Official Fix
CVE-2021-0593	۵.۳	Google Android DevicePickerFragment.java sendDevicePickedtent Local Privilege Escalation	$۲۵k-$50k	Official Fix
CVE-2021-0645	۵.۳	Google Android ExternalStorageProvider.java shouldBlockFromTree permission	$۲۵k-$50k	Official Fix
CVE-2021-0576	۵.۳	Google Android FLV Extractor out-of-bounds write	$۲۵k-$50k	Official Fix
CVE-2021-0519	۳.۳	Google Android ih264e_bitstream.h BITSTREAM_FLUSH out-of-bounds write	$۲۵k-$50k	Official Fix
CVE-2021-0639	۳.۳	Google Android libl3oemcrypto.cpp information disclosure	$۱۰k-$25k	Official Fix
CVE-2021-0584	۳.۳	Google Android Parcel.cpp verifyBufferObject out-of-bounds read	$۱۰k-$25k	Official Fix
CVE-2021-0646	۵.۳	Google Android sqlite3.c sqlite3_str_vappendf out-of-bounds write	$۲۵k-$50k	Official Fix
CVE-2021-0640	۵.۳	Google Android StatsdStats.cpp noteAtomLogged out-of-bounds write	$۲۵k-$50k	Official Fix
CVE-2021-0641	۳.۳	Google Android SubscriptionController.java getAvailableSubscriptionInfoList information disclosure	$۱۰k-$25k	Official Fix
CVE-2021-0642	۳.۳	Google Android VoicemailSettingsFragment.java onResume information disclosure	$۱۰k-$25k	Official Fix
CVE-2021-0582	۲.۱	Google Android WiFi Driver out-of-bounds read	$۰-$۱k	Official Fix
CVE-2021-0581	۲.۱	Google Android WiFi Driver out-of-bounds read	$۰-$۱k	Official Fix
CVE-2021-0580	۲.۱	Google Android WiFi Driver out-of-bounds read	$۰-$۱k	Official Fix
CVE-2021-0579	۲.۱	Google Android WiFi Driver out-of-bounds read	$۰-$۱k	Official Fix
CVE-2021-0578	۲.۴	Google Android WiFi Driver out-of-bounds read	$۲k-$5k	Official Fix
CVE-2021-30604	۶.۳	Google Chrome ANGLE use after free	$۵۰k-$100k	Official Fix
CVE-2021-30601	۶.۳	Google Chrome Extensions API use after free	$۵۰k-$100k	Official Fix
CVE-2021-30600	۶.۳	Google Chrome Printing use after free	$۵۰k-$100k	Official Fix
CVE-2021-30599	۶.۳	Google Chrome V8 type confusion	$۵۰k-$100k	Official Fix
CVE-2021-30598	۶.۳	Google Chrome V8 type confusion	$۵۰k-$100k	Official Fix
CVE-2021-30603	۵.۰	Google Chrome WebAudio race condition	$۲۵k-$50k	Official Fix
CVE-2021-30602	۶.۳	Google Chrome WebRTC use after free	$۵۰k-$100k	Official Fix
CVE-2021-21843	۶.۳	GPAC Advanced Content MPEG-4 Decoding GF_SubsegmentRangeInfo integer overflow	$۲k-$5k	Not Defined
CVE-2021-21862	۶.۳	GPAC Advanced Content MPEG-4 Decoding integer overflow	$۲k-$5k	Not Defined
CVE-2021-21858	۶.۳	GPAC Advanced Content MPEG-4 Decoding integer overflow	$۲k-$5k	Not Defined
CVE-2021-21857	۶.۳	GPAC Advanced Content MPEG-4 Decoding integer overflow	$۲k-$5k	Not Defined
CVE-2021-21856	۶.۳	GPAC Advanced Content MPEG-4 Decoding integer overflow	$۲k-$5k	Not Defined
CVE-2021-21855	۶.۳	GPAC Advanced Content MPEG-4 Decoding integer overflow	$۲k-$5k	Not Defined
CVE-2021-21854	۶.۳	GPAC Advanced Content MPEG-4 Decoding integer overflow	$۲k-$5k	Not Defined
CVE-2021-21853	۶.۳	GPAC Advanced Content MPEG-4 Decoding integer overflow	$۲k-$5k	Not Defined
