آسیبپذیریهای حیاتی هفته دوم فروردینماه
این هفته آسیبپذیریهای «حیاتی» و «پرخطر» بسیاری در محصولات مهم Google گزارش و وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شد. همچنین در محصولات شرکتهای Jupyther، Joomla ، IBM، Qualcomm، VMware و کرنل لینوکس چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت.
لیست این آسیبپذیریها بههمراه سطح خطر آنها در جدول زیر آمده است.
|
شناسه آسیبپذیری |
امتیاز مبنا |
عنوان آسیبپذیری |
ارزش روز صفر |
رفع آسیبپذیری |
|
CVE-2022-25598 |
3.5 |
Apache DolphinScheduler User Registration resource consumption |
$2k-$5k |
Official Fix |
|
CVE-2022-22675 |
7.8 |
Apple iOS/iPadOS AAppleAVD out-of-bounds write |
$50k-$100k |
Official Fix |
|
CVE-2022-22675 |
7.8 |
Apple macOS AppleAVD out-of-bounds write |
$10k-$25k |
Official Fix |
|
CVE-2022-22674 |
3.3 |
Apple macOS Intel Graphics Driver out-of-bounds read |
$2k-$5k |
Official Fix |
|
CVE-2021-43099 |
5.5 |
bbs Archive Extraction UpgradeManageAction.java UpgradeNow pathname traversal |
$1k-$2k |
Not Defined |
|
CVE-2021-43103 |
6.3 |
bbs ForumManageAction.java GetType unrestricted upload |
$2k-$5k |
Not Defined |
|
CVE-2021-43102 |
6.3 |
bbs HelpManageAction.java GetType unrestricted upload |
$2k-$5k |
Not Defined |
|
CVE-2021-43101 |
6.3 |
bbs MembershipCardManageAction.java GetType unrestricted upload |
$2k-$5k |
Not Defined |
|
CVE-2021-43098 |
5.5 |
bbs QuestionManageAction.java getType unrestricted upload |
$1k-$2k |
Not Defined |
|
CVE-2021-43097 |
5.5 |
bbs Template TemplateManageAction.java injection |
$1k-$2k |
Not Defined |
|
CVE-2021-43100 |
6.3 |
bbs TopicManageAction.java GetType unrestricted upload |
$2k-$5k |
Not Defined |
|
CVE-2022-28134 |
5.5 |
Bitbucket Server Integration Plugin HTTP Endpoint authorization |
$1k-$2k |
Not Defined |
|
CVE-2022-28133 |
3.5 |
Bitbucket Server Integration Plugin URL Scheme cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2021-23850 |
8.3 |
Bosch CCP TCP stack-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-23851 |
8.3 |
Bosch CPP TCP stack-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2022-0405 |
4.3 |
Calibre-Web access control |
$0-$5k |
Official Fix |
|
CVE-2022-0406 |
5.3 |
Calibre-Web improper authorization |
$0-$5k |
Official Fix |
|
CVE-2022-28147 |
5.5 |
Continuous Integration with Toad Edge Plugin authorization |
$1k-$2k |
Not Defined |
|
CVE-2022-28145 |
3.5 |
Continuous Integration with Toad Edge Plugin cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-28148 |
3.5 |
Continuous Integration with Toad Edge Plugin File Browser path traversal |
$1k-$2k |
Not Defined |
|
CVE-2022-28146 |
3.5 |
Continuous Integration with Toad Edge Plugin path traversal |
$1k-$2k |
Not Defined |
|
CVE-2022-24426 |
7.8 |
Dell Command Update/Alienware Update Advanced Driver Restore uncontrolled search path |
$10k-$25k |
Official Fix |
|
CVE-2021-38362 |
5.5 |
Dell EMC RSA Archer REST API Endpoint resource injection |
$10k-$25k |
Not Defined |
|
CVE-2022-23158 |
4.1 |
Dell Wyse Device Agent information disclosure |
$1k-$2k |
Not Defined |
|
CVE-2022-23156 |
4.1 |
Dell Wyse Device Agent WMS Server improper authentication |
$1k-$2k |
Not Defined |
|
CVE-2022-23157 |
3.3 |
Dell Wyse Device Agent WMS Server information disclosure |
$1k-$2k |
Not Defined |
|
CVE-2022-23155 |
7.2 |
