آسیب‌پذیری‌های حیاتی هفته سوم آبان‌ماه

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Cisco گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد. همچنین در محصولات شرکت‌های Mozilla، Apache، Fortinet، IBM، HP، Jenkins، NVIDIA، SAMSUNG، Google و کرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.
لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری	امتیاز مبنا	عنوان آسیب‌پذیری	ارزش روز صفر	رفع آسیب‌پذیری
CVE-2021-20839	6.4	Antenna House Office Server Document Converter XML Document xml external entity reference	$1k-$2k	Not Defined
CVE-2021-20838	6.9	Antenna House Office Server Document Converter XML Document xml external entity reference	$1k-$2k	Not Defined
CVE-2021-27644	6.9	Apache DolphinScheduler MySQL Data Source sql injection	$10k-$25k	Official Fix
CVE-2021-41973	5.9	Apache MINA HTTP Header infinite loop	$5k-$10k	Not Defined
CVE-2021-37149	7.3	Apache Traffic Server HTTP Header Parser request smuggling	$10k-$25k	Not Defined
CVE-2021-37148	7.3	Apache Traffic Server HTTP Header Parser request smuggling	$10k-$25k	Not Defined
CVE-2021-37147	7.3	Apache Traffic Server request smuggling	$10k-$25k	Not Defined
CVE-2021-41585	4.3	Apache Traffic Server Socket Connection denial of service	$2k-$5k	Not Defined
CVE-2021-43082	5.5	Apache Traffic Server stats-over-http Plugin buffer overflow	$10k-$25k	Not Defined
CVE-2021-38161	5.6	Apache Traffic Server TLS Origin improper authentication	$10k-$25k	Not Defined
CVE-2021-36698	4.4	Artica Pandora FMS Event Filter cross site scripting	$0-$1k	Not Defined
CVE-2021-36697	5.5	Artica Pandora FMS File Manager .htaccess unrestricted upload	$1k-$2k	Not Defined
CVE-2021-41310	4.8	Atlassian JIRA Server/Data Center Associated Project AssociatedProjectsForCustomField.jspa cross site scripting	$0-$1k	Official Fix
CVE-2021-41313	5.3	Atlassian JIRA Server/Data Center Email Batch Confirguation ConfigureBatching!default.jspa improper authorization	$2k-$5k	Official Fix
CVE-2021-41312	7.4	Atlassian JIRA Server/Data Center Jira Service Management Project ViewCollectors improper authentication	$1k-$2k	Official Fix
CVE-2021-25875	3.5	AVideo/YouPHPTube AVideo/YouPHPTube cross site scripting	$0-$1k	Not Defined
CVE-2021-25874	7.3	AVideo/YouPHPTube AVideo/YouPHPTube Parameter sql injection	$2k-$5k	Not Defined
CVE-2021-25878	3.5	AVideo/YouPHPTube cross site scripting	$0-$1k	Not Defined
CVE-2021-25876	3.5	AVideo/YouPHPTube cross site scripting	$0-$1k	Not Defined
CVE-2021-25877	3.5	AVideo/YouPHPTube Variable save.php unknown vulnerability	$1k-$2k	Not Defined
CVE-2021-42699	4.7	AzeoTech DAQFactory cleartext transmission	$0-$1k	Not Defined
CVE-2021-42698	7.0	AzeoTech DAQFactory Project File deserialization	$2k-$5k	Not Defined
CVE-2021-42701	5.7	AzeoTech DAQFactory Project File privileges management	$2k-$5k	Not Defined
CVE-2021-42543	7.0	AzeoTech DAQFactory Project File privileges management	$2k-$5k	Not Defined
CVE-2021-24809	6.1	BP Better Messages Plugin AJAX Action bp_better_messages_exclude_user_from_thread cross-site request forgery	$0-$1k	Official Fix
CVE-2021-24808	4.8	BP Better Messages Plugin Parameter sanitize_text_field cross site scripting	$0-$1k	Official Fix
CVE-2021-40124	7.8	Cisco AnyConnect Secure Mobility Client Network Access Manager privileges assignment	$10k-$25k	Official Fix
CVE-2021-40113	9.9	Cisco Catalyst Passive Optical Network Switch Web-based Management Interface access control	$10k-$25k	Official Fix
CVE-2021-40112	9.9	Cisco Catalyst Passive Optical Network Switch Web-based Management Interface access control	$10k-$25k	Official Fix
CVE-2021-34795	9.9	Cisco Catalyst Passive Optical Network Switch Web-based Management Interface access control	$10k-$25k	Official Fix
CVE-2021-34774	4.6	Cisco Common Services Platform Collector Web-based Management Interface information disclosure	$5k-$10k	Official Fix
CVE-2021-34741	7.5	Cisco Email Security Appliance allocation of resources	$10k-$25k	Official Fix
CVE-2021-40119	9.8	Cisco Policy Suite Key-based SSH Authentication hard-coded key	$25k-$50k	Official Fix
CVE-2021-34731	4.1	Cisco Prime Access Registrar Web-based Management Interface cross site scripting	$2k-$5k	Official Fix
