آسیبپذیریهای حیاتی هفته چهارم اردیبهشتماه
این هفته آسیبپذیریهای «حیاتی» و «پرخطر» بسیاری در محصولات مهم Microsoft گزارش و وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شد. همچنین در محصولات شرکتهای f5، McAfee، Apache، Siemens، IBM، Foxit و کرنل لینوکس چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت.
لیست این آسیبپذیریها بههمراه سطح خطر آنها در جدول زیر آمده است.
|
شناسه آسیبپذیری |
امتیاز مبنا |
عنوان آسیبپذیری |
ارزش روز صفر |
رفع آسیبپذیری |
|
CVE-2020-26143 |
۶.۵ |
ALFA AWUS036ACH Driver Network Configuration injection |
$۲k-$5k |
Not Defined |
|
CVE-2020-26141 |
۶.۵ |
ALFA AWUS036H Driver TKIP Frame improper enforcement of message integrity |
$۲k-$5k |
Not Defined |
|
CVE-2020-26140 |
۶.۵ |
ALFA AWUS036H Driver WEP/WPA/WPA2/WPA3 injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-26311 |
۸.۰ |
AMD CPU SEV/SEV-ES unknown vulnerability |
$۲k-$5k |
Not Defined |
|
CVE-2020-12967 |
۸.۰ |
AMD CPU SEV/SEV-ES unknown vulnerability |
$۲k-$5k |
Not Defined |
|
CVE-2021-27737 |
۴.۳ |
Apache Traffic Server Slicer Plugin denial of service |
$۲k-$5k |
Not Defined |
|
CVE-2021-28664 |
۵.۵ |
ARM Mali GPU Kernel Driver access control |
$۱k-$2k |
Official Fix |
|
CVE-2021-28663 |
۷.۱ |
ARM Mali GPU Kernel Driver use after free |
$۲k-$5k |
Official Fix |
|
CVE-2020-20092 |
۶.۳ |
ArticleCMS Image Upload admin unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2020-28063 |
۵.۵ |
ArticleCMS unrestricted upload |
$۱k-$2k |
Not Defined |
|
CVE-2021-26077 |
۵.۰ |
Atlassian Connect Spring Boot Server-to-Server JWT improper authentication |
$۱k-$2k |
Official Fix |
|
CVE-2020-36289 |
۴.۳ |
Atlassian JIRA Server/Data Center QueryComponentRendererValue!Default.jspa information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2021-31876 |
۵.۴ |
Bitcoin Core BIP125 Replacement Policy denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-22153 |
۶.۳ |
BlackBerry UE Management Console Remote Privilege Escalation |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-22152 |
۳.۵ |
BlackBerry UEM Management Console denial of service |
$۲k-$5k |
Not Defined |
|
CVE-2021-22154 |
۳.۵ |
BlackBerry UEM Management Console information disclosure |
$۲k-$5k |
Not Defined |
|
CVE-2021-22155 |
۵.۵ |
BlackBerry Workspaces Server SAML Authentication improper authentication |
$۵k-$10k |
Not Defined |
|
CVE-2021-23906 |
۳.۹ |
Daimler Mercedes MBUX Headunit NTG6 Local Privilege Escalation |
$۰-$۱k |
Official Fix |
|
CVE-2021-23907 |
۳.۹ |
Daimler Mercedes MBUX Headunit NTG6 MultiSvSet Local Privilege Escalation |
$۰-$۱k |
Official Fix |
|
CVE-2021-23908 |
۳.۹ |
Daimler Mercedes MBUX Headunit NTG6 MultiSvSetAttributes type confusion |
$۰-$۱k |
Official Fix |
|
CVE-2021-23909 |
۶.۲ |
Daimler Mercedes MBUX HERMES 2.1 Local Privilege Escalation |
$۰-$۱k |
Official Fix |
|
CVE-2021-23910 |
۵.۳ |
Daimler Mercedes MBUX HERMES 2.1 RemoteDiagnosisApp out-of-bounds read |
$۰-$۱k |
Official Fix |
|
CVE-2021-22140 |
۵.۵ |
Elastic App Search App Search Web Crawler xml external entity reference |
$۱k-$2k |
Official Fix |
|
CVE-2021-22137 |
۳.۵ |
Elasticsearch Field Level Security information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-22135 |
۳.۵ |
Elasticsearch Suggester/Profile API information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-27571 |
۵.۳ |
Emote Remote Mouse missing encryption |
$۱k-$2k |
Not Defined |
|
CVE-2021-27572 |
۵.۶ |
Emote Remote Mouse Packet authentication replay |
$۱k-$2k |
Not Defined |
|
CVE-2021-27570 |
۳.۷ |
Emote Remote Mouse Packet cleartext transmission |
$۰-$۱k |
Not Defined |
|
CVE-2021-27569 |
۳.۷ |
Emote Remote Mouse Packet cleartext transmission |
$۰-$۱k |
Not Defined |
|
CVE-2021-27573 |
۷.۳ |
Emote Remote Mouse UDP Packet Remote Code Execution |
$۲k-$5k |
Workaround |
|
CVE-2021-27574 |
۳.۷ |
Emote Remote Mouse Update missing encryption |
$۰-$۱k |
Not Defined |
|
CVE-2021-23008 |
۶.۳ |
F5 BIG-IP APM AD Key Distribution Center improper authentication |
$۵k-$10k |
Official Fix |
|
CVE-2021-23016 |
۳.۵ |
F5 BIG-IP APM Static Content information disclosure |
$۲k-$5k |
Official Fix |
|
CVE-2021-23010 |
۵.۷ |
F5 BIG-IP ASM WebSocket Request denial of service |
$۲k-$5k |
Official Fix |
|
CVE-2021-23014 |
۵.۵ |
F5 BIG-IP ASM/Advanced WAF REST API Upload authorization |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-23009 |
۴.۳ |
F5 BIG-IP HTTP2 Request denial of service |
$۲k-$5k |
Official Fix |
|
CVE-2021-23015 |
۴.۳ |
F5 BIG-IP iControl REST Endpoint unknown vulnerability |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-23012 |
۴.۷ |
F5 BIG-IP input validation |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-23013 |
۳.۵ |
F5 BIG-IP Traffic Management Microkernel denial of service |
$۲k-$5k |
Official Fix |
|
CVE-2021-23011 |
۴.۳ |
F5 BIG-IP Traffic Management Microkernel denial of service |
$۲k-$5k |
Official Fix |
|
CVE-2021-24011 |
۶.۸ |
Fortinet FortiNAC sudo access control |
$۲k-$5k |
Official Fix |
|
CVE-2021-21822 |
۶.۳ |
Foxit PDF Reader use after free |
$۲k-$5k |
Not Defined |
|
CVE-2021-31458 |
۷.۸ |
Foxit Reader Annotation Object use after free |
$۲k-$5k |
Not Defined |
|
CVE-2021-31457 |
۷.۸ |
Foxit Reader Annotation Object use after free |
$۲k-$5k |
Not Defined |
|
CVE-2021-31456 |
۷.۸ |
Foxit Reader Annotation Object use after free |
$۲k-$5k |
Not Defined |
|
CVE-2021-31451 |
۷.۸ |
Foxit Reader Annotation Object use after free |
$۲k-$5k |
Not Defined |
|
CVE-2021-31441 |
۷.۸ |
Foxit Reader Annotation Object use after free |
$۲k-$5k |
Not Defined |
|
CVE-2021-31461 |
۷.۸ |
Foxit Reader app.media Object type confusion |
$۲k-$5k |
Not Defined |
|
CVE-2021-31454 |
۷.۸ |
Foxit Reader Decimal Element heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-31468 |