CVE-2021-21852	۶.۳	GPAC Advanced Content MPEG-4 Decoding integer overflow	$۲k-$5k	Not Defined
CVE-2021-21851	۶.۳	GPAC Advanced Content MPEG-4 Decoding integer overflow	$۲k-$5k	Not Defined
CVE-2021-21847	۶.۳	GPAC Advanced Content MPEG-4 Decoding integer overflow	$۲k-$5k	Not Defined
CVE-2021-21846	۶.۳	GPAC Advanced Content MPEG-4 Decoding integer overflow	$۲k-$5k	Not Defined
CVE-2021-21845	۶.۳	GPAC Advanced Content MPEG-4 Decoding integer overflow	$۲k-$5k	Not Defined
CVE-2021-21844	۶.۳	GPAC Advanced Content MPEG-4 Decoding integer overflow	$۲k-$5k	Not Defined
CVE-2021-21839	۶.۳	GPAC Advanced Content MPEG-4 Decoding integer overflow	$۲k-$5k	Not Defined
CVE-2021-21838	۶.۳	GPAC Advanced Content MPEG-4 Decoding integer overflow	$۲k-$5k	Not Defined
CVE-2021-21837	۶.۳	GPAC Advanced Content MPEG-4 Decoding integer overflow	$۲k-$5k	Not Defined
CVE-2021-21861	۶.۳	GPAC Advanced Content MPEG-4 heap-based overflow	$۲k-$5k	Not Defined
CVE-2021-21860	۶.۳	GPAC Advanced Content MPEG-4 heap-based overflow	$۲k-$5k	Not Defined
CVE-2021-21859	۶.۳	GPAC Advanced Content stri_box_read Remote Code Execution	$۲k-$5k	Not Defined
CVE-2021-39242	۷.۳	HAProxy HTTP Host Header access control	$۲k-$5k	Official Fix
CVE-2021-39241	۶.۳	HAProxy HTTP Method admin access control	$۲k-$5k	Official Fix
CVE-2021-39240	۷.۳	HAProxy URL injection	$۲k-$5k	Official Fix
CVE-2021-38553	۵.۵	Hashicorp Vault/Vault Enterprise default permission	$۱k-$2k	Official Fix
CVE-2021-38554	۳.۵	Hashicorp Vault/Vault Enterprise UI information disclosure	$۰-$۱k	Official Fix
CVE-2021-27741	۵.۵	HCL Commerce Management Center xml external entity reference	$۱k-$2k	Not Defined
CVE-2021-38757	۳.۵	Hospital Management System contact.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-38755	۵.۴	Hospital Management System Doctor Entry admin-panel1.php denial of service	$۰-$۱k	Not Defined
CVE-2021-38754	۶.۳	Hospital Management System messearch.php sql injection	$۱k-$2k	Not Defined
CVE-2021-38756	۳.۵	Hospital Management System prescribe.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-34656	۴.۳	HTML5 Webcam Videochat Plugin requirements.php vws_notice cross site scripting	$۰-$۱k	Official Fix
CVE-2021-37028	۴.۶	Huawei HG8045Q Command-Line Interface command injection	$۱۰k-$25k	Not Defined
CVE-2020-4706	۳.۵	IBM API Connect HTTP Host Header injection	$۱۰k-$25k	Official Fix
CVE-2020-4992	۴.۳	IBM DataPower Gateway cross-site request forgery	$۵k-$10k	Official Fix
CVE-2021-29880	۳.۱	IBM QRadar SIEM information disclosure	$۵k-$10k	Official Fix
CVE-2021-0114	۵.۳	Intel BSSA DFT initialization	$۵k-$10k	Official Fix
CVE-2021-31228	۳.۷	InterNiche NicheStack DNS Response entropy	$۰-$۱k	Not Defined
CVE-2021-31227	۵.۵	InterNiche NicheStack HTTP POST Request wbs_multidata heap-based overflow	$۲k-$5k	Not Defined