Dell Wyse Management Suite unrestricted upload |
$10k-$25k |
Not Defined |
|
CVE-2022-26836 |
7.7 |
Delta Electronics DIAEnergie Calendar sql injection |
$2k-$5k |
Official Fix |
|
CVE-2022-26839 |
7.8 |
Delta Electronics DIAEnergie default permission |
$2k-$5k |
Official Fix |
|
CVE-2022-26013 |
7.7 |
Delta Electronics DIAEnergie DIAE_dmdsetHandler.ashx sql injection |
$2k-$5k |
Official Fix |
|
CVE-2022-26349 |
7.7 |
Delta Electronics DIAEnergie DIAE_eccoefficientHandler.ashx sql injection |
$2k-$5k |
Official Fix |
|
CVE-2022-26887 |
7.7 |
Delta Electronics DIAEnergie DIAE_HandlerTag_KID.ashx sql injection |
$2k-$5k |
Official Fix |
|
CVE-2022-26338 |
7.7 |
Delta Electronics DIAEnergie DIAE_hierarchyHandler.ashx sql injection |
$2k-$5k |
Official Fix |
|
CVE-2022-25880 |
7.7 |
Delta Electronics DIAEnergie DIAE_hierarchyHandler.ashx sql injection |
$2k-$5k |
Official Fix |
|
CVE-2022-26514 |
7.7 |
Delta Electronics DIAEnergie DIAE_tagHandler.ashx sql injection |
$2k-$5k |
Official Fix |
|
CVE-2022-27175 |
7.7 |
Delta Electronics DIAEnergie GetCalcTagList sql injection |
$2k-$5k |
Official Fix |
|
CVE-2022-26667 |
7.7 |
Delta Electronics DIAEnergie GetDemandAnalysisData sql injection |
$2k-$5k |
Official Fix |
|
CVE-2022-26065 |
7.7 |
Delta Electronics DIAEnergie GetDemandAnalysisData sql injection |
$2k-$5k |
Official Fix |
|
CVE-2022-26059 |
7.7 |
Delta Electronics DIAEnergie GetQueryData sql injection |
$2k-$5k |
Official Fix |
|
CVE-2022-25980 |
7.7 |
Delta Electronics DIAEnergie HandlerCommon.ashx sql injection |
$2k-$5k |
Official Fix |
|
CVE-2022-0923 |
8.5 |
Delta Electronics DIAEnergie HandlerDialog_KID.ashx sql injection |
$2k-$5k |
Official Fix |
|
CVE-2022-26666 |
7.7 |
Delta Electronics DIAEnergie HandlerDialogECC.ashx sql injection |
$2k-$5k |
Official Fix |
|
CVE-2022-26069 |
7.7 |
Delta Electronics DIAEnergie HandlerPage_KID.ashx sql injection |
$2k-$5k |
Official Fix |
|
CVE-2022-25347 |
8.5 |
Delta Electronics DIAEnergie path traversal |
$2k-$5k |
Official Fix |
|
CVE-2022-1098 |
8.3 |
Delta Electronics DIAEnergie uncontrolled search path |
$2k-$5k |
Official Fix |
|
CVE-2021-43722 |
5.5 |
D-Link DIR-645 cgibin hnap_main buffer overflow |
$10k-$25k |
Not Defined |
|
CVE-2021-37517 |
3.5 |
Dolibarr ERP/CRM Email Address denial of service |
$0-$1k |
Official Fix |
|
CVE-2021-36625 |
6.3 |
Dolibarr ERP/CRM UPDATE Statement sql injection |
$1k-$2k |
Official Fix |
|
CVE-2021-44310 |
3.5 |
Firmware Analysis and Comparison Tool cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2021-44312 |
4.3 |
Firmware Analysis and Comparison Tool cross-site request forgery |
$0-$1k |
Not Defined |
|
CVE-2022-0123 |
5.0 |
GitLab CI Service certificate validation |
$1k-$2k |
Official Fix |
|
CVE-2022-0390 |
4.3 |
GitLab Community Edition/Enterprise Edition access control |
$2k-$5k |
Not Defined |
|
CVE-2021-39876 |
4.3 |
GitLab Community Edition/Enterprise Edition Assignee information disclosure |
$1k-$2k |
Not Defined |
|
CVE-2022-0741 |
4.0 |
GitLab Community Edition/Enterprise Edition Email Address information disclosure |
$0-$1k |
Not Defined |
|
CVE-2022-0489 |
3.5 |
GitLab Community Edition/Enterprise Edition Formula denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-4191 |
5.3 |