۷.۸ |
Foxit Reader U3D File out-of-bounds read |
$۱k-$2k |
Not Defined |
|
CVE-2021-31467 |
۳.۳ |
Foxit Reader U3D File out-of-bounds read |
$۱k-$2k |
Not Defined |
|
CVE-2021-31449 |
۷.۸ |
Foxit Reader U3D Object double free |
$۲k-$5k |
Not Defined |
|
CVE-2021-31466 |
۷.۸ |
Foxit Reader U3D Object out-of-bounds read |
$۱k-$2k |
Not Defined |
|
CVE-2021-31471 |
۳.۳ |
Foxit Reader U3D Object out-of-bounds read |
$۱k-$2k |
Not Defined |
|
CVE-2021-31469 |
۳.۳ |
Foxit Reader U3D Object out-of-bounds read |
$۱k-$2k |
Not Defined |
|
CVE-2021-31464 |
۳.۳ |
Foxit Reader U3D Object out-of-bounds read |
$۱k-$2k |
Not Defined |
|
CVE-2021-31463 |
۳.۳ |
Foxit Reader U3D Object out-of-bounds read |
$۱k-$2k |
Not Defined |
|
CVE-2021-31462 |
۳.۳ |
Foxit Reader U3D Object out-of-bounds read |
$۱k-$2k |
Not Defined |
|
CVE-2021-31448 |
۳.۳ |
Foxit Reader U3D Object out-of-bounds read |
$۱k-$2k |
Not Defined |
|
CVE-2021-31447 |
۳.۳ |
Foxit Reader U3D Object out-of-bounds read |
$۱k-$2k |
Not Defined |
|
CVE-2021-31446 |
۳.۳ |
Foxit Reader U3D Object out-of-bounds read |
$۱k-$2k |
Not Defined |
|
CVE-2021-31445 |
۳.۳ |
Foxit Reader U3D Object out-of-bounds read |
$۱k-$2k |
Not Defined |
|
CVE-2021-31444 |
۳.۳ |
Foxit Reader U3D Object out-of-bounds read |
$۱k-$2k |
Not Defined |
|
CVE-2021-31443 |
۳.۳ |
Foxit Reader U3D Object out-of-bounds read |
$۱k-$2k |
Not Defined |
|
CVE-2021-31472 |
۷.۸ |
Foxit Reader U3D Object out-of-bounds write |
$۲k-$5k |
Not Defined |
|
CVE-2021-31465 |
۷.۸ |
Foxit Reader U3D Object out-of-bounds write |
$۲k-$5k |
Not Defined |
|
CVE-2021-31442 |
۷.۸ |
Foxit Reader U3D Object out-of-bounds write |
$۲k-$5k |
Not Defined |
|
CVE-2021-31470 |
۷.۸ |
Foxit Reader U3D Object use after free |
$۲k-$5k |
Not Defined |
|
CVE-2021-31452 |
۷.۸ |
Foxit Reader XFA Form out-of-bounds write |
$۲k-$5k |
Not Defined |
|
CVE-2021-31455 |
۷.۸ |
Foxit Reader XFA Form use after free |
$۲k-$5k |
Not Defined |
|
CVE-2021-31459 |
۷.۸ |
Foxit Reader XFA Form use after free |
$۲k-$5k |
Not Defined |
|
CVE-2021-31453 |
۷.۸ |
Foxit Reader XFA Form use after free |
$۲k-$5k |
Not Defined |
|
CVE-2021-31450 |
۷.۸ |
Foxit Reader XFA Form use after free |
$۲k-$5k |
Not Defined |
|
CVE-2021-31460 |
۷.۸ |
Foxit Reader XFA Template use after free |
$۲k-$5k |
Not Defined |
|
CVE-2021-22866 |
۴.۳ |
GitHub Enterprise Server UI clickjacking |
$۲k-$5k |
Official Fix |
|
CVE-2021-26583 |
۳.۵ |
HPE iLO Amplifier Pack Bootstrap cross site scripting |
$۲k-$5k |
Official Fix |
|
CVE-2020-4811 |
۲.۴ |
IBM Cloud Pak for Security HTTP Request injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-20538 |
۹.۱ |
IBM Cloud Pak for Security improper authorization |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-20565 |
۴.۶ |
IBM Cloud Pak for Security protection mechanism |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-20577 |
۶.۱ |
IBM Cloud Pak for Security Web UI cross site scripting |
$۲k-$5k |
Not Defined |
|
CVE-2021-20559 |
۵.۴ |
IBM Control Desk Web UI cross site scripting |
$۲k-$5k |
Not Defined |
|
CVE-2021-20535 |
۶.۵ |
IBM Jazz Reporting Service server-side request forgery |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-4536 |
۴.۳ |
IBM OpenPages GRC Platform information exposure |
$۵k-$10k |
Not Defined |
|
CVE-2020-4535 |
۵.۴ |
IBM OpenPages GRC Platform Web UI cross site scripting |
$۲k-$5k |
Not Defined |
|
CVE-2020-4985 |
۳.۷ |
IBM Planning Analytics Query information disclosure |
$۵k-$10k |
Not Defined |
|
CVE-2021-20391 |
۴.۰ |
IBM QRadar User Behavior Analytics Cache information disclosure |
$۵k-$10k |
Not Defined |
|
CVE-2021-20392 |
۶.۱ |
IBM QRadar User Behavior Analytics Web UI cross site scripting |
$۲k-$5k |
Not Defined |
|
CVE-2020-23996 |
۶.۳ |
ILIAS Personal Data Import file inclusion |
$۲k-$5k |
Official Fix |
|
CVE-2020-23995 |
۴.۳ |
ILIAS Workspace Upload information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2021-20310 |
۴.۳ |
ImageMagick colorspace.c ConvertXYZToJzazbz divide by zero |
$۰-$۱k |
Official Fix |
|
CVE-2021-20311 |
۴.۳ |
ImageMagick colorspace.c sRGBTransformImage divide by zero |
$۰-$۱k |
Official Fix |
|
CVE-2020-27769 |
۵.۵ |
ImageMagick Float quantize.c integer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-20313 |
۲.۶ |
ImageMagick Signature TransformSignature information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-20312 |
۴.۳ |
ImageMagick thumbnail.c WriteTHUMBNAILImage integer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-20309 |
۴.۳ |
ImageMagick visual-effects.c WaveImage divide by zero |
$۰-$۱k |
Official Fix |
|
CVE-2021-31900 |
۵.۵ |
JetBrains Code With Me Browser unknown vulnerability |
$۲k-$5k |
Official Fix |
|
CVE-2021-31899 |
۵.۵ |
JetBrains Code With Me unknown vulnerability |
$۲k-$5k |
Official Fix |
|
CVE-2021-31901 |
۳.۱ |
JetBrains Hub Two-factor Authentication improper authentication |
$۱k-$2k |
Official Fix |
|
CVE-2021-30504 |
۴.۳ |
JetBrains IntelliJ IDEA allocation of resources |
$۰-$۱k |
Official Fix |
|
CVE-2021-29263 |
۵.۳ |
JetBrains IntelliJ IDEA Project Local Privilege Escalation |
$۱k-$2k |
Not Defined |
|
CVE-2021-30006 |
۳.۵ |
JetBrains IntelliJ IDEA XML information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-30005 |
۵.۳ |
JetBrains PyCharm Project Local Privilege Escalation |
$۱k-$2k |
Official Fix |
|
CVE-2021-31909 |
۶.۳ |
JetBrains TeamCity argument injection |
$۲k-$5k |
Official Fix |
|
CVE-2021-31911 |
۳.۵ |
JetBrains TeamCity cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-31908 |
۴.۴ |
JetBrains TeamCity cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-31906 |
۲.۴ |
JetBrains TeamCity File Upload unknown vulnerability |
