آسیب‌پذیری‌های حیاتی هفته چهارم آبان‌ماه

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Microsoft گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد. همچنین در محصولات شرکت‌های Qualcomm، Apache، Siemens ، IBM، Palo Alto، Samba و کرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری	امتیاز مبنا	عنوان آسیب‌پذیری	ارزش روز صفر	رفع آسیب‌پذیری
CVE-2021-40518	3.5	Airangel HSMX Gateway cross-site request forgery	$0-$1k	Not Defined
CVE-2021-40519	6.3	Airangel HSMX Gateway hard-coded credentials	$1k-$2k	Not Defined
CVE-2021-40520	5.5	Airangel HSMX Gateway improper authentication	$1k-$2k	Not Defined
CVE-2021-40521	6.3	Airangel HSMX Gateway Privilege Escalation	$2k-$5k	Not Defined
CVE-2021-40517	3.5	Airangel HSMX Gateway Table Update cross site scripting	$0-$1k	Not Defined
CVE-2021-26558	5.5	Apache ShardingSphere-UI deserialization	$5k-$25k	Official Fix
CVE-2021-41972	3.5	Apache Superset Database Connection insufficiently protected credentials	$0-$5k	Not Defined
CVE-2021-43350	6.3	Apache Traffic Control API login ldap injection	$5k-$25k	Not Defined
CVE-2021-25978	4.4	Apostrophe CMS Image Module cross site scripting	$0-$1k	Official Fix
CVE-2021-25979	6.7	Apostrophe CMS session expiration	$1k-$2k	Official Fix
CVE-2021-41289	5.4	Asus P453UJ BIOS memory corruption	$0-$5k	Not Defined
CVE-2021-37910	3.7	ASUS Router WPA2/WPA3-SAE denial of service	$0-$5k	Not Defined
CVE-2021-42073	4.6	Barrier Cilent Label state issue	$1k-$2k	Official Fix
CVE-2021-42072	5.5	Barrier Client Connection Privilege Escalation	$2k-$5k	Official Fix
CVE-2021-42074	4.3	Barrier TCP Connection denial of service	$0-$1k	Official Fix
CVE-2021-42075	5.3	Barrier TCP Connection resource consumption	$0-$1k	Official Fix
CVE-2021-42076	3.5	Barrier TCP Message memory allocation	$0-$1k	Official Fix
CVE-2021-43611	3.5	Belledonne Belle-sip Header denial of service	$0-$5k	Official Fix
CVE-2021-43610	4.3	Belledonne Belle-sip Header denial of service	$0-$5k	Official Fix
CVE-2021-3792	4.5	Binatone Hubble Camera Communication Channel cleartext transmission	$0-$5k	Not Defined
CVE-2021-3788	6.8	Binatone Hubble Camera Debug Interface access control	$0-$5k	Not Defined
CVE-2021-3793	5.4	Binatone Hubble Camera Firmware Update direct request	$0-$5k	Not Defined
CVE-2021-3789	3.1	Binatone Hubble Camera Firmware Update insufficiently protected credentials	$0-$5k	Not Defined
CVE-2021-3791	5.4	Binatone Hubble Camera log file	$0-$5k	Not Defined
CVE-2021-3787	4.2	Binatone Hubble Camera MQTT Credentials credentials storage	$0-$5k	Not Defined
CVE-2021-3577	8.8	Binatone Hubble Camera os command injection	$0-$5k	Not Defined
CVE-2021-3790	5.4	Binatone Hubble Camera Web Server stack-based overflow	$0-$5k	Not Defined
CVE-2021-3641	4.7	Bitdefender GravityZone Endpoint Security Tools denial of service	$0-$1k	Not Defined
CVE-2021-42774	7.3	Broadcom Emulex HBA Manager Management Mode buffer overflow	$0-$5k	Official Fix
CVE-2021-42773	3.7	Broadcom Emulex HBA Manager Management Mode GetDumpFile information disclosure	$0-$5k	Official Fix
CVE-2021-42775	7.3	Broadcom Emulex HBA Manager Management Mode Remote Code Execution	$0-$5k	Official Fix
CVE-2021-22955	5.3	Citrix ADC/Gateway VPN Gateway/AAA Virtual Server resource consumption	$2k-$5k	Official Fix
CVE-2021-22956	3.1	Citrix ADC/Gateway/SD-WAN WANOP Edition NSIP/SNIP resource consumption	$2k-$5k	Official Fix
CVE-2021-29994	4.8	Cloudera HUE cross site scripting	$0-$1k	Not Defined
CVE-2021-32481	4.8	Cloudera Hue Parameter cross site scripting	$0-$1k	Not Defined
CVE-2021-30132	7.6	Cloudera Manager access control	$1k-$2k	Not Defined
CVE-2021-29243	3.5	Cloudera Manager cross site scripting	$0-$1k	Not Defined
CVE-2021-32483	5.4	Cloudera Manager Dashboard access control	$1k-$2k	Not Defined
CVE-2021-32482	3.5	Cloudera Manager Parameter cross site scripting	$0-$1k	Not Defined
CVE-2021-3907	6.5	Cloudflare OctoRPKI Cache Folder path traversal	$0-$5k	Not Defined
CVE-2021-3908	4.8	Cloudflare OctoRPKI Certificate Chain resource consumption	$0-$5k	Not Defined