GitLab Community Edition/Enterprise Edition GraphQL API information disclosure |
$1k-$2k |
Not Defined |
|
CVE-2022-0427 |
5.7 |
GitLab Community Edition/Enterprise Edition HTTP POST Request injection |
$2k-$5k |
Not Defined |
|
CVE-2022-0425 |
5.9 |
GitLab Community Edition/Enterprise Edition IRC Gateway server-side request forgery |
$2k-$5k |
Not Defined |
|
CVE-2022-0488 |
3.5 |
GitLab Community Edition/Enterprise Edition Markdown denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-39908 |
5.9 |
GitLab Community Edition/Enterprise Edition Merge Request unknown vulnerability |
$2k-$5k |
Official Fix |
|
CVE-2022-0549 |
5.9 |
GitLab Community Edition/Enterprise Edition REST API access control |
$2k-$5k |
Official Fix |
|
CVE-2022-0735 |
7.6 |
GitLab Community Edition/Enterprise Edition Runner Registration Token information disclosure |
$1k-$2k |
Official Fix |
|
CVE-2022-0371 |
4.3 |
GitLab Community Edition/Enterprise Edition Search information disclosure |
$1k-$2k |
Official Fix |
|
CVE-2022-0373 |
4.3 |
GitLab Community Edition/Enterprise Edition Service Desk Email Address access control |
$2k-$5k |
Not Defined |
|
CVE-2022-0751 |
6.4 |
GitLab Community Edition/Enterprise Edition Snippet Privilege Escalation |
$2k-$5k |
Not Defined |
|
CVE-2022-0283 |
4.5 |
GitLab Jira redirect |
$1k-$2k |
Official Fix |
|
CVE-2022-0738 |
3.1 |
GitLab Mirror information disclosure |
$0-$1k |
Official Fix |
|
CVE-2022-0344 |
3.1 |
GitLab Private Project information disclosure |
$1k-$2k |
Official Fix |
|
CVE-2022-0136 |
5.9 |
GitLab Project Import server-side request forgery |
$2k-$5k |
Not Defined |
|
CVE-2022-0249 |
3.7 |
GitLab server-side request forgery |
$2k-$5k |
Not Defined |
|
CVE-2021-39740 |
3.3 |
Google Android Attachment information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2021-39760 |
2.5 |
Google Android AudioService information exposure |
$5k-$10k |
Official Fix |
|
CVE-2021-39774 |
3.3 |
Google Android Bluetooth out-of-bounds read |
$10k-$25k |
Official Fix |
|
CVE-2021-39772 |
5.3 |
Google Android Bluetooth permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39752 |
5.3 |
Google Android Bubbles permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39784 |
5.3 |
Google Android CellBroadcastReceiver permission |
$25k-$50k |
Official Fix |
|
CVE-2021-1000 |
5.3 |
Google Android ConnectedDevicesSliceProvider.java createBluetoothDeviceSlice permission |
$25k-$50k |
Official Fix |
|
CVE-2021-1033 |
5.3 |
Google Android ConnectedDevicesSliceProvider.java.java createGeneralSlice permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39754 |
2.5 |
Google Android ContextImpl information exposure |
$5k-$10k |
Official Fix |
|
CVE-2021-39769 |
3.3 |
Google Android Device Policy information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2021-39744 |
3.3 |
Google Android DevicePolicyManager information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2021-39745 |
2.5 |
Google Android DevicePolicyManager information exposure |
$5k-$10k |
Official Fix |
|
CVE-2021-39755 |
2.5 |
Google Android DevicePolicyManager information exposure |
$5k-$10k |
Official Fix |
|
CVE-2021-39790 |
5.3 |
Google Android Dialer permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39753 |
3.3 |