$۱k-$2k |
Official Fix |
|
CVE-2021-31913 |
۵.۵ |
JetBrains TeamCity GitHub SSO Token redirect_uri unknown vulnerability |
$۲k-$5k |
Official Fix |
|
CVE-2021-31915 |
۶.۳ |
JetBrains TeamCity os command injection |
$۲k-$5k |
Official Fix |
|
CVE-2021-31912 |
۴.۶ |
JetBrains TeamCity password recovery |
$۱k-$2k |
Official Fix |
|
CVE-2021-26310 |
۳.۵ |
JetBrains TeamCity Plugin denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-31907 |
۵.۵ |
JetBrains TeamCity Plugin permission |
$۱k-$2k |
Official Fix |
|
CVE-2021-26309 |
۳.۳ |
JetBrains TeamCity Plugin Temporary Files temp file |
$۰-$۱k |
Official Fix |
|
CVE-2021-31910 |
۳.۵ |
JetBrains TeamCity server-side request forgery |
$۱k-$2k |
Official Fix |
|
CVE-2021-31904 |
۳.۵ |
JetBrains TeamCity Test History Page cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-3315 |
۴.۴ |
JetBrains TeamCity Tests Page cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-31914 |
۵.۵ |
JetBrains TeamCity unknown vulnerability |
$۲k-$5k |
Official Fix |
|
CVE-2021-30482 |
۳.۱ |
JetBrains Upsource Password information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-31898 |
۳.۷ |
JetBrains WebStorm HTTPS cleartext transmission |
$۰-$۱k |
Official Fix |
|
CVE-2021-31897 |
۶.۳ |
JetBrains WebStorm Untrusted Project Remote Code Execution |
$۲k-$5k |
Official Fix |
|
CVE-2021-31902 |
۵.۵ |
JetBrains YouTrack Export access control |
$۱k-$2k |
Official Fix |
|
CVE-2021-27733 |
۳.۵ |
JetBrains YouTrack Issue Attachment cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-31905 |
۳.۵ |
JetBrains YouTrack Issue Preview information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-31903 |
۳.۵ |
JetBrains YouTrack Pull Request cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2020-27020 |
۲.۶ |
Kaspersky Password Manager Password Generator entropy |
$۰-$۱k |
Not Defined |
|
CVE-2021-22136 |
۳.۷ |
Kibana Session Timeout session expiration |
$۱k-$2k |
Official Fix |
|
CVE-2021-22139 |
۳.۵ |
Kibana Webhook Action resource consumption |
$۰-$۱k |
Official Fix |
|
CVE-2021-30213 |
۴.۳ |
Knowage Suite AdapterHTTP cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-30212 |
۳.۵ |
Knowage Suite saveNote cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-30214 |
۵.۵ |
Knowage Suite Template update injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-30211 |
۳.۵ |
Knowage Suite update cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-18167 |
۳.۵ |
LAOBANCMS cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-18165 |
۳.۵ |
LAOBANCMS cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-18166 |
۶.۳ |
LAOBANCMS unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2021-33034 |
۵.۵ |
Linux Kernel Bluetooth hci_event.c use after free |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-33033 |
۵.۵ |
Linux Kernel DOI Definition cipso_ipv4.c cipso_v4_genopt use after free |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-32399 |
۷.۰ |
Linux Kernel HCI Controller hci_request.c race condition |
$۲k-$5k |
Official Fix |
|
CVE-2021-32606 |
۸.۸ |
Linux Kernel isotp.c isotp_setsockopt use after free |
$۲۵k-$50k |
Not Defined |
|
CVE-2021-23134 |
۷.۸ |
Linux Kernel NFC Socket use after free |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-27830 |
۳.۵ |
Linux Kernel spk_ttyio_receive_buf2 null pointer dereference |
$۲k-$5k |
Not Defined |
|
CVE-2020-28588 |
۴.۳ |
Linux Kernel syscall numeric conversion |
$۵k-$10k |
Official Fix |
|
CVE-2020-26147 |
۴.۳ |
Linux Kernel WEP/WPA/WPA2/WPA3 injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-24195 |
۶.۳ |
Login as User or Customer Plugin AJAX Action cp_plugins_do_button_job_later_callback improper authorization |
$۲k-$5k |
Official Fix |
|
CVE-2021-24194 |
۶.۳ |
Login Protection Plugin Failed Login cp_plugins_do_button_job_later_callback improper authorization |
$۲k-$5k |
Official Fix |
|
CVE-2020-36198 |
۶.۷ |
Malware Remover command injection |
$۱k-$2k |
Official Fix |
|
CVE-2021-23892 |
۸.۲ |
McAfee Endpoint Security Installation toctou |
$۵k-$10k |
Not Defined |
|
CVE-2021-23891 |
۷.۸ |
McAfee Total Protection Client Token privileges management |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-23872 |
۷.۸ |
McAfee Total Protection File Lock privileges management |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-31204 |
۷.۳ |
Microsoft .NET/Visual Studio Remote Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-31936 |
۷.۴ |
Microsoft Accessibility Insights for Web information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-31200 |
۷.۲ |
Microsoft Common Utilities common_utils.py Remote Privilege Escalation |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28461 |
۶.۱ |
Microsoft Dynamics 365 for Finance and Operations unknown vulnerability |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-31195 |
۶.۵ |
Microsoft Exchange Server information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-31198 |
۷.۸ |
Microsoft Exchange Server Remote Code Execution |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-31209 |
۶.۵ |
Microsoft Exchange Server Remote Code Execution |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-31207 |
۶.۶ |
Microsoft Exchange Server Remote Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-26419 |
۷.۵ |
Microsoft Internet Explorer Scripting Engine memory corruption |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26421 |
۶.۵ |
Microsoft Lync Server/Skype for Business Server Remote Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-26422 |
۷.۲ |
Microsoft Lync/Skype for Business Server Remote Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-31176 |
۷.۸ |
Microsoft Office Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-31174 |