CVE-2021-3909	3.3	Cloudflare OctoRPKI HTTP Request resource consumption	$0-$5k	Not Defined
CVE-2021-3911	3.1	Cloudflare OctoRPKI Repository denial of service	$0-$5k	Not Defined
CVE-2021-3910	3.3	Cloudflare OctoRPKI Repository denial of service	$0-$5k	Not Defined
CVE-2021-3912	3.1	Cloudflare OctoRPKI Repository resource consumption	$0-$5k	Not Defined
CVE-2021-36325	6.9	Dell BIOS SMRAM input validation	$5k-$25k	Not Defined
CVE-2021-36324	6.9	Dell BIOS SMRAM input validation	$5k-$25k	Not Defined
CVE-2021-36323	6.9	Dell BIOS SMRAM input validation	$5k-$25k	Not Defined
CVE-2021-36315	6.8	Dell EMC PowerScale Nodes access control	$5k-$25k	Not Defined
CVE-2021-21528	6.4	Dell EMC PowerScale OneFS file information disclosure	$5k-$25k	Not Defined
CVE-2021-36305	5.4	Dell EMC PowerScale OneFS SMB CA denial of service	$0-$5k	Not Defined
CVE-2021-3945	6.5	django-helpdesk Web Page Generation cross site scripting	$0-$5k	Official Fix
CVE-2021-33618	3.5	Dolibarr Attribute cross site scripting	$0-$5k	Official Fix
CVE-2021-33816	6.3	Dolibarr Website Builder protection mechanism	$0-$5k	Not Defined
CVE-2021-37850	5.1	ESET Cyber Security Daemon denial of service	$0-$1k	Official Fix
CVE-2021-24835	6.3	Frontend Manager for WooCommerce Plugin sql injection	$1k-$2k	Official Fix
CVE-2021-22870	4.3	GitHub Enterprise Server Pages path traversal	$1k-$2k	Official Fix
CVE-2021-43414	8.8	GNU Hurd Authentication Protocol access control	$2k-$5k	Official Fix
CVE-2021-43412	7.8	GNU Hurd libports use after free	$2k-$5k	Official Fix
CVE-2021-43413	8.8	GNU Hurd Pager Port access control	$2k-$5k	Official Fix
CVE-2021-43411	7.5	GNU Hurd setuid info.c race condition	$1k-$2k	Official Fix
CVE-2021-43332	3.1	GNU Mailman admindb.py insufficiently protected credentials	$0-$5k	Official Fix
CVE-2021-43331	3.5	GNU Mailman Options Page options.py cross site scripting	$0-$5k	Official Fix
CVE-2021-43618	3.5	GNU Multiple Precision Arithmetic Library inp_raw.c integer overflow	$0-$5k	Official Fix
CVE-2021-41771	3.5	Google Go Slice ImportedSymbols out-of-bounds read	$2k-$5k	Official Fix
CVE-2021-41772	3.5	Google Go ZIP Archive denial of service	$2k-$5k	Official Fix
CVE-2021-24594	2.4	Google Language Translator Plugin Setting cross site scripting	$0-$1k	Official Fix
CVE-2021-43561	3.5	google_for_jobs Extension cross site scripting	$0-$1k	Official Fix
CVE-2021-42838	5.2	Grand Vice webopac7 Search Field cross site scripting	$0-$5k	Not Defined
CVE-2021-42839	7.5	Grand Vice webopac7 unrestricted upload	$0-$5k	Not Defined
CVE-2021-34684	8.5	Hitachi Vantara Pentaho Business Analytics Data Source editor sql injection	$2k-$5k	Not Defined
CVE-2021-34685	4.5	Hitachi Vantara Pentaho Business Analytics UploadService unrestricted upload	$2k-$5k	Not Defined
CVE-2021-31599	7.5	Hitachi Vantara Pentaho Report File injection	$2k-$5k	Not Defined
CVE-2021-31602	5.3	Hitachi Vantara Pentaho Security Model applicationContext-spring-security.xml access control	$2k-$5k	Not Defined
CVE-2021-31601	5.7	Hitachi Vantara Pentaho SOAP information disclosure	$1k-$2k	Not Defined
CVE-2021-31600	4.3	Hitachi Vantara Pentaho SOAP information disclosure	$1k-$2k	Not Defined
CVE-2020-28419	5.5	HP LaserJet Installation Privilege Escalation	$10k-$25k	Not Defined
CVE-2019-18916	5.5	HP LaserJet Solution Software Privilege Escalation	$10k-$25k	Not Defined
CVE-2019-16240	6.6	HP Officejet Pro/PageWide Managed Printer Print File buffer overflow	$10k-$25k	Official Fix
CVE-2019-18912	5.6	HP Printer/MFP FutureSmart denial of service	$2k-$5k	Not Defined
CVE-2019-18914	3.5	HP Printer/MFP Link cross site scripting	$2k-$5k	Not Defined
CVE-2021-29843	5.0	IBM IBM MQ Message Property denial of service	$2k-$5k	Official Fix
CVE-2021-38887	4.3	IBM InfoSphere Information Server Application Response information disclosure	$5k-$10k	Official Fix
CVE-2021-3723	7.2	IBM Integrated Management Module SSH/Telnez os command injection	$5k-$25k	Not Defined
CVE-2020-4160	5.2	IBM QRadar Network Security cleartext transmission	$5k-$10k	Official Fix