CVE-2021-31226	۵.۵	InterNiche NicheStack HTTP POST Request wbs_post heap-based overflow	$۲k-$5k	Not Defined
CVE-2021-27565	۴.۳	InterNiche NicheStack HTTP Request wbs_loop infinite loop	$۰-$۱k	Not Defined
CVE-2020-35683	۵.۳	InterNiche NicheStack ICMP Checksum denial of service	$۰-$۱k	Not Defined
CVE-2020-35684	۵.۳	InterNiche NicheStack IP Header out-of-bounds read	$۱k-$2k	Not Defined
CVE-2020-25767	۳.۵	InterNiche NicheStack IPv4 DNS Domain Name Parser dnc_copy_in out-of-bounds read	$۰-$۱k	Not Defined
CVE-2020-35685	۳.۷	InterNiche NicheStack ISN Gene random values	$۰-$۱k	Not Defined
CVE-2021-31401	۷.۳	InterNiche NicheStack TCP Header nptcp.c tcp_rcv integer overflow	$۲k-$5k	Not Defined
CVE-2021-31400	۷.۵	InterNiche NicheStack TCP Segment tcp_in.c tcp_pulloutofband infinite loop	$۰-$۱k	Not Defined
CVE-2020-25926	۵.۶	InterNiche NicheStack TCPIP DNS dns_query_type entropy	$۱k-$2k	Not Defined
CVE-2020-25928	۶.۳	InterNiche NicheStack TCPIP DNS Response dnc_set_answer buffer overflow	$۲k-$5k	Not Defined
CVE-2020-25927	۴.۳	InterNiche NicheStack TCPIP DNS Response dns_upcall out-of-bounds read	$۱k-$2k	Not Defined
CVE-2021-36762	۵.۳	InterNiche NicheStack TFTP Packet tfshnd:tftpsrv.c out-of-bounds read	$۱k-$2k	Not Defined
CVE-2021-39249	۳.۵	Invision Power Services Community Suite Filename mt_rand cross site scripting	$۰-$۱k	Official Fix
CVE-2021-39250	۳.۵	Invision Power Services Community Suite IFRAME cross site scripting	$۰-$۱k	Official Fix
CVE-2021-34663	۴.۳	jQuery Tagline Rotator Plugin jquery-tagline-rotator.php cross site scripting	$۰-$۱k	Official Fix
CVE-2021-0284	۷.۵	Juniper Junos OS TCP/IP Stack buffer overflow	$۱۰k-$25k	Official Fix
CVE-2021-3633	۸.۸	Lenovo Driver Management signature verification	$۲k-$5k	Official Fix
CVE-2021-3616	۷.۳	Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E improper authorization	$۲k-$5k	Official Fix
CVE-2021-3617	۴.۷	Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E Network Configuration os command injection	$۲k-$5k	Official Fix
CVE-2021-3615	۴.۳	Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E SD Card code injection	$۰-$۱k	Official Fix
CVE-2020-18900	۵.۵	libyal libexe libexe_io_handle_read_coff_optional_header heap-based overflow	$۰-$۵k	Official Fix
CVE-2020-18897	۵.۵	libyal Libpff pff File libpff_item_tree_create_node use after free	$۰-$۵k	Official Fix
CVE-2021-24535	۲.۴	Light Messages Plugin Message Content cross-site request forgery	$۰-$۱k	Not Defined
CVE-2020-18701	۵.۶	Lin-CMS-Flask Authentication Token session fixiation	$۱k-$2k	Not Defined
CVE-2020-18699	۳.۵	Lin-CMS-Flask user.py cross site scripting	$۰-$۱k	Not Defined
CVE-2020-18698	۳.۷	Lin-CMS-Flask user.py login excessive authentication	$۱k-$2k	Not Defined
CVE-2021-21781	۴.۳	Linux Kernel ARM SIGPAGE information disclosure	$۵k-$10k	Official Fix
CVE-2021-39282	۳.۵	Live555 AC3 File memory leak	$۰-$۱k	Not Defined