۵.۵ |
Microsoft Office/Excel information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-31178 |
۵.۵ |
Microsoft Office/Excel information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-31175 |
۷.۸ |
Microsoft Office/Excel Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-31177 |
۷.۸ |
Microsoft Office/Excel Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-31179 |
۷.۸ |
Microsoft Office/Excel Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-31180 |
۷.۸ |
Microsoft Office/Word Graphics Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-31171 |
۴.۱ |
Microsoft SharePoint Server information disclosure |
$۲k-$5k |
Official Fix |
|
CVE-2021-31173 |
۵.۳ |
Microsoft SharePoint Server information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-31181 |
۸.۸ |
Microsoft SharePoint Server Remote Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-28474 |
۸.۸ |
Microsoft SharePoint Server Remote Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-31172 |
۷.۱ |
Microsoft SharePoint Server unknown vulnerability |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28478 |
۷.۶ |
Microsoft SharePoint Server unknown vulnerability |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-26418 |
۴.۶ |
Microsoft SharePoint Server unknown vulnerability |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-31211 |
۷.۸ |
Microsoft Visual Studio Code Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-31214 |
۷.۸ |
Microsoft Visual Studio Code Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-31213 |
۷.۸ |
Microsoft Visual Studio Code Remote Containers Extension Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27068 |
۸.۸ |
Microsoft Visual Studio Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28465 |
۷.۸ |
Microsoft Web Media Extensions Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-31182 |
۷.۱ |
Microsoft Windows Bluetooth Driver unknown vulnerability |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-31190 |
۷.۸ |
Microsoft Windows Container Isolation FS Filter Driver Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-31208 |
۷.۸ |
Microsoft Windows Container Manager Service Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-31165 |
۷.۸ |
Microsoft Windows Container Manager Service Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-31167 |
۷.۸ |
Microsoft Windows Container Manager Service Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-31168 |
۷.۸ |
Microsoft Windows Container Manager Service Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-31169 |
۷.۸ |
Microsoft Windows Container Manager Service Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28479 |
۵.۵ |
Microsoft Windows CSC Service information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-31185 |
۵.۵ |
Microsoft Windows Desktop Bridge denial of service |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-31170 |
۷.۸ |
Microsoft Windows Graphics Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-31188 |
۷.۸ |
Microsoft Windows Graphics Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-31166 |
۹.۸ |
Microsoft Windows HTTP Protocol Stack Remote Code Execution |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28476 |
۹.۹ |
Microsoft Windows Hyper-V Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-31184 |
۵.۵ |
Microsoft Windows Infrared Data Association information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-31192 |
۷.۳ |
Microsoft Windows Media Foundation Core Remote Code Execution |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-31194 |
۸.۸ |
Microsoft Windows OLE Automation Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-31191 |
۵.۵ |
Microsoft Windows Projected File System FS Filter Driver information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-31186 |
۷.۴ |
Microsoft Windows RDP information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-28455 |
۸.۸ |
Microsoft Windows Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-31193 |
۷.۸ |
Microsoft Windows Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-31205 |
۴.۳ |
Microsoft Windows SMB Client Security Feature information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-31187 |
۷.۸ |
Microsoft Windows WalletService Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2020-24587 |
۶.۵ |
Microsoft Windows Wireless Networking information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2020-24588 |
۶.۵ |
Microsoft Windows Wireless Networking unknown vulnerability |
$۵۰k-$100k |
Official Fix |
|
CVE-2020-26144 |
۶.۵ |
Microsoft Windows Wireless Networking unknown vulnerability |
$۵۰k-$100k |
Official Fix |
|
CVE-2020-20265 |
۶.۳ |
MikroTik RouterOS Packet wireless memory corruption |
$۲k-$5k |
Official Fix |
|
CVE-2020-20267 |
۶.۳ |
MikroTik RouterOS resolver memory corruption |
$۲k-$5k |
Official Fix |
|
CVE-2021-20331 |
۴.۲ |
MongoDB C# Driver information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-25845 |
۳.۵ |
Moxa Camera VPort 06EC-2V ChassisID TLV vport_lldpd denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-25846 |
۳.۵ |
Moxa Camera VPort 06EC-2V LLDP Packet vport_lldpd denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-25848 |
۳.۵ |
Moxa Camera VPort 06EC-2V LLDP Packet vport_lldpd information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-25847 |
۳.۵ |
Moxa Camera VPort 06EC-2V LLDP Packet vport_lldpd information disclosure |
$۰-$۱k |
Not Defined |
|
CVE-2021-25849 |
۳.۵ |
Moxa Camera VPort 06EC-2V LLDP Packet vport_lldpd integer underflow |
$۱k-$2k |
Not Defined |
|
CVE-2020-27185 |
۳.۱ |
Moxa NPort IA5000A cleartext transmission |
$۰-$۱k |
Not Defined |
|
CVE-2020-27150 |
۳.۱ |