CVE-2020-4152	5.5	IBM QRadar Network Security Communication Channel cleartext transmission	$5k-$10k	Official Fix
CVE-2020-4153	4.8	IBM QRadar Network Security Web UI cross site scripting	$2k-$5k	Official Fix
CVE-2021-29735	4.2	IBM Security Guardium Web UI cross site scripting	$2k-$5k	Official Fix
CVE-2020-4146	3.8	IBM Security SiteProtector System cookie without 'httponly' flag	$5k-$25k	Official Fix
CVE-2020-4140	4.4	IBM Security SiteProtector System Web UI cross site scripting	$0-$5k	Official Fix
CVE-2021-38985	4.3	IBM Tivoli Key Lifecycle Manager input validation	$5k-$25k	Official Fix
CVE-2021-38973	2.6	IBM Tivoli Key Lifecycle Manager input validation	$5k-$25k	Official Fix
CVE-2021-38972	4.3	IBM Tivoli Key Lifecycle Manager input validation	$5k-$25k	Official Fix
CVE-2021-33086	4.7	Intel NUC out-of-bounds write	$5k-$25k	Official Fix
CVE-2021-43183	4.3	JetBrains Hub Authentication Throttling excessive authentication	$1k-$2k	Official Fix
CVE-2021-43180	5.5	JetBrains Hub Avatar Metadata information disclosure	$0-$1k	Official Fix
CVE-2021-43181	4.8	JetBrains Hub cross site scripting	$0-$1k	Official Fix
CVE-2021-43182	5.5	JetBrains Hub User Information denial of service	$0-$1k	Official Fix
CVE-2021-43203	6.5	JetBrains Ktor OAuth2 Authentication improper authentication	$1k-$2k	Official Fix
CVE-2021-43200	8.5	JetBrains TeamCity Agent Push permission	$2k-$5k	Official Fix
CVE-2021-43193	8.0	JetBrains TeamCity Agent Push Privilege Escalation	$2k-$5k	Official Fix
CVE-2021-43199	6.3	JetBrains TeamCity Create Patch default permission	$2k-$5k	Official Fix
CVE-2021-43198	4.4	JetBrains TeamCity cross site scripting	$0-$1k	Official Fix
CVE-2021-43196	6.4	JetBrains TeamCity Docker Registry Connection Dialog exposure of resource	$1k-$2k	Official Fix
CVE-2021-43197	5.2	JetBrains TeamCity Email Notification cross site scripting	$0-$1k	Official Fix
CVE-2021-43195	5.3	JetBrains TeamCity HTTP Security Header unknown vulnerability	$2k-$5k	Official Fix
CVE-2021-43194	4.4	JetBrains TeamCity information disclosure	$0-$1k	Official Fix
CVE-2021-43201	5.3	JetBrains TeamCity Project unknown vulnerability	$2k-$5k	Official Fix
CVE-2021-43186	4.4	JetBrains YouTrack cross site scripting	$0-$1k	Official Fix
CVE-2021-43184	3.5	JetBrains YouTrack cross site scripting	$0-$1k	Official Fix
CVE-2021-43185	5.5	JetBrains YouTrack Header injection	$1k-$2k	Official Fix
CVE-2021-43189	5.5	JetBrains YouTrack Mobile Access Token Privilege Escalation	$2k-$5k	Official Fix
CVE-2021-43188	5.5	JetBrains YouTrack Mobile Access Token Privilege Escalation	$2k-$5k	Official Fix
CVE-2021-43187	3.3	JetBrains YouTrack Mobile Cache information disclosure	$0-$1k	Official Fix
CVE-2021-43191	5.6	JetBrains YouTrack Mobile Security Screen missing authentication	$1k-$2k	Official Fix
CVE-2021-43190	5.4	JetBrains YouTrack Mobile Task access control	$1k-$2k	Official Fix
CVE-2021-43192	5.4	JetBrains YouTrack Mobile URL Scheme Privilege Escalation	$2k-$5k	Official Fix
CVE-2021-3918	8.5	json-schema Object Prototype code injection	$0-$5k	Official Fix
CVE-2021-3840	8.8	Lenovo Antilles Installation uncontrolled search path	$0-$5k	Official Fix
CVE-2021-3519	6.6	Lenovo Desktop Boot Menu improper authentication	$0-$5k	Not Defined
CVE-2021-3720	4.4	Lenovo Legion Phone Pro/Legion Phone2 Pro Time Weather System widget default permission	$0-$5k	Not Defined
CVE-2021-3786	4.4	Lenovo Notebook/ThinkPad SMRAM input validation	$0-$5k	Not Defined
CVE-2021-3719	6.7	Lenovo ThinkCentre/ThinkStation SMI Callback input validation	$0-$5k	Not Defined
CVE-2021-3718	4.3	Lenovo ThinkPad Enhanced Biometrics Setting denial of service	$0-$5k	Not Defined
CVE-2021-3599	6.7	Lenovo ThinkPad SMI Callback input validation	$0-$5k	Not Defined
CVE-2021-3843	6.7	Lenovo ThinkPad SMI input validation	$0-$5k	Not Defined
CVE-2021-31853	8.3	McAfee Drive Encryption DLL Loader uncontrolled search path	$10k-$25k	Official Fix
CVE-2021-43209	7.0	Microsoft 3D Viewer Remote Code Execution	$10k-$25k	Official Fix
CVE-2021-43208	7.0	Microsoft 3D Viewer Remote Code Execution	$10k-$25k	Official Fix