CVE-2021-39283	۵.۵	Live555 Command FramedSource.cpp assertion	$۲k-$5k	Not Defined
CVE-2021-28000	۳.۵	Local Services Search Engine Management System Project cross site scripting	$۰-$۱k	Not Defined
CVE-2021-27999	۲.۲	Local Services Search Engine Management System Project sql injection	$۱k-$2k	Not Defined
CVE-2021-34652	۴.۳	Media Usage Plugin Parameter mmu_admin.php cross site scripting	$۰-$۱k	Official Fix
CVE-2021-0626	۵.۳	MediaTek MT6768/MT6771/MT6779/MT6785 ged out-of-bounds write	$۱k-$2k	Official Fix
CVE-2021-0627	۵.۳	MediaTek MT6885 OMA DRM integer overflow	$۱k-$2k	Official Fix
CVE-2021-0628	۵.۳	MediaTek MT6885 OMA DRM memory corruption	$۱k-$2k	Official Fix
CVE-2021-0408	۳.۳	MediaTek MT6893 ASF Extractor out-of-bounds read	$۰-$۱k	Official Fix
CVE-2021-0420	۵.۵	MediaTek MT6893 Memory Management Driver denial of service	$۰-$۱k	Official Fix
CVE-2021-0419	۵.۵	MediaTek MT6893 Memory Management Driver denial of service	$۰-$۱k	Official Fix
CVE-2021-0418	۵.۵	MediaTek MT6893 Memory Management Driver denial of service	$۰-$۱k	Official Fix
CVE-2021-0417	۵.۵	MediaTek MT6893 Memory Management Driver denial of service	$۰-$۱k	Official Fix
CVE-2021-0416	۵.۷	MediaTek MT6893 Memory Management Driver denial of service	$۰-$۱k	Official Fix
CVE-2021-0415	۳.۳	MediaTek MT6893 Memory Management Driver information disclosure	$۰-$۱k	Official Fix
CVE-2021-0407	۵.۳	MediaTek MT6893 out-of-bounds write	$۱k-$2k	Official Fix
CVE-2021-36786	۳.۵	miniorange_saml Extension API Credential information disclosure	$۰-$۱k	Official Fix
CVE-2021-36785	۳.۵	miniorange_saml Extension cross site scripting	$۰-$۱k	Official Fix
CVE-2021-39302	۶.۳	MISP Log.php sql injection	$۱k-$2k	Official Fix
CVE-2021-37586	۲.۴	Mitel Interaction Recording Multitenancy System PowerPlay Web information disclosure	$۰-$۱k	Official Fix
CVE-2021-32069	۲.۶	Mitel MiCollab AWV channel accessible	$۱k-$2k	Official Fix
CVE-2021-32068	۲.۶	Mitel MiCollab AWV/Client Service channel accessible	$۱k-$2k	Official Fix
CVE-2021-32070	۳.۵	Mitel MiCollab Client Service clickjacking	$۱k-$2k	Official Fix
CVE-2021-32067	۳.۵	Mitel MiCollab Client Service information disclosure	$۰-$۱k	Official Fix
CVE-2021-32072	۴.۳	Mitel MiCollab Client Service information disclosure	$۱k-$2k	Official Fix
CVE-2021-32071	۶.۳	Mitel MiCollab Client Service Remote Code Execution	$۲k-$5k	Official Fix
CVE-2021-27402	۶.۳	Mitel MiCollab SAS Admin Portal pathname traversal	$۱k-$2k	Official Fix
CVE-2021-27401	۳.۵	Mitel MiCollab Web Client Join Meeting Page cross site scripting	$۰-$۱k	Official Fix
CVE-2021-3352	۶.۳	Mitel MiContact Center Business Software Development Kit improper authorization	$۲k-$5k	Not Defined
CVE-2021-24526	۳.۵	Mobile-Friendly Drag & Drop Contact Form Builder Plugin Form Title cross site scripting	$۰-$۱k	Official Fix
CVE-2021-24363	۵.۵	Mobile-Friendly Image Gallery Plugin path traversal	$۱k-$2k	Official Fix