Moxa NPort IA5000A Configuration Export credentials storage |
$۱k-$2k |
Not Defined |
|
CVE-2020-27184 |
۳.۷ |
Moxa NPort IA5000A Telnet cleartext transmission |
$۰-$۱k |
Not Defined |
|
CVE-2020-27149 |
۴.۶ |
Moxa NPort IA5150A-IEX Web Console unknown vulnerability |
$۲k-$5k |
Official Fix |
|
CVE-2020-23374 |
۳.۵ |
noneCMS add.html cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-23373 |
۳.۵ |
noneCMS add.html cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-23376 |
۳.۵ |
NoneCMS add.html cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2020-23371 |
۳.۵ |
noneCms swfupload.swf cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-32561 |
۳.۵ |
OctoPrint API Error cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-32560 |
۵.۵ |
OctoPrint Logging Subsystem access control |
$۱k-$2k |
Official Fix |
|
CVE-2021-21430 |
۴.۳ |
OpenAPI Tools OpenAPI Generator API Endpoint File.createTempFile temp file |
$۲k-$5k |
Official Fix |
|
CVE-2021-21428 |
۶.۳ |
OpenAPI Tools OpenAPI Generator File.createTempFile privileges management |
$۲k-$5k |
Official Fix |
|
CVE-2020-26142 |
۵.۴ |
OpenBSD WEP/WPA/WPA2/WPA3 injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-27226 |
۶.۳ |
OpenClinic GA HTTP Request quickFile.jsp sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-27246 |
۷.۵ |
OpenClinic GA listImmoLabels.jsp sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-27245 |
۷.۵ |
OpenClinic GA listImmoLabels.jsp sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-27244 |
۷.۵ |
OpenClinic GA listImmoLabels.jsp sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-27243 |
۷.۵ |
OpenClinic GA listImmoLabels.jsp sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-27242 |
۷.۵ |
OpenClinic GA listImmoLabels.jsp sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-27232 |
۶.۳ |
OpenClinic GA manageServiceStocks.jsp sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-27231 |
۶.۳ |
OpenClinic GA patientslist.do sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-27230 |
۶.۳ |
OpenClinic GA patientslist.do sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-27229 |
۶.۳ |
OpenClinic GA patientslist.do sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-27824 |
۶.۳ |
OpenJPEG Encoding opj_dwt_calc_explicit_stepsizes buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2020-27823 |
۶.۳ |
OpenJPEG Encoding out-of-bounds write |
$۲k-$5k |
Not Defined |
|
CVE-2021-21655 |
۳.۵ |
P4 Plugin cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2021-21654 |
۶.۳ |
P4 Plugin HTTP Endpoint authorization |
$۲k-$5k |
Not Defined |
|
CVE-2021-32918 |
۵.۳ |
Prosody Lua resource consumption |
$۰-$۱k |
Official Fix |
|
CVE-2021-32921 |
۲.۶ |
Prosody Lua timing discrepancy |
$۰-$۱k |
Official Fix |
|
CVE-2021-32917 |
۷.۳ |
Prosody proxy65 access control |
$۲k-$5k |
Official Fix |
|
CVE-2021-32919 |
۵.۶ |
Prosody Server-to-Server Authentication dialback_without_dialback certificate validation |
$۱k-$2k |
Official Fix |
|
CVE-2021-32920 |
۳.۵ |
Prosody TLS Renegotiation Request resource consumption |
$۰-$۱k |
Official Fix |
|
CVE-2021-20181 |
۴.۶ |
QEMU 9pfs Server use after free |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-20221 |
۵.۵ |
QEMU ARM Generic Interrupt Controller Emulator out-of-bounds write |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-36197 |
۶.۳ |
QNAP Music Station access control |
$۲k-$5k |
Official Fix |
|
CVE-2020-27833 |
۵.۵ |
Red Hat openshift-clients ZIP File input validation |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-20250 |
۳.۵ |
Red Hat WildFly Boss EJB Client information disclosure |
$۲k-$5k |
Not Defined |
|
CVE-2021-24286 |
۳.۵ |
Redirect 404 to Parent Plugin Parameter cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-24281 |
۵.۴ |
Redirection for Contact Form 7 Plugin AJAX Action delete_action_post authorization |
$۲k-$5k |
Official Fix |
|
CVE-2021-24279 |
۶.۳ |
Redirection for Contact Form 7 Plugin AJAX Action import_from_debug authorization |
$۲k-$5k |
Official Fix |
|
CVE-2021-24280 |
۶.۳ |
Redirection for Contact Form 7 Plugin AJAX Action import_from_debug deserialization |
$۲k-$5k |
Official Fix |
|
CVE-2021-24278 |
۵.۳ |
Redirection for Contact Form 7 Plugin AJAX Action wpcf7r_get_nonce authorization |
$۲k-$5k |
Official Fix |
|
CVE-2021-24282 |
۶.۳ |
Redirection for Contact Form 7 Plugin wpcf7r_reset_settings authorization |
$۲k-$5k |
Official Fix |
|
CVE-2021-21650 |
۳.۵ |
S3 Publisher Plugin Artifact Upload authorization |
$۱k-$2k |
Not Defined |
|
CVE-2021-21651 |
۵.۵ |
S3 Publisher Plugin HTTP Endpoint Read authorization |
$۱k-$2k |
Not Defined |
|
CVE-2020-27840 |
۵.۳ |
Samba Domain Name out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-20277 |
۴.۳ |
Samba libldb out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2020-26145 |
۵.۴ |
Samsung Galaxy S3 i9305 WEP/WPA/WPA2/WPA3 injection |
$۲k-$5k |
Not Defined |
|
CVE-2020-26146 |
۶.۵ |
Samsung Galaxy S3 i9305 WPA/WPA2/WPA3 injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-27613 |
۶.۳ |
SAP Business One Chef Cookbook temp file |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-27614 |
۶.۳ |
SAP Business One Hana Chef Cookbook code injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-27616 |
۶.۳ |
SAP Business One Hana Chef Cookbook temp file |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-27619 |
۴.۳ |
SAP Commerce Backoffice Search information disclosure |
$۵k-$10k |
Not Defined |
|
CVE-2021-27612 |
۵.۰ |
SAP GUI Website Remote Code Execution |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-27611 |
۴.۷ |
SAP NetWeaver AS ABAP ABAP Report injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-27618 |
۲.۷ |