CVE-2021-34784	4.4	Cisco Prime Infrastructure Web-based Management Interface cross site scripting	$2k-$5k	Official Fix
CVE-2021-40127	5.3	Cisco Small Business 200 Managed Switch Web-based Management Interface denial of service	$5k-$10k	Official Fix
CVE-2021-40120	5.6	Cisco Small Business RV Series Router Web-based Management Interface os command injection	$10k-$25k	Official Fix
CVE-2021-34739	6.8	Cisco Small Business Series Switch Web-based Management Interface session expiration	$10k-$25k	Official Fix
CVE-2021-40126	4.3	Cisco Umbrella Web-based Dashboard information exposure	$5k-$10k	Official Fix
CVE-2021-34773	5.4	Cisco Unified Communications Manager Web-based Management Interface cross-site request forgery	$5k-$10k	Official Fix
CVE-2021-34701	4.3	Cisco Unified Communications Manager Web-based Management Interface path traversal	$5k-$10k	Official Fix
CVE-2021-40128	5.3	Cisco Webex Meetings Account Activation unknown vulnerability	$10k-$25k	Official Fix
CVE-2021-40115	5.2	Cisco Webex Video Mesh Web-based Management Interface cross site scripting	$5k-$10k	Official Fix
CVE-2021-1500	5.4	Cisco Webex Video Mesh Web-based Management Interface redirect	$10k-$25k	Official Fix
CVE-2021-42763	3.5	Couchbase Server information disclosure	$0-$1k	Official Fix
CVE-2021-37842	4.3	Couchbase Server metakv debug log file	$1k-$2k	Official Fix
CVE-2021-38411	3.9	Delta Electronics DIALink API cross site scripting	$0-$1k	Not Defined
CVE-2021-38407	3.9	Delta Electronics DIALink API cross site scripting	$0-$1k	Not Defined
CVE-2021-38488	3.9	Delta Electronics DIALink API Events cross site scripting	$0-$1k	Not Defined
CVE-2021-38403	4.5	Delta Electronics DIALink API Maintenance cross site scripting	$0-$1k	Not Defined
CVE-2021-38428	3.9	Delta Electronics DIALink API Schedule cross site scripting	$0-$1k	Not Defined
CVE-2021-38422	6.0	Delta Electronics DIALink cleartext storage	$0-$1k	Not Defined
CVE-2021-38418	6.2	Delta Electronics DIALink cleartext transmission	$0-$1k	Not Defined
CVE-2021-38416	7.0	Delta Electronics DIALink Library uncontrolled search path	$2k-$5k	Not Defined
CVE-2021-38420	7.0	Delta Electronics DIALink permission	$2k-$5k	Not Defined
CVE-2021-38424	5.3	Delta Electronics DIALink Tag csv injection	$1k-$2k	Not Defined
CVE-2020-25368	7.3	D-Link DIR-823G HNAP1 Protocol os command injection	$10k-$25k	Not Defined
CVE-2020-25367	7.3	D-Link DIR-823G HNAP1 Protocol os command injection	$10k-$25k	Not Defined
CVE-2020-25366	3.5	D-Link DIR-823G upload_firmware.cgi denial of service	$2k-$5k	Not Defined
CVE-2021-33259	5.3	D-Link DIR-868LW DNS Query History improper authentication	$5k-$10k	Not Defined
CVE-2020-18261	5.5	ED01-CMS Image unrestricted upload	$1k-$2k	Not Defined
CVE-2020-18262	6.3	ED01-CMS Parameter cposts.php sql injection	$1k-$2k	Not Defined
CVE-2020-18259	3.5	ED01-CMS Post sposts.php cross site scripting	$0-$1k	Not Defined
CVE-2021-43339	5.5	Ericsson Network Location MPS GMPC21 Export command injection	$1k-$2k	Not Defined
CVE-2021-43338	5.5	Ericsson Network Location MPS GMPC21 Export Privilege Escalation	$2k-$5k	Not Defined
CVE-2020-20658	5.5	fcovatti libiec_iccp_mod calloc buffer overflow	$1k-$2k	Not Defined
CVE-2020-20657	5.5	fcovatti libiec_iccp_mod Packet buffer overflow	$1k-$2k	Not Defined
CVE-2020-15935	4.3	Fortinet FortiADC GUI cleartext storage	$0-$1k	Not Defined
CVE-2020-12814	4.3	Fortinet FortiAnalyzer Web GUI cross site scripting	$0-$1k	Not Defined
CVE-2021-36183	8.0	Fortinet FortiClient Named Pipe improper authorization	$2k-$5k	Not Defined
CVE-2020-15940	4.3	Fortinet FortiClientEMS Parameter cross site scripting	$0-$1k	Not Defined
CVE-2021-42754	3.8	Fortinet FortiClientMacOS Camera code injection	$0-$1k	Not Defined
CVE-2021-36192	4.7	Fortinet FortiManager information disclosure	$1k-$2k	Not Defined
CVE-2021-26107	5.6	Fortinet FortiManager VPN Tunnel Status access control	$2k-$5k	Not Defined
CVE-2021-41019	4.2	Fortinet FortiOS LDAP Server certificate validation	$1k-$2k	Not Defined
CVE-2021-36181	3.7	Fortinet FortiPortal Customer Database Interface race condition	$0-$1k	Official Fix
CVE-2021-36174	5.4	Fortinet FortiPortal License resource consumption	$0-$1k	Official Fix
CVE-2021-36176	4.8	Fortinet FortiPortal Web Interface resource consumption	$0-$1k	Official Fix