CVE-2021-24362	۳.۵	Mobile-Friendly Image Gallery Plugin SVG File cross site scripting	$۰-$۱k	Official Fix
CVE-2021-3458	۴.۳	Motorola MM1000 Device Configuration Portal improper authentication	$۰-$۱k	Not Defined
CVE-2021-3459	۴.۳	Motorola MM1000 Device Configuration Web Server os command injection	$۰-$۱k	Not Defined
CVE-2021-29983	۴.۳	Mozilla Firefox Fullscreen Mode denial of service	$۱۰k-$25k	Official Fix
CVE-2021-29990	۶.۳	Mozilla Firefox memory corruption	$۲۵k-$50k	Official Fix
CVE-2021-29980	۴.۳	Mozilla Firefox/Firefox ESR/Thunderbird Canvas Object free uninitialized resource	$۱۰k-$25k	Official Fix
CVE-2021-29984	۴.۳	Mozilla Firefox/Firefox ESR/Thunderbird Garbage Collection memory corruption	$۲۵k-$50k	Official Fix
CVE-2021-29986	۶.۳	Mozilla Firefox/Firefox ESR/Thunderbird getaddrinfo memory corruption	$۲۵k-$50k	Official Fix
CVE-2021-29988	۶.۳	Mozilla Firefox/Firefox ESR/Thunderbird List-Item Element out-of-bounds read	$۱۰k-$25k	Official Fix
CVE-2021-29989	۶.۳	Mozilla Firefox/Firefox ESR/Thunderbird memory corruption	$۲۵k-$50k	Official Fix
CVE-2021-29985	۶.۳	Mozilla Firefox/Firefox ESR/Thunderbird use after free	$۲۵k-$50k	Official Fix
CVE-2021-29981	۴.۳	Mozilla Firefox/Thunderbird JIT Code denial of service	$۱۰k-$25k	Official Fix
CVE-2021-29982	۴.۳	Mozilla Firefox/Thunderbird JIT Optimizer information disclosure	$۱۰k-$25k	Official Fix
CVE-2021-29987	۴.۹	Mozilla Firefox/Thunderbird Permissions improper restriction of rendered ui layers	$۱۰k-$25k	Official Fix
CVE-2021-32728	۴.۳	Nextcloud Desktop Client Key certificate validation	$۱k-$2k	Official Fix
CVE-2021-37617	۸.۰	Nextcloud Desktop Client Uninstallation Uninstall.exe untrusted search path	$۲k-$5k	Official Fix
CVE-2021-22931	۶.۳	Node.js Domain Name Server null termination	$۲k-$5k	Official Fix
CVE-2021-22939	۵.۶	Node.js https API certificate validation	$۱k-$2k	Not Defined
CVE-2021-22940	۵.۵	Node.js use after free	$۲k-$5k	Official Fix
CVE-2021-34398	۸.۰	NVIDIA DCGM DIAG Module uncontrolled search path	$۲k-$5k	Official Fix
CVE-2021-38708	۳.۵	ocProducts Composr CMS Comcode cross site scripting	$۰-$۱k	Official Fix
CVE-2021-38709	۳.۵	ocProducts Composr CMS staff_messaging System cross site scripting	$۰-$۱k	Official Fix
CVE-2021-31820	۲.۱	Octopus Server/Server Web Request Proxy information disclosure	$۰-$۱k	Not Defined
CVE-2021-38583	۳.۵	openBaraza HCM subscription.jsp cross site scripting	$۰-$۱k	Not Defined
CVE-2021-38619	۴.۳	openBaraza HCM subscription.jsp cross site scripting	$۰-$۱k	Not Defined
CVE-2021-28490	۴.۳	OWASP CSRFGuard Cookie cross-site request forgery	$۰-$۵k	Not Defined
CVE-2020-18886	۶.۳	PHPMyWind upload_file_do.php unrestricted upload	$۰-$۵k	Not Defined
CVE-2020-18885	۶.۳	PHPMyWind web_config.php command injection	$۰-$۵k	Not Defined
CVE-2021-39270	۵.۵	Ping Identity RSA SecurID Integration Kit Privilege Escalation	$۲k-$5k	Official Fix