Google Android DomainVerificationService information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2021-39756 |
2.5 |
Google Android Framework information exposure |
$5k-$10k |
Official Fix |
|
CVE-2021-39765 |
3.3 |
Google Android Gallery information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2022-20002 |
4.2 |
Google Android incfs permission |
$10k-$25k |
Official Fix |
|
CVE-2021-39770 |
3.3 |
Google Android information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2021-39748 |
3.3 |
Google Android InputMethodEditor information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2021-39741 |
4.2 |
Google Android Keymaster out-of-bounds write |
$10k-$25k |
Official Fix |
|
CVE-2021-39759 |
5.3 |
Google Android libstagefright out-of-bounds write |
$25k-$50k |
Official Fix |
|
CVE-2021-39761 |
2.5 |
Google Android Media information exposure |
$5k-$10k |
Official Fix |
|
CVE-2021-39767 |
5.3 |
Google Android MiniaDB access control |
$25k-$50k |
Official Fix |
|
CVE-2021-39786 |
4.2 |
Google Android NFC out-of-bounds write |
$10k-$25k |
Official Fix |
|
CVE-2021-39776 |
5.3 |
Google Android NFC use after free |
$25k-$50k |
Official Fix |
|
CVE-2021-39750 |
5.3 |
Google Android PackageManager permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39743 |
5.3 |
Google Android PackageManager permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39775 |
3.3 |
Google Android People information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2021-39757 |
3.3 |
Google Android Permission Controller information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2021-39746 |
5.3 |
Google Android PermissionController permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39783 |
5.3 |
Google Android rcsservice permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39763 |
5.3 |
Google Android Settings access control |
$25k-$50k |
Official Fix |
|
CVE-2021-39751 |
3.3 |
Google Android Settings information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2021-39766 |
2.5 |
Google Android Settings information exposure |
$5k-$10k |
Official Fix |
|
CVE-2021-39771 |
5.3 |
Google Android Settings input validation |
$25k-$50k |
Official Fix |
|
CVE-2021-39764 |
5.3 |
Google Android Settings input validation |
$25k-$50k |
Official Fix |
|
CVE-2021-39768 |
5.3 |
Google Android Settings permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39747 |
3.3 |
Google Android Settings Provider information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2021-39739 |
3.3 |
Google Android SMS Message log file |
$10k-$25k |
Official Fix |
|
CVE-2021-39781 |
3.3 |
Google Android SmsController information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2021-39787 |
5.3 |
Google Android SystemUI access control |
$25k-$50k |
Official Fix |
|
CVE-2021-39789 |
5.3 |
Google Android Telecom permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39779 |
3.3 |
Google Android Telecom Service information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2021-39778 |
3.3 |
Google Android Telecomm information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2021-39788 |
2.5 |
Google Android TelecomManager information exposure |
$5k-$10k |
Official Fix |
|
CVE-2021-39777 |
3.3 |
Google Android Telephony information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2021-39782 |