CVE-2021-32595	5.4	Fortinet FortiPortal Web Interface resource consumption	$0-$1k	Official Fix
CVE-2021-36172	6.2	Fortinet FortiPortal XML Parser xml external entity reference	$1k-$2k	Official Fix
CVE-2021-41023	4.9	Fortinet FortiSIEM Windows Agent cleartext storage	$0-$1k	Not Defined
CVE-2021-41022	7.8	Fortinet FortiSIEM Windows Agent PowerShell privileges management	$2k-$5k	Not Defined
CVE-2021-36186	9.1	Fortinet FortiWeb HTTP Request stack-based overflow	$2k-$5k	Not Defined
CVE-2021-36187	6.0	Fortinet FortiWeb Webserver Daemon resource consumption	$0-$1k	Not Defined
CVE-2021-36185	8.8	Fortinet FortiWLM HTTP Request os command injection	$2k-$5k	Not Defined
CVE-2021-36184	7.2	Fortinet FortiWLM HTTP Request sql injection	$1k-$2k	Not Defined
CVE-2021-39903	5.6	GitLab Community Edition/Enterprise Edition API Call access control	$2k-$5k	Not Defined
CVE-2021-39905	4.3	GitLab Community Edition/Enterprise Edition API information disclosure	$1k-$2k	Not Defined
CVE-2021-22260	5.6	GitLab Community Edition/Enterprise Edition DataDog cross site scripting	$0-$1k	Not Defined
CVE-2021-39907	5.3	GitLab Community Edition/Enterprise Edition EXIF Data resource consumption	$0-$1k	Not Defined
CVE-2021-39906	6.1	GitLab Community Edition/Enterprise Edition ipynb File cross site scripting	$0-$1k	Not Defined
CVE-2021-39902	5.3	GitLab Community Edition/Enterprise Edition Membership improper authorization	$2k-$5k	Not Defined
CVE-2021-39904	5.3	GitLab Community Edition/Enterprise Edition Merge Request access control	$2k-$5k	Not Defined
CVE-2021-39911	3.0	GitLab Community Edition/Enterprise Edition Merge Request information disclosure	$1k-$2k	Not Defined
CVE-2021-39913	4.3	GitLab Community Edition/Enterprise Edition Migration Log log file	$1k-$2k	Not Defined
CVE-2021-39895	4.0	GitLab Community Edition/Enterprise Edition Pipeline Schedule information disclosure	$0-$1k	Not Defined
CVE-2021-39898	3.7	GitLab Community Edition/Enterprise Edition Project Export access control	$2k-$5k	Not Defined
CVE-2021-39901	2.7	GitLab Community Edition/Enterprise Edition SCIM Token information disclosure	$0-$1k	Not Defined
CVE-2021-39897	3.5	GitLab Community Edition/Enterprise Edition Subgroup Member access control	$2k-$5k	Not Defined
CVE-2021-39912	5.3	GitLab Community Edition/Enterprise Edition TIFF Image memory allocation	$0-$1k	Not Defined
CVE-2021-39909	4.7	GitLab Enterprise Edition CODEOWNERS access control	$2k-$5k	Not Defined
CVE-2021-39914	3.1	GitLab Regular Expression denial of service	$0-$1k	Not Defined
CVE-2021-43396	7.3	GNU C Library ISO-2022-JP-3 Encoding iso-2022-jp-3.c iconv state issue	$2k-$5k	Not Defined
CVE-2021-0889	6.3	Google Android Android TV Remote Service Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0672	5.5	Google Android Browser app Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0922	5.5	Google Android Framework Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0653	5.5	Google Android Framework Privilege Escalation	$50k-$100k	Official Fix
CVE-2020-13871	5.5	Google Android Framework Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0933	5.5	Google Android Framework Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0926	5.5	Google Android Framework Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0923	5.5	Google Android Framework Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0921	5.5	Google Android Framework Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0799	5.5	Google Android Framework Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0929	5.5	Google Android Kernel Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0924	5.5	Google Android Kernel Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0920	5.5	Google Android Kernel Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-1048	6.3	Google Android Kernel use after free	$50k-$100k	Official Fix