CVE-2021-42323	3.8	Microsoft Azure RTOS information disclosure	$5k-$10k	Official Fix
CVE-2021-42301	3.3	Microsoft Azure RTOS information disclosure	$2k-$5k	Official Fix
CVE-2021-26444	2.7	Microsoft Azure RTOS information disclosure	$0-$1k	Official Fix
CVE-2021-42304	5.7	Microsoft Azure RTOS Local Privilege Escalation	$5k-$10k	Official Fix
CVE-2021-42303	5.7	Microsoft Azure RTOS Local Privilege Escalation	$5k-$10k	Official Fix
CVE-2021-42302	5.7	Microsoft Azure RTOS Local Privilege Escalation	$5k-$10k	Official Fix
CVE-2021-41376	2.5	Microsoft Azure Sphere information disclosure	$5k-$10k	Official Fix
CVE-2021-41375	3.5	Microsoft Azure Sphere information disclosure	$5k-$10k	Official Fix
CVE-2021-41374	6.5	Microsoft Azure Sphere information disclosure	$5k-$10k	Official Fix
CVE-2021-42300	5.8	Microsoft Azure Sphere Local Privilege Escalation	$5k-$10k	Official Fix
CVE-2021-42316	7.6	Microsoft Dynamics 365 Privilege Escalation	$10k-$25k	Official Fix
CVE-2021-41351	4.3	Microsoft Edge IE Mode information disclosure	$25k-$50k	Official Fix
CVE-2021-41349	5.4	Microsoft Exchange Server information disclosure	$10k-$25k	Official Fix
CVE-2021-42321	8.8	Microsoft Exchange Server Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-42305	6.4	Microsoft Exchange Server Remote Code Execution	$25k-$50k	Official Fix
CVE-2021-41373	4.9	Microsoft FSLogix information disclosure	$5k-$10k	Official Fix
CVE-2021-42298	8.3	Microsoft Malware Protection Engine Defender Remote Code Execution	$25k-$50k	Official Fix
CVE-2021-41368	6.2	Microsoft Office Access Remote Code Execution	$10k-$25k	Official Fix
CVE-2021-42292	7.3	Microsoft Office Excel authorization	$10k-$25k	Official Fix
CVE-2021-40442	7.0	Microsoft Office Excel Remote Code Execution	$10k-$25k	Official Fix
CVE-2021-42296	7.0	Microsoft Office Word Remote Code Execution	$10k-$25k	Official Fix
CVE-2021-41372	7.0	Microsoft Power BI Report Server Privilege Escalation	$10k-$25k	Official Fix
CVE-2021-42322	6.4	Microsoft Visual Studio Code Remote Code Execution	$10k-$25k	Official Fix
CVE-2021-42319	3.9	Microsoft Visual Studio denial of service	$1k-$2k	Official Fix
CVE-2021-3711	7.6	Microsoft Visual Studio OpenSSL buffer overflow	$10k-$25k	Official Fix
CVE-2021-42291	7.5	Microsoft Windows Active Directory Domain Services Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-42287	7.5	Microsoft Windows Active Directory Domain Services Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-42282	7.5	Microsoft Windows Active Directory Domain Services Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-42278	7.5	Microsoft Windows Active Directory Domain Services Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-42279	4.6	Microsoft Windows Chakra Scripting Engine Remote Code Execution	$50k-$100k	Official Fix
CVE-2021-42275	8.8	Microsoft Windows COM for Windows Remote Privilege Escalation	$100k and more	Official Fix
CVE-2021-42286	8.3	Microsoft Windows Core Shell SI Host Extension Framework Privilege Escalation	$100k and more	Official Fix
CVE-2021-41366	8.3	Microsoft Windows Credential Security Support Provider Protocol Privilege Escalation	$100k and more	Official Fix
CVE-2021-41356	7.5	Microsoft Windows denial of service	$10k-$25k	Official Fix
CVE-2021-36957	8.3	Microsoft Windows Desktop Bridge Privilege Escalation	$100k and more	Official Fix
CVE-2021-42277	4.9	Microsoft Windows Diagnostics Hub Standard Collector denial of service	$10k-$25k	Official Fix
CVE-2021-41377	8.3	Microsoft Windows Fast FAT File System Driver Privilege Escalation	$100k and more	Official Fix
CVE-2021-42280	6.0	Microsoft Windows Feedback Hub denial of service	$10k-$25k	Official Fix
CVE-2021-42288	6.1	Microsoft Windows Hello Security improper authentication	$10k-$25k	Official Fix
CVE-2021-42284	6.8	Microsoft Windows Hyper-V denial of service	$10k-$25k	Official Fix
CVE-2021-42274	6.8	Microsoft Windows Hyper-V Discrete Device Assignment denial of service	$10k-$25k	Official Fix