CVE-2021-22938	۴.۳	Pulse Secure Pulse Connect Secure Administrator Web Console command injection	$۱k-$2k	Official Fix
CVE-2021-22937	۴.۳	Pulse Secure Pulse Connect Secure Administrator Web Interface unrestricted upload	$۱k-$2k	Official Fix
CVE-2021-22935	۴.۳	Pulse Secure Pulse Connect Secure Web Parameter command injection	$۱k-$2k	Official Fix
CVE-2021-22936	۳.۵	Pulse Secure Pulse Connect Secure Web Parameter cross site scripting	$۰-$۱k	Official Fix
CVE-2021-22934	۴.۳	Pulse Secure Pulse Connect Secure Web Request buffer overflow	$۱k-$2k	Official Fix
CVE-2021-22933	۳.۵	Pulse Secure Pulse Connect Secure Web Request path traversal	$۰-$۱k	Official Fix
CVE-2020-18702	۳.۵	Quokka actions.py cross site scripting	$۰-$۱k	Not Defined
CVE-2020-18703	۶.۳	Quokka atom.py xml external entity reference	$۱k-$2k	Not Defined
CVE-2020-18705	۶.۳	Quokka views.py xml external entity reference	$۱k-$2k	Not Defined
CVE-2021-31868	۶.۳	Rapid7 Nexpose Security Console missing authentication	$۱k-$2k	Official Fix
CVE-2020-25351	۴.۳	rConfig configcompare.crud.php information disclosure	$۰-$۵k	Official Fix
CVE-2020-25353	۶.۳	rConfig Connection server-side request forgery	$۰-$۵k	Official Fix
CVE-2020-25352	۳.۵	rConfig devices.php cross site scripting	$۰-$۵k	Official Fix
CVE-2020-27466	۷.۳	rConfig File ajaxEditTemplate.php Remote Code Execution	$۰-$۵k	Not Defined
CVE-2020-25359	۵.۴	rConfig Parameter ajaxDeleteAllLoggingFiles.php unknown vulnerability	$۰-$۵k	Official Fix
CVE-2020-27464	۷.۳	rConfig ZIP File updater.php Remote Code Execution	$۰-$۵k	Official Fix
CVE-2021-35395	۶.۳	Realtek Jungle SDK HTTP Web Server stack-based overflow	$۲k-$5k	Not Defined
CVE-2021-35394	۷.۳	Realtek Jungle SDK MP Daemon UDPServer memory corruption	$۲k-$5k	Not Defined
CVE-2021-35392	۵.۵	Realtek Jungle SDK WiFi Simple Config Server heap-based overflow	$۲k-$5k	Not Defined
CVE-2021-35393	۷.۳	Realtek Jungle SDK WiFi Simple Config Server stack-based overflow	$۲k-$5k	Not Defined
CVE-2021-32829	۶.۳	REST API code injection	$۲k-$5k	Official Fix
CVE-2020-13589	۶.۳	Rukovoditel Project Management App Fields Page copy_selected sql injection	$۱k-$2k	Not Defined
CVE-2020-13588	۳.۵	Rukovoditel Project Management App Fields Page heading_field_id cross-site request forgery	$۰-$۱k	Not Defined
CVE-2020-28846	۳.۵	SeaCMS admin_manager.php cross-site request forgery	$۰-$۱k	Not Defined
CVE-2021-29313	۳.۵	SeaCMS admin_video.php cross site scripting	$۰-$۱k	Not Defined
CVE-2021-37358	۶.۳	SeaCMS sql injection	$۱k-$2k	Not Defined
CVE-2020-27461	۶.۳	SEOPanel Import Website unrestricted upload	$۰-$۵k	Official Fix
CVE-2021-34641	۳.۵	SEOPress Plugin TitleDescriptionMeta.php processPut cross site scripting	$۰-$۱k	Official Fix
CVE-2021-24380	۳.۵	Shantz WordPress QOTD Plugin cross-site request forgery	$۰-$۱k	Not Defined
CVE-2021-37707	۵.۴	Shopware API input validation	$۲k-$5k	Official Fix
CVE-2021-37709	۴.۳	Shopware Import/Export resource injection	$۲k-$5k	Official Fix