CVE-2021-0650	5.5	Google Android Media Framework Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0650	5.5	Google Android Media Framework Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0928	5.5	Google Android Media Framework Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-30284	5.5	Google Android Qualcomm Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-30259	5.5	Google Android Qualcomm Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-30255	5.5	Google Android Qualcomm Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-30254	5.5	Google Android Qualcomm Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-1982	5.5	Google Android Qualcomm Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-1981	5.5	Google Android Qualcomm Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-1979	5.5	Google Android Qualcomm Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-1973	5.5	Google Android Qualcomm Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-1921	5.5	Google Android Qualcomm Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-1975	5.5	Google Android Qualcomm Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-1924	5.5	Google Android Qualcomm Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0919	3.5	Google Android System denial of service	$10k-$25k	Official Fix
CVE-2021-0931	5.5	Google Android System Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0925	5.5	Google Android System Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0932	5.5	Google Android System Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0649	5.5	Google Android System Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0434	5.5	Google Android System Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0930	6.3	Google Android System Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0918	6.3	Google Android System Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0649	5.5	Google Android Tethering Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0653	5.5	Google Android Tethering Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-0927	5.5	Google Android TvInputManager Privilege Escalation	$50k-$100k	Official Fix
CVE-2020-16048	5.9	Google Chrome ANGLE out-of-bounds read	$25k-$50k	Official Fix
CVE-2020-6492	7.9	Google Chrome ANGLE use after free	$50k-$100k	Official Fix
CVE-2018-6125	5.4	Google Chrome USB Policy information disclosure	$25k-$50k	Official Fix
CVE-2018-6122	7.5	Google Chrome WebAssembly type confusion	$50k-$100k	Official Fix
CVE-2021-39346	3.6	Google Maps Easy Plugin mgrEditMarkerGroup.php cross site scripting	$0-$1k	Official Fix
CVE-2021-41218	4.9	Google TensorFlow AllToAll divide by zero	$2k-$5k	Official Fix
CVE-2021-41206	6.0	Google TensorFlow API improper validation of integrity check value	$10k-$25k	Official Fix
CVE-2021-41208	7.5	Google TensorFlow API null pointer dereference	$5k-$10k	Official Fix
CVE-2021-41213	4.9	Google TensorFlow API tf.function locking	$2k-$5k	Official Fix
CVE-2021-41220	7.0	Google TensorFlow CollectiveReduceV2 use after free	$10k-$25k	Official Fix
CVE-2021-41217	4.9	Google TensorFlow Control Flow Graph null pointer dereference	$2k-$5k	Official Fix
CVE-2021-41209	4.9	Google TensorFlow Convolution Operator divide by zero	$2k-$5k	Official Fix
CVE-2021-41215	4.9	Google TensorFlow DeserializeSparse null pointer dereference	$2k-$5k	Official Fix
CVE-2021-41197	4.9	Google TensorFlow Dimensions MultiplyWithoutOverflow integer overflow	$10k-$25k	Official Fix
CVE-2021-41207	4.9	Google TensorFlow divide by zero	$2k-$5k	Official Fix
CVE-2021-41223	6.7	Google TensorFlow FusedBatchNorm out-of-bounds read	$5k-$10k	Official Fix
CVE-2021-41204	4.9	Google TensorFlow Grappler Optimizer uninitialized pointer	$2k-$5k	Official Fix
CVE-2021-41225	4.9	Google TensorFlow Grappler Optimizer uninitialized resource	$2k-$5k	Official Fix
CVE-2021-41227	6.4	Google TensorFlow ImmutableConst out-of-bounds read	$5k-$10k	Official Fix
CVE-2021-41203	7.0	Google TensorFlow Integer Overflow insufficient verification of data authenticity	$5k-$10k	Official Fix
CVE-2021-41196	4.9	Google TensorFlow Keras Pooling Layer integer underflow	$10k-$25k	Official Fix
CVE-2021-41221	7.0	Google TensorFlow Parameter Cudnn buffer overflow	$10k-$25k	Official Fix
CVE-2021-41201	7.0	Google TensorFlow ParseEquation uninitialized pointer	$10k-$25k	Official Fix
CVE-2021-41205	6.7	Google TensorFlow QuantizeAndDequantizeV out-of-bounds read	$5k-$10k	Official Fix
CVE-2021-41211	6.7	Google TensorFlow QuantizeV2 out-of-bounds read	$5k-$10k	Official Fix