SAP Process Integration Integration Builder Framework denial of service |
$۲k-$5k |
Not Defined |
|
CVE-2021-27617 |
۴.۳ |
SAP Process Integration Integration Builder Framework denial of service |
$۲k-$5k |
Not Defined |
|
CVE-2021-31341 |
۳.۵ |
Siemens Mendix Database Replication Table Mapping information exposure |
$۲k-$5k |
Official Fix |
|
CVE-2021-31339 |
۳.۵ |
Siemens Mendix Excel Importer Module XML File information exposure |
$۲k-$5k |
Official Fix |
|
CVE-2020-28393 |
۷.۵ |
Siemens SCALANCE XM-400/SCALANCE XR-500 OSPF Protocol calculation |
$۵k-$10k |
Official Fix |
|
CVE-2021-27386 |
۳.۵ |
Siemens SIMATIC HMI Comfort Outdoor Panels Device Layout memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27384 |
۵.۵ |
Siemens SIMATIC HMI Comfort Outdoor Panels Device Layout out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-25662 |
۳.۵ |
Siemens SIMATIC HMI Comfort Outdoor Panels exceptional condition |
$۵k-$10k |
Official Fix |
|
CVE-2021-25661 |
۵.۵ |
Siemens SIMATIC HMI Comfort Outdoor Panels out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-25660 |
۵.۵ |
Siemens SIMATIC HMI Comfort Outdoor Panels out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27385 |
۴.۳ |
Siemens SIMATIC HMI Comfort Outdoor Panels SmartVNC Device Layout resource consumption |
$۲k-$5k |
Not Defined |
|
CVE-2021-27383 |
۳.۵ |
Siemens SIMATIC HMI Comfort Outdoor Panels SmartVNC memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2019-19276 |
۵.۷ |
Siemens SIMATIC HMI Comfort Panels SNMP Service out-of-bounds write |
$۱۰k-$25k |
Workaround |
|
CVE-2020-25242 |
۵.۷ |
Siemens SIMATIC NET CP 343-1 Service Port 102 resource consumption |
$۲k-$5k |
Workaround |
|
CVE-2021-27397 |
۵.۵ |
Siemens Tecnomatix Plant Simulation SPP File Parser PlantSimCore.dll memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27398 |
۵.۵ |
Siemens Tecnomatix Plant Simulation SPP File Parser PlantSimCore.dll stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27396 |
۵.۵ |
Siemens Tecnomatix Plant Simulation SPP File Parser PlantSimCore.dll stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-32608 |
۳.۵ |
SmartStoreNET Forum Post _ForumPost.cshtml cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-32607 |
۳.۵ |
SmartStoreNET Private Message View.cshtml cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-32604 |
۵.۵ |
SolarWinds Serv-U unknown vulnerability |
$۲k-$5k |
Official Fix |
|
CVE-2021-31755 |
۷.۶ |
Tenda AC11 POST Request setmac stack-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-31758 |
۷.۶ |
Tenda AC11 POST Request setportList stack-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-31757 |
۷.۶ |
Tenda AC11 POST Request setVLAN stack-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-31756 |
۷.۶ |
Tenda AC11 POST Request setwanType stack-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-25693 |
۳.۵ |
Teradici PCoIP Agent denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-25694 |
۵.۰ |
Teradici PCoIP Graphics Agent Redirect Pixel NVENC.dll Remote Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2021-29519 |
۲.۵ |
TesorFlow API tf.raw_ops.SparseCross type confusion |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29615 |
۲.۵ |
TesorFlow attr_value_util.cc ParseAttrValue recursion |
$۵k-$10k |
Official Fix |
|
CVE-2021-29612 |
۳.۶ |
TesorFlow banded_triangular_solve_op.cc tf.raw_ops.BandedTriangularSolve buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29605 |
۷.۱ |
TesorFlow common.c TFLiteIntArray integer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29601 |
۶.۳ |
TesorFlow concatenation.cc integer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29594 |
۲.۵ |
TesorFlow conv.cc divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29538 |
۲.۵ |
TesorFlow conv_grad_filter_ops.cc Conv2DBackpropFilter divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29525 |
۲.۵ |
TesorFlow conv_grad_input_ops.h tf.raw_ops.Conv2DBackpropInput divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29524 |
۲.۵ |
TesorFlow conv_grad_shape_utils.cc tf.raw_ops.Conv2DBackpropFilter divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29520 |
۲.۵ |
TesorFlow conv_grad_shape_utils.cc tf.raw_ops.Conv3DBackprop buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29526 |
۲.۵ |
TesorFlow conv_ops.cc tf.raw_ops.Conv2D divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29517 |
۲.۵ |
TesorFlow conv_ops_3d.cc filter divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29554 |
۲.۵ |
TesorFlow count_ops.cc tf.raw_ops.DenseCountSparseOutput divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29581 |
۲.۵ |
TesorFlow ctc_decoder_ops.cc tf.raw_ops.CTCBeamSearchDecoder uninitialized resource |
$۵k-$10k |
Official Fix |
|
CVE-2021-29543 |
۲.۵ |
TesorFlow ctc_decoder_ops.cc tf.raw_ops.CTCGreedyDecoder assertion |
$۵k-$10k |
Official Fix |
|
CVE-2021-29614 |
۷.۱ |
TesorFlow decode_padded_raw_op.cc tf.io.decode_raw initialization |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29582 |
۲.۵ |
TesorFlow dequantize_op.cc tf.raw_ops.Dequantize out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-29566 |
۲.۵ |
TesorFlow dilation_ops.cc tf.raw_ops.Dilation2DBackpropInput out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29549 |
۲.۵ |
TesorFlow divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29533 |
۲.۵ |
TesorFlow draw_bounding_box_op.cc tf.raw_ops.DrawBoundingBoxes unusual condition |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29564 |
۲.۵ |
TesorFlow edit_distance_op.cc tf.raw_ops.EditDistance null pointer dereference |
$۵k-$10k |
Official Fix |
|
CVE-2021-29531 |
۲.۵ |
TesorFlow encode_png_op.cc unusual condition |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29555 |