CVE-2021-37708	۶.۳	Shopware Mail Agent String command injection	$۲k-$5k	Official Fix
CVE-2021-37711	۵.۵	Shopware server-side request forgery	$۱k-$2k	Official Fix
CVE-2021-37710	۳.۵	Shopware SVG Media File cross site scripting	$۰-$۱k	Official Fix
CVE-2021-31338	۷.۳	Siemens SINEMA Remote Connect Client Configuration access control	$۱۰k-$25k	Official Fix
CVE-2021-34649	۴.۳	Simple Behance Portfolio Plugin Parameter iframe-font-preview.php cross site scripting	$۰-$۱k	Official Fix
CVE-2021-38753	۵.۵	Simple Image Gallery Web App unrestricted upload	$۱k-$2k	Not Defined
CVE-2021-34658	۴.۳	Simple Popup Newsletter Plugin simple-popup-newsletter.php cross site scripting	$۰-$۱k	Official Fix
CVE-2021-38752	۳.۵	Sourcecodester Online Catering Reservation System Search Bar cross site scripting	$۰-$۱k	Not Defined
CVE-2021-27822	۳.۵	SourceCodester Vehicle Parking Management System Add Categories cross site scripting	$۰-$۱k	Not Defined
CVE-2021-39268	۳.۵	SuiteCRM Web Interface cross site scripting	$۰-$۱k	Official Fix
CVE-2021-39267	۳.۵	SuiteCRM Web Interface cross site scripting	$۰-$۱k	Official Fix
CVE-2021-28002	۳.۵	Textpattern CMS Articles Page cross site scripting	$۰-$۱k	Not Defined
CVE-2021-28001	۳.۵	Textpattern CMS Parameter welcome-to-your-site#comments-head cross site scripting	$۰-$۱k	Not Defined
CVE-2021-34207	۳.۵	TOTOLINK A3002R ddns.htm cross site scripting	$۰-$۵k	Not Defined
CVE-2021-34228	۳.۵	TOTOLINK A3002R parent_control.htm cross site scripting	$۰-$۵k	Not Defined
CVE-2021-34215	۳.۵	TOTOLINK A3002R tcpipwan.htm cross site scripting	$۰-$۵k	Not Defined
CVE-2021-34220	۳.۵	TOTOLINK A3002R tr069config.htm cross site scripting	$۰-$۵k	Not Defined
CVE-2021-34223	۳.۵	TOTOLINK A3002R urlfilter.htm cross site scripting	$۰-$۵k	Not Defined
CVE-2021-34218	۳.۵	TOTOLINK A702R Login Portal file information disclosure	$۰-$۵k	Not Defined
CVE-2021-29280	۶.۳	TP-Link WR840N ARP buffer overflow	$۲k-$5k	Not Defined
CVE-2021-24541	۵.۵	Wonder PDF Embed Plugin Shortcode escape output	$۱k-$2k	Official Fix
CVE-2021-24540	۳.۵	Wonder Video Embed Plugin Shortcode cross site scripting	$۰-$۱k	Official Fix
CVE-2021-37597	۵.۵	WP Cerber MFA improper authentication	$۰-$۵k	Official Fix
CVE-2021-37598	۵.۵	WP Cerber wp-json access control	$۰-$۵k	Official Fix
CVE-2021-34653	۴.۳	WP Fountain Plugin Scripting wp-fountain.php cross site scripting	$۰-$۱k	Official Fix
CVE-2021-34665	۴.۳	WP SEO Tags Plugin Parameter wp-seo-tags.php cross site scripting	$۰-$۱k	Official Fix
CVE-2021-24518	۲.۴	WPFront Notification Bar Plugin Custom CSS Setting cross site scripting	$۰-$۱k	Official Fix
CVE-2021-39274	۵.۰	XeroSecurity Sn1per Configuration File permission	$۲k-$5k	Not Defined
CVE-2021-39273	۶.۳	XeroSecurity Sn1per default permission	$۲k-$5k	Not Defined

خدمات آپا

سایر آسیب پذیری ها

آسیب‌پذیری‌های حیاتی هفته چهارم مردادماه