CVE-2021-41228	6.2	Google TensorFlow saved_model_cli os command injection	$10k-$25k	Official Fix
CVE-2021-41219	6.0	Google TensorFlow Sparse Matrix Multiplication uninitialized pointer	$2k-$5k	Official Fix
CVE-2021-41226	6.7	Google TensorFlow SparseBinCount out-of-bounds read	$5k-$10k	Official Fix
CVE-2021-41210	6.7	Google TensorFlow SparseCountSparseOutput out-of-bounds read	$5k-$10k	Official Fix
CVE-2021-41224	6.7	Google TensorFlow SparseFillEmptyRows out-of-bounds read	$5k-$10k	Official Fix
CVE-2021-41222	4.9	Google TensorFlow SplitV calculation	$2k-$5k	Official Fix
CVE-2021-41199	4.9	Google TensorFlow tf.image.resize integer overflow	$10k-$25k	Official Fix
CVE-2021-41195	4.9	Google TensorFlow tf.math.segment_* integer overflow	$10k-$25k	Official Fix
CVE-2021-41212	6.7	Google TensorFlow tf.ragged.cross out-of-bounds read	$5k-$10k	Official Fix
CVE-2021-41214	7.0	Google TensorFlow tf.ragged.cross uninitialized pointer	$10k-$25k	Official Fix
CVE-2021-41202	5.9	Google TensorFlow tf.range numeric conversion	$10k-$25k	Official Fix
CVE-2021-41200	4.9	Google TensorFlow tf.summary.create_file_writer assertion	$2k-$5k	Official Fix
CVE-2021-41198	4.9	Google TensorFlow tf.tile integer overflow	$10k-$25k	Official Fix
CVE-2021-41216	5.9	Google TensorFlow Transpose buffer overflow	$10k-$25k	Official Fix
CVE-2021-39238	7.6	HP Enterprise LaserJet buffer overflow	$10k-$25k	Not Defined
CVE-2021-39237	4.0	HP LaserJet information disclosure	$2k-$5k	Not Defined
CVE-2021-3705	5.5	HP LaserJet Pro access control	$10k-$25k	Not Defined
CVE-2021-3704	5.7	HP LaserJet Pro denial of service	$2k-$5k	Not Defined
CVE-2020-28416	5.3	HP OfficeJet/PageWide IRIS OCR Local Privilege Escalation	$5k-$10k	Not Defined
CVE-2020-6931	6.3	HP Print and Scan Doctor Privilege Escalation	$10k-$25k	Not Defined
CVE-2021-3440	6.3	HP Smart App Print/Scan Doctor Privilege Escalation	$10k-$25k	Not Defined
CVE-2021-29212	8.5	HPE iLO Amplifier Pack pathname traversal	$10k-$25k	Not Defined
CVE-2021-29213	6.5	HPE ProLiant DL20 Gen10 access control	$10k-$25k	Official Fix
CVE-2021-29753	4.8	IBM Business Automation Workflow or credentials storage	$10k-$25k	Official Fix
CVE-2021-29888	5.4	IBM InfoSphere Information Server cross-site request forgery	$5k-$10k	Official Fix
CVE-2021-29737	5.7	IBM InfoSphere Information Server Data Flow Designer Engine certificate validation	$10k-$25k	Official Fix
CVE-2021-29738	5.9	IBM InfoSphere Information Server Data Flow Designer server-side request forgery	$10k-$25k	Official Fix
CVE-2021-29875	4.8	IBM InfoSphere Information Server information disclosure	$5k-$10k	Official Fix
CVE-2021-29771	4.4	IBM InfoSphere Information Server Web UI cross site scripting	$2k-$5k	Official Fix
CVE-2021-38948	6.7	IBM InfoSphere Information Server XML Data xml external entity reference	$5k-$10k	Official Fix
CVE-2020-23567	4.3	Irfan Skiljan Irfanview JPEG 2000 File ShowPlugInSaveOptions_W divide by zero	$0-$1k	Not Defined
CVE-2020-23565	6.3	Irfan Skiljan Irfanview JPEG 2000 File ShowPlugInSaveOptions_W Remote Code Execution	$2k-$5k	Not Defined
CVE-2020-23566	4.3	Irfan Skiljan Irfanview ShowPlugInSaveOptions_W infinite loop	$0-$1k	Not Defined
CVE-2021-21690	5.5	Jenkins Agent File protection mechanism	$1k-$2k	Not Defined
CVE-2021-21691	5.5	Jenkins Agent-to-Controller authorization	$1k-$2k	Not Defined
CVE-2021-21689	5.5	Jenkins Agent-to-Controller authorization	$1k-$2k	Not Defined
CVE-2021-21687	5.5	Jenkins Agent-to-Controller authorization	$1k-$2k	Not Defined
CVE-2021-21685	5.5	Jenkins Agent-to-Controller authorization	$1k-$2k	Not Defined
CVE-2021-21692	5.5	Jenkins Agent-to-Controller authorization	$1k-$2k	Not Defined
CVE-2021-21693	5.5	Jenkins Agent-to-Controller improper authorization	$1k-$2k	Not Defined
CVE-2021-21688	5.5	Jenkins Agent-to-Controller Security Check authorization	$1k-$2k	Not Defined
CVE-2021-21686	5.5	Jenkins Agent-to-Controller Security Subsystem path traversal	$1k-$2k	Not Defined
CVE-2021-21694	5.5	Jenkins authorization	$1k-$2k	Not Defined
CVE-2021-21696	5.5	Jenkins FilePath API protection mechanism	$1k-$2k	Not Defined
CVE-2021-21697	5.5	Jenkins incomplete blacklist	$1k-$2k	Not Defined