۲.۵ |
TesorFlow FPE Runtime fused_batch_norm_op.cc tf.raw_ops.FusedBatchNorm divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29556 |
۲.۵ |
TesorFlow FPE Runtime tf.raw_ops.Reverse divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29557 |
۲.۵ |
TesorFlow FPE Runtime tf.raw_ops.SparseMatMul divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29550 |
۲.۵ |
TesorFlow fractional_avg_pool_op.cc tf.raw_ops.FractionalAvgPool denial of service |
$۵k-$10k |
Official Fix |
|
CVE-2021-29578 |
۲.۵ |
TesorFlow fractional_avg_pool_op.cc tf.raw_ops.FractionalAvgPoolGrad memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29580 |
۲.۵ |
TesorFlow fractional_max_pool_op.cc tf.raw_ops.FractionalMaxPoolGrad uninitialized resource |
$۵k-$10k |
Official Fix |
|
CVE-2021-29583 |
۲.۵ |
TesorFlow fused_batch_norm_op.cc tf.raw_ops.FusedBatchNorm null pointer dereference |
$۵k-$10k |
Official Fix |
|
CVE-2021-29604 |
۲.۵ |
TesorFlow hashtable_lookup.cc divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29545 |
۲.۵ |
TesorFlow kernels.cc csr_row_ptr memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29515 |
۲.۵ |
TesorFlow matrix_diag_op.cc null pointer dereference |
$۵k-$10k |
Official Fix |
|
CVE-2021-29551 |
۲.۵ |
TesorFlow matrix_triangular_solve_op_impl.h MatrixTriangularSolve out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-29579 |
۲.۵ |
TesorFlow maxpooling_op.cc tf.raw_ops.MaxPoolGrad memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29573 |
۲.۵ |
TesorFlow maxpooling_op.cc tf.raw_ops.MaxPoolGradWithArgmax divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29570 |
۲.۵ |
TesorFlow maxpooling_op.cc tf.raw_ops.MaxPoolGradWithArgmax out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-29568 |
۲.۵ |
TesorFlow parameterized_truncated_normal_op.cc tf.raw_ops.ParameterizedTruncatedNormal uninitialized pointer |
$۵k-$10k |
Official Fix |
|
CVE-2021-29586 |
۲.۵ |
TesorFlow pooling.cc divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29577 |
۲.۵ |
TesorFlow pooling_ops_3d.cc tf.raw_ops.AvgPool3DGrad heap-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29576 |
۲.۵ |
TesorFlow pooling_ops_3d.cc tf.raw_ops.MaxPool3DGradGrad buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29574 |
۲.۵ |
TesorFlow pooling_ops_3d.cc tf.raw_ops.MaxPool3DGradGrad null pointer dereference |
$۵k-$10k |
Official Fix |
|
CVE-2021-29546 |
۲.۵ |
TesorFlow quantization_utils.h tf.raw_ops.QuantizedBiasAdd divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29610 |
۳.۶ |
TesorFlow quantize_and_dequantize_op.cc tf.raw_ops.QuantizeAndDequantizeV2 initialization |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29553 |
۲.۵ |
TesorFlow quantize_and_dequantize_op.cc tf.raw_ops.QuantizeAndDequantizeV3 out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-29544 |
۲.۵ |
TesorFlow quantize_and_dequantize_op.cc tf.raw_ops.QuantizeAndDequantizeV4Grad unusual condition |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29547 |
۲.۵ |
TesorFlow quantized_batch_norm_op.cc out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-29527 |
۲.۵ |
TesorFlow quantized_conv_ops.cc tf.raw_ops.QuantizedConv2D divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29535 |
۲.۵ |
TesorFlow quantized_mul_op.cc heap-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29528 |
۲.۵ |
TesorFlow quantized_mul_op.cc tf.raw_ops.QuantizedMul divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29536 |
۲.۵ |
TesorFlow quantized_reshape_op.cc heap-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29537 |
۲.۵ |
TesorFlow quantized_resize_bilinear_op.cc heap-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29529 |
۲.۵ |
TesorFlow quantized_resize_bilinear_op.cc tf.raw_ops.QuantizedResizeBilinear heap-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29532 |
۲.۵ |
TesorFlow ragged_cross_op.cc tf.raw_ops.RaggedCross out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-29561 |
۲.۵ |
TesorFlow ragged_tensor_to_tensor_op.cc tf.raw_ops.LoadAndRemapMatrix assertion |
$۵k-$10k |
Official Fix |
|
CVE-2021-29608 |
۵.۳ |
TesorFlow ragged_tensor_to_tensor_op.cc tf.raw_ops.RaggedTensorToTensor heap-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29560 |
۲.۵ |
TesorFlow ragged_tensor_to_tensor_op.cc tf.raw_ops.RaggedTensorToTensor out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-29569 |
۲.۵ |
TesorFlow requantization_range_op.cc tf.raw_ops.MaxPoolGradWithArgmax out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-29575 |
۲.۵ |
TesorFlow reverse_sequence_op.cc tf.raw_ops.ReverseSequence memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29518 |
۲.۵ |
TesorFlow session_ops.cc ctx->session_state null pointer dereference |
$۲k-$5k |
Official Fix |
|
CVE-2021-29609 |
۵.۳ |
TesorFlow sparse_add_op.cc initialization |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29565 |
۲.۵ |
TesorFlow sparse_fill_empty_rows_op.cc tf.raw_ops.SparseFillEmptyRows null pointer dereference |
$۵k-$10k |
Official Fix |
|
CVE-2021-29611 |
۳.۶ |
TesorFlow sparse_reshape_op.cc SparseReshape initialization |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29607 |
۵.۳ |
TesorFlow sparse_sparse_binary_op_shared.cc SparseAdd unusual condition |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29584 |
۲.۵ |
TesorFlow sparse_split_op.cc implementation integer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29558 |
۲.۵ |
TesorFlow sparse_tensor.h tf.raw_ops.SparseSplit out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29523 |
۲.۵ |
TesorFlow sparse_tensors_map_ops.cc tf.raw_ops.AddManySparseToTensorsMap integer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29542 |