CVE-2021-41379	5.9	Microsoft Windows Installer Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-42285	8.3	Microsoft Windows Kernel Privilege Escalation	$100k and more	Official Fix
CVE-2021-42276	7.0	Microsoft Windows Media Foundation Remote Code Execution	$50k-$100k	Official Fix
CVE-2021-42283	9.4	Microsoft Windows NTFS Privilege Escalation	$100k and more	Official Fix
CVE-2021-41378	8.3	Microsoft Windows NTFS Privilege Escalation	$100k and more	Official Fix
CVE-2021-41370	8.3	Microsoft Windows NTFS Privilege Escalation	$100k and more	Official Fix
CVE-2021-41367	8.3	Microsoft Windows NTFS Privilege Escalation	$100k and more	Official Fix
CVE-2021-38666	8.8	Microsoft Windows Remote Desktop Client Remote Code Execution	$100k and more	Official Fix
CVE-2021-38665	6.0	Microsoft Windows Remote Desktop Protocol Client information disclosure	$25k-$50k	Official Fix
CVE-2021-41371	3.5	Microsoft Windows Remote Desktop Protocol information disclosure	$10k-$25k	Official Fix
CVE-2021-38631	3.5	Microsoft Windows Remote Desktop Protocol information disclosure	$10k-$25k	Official Fix
CVE-2021-26443	9.0	Microsoft Windows Virtual Machine Bus Privilege Escalation	$50k-$100k	Official Fix
CVE-2021-43174	3.5	Nlnet Labs Routinator gzip Transfer Encoding resource consumption	$0-$1k	Not Defined
CVE-2021-43173	3.5	Nlnet Labs Routinator RRDP Repository exceptional condition	$1k-$2k	Official Fix
CVE-2021-43172	3.5	Nlnet Labs Routinator RRDP Repository recursion	$0-$1k	Official Fix
CVE-2021-37157	4.3	OGP-Agent-Linux Config.pm missing encryption	$0-$1k	Not Defined
CVE-2021-37158	5.5	OGP-Agent-Linux Counter-Strike Server os command injection	$1k-$2k	Official Fix
CVE-2021-43273	5.5	Open Design Alliance Drawings SDK DGN File out-of-bounds read	$0-$5k	Official Fix
CVE-2021-43390	5.5	Open Design Alliance Drawings SDK DGN File out-of-bounds write	$0-$5k	Official Fix
CVE-2021-43275	5.5	Open Design Alliance Drawings SDK DGN File use after free	$0-$5k	Official Fix
CVE-2021-43274	5.5	Open Design Alliance Drawings SDK DWF File Parser use after free	$0-$5k	Official Fix
CVE-2021-43280	5.5	Open Design Alliance Drawings SDK DWF File stack-based overflow	$0-$5k	Official Fix
CVE-2021-43391	5.5	Open Design Alliance Drawings SDK DXF File out-of-bounds read	$0-$5k	Official Fix
CVE-2021-43336	5.5	Open Design Alliance Drawings SDK DXF File out-of-bounds write	$0-$5k	Official Fix
CVE-2021-43278	5.5	Open Design Alliance Drawings SDK OBJ File out-of-bounds read	$0-$5k	Official Fix
CVE-2021-43276	5.5	Open Design Alliance ODA Viewer DWF File out-of-bounds read	$0-$5k	Official Fix
CVE-2021-43272	5.5	Open Design Alliance ODA Viewer DWF File Privilege Escalation	$0-$5k	Official Fix
CVE-2021-43277	5.5	Open Design Alliance PRC SDK U3D File out-of-bounds read	$0-$5k	Official Fix
CVE-2021-43279	5.5	Open Design Alliance PRC SDK U3D File out-of-bounds write	$0-$5k	Official Fix
CVE-2021-43494	3.5	OpenCV-REST-API pathname traversal	$0-$5k	Not Defined
CVE-2021-43577	5.5	OWASP Dependency-Check Plugin XML Parser xml external entity reference	$0-$5k	Not Defined
CVE-2021-3061	6.5	Palo Alto PAN-OS Command Line Interface os command injection	$2k-$5k	Official Fix
CVE-2021-3056	8.8	Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow	$2k-$5k	Official Fix
CVE-2021-3062	7.2	Palo Alto PAN-OS GlobalProtect Portal access control	$2k-$5k	Official Fix
CVE-2021-3063	6.4	Palo Alto PAN-OS GlobalProtect Portal exceptional condition	$2k-$5k	Official Fix
CVE-2021-3064	9.8	Palo Alto PAN-OS GlobalProtect Portal stack-based overflow	$2k-$5k	Official Fix
CVE-2021-3059	8.1	Palo Alto PAN-OS Management Interface os command injection	$2k-$5k	Official Fix
CVE-2021-3060	8.1	Palo Alto PAN-OS Simple Certificate Enrollment Protocol os command injection	$2k-$5k	Official Fix
CVE-2021-3058	8.0	Palo Alto PAN-OS Web Interface os command injection	$2k-$5k	Official Fix
CVE-2020-23878	5.5	pdf2json fetch stack-based overflow	$0-$5k	Not Defined
CVE-2020-23879	3.5	pdf2json getObject null pointer dereference	$0-$5k	Not Defined