CVE-2021-21698	5.5	Jenkins Subversion Plugin Subversion Key File path traversal	$1k-$2k	Not Defined
CVE-2021-21695	5.5	Jenkins Symbolic Links authorization	$1k-$2k	Not Defined
CVE-2021-23807	5.6	jsonpointer code injection	$2k-$5k	Official Fix
CVE-2021-23820	5.6	json-pointer type confusion	$2k-$5k	Not Defined
CVE-2021-23509	5.6	json-ptr Parameter type confusion	$2k-$5k	Official Fix
CVE-2021-41247	4.5	JupyterHub Tab session expiration	$1k-$2k	Official Fix
CVE-2021-35053	5.7	Kaspersky Anti-Virus Firefox Parameter denial of service	$0-$1k	Official Fix
CVE-2021-22564	5.0	libjxl JPEG XL Image heap-based overflow	$2k-$5k	Official Fix
CVE-2021-22563	4.8	libjxl JPEG XL Image vector buffer overflow	$2k-$5k	Official Fix
CVE-2020-27820	5.6	Linux Kernel Device Hot-Unplugging postclose use after free	$10k-$25k	Official Fix
CVE-2021-34866	7.2	Linux Kernel eBPF verifier.c check_map_func_compatibility type confusion	$10k-$25k	Official Fix
CVE-2021-43267	7.0	Linux Kernel Inter-Process Communication crypto.c tipc_crypto_key_rcv missing encryption	$5k-$10k	Official Fix
CVE-2021-43389	5.5	Linux Kernel kcapi.c detach_capi_ctr array index	$10k-$25k	Official Fix
CVE-2021-40848	5.5	Mahara csv injection	$1k-$2k	Official Fix
CVE-2021-43264	4.4	Mahara Page Help File pathname traversal	$1k-$2k	Official Fix
CVE-2021-43266	6.4	Mahara PDF Export os command injection	$1k-$2k	Official Fix
CVE-2021-43265	4.4	Mahara Script Element cross site scripting	$0-$1k	Official Fix
CVE-2021-40849	5.5	Mahara Web Service Privilege Escalation	$2k-$5k	Official Fix
CVE-2021-31848	5.4	McAfee Data Loss Prevention ePO Extension cross site scripting	$2k-$5k	Official Fix
CVE-2021-31849	6.5	McAfee Data Loss Prevention ePO Extension sql injection	$5k-$10k	Official Fix
CVE-2021-26739	8.0	Millken DOYOCMS Parameter pay.php sql injection	$1k-$2k	Not Defined
CVE-2021-26740	7.6	Millken DOYOCMS sysupload.php unrestricted upload	$1k-$2k	Not Defined
CVE-2021-38495	7.5	Mozilla Firefox ESR/Thunderbird memory corruption	$25k-$50k	Official Fix
CVE-2021-29993	6.2	Mozilla Firefox intent Scheme denial of service	$10k-$25k	Official Fix
CVE-2021-38499	7.5	Mozilla Firefox memory corruption	$25k-$50k	Official Fix
CVE-2021-38494	7.5	Mozilla Firefox memory corruption	$25k-$50k	Official Fix
CVE-2021-38491	6.4	Mozilla Firefox Remote Code Execution	$25k-$50k	Official Fix
CVE-2021-38501	7.5	Mozilla Firefox/Firefox ESR/Thunderbird memory corruption	$25k-$50k	Official Fix
CVE-2021-38500	7.5	Mozilla Firefox/Firefox ESR/Thunderbird memory corruption	$25k-$50k	Official Fix
CVE-2021-38493	6.3	Mozilla Firefox/Firefox ESR/Thunderbird memory corruption	$25k-$50k	Official Fix
CVE-2021-38496	7.5	Mozilla Firefox/Firefox ESR/Thunderbird MessageTasks memory corruption	$25k-$50k	Official Fix
CVE-2021-38492	5.7	Mozilla Firefox/Firefox ESR/Thunderbird mk Scheme access control	$25k-$50k	Official Fix
CVE-2021-38498	6.9	Mozilla Firefox/Firefox ESR/Thunderbird Shutdown use after free	$25k-$50k	Official Fix
CVE-2021-38497	6.4	Mozilla Firefox/Firefox ESR/Thunderbird window.open origin validation	$25k-$50k	Official Fix
CVE-2021-29991	7.2	Mozilla Firefox/Thunderbird HTTP3 Header request smuggling	$25k-$50k	Official Fix
CVE-2021-38502	4.8	Mozilla Thunderbird SMTP Connection inadequate encryption	$10k-$25k	Official Fix
CVE-2021-20704	6.3	NEC CLUSTERPRO X/EXPRESSCLUSTER X buffer overflow	$2k-$5k	Not Defined
CVE-2021-20701	6.3	NEC Disk Agent CLUSTERPRO X/EXPRESSCLUSTER X buffer overflow	$2k-$5k	Not Defined
CVE-2021-20700	6.3	NEC Disk Agent CLUSTERPRO X/EXPRESSCLUSTER X buffer overflow	$2k-$5k	Not Defined
CVE-2021-20703	6.3	NEC Transaction Server CLUSTERPRO X/EXPRESSCLUSTER X buffer overflow	$2k-$5k	Not Defined
CVE-2021-20702	6.3	NEC Transaction Server CLUSTERPRO X/EXPRESSCLUSTER X buffer overflow	$2k-$5k	Not Defined
CVE-2021-20707	4.3	NEC Transaction Server CLUSTERPRO X/EXPRESSCLUSTER X information disclosure	$1k-$2k	Not Defined
CVE-2021-20706	6.3	NEC WebManager CLUSTERPRO X/EXPRESSCLUSTER X unrestricted upload	$2k-$5k	Not Defined
CVE-2021-20705	6.3	NEC WebManager CLUSTERPRO X/EXPRESSCLUSTER X unrestricted upload	$2k-$5k	Not Defined
CVE-2021-27005	5.9	NetApp Clustered Data ONTAP httpd denial of service	$0-$1k	Official Fix