۲.۵ |
TesorFlow string_ngrams_op.cc tf.raw_ops.StringNGrams heap-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29592 |
۴.۴ |
TesorFlow subgraph.c null pointer dereference |
$۵k-$10k |
Official Fix |
|
CVE-2021-29522 |
۲.۵ |
TesorFlow tf.raw_ops.Conv3DBackprop divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29613 |
۶.۳ |
TesorFlow tf.raw_ops.CTCLoss initialization |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29539 |
۲.۵ |
TesorFlow tf.raw_ops.ImmutableConst numeric conversion |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29562 |
۲.۵ |
TesorFlow tf.raw_ops.IRFFT assertion |
$۵k-$10k |
Official Fix |
|
CVE-2021-29516 |
۲.۵ |
TesorFlow tf.raw_ops.RaggedTensorToVariant null pointer dereference |
$۵k-$10k |
Official Fix |
|
CVE-2021-29563 |
۲.۵ |
TesorFlow tf.raw_ops.RFFT assertion |
$۵k-$10k |
Official Fix |
|
CVE-2021-29534 |
۲.۵ |
TesorFlow tf.raw_ops.SparseConcat unusual condition |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29521 |
۲.۵ |
TesorFlow tf.raw_ops.SparseCountSparseOutput buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29619 |
۲.۵ |
TesorFlow tf.raw_ops.SparseCountSparseOutput exceptional condition |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29530 |
۲.۵ |
TesorFlow tf.raw_ops.SparseMatrixSparseCholesky null pointer dereference |
$۵k-$10k |
Official Fix |
|
CVE-2021-29541 |
۲.۵ |
TesorFlow tf.raw_ops.StringNGrams null pointer dereference |
$۵k-$10k |
Official Fix |
|
CVE-2021-29617 |
۲.۵ |
TesorFlow tf.strings.substr exceptional condition |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29618 |
۲.۵ |
TesorFlow tf.transpose exceptional condition |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29603 |
۲.۵ |
TesorFlow TFLite Model arg_min_max.cc ArgMax out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29606 |
۲.۵ |
TesorFlow TFLite Model split_v.cc Split_V out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-29593 |
۲.۵ |
TesorFlow TFLite Operator batch_to_space_nd.cc divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29595 |
۲.۵ |
TesorFlow TFLite Operator depth_to_space.cc divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29602 |
۲.۵ |
TesorFlow TFLite Operator depthwise_conv.cc divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29598 |
۲.۵ |
TesorFlow TFLite Operator divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29596 |
۲.۵ |
TesorFlow TFLite Operator embedding_lookup.cc divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29590 |
۲.۵ |
TesorFlow TFLite Operator maximum_minimum.h out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-29600 |
۲.۵ |
TesorFlow TFLite Operator one_hot.cc divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29588 |
۲.۵ |
TesorFlow TFLite Operator optimized_ops.h divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29589 |
۲.۵ |
TesorFlow TFLite Operator reference_ops.h divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29597 |
۲.۵ |
TesorFlow TFLite Operator space_to_batch_nd.cc divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29587 |
۲.۵ |
TesorFlow TFLite Operator space_to_depth.cc divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29599 |
۲.۵ |
TesorFlow TFLite Operator split.cc num_splits divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29585 |
۲.۵ |
TesorFlow TFLite padding.h divide by zero |
$۵k-$10k |
Official Fix |
|
CVE-2021-29559 |
۲.۵ |
TesorFlow unicode_ops.cc tf.raw_ops.UnicodeEncode out-of-bounds read |
$۵k-$10k |
Official Fix |
|
CVE-2021-29552 |
۲.۵ |
TesorFlow unsorted_segment_join_op.cc UnsortedSegmentJoin assertion |
$۵k-$10k |
Official Fix |
|
CVE-2021-29591 |
۲.۵ |
TesorFlow while.cc While infinite loop |
$۵k-$10k |
Official Fix |
|
CVE-2020-17891 |
۳.۵ |
TP-LINK Archer C1200 cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-28649 |
۷.۳ |
Trend Micro HouseCall for Home Networks access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-31519 |
۶.۳ |
Trend Micro HouseCall for Home Networks Scan access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-31520 |
۳.۷ |
Trend Micro IM Security Web Management Interface improper authentication |
$۵k-$10k |
Not Defined |
|
CVE-2021-21990 |
۳.۵ |
VMware Workspace one UEM Console cross site scripting |
$۲k-$5k |
Official Fix |
|
CVE-2021-20996 |
۵.۳ |
WAGO Managed Switch Cookie information disclosure |
$۱k-$2k |
Not Defined |
|
CVE-2021-20998 |
۷.۳ |
WAGO Managed Switch missing authentication |
$۱k-$2k |
Not Defined |
|
CVE-2021-20994 |
۶.۳ |
WAGO Managed Switch Web-based Management injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-20997 |
۳.۷ |
WAGO Managed Switch Web-based Management insufficiently protected credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-20995 |
۵.۳ |
WAGO Managed Switch Web-based UI cleartext storage |
$۱k-$2k |
Not Defined |
|
CVE-2021-20993 |
۵.۳ |
WAGO Switch Directory Listing information disclosure |
$۱k-$2k |
Not Defined |
|
CVE-2021-24188 |
۶.۳ |
WP Content Copy Protection & No Right Click Plugin AJAX Action cp_plugins_do_button_job_later_callback improper authorization |
$۲k-$5k |
Official Fix |
|
CVE-2021-24191 |
۶.۳ |
WP Maintenance Mode & Site Under Construction Plugin AJAX Action cp_plugins_do_button_job_later_callback improper authorization |
$۲k-$5k |
Official Fix |
|
CVE-2021-21652 |
۳.۵ |
Xray Test Management for Jira Plugin cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2021-21653 |
۵.۵ |
Xray Test Management for Jira Plugin HTTP Endpoint authorization |
$۱k-$2k |
Not Defined |
|
CVE-2020-23369 |
۳.۵ |
YzmCMS IFRAME init.html cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-23370 |
۳.۵ |
YzmCMS SWF File controller.php cross site scripting |
$۰-$۱k |
Not Defined |