CVE-2020-23874	5.5	pdf2xml addAttributsNode heap-based overflow	$0-$5k	Not Defined
CVE-2020-23873	5.5	pdf2xml dump heap-based overflow	$0-$5k	Not Defined
CVE-2020-23877	5.5	pdf2xml getObjectStream stack-based overflow	$0-$5k	Not Defined
CVE-2020-23872	4.3	pdf2xml restoreState null pointer dereference	$0-$5k	Not Defined
CVE-2020-23876	3.5	pdf2xml testLinkedText memory leak	$0-$5k	Not Defined
CVE-2021-34598	6.4	Phoenix Contact FL MGUARD 1102/FL MGUARD 1105 Remote Logging memory leak	$0-$1k	Not Defined
CVE-2021-34582	5.4	Phoenix Contact FL MGUARD 1102/FL MGUARD 1105 Web-based Management/REST API cross site scripting	$0-$1k	Not Defined
CVE-2021-24816	4.9	Phoenix Media Rename Plugin AJAX Action phoenix_media_rename access control	$1k-$2k	Official Fix
CVE-2021-42078	3.5	PHP Event Calendar Parameter events_manager.php cross site scripting	$0-$1k	Official Fix
CVE-2021-42077	7.3	PHP Event Calendar user_manager.php sql injection	$2k-$5k	Official Fix
CVE-2021-24669	7.5	Preloader Builder Plugin mzldr Shortcode sql injection	$1k-$2k	Official Fix
CVE-2021-25975	4.4	Publify File Upload cross site scripting	$0-$1k	Official Fix
CVE-2021-25974	4.4	Publify Page cross site scripting	$0-$1k	Official Fix
CVE-2021-3572	5.0	python-pip Unicode input validation	$2k-$5k	Official Fix
CVE-2021-38684	8.1	QNAP Multimedia Console stack-based overflow	$0-$5k	Official Fix
CVE-2021-34357	5.6	QNAP QmailAgent cross site scripting	$0-$5k	Official Fix
CVE-2021-1903	5.3	Qualcomm Snapdragon Auto Channel Switch Announcement IE denial of service	$5k-$25k	Official Fix
CVE-2021-1912	8.6	Qualcomm Snapdragon Auto Count integer overflow	$25k-$100k	Official Fix
CVE-2021-30266	7.0	Qualcomm Snapdragon Auto Interface Add Command use after free	$5k-$25k	Official Fix
CVE-2021-30265	7.0	Qualcomm Snapdragon Auto Statistics memory corruption	$5k-$25k	Official Fix
CVE-2021-30264	7.0	Qualcomm Snapdragon Auto use after free	$5k-$25k	Official Fix
CVE-2021-30321	9.8	Qualcomm Snapdragon Compute MBSSID Scan buffer overflow	$25k-$100k	Official Fix
CVE-2021-30263	7.0	Qualcomm Snapdragon Compute On-Device Logging race condition	$5k-$25k	Official Fix
CVE-2021-43573	5.5	Realtek RTL8195AM Response Frame buffer overflow	$0-$5k	Official Fix
CVE-2021-24767	3.5	Redirect 404 Error Page to Homepage or Custom Page with Logs Plugin Log cross-site request forgery	$0-$1k	Official Fix
CVE-2021-24766	3.5	Redirect, Log and Notify 404 Errors Plugin cross-site request forgery	$0-$1k	Official Fix
CVE-2021-24731	6.3	Registration Forms Plugin REST API Endpoint login sql injection	$1k-$2k	Official Fix
CVE-2021-24647	5.6	Registration Forms Plugin Social Login improper authentication	$1k-$2k	Official Fix
CVE-2020-25722	8.8	Samba AD DC access control	$2k-$5k	Official Fix
CVE-2021-3738	6.3	Samba AD DC RPC Server use after free	$2k-$5k	Official Fix
CVE-2020-25718	7.5	Samba AD DC sandbox	$2k-$5k	Official Fix
CVE-2020-25717	8.8	Samba AD Domain Privilege Escalation	$2k-$5k	Official Fix
CVE-2020-25721	5.5	Samba AD Identifier Privilege Escalation	$2k-$5k	Official Fix
CVE-2021-23192	5.6	Samba DCE/RPC injection	$2k-$5k	Official Fix
CVE-2020-25719	7.2	Samba Kerberos Ticket Privilege Escalation	$2k-$5k	Official Fix
CVE-2016-2124	3.7	Samba SMB1 Client Connection cleartext transmission	$0-$1k	Official Fix
CVE-2021-40501	5.5	SAP ABAP Platform Kernel authorization	$10k-$25k	Official Fix
CVE-2021-40502	6.3	SAP Commerce B2B Unit improper authorization	$10k-$25k	Official Fix
CVE-2021-42062	3.5	SAP ERP HCM Portugal Report authorization	$5k-$10k	Official Fix
CVE-2021-40503	3.5	SAP GUI information disclosure	$2k-$5k	Official Fix
CVE-2021-40504	5.5	SAP NetWeaver Application Server for ABAP Template Role authorization	$10k-$25k	Official Fix
CVE-2021-28024	8.0	ServiceTonic Helpdesk Login Form improper authentication	$1k-$2k	Official Fix
CVE-2021-28022	6.2	ServiceTonic Helpdesk Login Form sql injection	$1k-$2k	Official Fix
CVE-2021-28023	7.6	ServiceTonic Helpdesk Service Import path traversal	$1k-$2k	Official Fix
CVE-2021-3776	4.3	ShowDoc cross-site request forgery	$0-$5k	Official Fix