CVE-2021-27004	4.4	NetApp System Manager iSCSI CHAP Credential missing encryption	$0-$1k	Official Fix
CVE-2021-27723	5.5	Nsasoft Product Key Explorer denial of service	$0-$1k	Not Defined
CVE-2021-27722	5.5	Nsasoft SpotAuditor denial of service	$0-$1k	Not Defined
CVE-2021-1123	6.0	NVIDIA vGPU Software Virtual GPU Manager denial of service	$0-$1k	Not Defined
CVE-2021-1119	6.4	NVIDIA vGPU Software Virtual GPU Manager double free	$2k-$5k	Not Defined
CVE-2021-1121	6.0	NVIDIA vGPU Software Virtual GPU Manager Kernel Driver allocation of resources	$0-$1k	Not Defined
CVE-2021-1122	5.6	NVIDIA vGPU Software Virtual GPU Manager null pointer dereference	$0-$1k	Not Defined
CVE-2021-1120	7.9	NVIDIA vGPU software Virtual GPU Manager null termination	$2k-$5k	Not Defined
CVE-2021-1118	8.3	NVIDIA vGPU Software Virtual GPU Manager unnecessary privileges	$2k-$5k	Not Defined
CVE-2021-35368	7.3	OWASP ModSecurity Core Rule Set Pathname protection mechanism	$2k-$5k	Official Fix
CVE-2020-18263	6.3	PHP-CMS search.php sql injection	$1k-$2k	Not Defined
CVE-2020-23754	6.5	PHP-Fusion Polls poll_admin.php cross site scripting	$0-$1k	Not Defined
CVE-2021-39411	3.5	PHPGurukul Hospital Management System Parameter cross site scripting	$0-$1k	Not Defined
CVE-2021-39412	3.5	PHPGurukul Shopping Parameter cross site scripting	$0-$1k	Not Defined
CVE-2020-18440	7.6	PHPOK init.php buffer overflow	$2k-$5k	Not Defined
CVE-2020-18438	5.5	PHPOK Parameter admin.php pathname traversal	$1k-$2k	Not Defined
CVE-2020-18439	7.3	PHPOK tpl_control.php edit_save_f Privilege Escalation	$2k-$5k	Not Defined
CVE-2021-41748	5.5	Portainer access control	$1k-$2k	Not Defined
CVE-2021-41874	3.5	Portainer information disclosure	$0-$1k	Not Defined
CVE-2021-41250	5.3	Python Discord Bot URL Blacklist protection mechanism	$2k-$5k	Official Fix
CVE-2021-36924	5.3	Realtek RtsUpx USB Utility Driver RtsUpx.sys access control	$1k-$2k	Not Defined
CVE-2021-36925	5.3	Realtek RtsUpx USB Utility Driver RtsUpx.sys denial of service	$0-$1k	Not Defined
CVE-2021-36923	5.3	Realtek RtsUpx USB Utility Driver USB Device RtsUpx.sys access control	$1k-$2k	Not Defined
CVE-2021-36922	5.3	Realtek RtsUpx USB Utility Driver USB Device RtsUpx.sys access control	$1k-$2k	Not Defined
CVE-2021-25509	5.6	Samsung Flow Application access control	$1k-$2k	Official Fix
CVE-2021-25507	4.6	Samsung Flow Mobile Application Notification Data improper authorization	$1k-$2k	Official Fix
CVE-2021-25504	3.6	Samsung Group Sharing Contact Information information disclosure	$0-$1k	Official Fix
CVE-2021-25503	4.4	Samsung HDCP input validation	$0-$1k	Official Fix
CVE-2021-25500	6.8	Samsung HDCP LDFW TEE input validation	$1k-$2k	Official Fix
CVE-2021-25506	3.6	Samsung Health Content Provider denial of service	$0-$1k	Official Fix
CVE-2021-25505	3.3	Samsung Pass Lockscreen improper authentication	$0-$1k	Official Fix
CVE-2021-25502	6.6	Samsung Property Settings privileges management	$1k-$2k	Official Fix
CVE-2021-25501	5.5	Samsung SecTelephonyProvider SCloudBnRReceiver access control	$1k-$2k	Official Fix
CVE-2021-25508	6.3	Samsung SmartThings API Key privileges management	$2k-$5k	Official Fix
CVE-2020-26707	7.6	Shenzhim AAPTJS Parameter add command injection	$1k-$2k	Not Defined
CVE-2020-36380	5.5	Shenzhim AAPTJS Parameter crunch Privilege Escalation	$2k-$5k	Not Defined
CVE-2020-36377	5.5	Shenzhim AAPTJS Parameter dump Privilege Escalation	$2k-$5k	Not Defined
CVE-2020-36376	5.5	Shenzhim AAPTJS Parameter list Privilege Escalation	$2k-$5k	Not Defined
CVE-2020-36378	5.5	Shenzhim AAPTJS Parameter packageCmd Privilege Escalation	$2k-$5k	Not Defined
CVE-2020-36379	5.5	Shenzhim AAPTJS Parameter remove Privilege Escalation	$2k-$5k	Not Defined
CVE-2020-36381	5.5	Shenzhim AAPTJS Parameter singleCrunch Privilege Escalation	$2k-$5k	Not Defined
CVE-2021-43293	4.3	Sonatype Nexus Repository Manager server-side request forgery	$2k-$5k	Official Fix
CVE-2021-42568	5.5	Sonatype Nexus Repository Manager SSL Certificate access control	$1k-$2k	Not Defined
CVE-2021-36808	5.9	Sophos Secure Workspace race condition	$0-$1k	Official Fix
CVE-2021-41645	7.5	Sourcecodester Budget and Expense Tracker System Image Upload unrestricted upload	$2k-$5k	Not Defined