CVE-2021-3775	4.3	ShowDoc cross-site request forgery	$0-$5k	Official Fix
CVE-2021-3683	4.8	ShowDoc cross-site request forgery	$0-$5k	Official Fix
CVE-2021-31883	5.3	Siemens APOGEE MBC DHCP ACK Message memory corruption	$10k-$25k	Official Fix
CVE-2021-31882	5.3	Siemens APOGEE MBC DHCP ACK Packet memory corruption	$10k-$25k	Official Fix
CVE-2021-31881	5.3	Siemens APOGEE MBC DHCP OFFER Message out-of-bounds read	$5k-$10k	Official Fix
CVE-2021-31884	7.3	Siemens APOGEE MBC DHCP Option out-of-bounds write	$10k-$25k	Official Fix
CVE-2021-31888	7.3	Siemens APOGEE MBC FTP Server stack-based overflow	$10k-$25k	Official Fix
CVE-2021-31887	7.3	Siemens APOGEE MBC FTP Server stack-based overflow	$10k-$25k	Official Fix
CVE-2021-31886	7.3	Siemens APOGEE MBC FTP Server stack-based overflow	$10k-$25k	Official Fix
CVE-2021-31344	7.3	Siemens APOGEE MBC ICMP Echo Packet type confusion	$10k-$25k	Official Fix
CVE-2021-31346	7.3	Siemens APOGEE MBC ICMP Packet buffer overflow	$10k-$25k	Official Fix
CVE-2021-31890	7.3	Siemens APOGEE MBC TCP buffer overflow	$10k-$25k	Official Fix
CVE-2021-31889	7.3	Siemens APOGEE MBC TCP SACK Packet integer underflow	$10k-$25k	Official Fix
CVE-2021-31885	4.3	Siemens APOGEE MBC TFTP Server buffer overflow	$10k-$25k	Official Fix
CVE-2021-31345	7.3	Siemens APOGEE MBC UDP Protocol buffer overflow	$10k-$25k	Official Fix
CVE-2021-40366	3.7	Siemens Climatix POL909 Web Server missing encryption	$5k-$10k	Official Fix
CVE-2021-42026	3.5	Siemens Mendix authorization	$5k-$10k	Official Fix
CVE-2021-42025	5.5	Siemens Mendix authorization	$10k-$25k	Official Fix
CVE-2021-42015	3.3	Siemens Mendix Cache information disclosure	$2k-$5k	Official Fix
CVE-2021-37207	5.3	Siemens SENTRON powermanager Configuration Folder permission assignment	$5k-$10k	Official Fix
CVE-2021-40364	3.5	Siemens SIMATIC PCS 7/SIMATIC WinCC log file	$2k-$5k	Not Defined
CVE-2021-40358	5.5	Siemens SIMATIC PCS 7/SIMATIC WinCC Pathname path traversal	$5k-$10k	Official Fix
CVE-2021-40359	3.5	Siemens SIMATIC PCS 7/SIMATIC WinCC Pathname path traversal	$5k-$10k	Not Defined
CVE-2020-10053	3.3	Siemens SIMATIC RTLS Locating Manager Configuration File cleartext storage	$2k-$5k	Official Fix
CVE-2020-10054	3.3	Siemens SIMATIC RTLS Locating Manager Configuration File Import denial of service	$1k-$2k	Official Fix
CVE-2020-10052	3.3	Siemens SIMATIC RTLS Locating Manager log file	$2k-$5k	Official Fix
CVE-2021-42021	5.3	Siemens Siveillance Video DLNA Server path traversal	$10k-$25k	Not Defined
CVE-2021-24698	4.6	Simple Download Monitor Plugin access control	$1k-$2k	Official Fix
CVE-2021-24697	3.5	Simple Download Monitor Plugin cross site scripting	$0-$1k	Official Fix
CVE-2021-24693	3.5	Simple Download Monitor Plugin File Thumbnail cross site scripting	$0-$1k	Official Fix
CVE-2021-24695	4.3	Simple Download Monitor Plugin Log information disclosure	$1k-$2k	Official Fix
CVE-2021-3931	4.3	Snipe-IT cross-site request forgery	$0-$5k	Official Fix
CVE-2021-3938	3.7	snipe-it Web Page Generation cross site scripting	$0-$5k	Official Fix
CVE-2021-40871	6.5	Softing OPC UA C++ SDK Message type confusion	$0-$5k	Official Fix
CVE-2021-40873	6.5	Softing OPC UA C++ SDK/uaToolkit Embedded Message double free	$0-$5k	Official Fix
CVE-2021-40872	6.3	Softing uaToolkit Embedded Message type confusion	$0-$5k	Official Fix
CVE-2021-40577	3.5	Sourcecodester Online Enrollment Management System in PHP Add-Users Page cross site scripting	$0-$1k	Not Defined
CVE-2021-40260	3.5	SourceCodester Tailor Management cross site scripting	$0-$1k	Not Defined
CVE-2021-43569	4.6	Stark Bank ecdsa-dotnet Message signature verification	$1k-$2k	Official Fix
CVE-2021-43568	4.6	Stark Bank ecdsa-elixir Message signature verification	$1k-$2k	Official Fix
CVE-2021-43570	4.6	Stark Bank ecdsa-java Message verify signature verification	$1k-$2k	Official Fix
CVE-2021-43571	4.6	Stark Bank ecdsa-node Message verify signature verification	$1k-$2k	Official Fix
CVE-2021-43572	5.5	Stark Bank ecdsa-python improper validation of integrity check value	$2k-$5k	Official Fix