CVE-2021-41643	8.0	SourceCodester Church Management System Image Upload unrestricted upload	$2k-$5k	Not Defined
CVE-2021-43130	6.3	SourceCodester Customer Relationship Management login.php sql injection	$1k-$2k	Not Defined
CVE-2021-41675	6.7	SourceCodester E-Negosyo System controller.php doInsert unrestricted upload	$2k-$5k	Not Defined
CVE-2021-41674	8.0	SourceCodester E-Negosyo System Parameter login.php sql injection	$1k-$2k	Not Defined
CVE-2021-42669	6.3	Sourcecodester Engineers Online Portal in PHP dashboard_teacher.php unrestricted upload	$2k-$5k	Not Defined
CVE-2021-42671	7.3	Sourcecodester Engineers Online Portal in PHP File Upload uploads improper authentication	$1k-$2k	Not Defined
CVE-2021-42665	7.3	Sourcecodester Engineers Online Portal in PHP Login Form index.php sql injection	$2k-$5k	Not Defined
CVE-2021-42670	6.3	Sourcecodester Engineers Online Portal in PHP Parameter announcements_student.php sql injection	$1k-$2k	Not Defined
CVE-2021-42668	6.3	Sourcecodester Engineers Online Portal in PHP Parameter my_classmates.php sql injection	$1k-$2k	Not Defined
CVE-2021-42666	6.3	Sourcecodester Engineers Online Portal in PHP Parameter quiz_question.php sql injection	$1k-$2k	Not Defined
CVE-2021-42664	3.5	Sourcecodester Engineers Online Portal in PHP Quiz add_quiz.php cross site scripting	$0-$1k	Not Defined
CVE-2021-42662	3.5	SourceCodester Online Event Booking and Reservation System cross site scripting	$0-$1k	Not Defined
CVE-2021-42663	4.3	SourceCodester Online Event Booking and Reservation System index.php injection	$2k-$5k	Not Defined
CVE-2021-42667	6.3	SourceCodester Online Event Booking and Reservation System views sql injection	$1k-$2k	Not Defined
CVE-2021-41644	8.0	SourceCodester Online Food Ordering System Image Upload unrestricted upload	$2k-$5k	Not Defined
CVE-2021-41646	8.0	SourceCodester Online Reviewer System Image Upload unrestricted upload	$2k-$5k	Not Defined
CVE-2021-36560	8.5	SourceCodester Phone Shop Sales Managements System improper authentication	$1k-$2k	Not Defined
CVE-2021-41492	6.3	Sourcecodester Simple Cashiering System sql injection	$1k-$2k	Not Defined
CVE-2021-43140	6.3	Sourcecodester Simple Subscription Website Login sql injection	$1k-$2k	Not Defined
CVE-2021-43141	3.5	Sourcecodester Simple Subscription Website plan_application cross site scripting	$0-$1k	Not Defined
CVE-2020-22223	6.3	Stivasoft Fundraising Script pjActionLoad sql injection	$1k-$2k	Not Defined
CVE-2020-22222	3.5	Stivasoft Fundraising Script pjActionLoadCss cross site scripting	$0-$1k	Not Defined
CVE-2020-22225	6.3	Stivasoft Fundraising Script pjActionLoadForm sql injection	$1k-$2k	Not Defined
CVE-2020-22224	3.5	Stivasoft Fundraising Script pjActionPreview cross site scripting	$0-$1k	Not Defined
CVE-2020-22226	6.3	Stivasoft Fundraising Script pjActionSetAmount sql injection	$1k-$2k	Not Defined
CVE-2021-24770	6.0	Stylish Price List Plugin AJAX Action spl_upload_ser_img access control	$1k-$2k	Official Fix
CVE-2021-24757	5.8	Stylish Price List Plugin AJAX Action spl_upload_ser_img access control	$2k-$5k	Official Fix
CVE-2021-42574	7.4	Unicode Specification Bidirectional Algorithm source code	$2k-$5k	Not Defined
CVE-2021-42694	7.4	Unicode Specification Homoglyph source code	$2k-$5k	Not Defined
CVE-2021-3927	6.8	Vim heap-based overflow	$2k-$5k	Official Fix
CVE-2021-3928	6.8	Vim stack-based overflow	$2k-$5k	Official Fix
CVE-2015-20067	4.3	WP Attachment Export Plugin XML Data authorization	$2k-$5k	Official Fix
CVE-2021-42359	7.4	WP DSGVO Tools AJAX Request access control	$2k-$5k	Not Defined
CVE-2021-24723	4.4	WP Reactions Lite Plugin cross site scripting	$0-$1k	Official Fix
CVE-2021-24715	4.1	WP Sitemap Page Plugin Setting cross site scripting	$0-$1k	Official Fix
CVE-2021-24793	4.1	WPeMatico RSS Feed Fetcher Plugin Campaign cross site scripting	$0-$1k	Official Fix
CVE-2020-36504	4.3	WP-Pro-Quiz Plugin Delete cross-site request forgery	$0-$1k	Not Defined
CVE-2015-10001	2.4	WP-Stats Plugin cross site scripting	$0-$1k	Official Fix
CVE-2020-24743	6.3	Zoho ManageEngine Applications Manager showReports.do access control	$2k-$5k	Not Defined
CVE-2021-20136	8.5	Zoho ManageEngine ManageEngine Log360 Database Configuration access control	$2k-$5k	Official Fix