CVE-2021-41653	6.3	TP-LINK TL-WR840N EU ping Privilege Escalation	$0-$5k	Not Defined
CVE-2021-24829	6.3	Visitor Traffic Real Time Statistics Plugin AJAX Action today_traffic_index sql injection	$1k-$2k	Official Fix
CVE-2020-12488	4.7	Vivo Jovi Smart Scene access control	$1k-$2k	Official Fix
CVE-2021-22051	6.0	VMware Spring Cloud Gateway Downstream Service authorization	$10k-$25k	Official Fix
CVE-2021-22048	4.6	VMware vCenter Server/Cloud Foundation IWA access control	$10k-$25k	Not Defined
CVE-2020-23889	4.3	WildBit Viewer ICO File denial of service	$0-$5k	Not Defined
CVE-2020-23890	4.3	WildBit Viewer JPG File JPGCodec buffer overflow	$0-$5k	Not Defined
CVE-2020-23888	4.3	WildBit Viewer PSD File denial of service	$0-$5k	Not Defined
CVE-2020-23902	4.3	WildBit Viewer TGA File buffer overflow	$0-$5k	Not Defined
CVE-2020-23900	4.3	WildBit Viewer TGA File buffer overflow	$0-$5k	Not Defined
CVE-2020-23901	4.3	WildBit Viewer TGA File denial of service	$0-$5k	Not Defined
CVE-2020-23899	4.3	WildBit Viewer TGA File denial of service	$0-$5k	Not Defined
CVE-2020-23898	4.3	WildBit Viewer TGA File denial of service	$0-$5k	Not Defined
CVE-2020-23897	4.3	WildBit Viewer TGA File denial of service	$0-$5k	Not Defined
CVE-2020-23896	4.3	WildBit Viewer TIFF File denial of service	$0-$5k	Not Defined
CVE-2020-23895	4.3	WildBit Viewer TIFF File denial of service	$0-$5k	Not Defined
CVE-2020-23894	4.3	WildBit Viewer TIFF File denial of service	$0-$5k	Not Defined
CVE-2020-23891	4.3	WildBit Viewer TIFF File denial of service	$0-$5k	Not Defined
CVE-2020-23893	4.3	WildBit Viewer TIFF File denial of service	$0-$5k	Not Defined
CVE-2021-24798	3.5	WP Header Images Plugin Settings Page cross site scripting	$0-$1k	Official Fix
CVE-2021-24832	4.3	WP SEO Redirect 301 Plugin cross-site request forgery	$0-$1k	Official Fix
CVE-2021-24801	3.5	WP Survey Plus Plugin AJAX A cross site scripting	$0-$1k	Not Defined
CVE-2021-24806	3.9	wpDiscuz Plugin Comments cross-site request forgery	$0-$1k	Official Fix
CVE-2021-24664	4.1	WPSchoolPress Attribute sanitize_text_field cross site scripting	$0-$1k	Official Fix
CVE-2021-24575	6.3	WPSchoolPress Plugin POST Variable sql injection	$1k-$2k	Official Fix
CVE-2020-23903	3.5	Xiph Speex WAV File read_samples divide by zero	$0-$5k	Not Defined
CVE-2020-23904	5.5	Xiph Speex WAV File speexenc.c stack-based overflow	$0-$5k	Not Defined
CVE-2020-23887	4.3	XnView MP ICO File SmartStretchDIBits denial of service	$0-$5k	Not Defined
CVE-2020-23886	4.3	XnView MP PICT File RtlpLowFragHeapFree denial of service	$0-$5k	Not Defined
CVE-2021-42370	3.5	XoruX LPAR2RRD/STOR2RRD Device Property missing encryption	$0-$1k	Official Fix
CVE-2021-42371	6.3	XoruX LPAR2RRD/STOR2RRD hard-coded credentials	$1k-$2k	Official Fix
CVE-2021-42372	6.3	XoruX LPAR2RRD/STOR2RRD SNMP os command injection	$2k-$5k	Official Fix
CVE-2021-42847	5.5	Zoho ManageEngine ADAudit Plus Privilege Escalation	$0-$5k	Official Fix
CVE-2021-42002	6.3	Zoho ManageEngine ADManager Plus unrestricted upload	$0-$5k	Official Fix
CVE-2021-41081	6.3	Zoho ManageEngine Network Configuration Manager Configuration Search sql injection	$0-$5k	Official Fix
CVE-2021-41080	6.3	Zoho ManageEngine Network Configuration Manager Hardware Details Search sql injection	$0-$5k	Official Fix
CVE-2021-41833	7.3	Zoho ManageEngine Patch Connect Plus Remote Code Execution	$0-$5k	Official Fix
CVE-2021-34419	3.4	Zoom Client for Meetings Screen Sharing injection	$5k-$25k	Official Fix
CVE-2021-34420	4.9	Zoom Client for Meetings signature verification	$5k-$25k	Official Fix
CVE-2021-34421	3.7	Zoom Keybase Client Message information disclosure	$0-$5k	Official Fix
CVE-2021-34422	7.3	Zoom Keybase Client Team Folder path traversal	$5k-$25k	Official Fix
CVE-2021-34418	4.2	Zoom On-Premise Meeting Connector Controller Authentication denial of service	$0-$5k	Official Fix
CVE-2021-34417	6.3	Zoom On-Premise Meeting Connector Controller Web Portal command injection	$5k-$25k	Official Fix