5.3 |
Google Android Telephony permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39780 |
5.3 |
Google Android Traceur permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39762 |
4.3 |
Google Android Tremolo out-of-bounds read |
$25k-$50k |
Official Fix |
|
CVE-2021-39742 |
3.3 |
Google Android Voicemail information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2021-39773 |
2.5 |
Google Android VpnManagerService information exposure |
$5k-$10k |
Official Fix |
|
CVE-2021-39791 |
2.5 |
Google Android WallpaperManagerService information exposure |
$5k-$10k |
Official Fix |
|
CVE-2021-39758 |
5.3 |
Google Android WindowManager permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39749 |
5.3 |
Google Android WindowManager permission |
$25k-$50k |
Official Fix |
|
CVE-2022-1139 |
6.3 |
Google Chrome Background Fetch API Remote Code Execution |
$50k-$100k |
Official Fix |
|
CVE-2022-1131 |
6.3 |
Google Chrome Cast UI use after free |
$50k-$100k |
Official Fix |
|
CVE-2022-1137 |
6.3 |
Google Chrome Extensions Remote Code Execution |
$50k-$100k |
Official Fix |
|
CVE-2022-1145 |
6.3 |
Google Chrome Extensions use after free |
$50k-$100k |
Official Fix |
|
CVE-2022-1141 |
6.3 |
Google Chrome File Manager use after free |
$50k-$100k |
Official Fix |
|
CVE-2022-1129 |
6.3 |
Google Chrome Full Screen Mode Remote Code Execution |
$50k-$100k |
Official Fix |
|
CVE-2022-1125 |
6.3 |
Google Chrome Portals use after free |
$50k-$100k |
Official Fix |
|
CVE-2022-1127 |
6.3 |
Google Chrome QR Code Generator use after free |
$50k-$100k |
Official Fix |
|
CVE-2022-1146 |
6.3 |
Google Chrome Resource Timing Remote Code Execution |
$50k-$100k |
Official Fix |
|
CVE-2022-1135 |
6.3 |
Google Chrome Shopping Cart use after free |
$50k-$100k |
Official Fix |
|
CVE-2022-1136 |
6.3 |
Google Chrome Tab Strip use after free |
$50k-$100k |
Official Fix |
|
CVE-2022-1134 |
6.3 |
Google Chrome v8 type confusion |
$50k-$100k |
Official Fix |
|
CVE-2022-1096 |
6.3 |
Google Chrome v8 type confusion |
$50k-$100k |
Official Fix |
|
CVE-2022-1132 |
6.3 |
Google Chrome Virtual Keyboard Remote Code Execution |
$50k-$100k |
Official Fix |
|
CVE-2022-1138 |
6.3 |
Google Chrome Web Cursor Remote Code Execution |
$50k-$100k |
Official Fix |
|
CVE-2022-1128 |
6.3 |
Google Chrome Web Share API Remote Code Execution |
$50k-$100k |
Official Fix |
|
CVE-2022-1130 |
6.3 |
Google Chrome WebOTP Remote Code Execution |
$50k-$100k |
Official Fix |
|
CVE-2022-1133 |
6.3 |
Google Chrome WebRTC use after free |
$50k-$100k |
Official Fix |
|
CVE-2022-1143 |
6.3 |
Google Chrome WebUI heap-based overflow |
$50k-$100k |
Official Fix |
|
CVE-2022-1142 |
6.3 |
Google Chrome WebUI heap-based overflow |
$50k-$100k |
Official Fix |
|
CVE-2022-1144 |
6.3 |
Google Chrome WebUI use after free |
$50k-$100k |
Official Fix |
|
CVE-2021-22572 |
4.9 |
Google Data Transfer Project File.createTempFile temp file |
$10k-$25k |
Official Fix |
|
CVE-2022-0343 |
4.1 |
Google run-dev-server HTTP Request permission |
$5k-$10k |
Official Fix |
|
CVE-2022-26546 |
3.5 |
Hospital Management System improper authorization |
$1k-$2k |
Not Defined |
|
CVE-2022-24136 |
5.5 |
Hospital Management System treatmentrecord.php unrestricted upload |
$1k-$2k |
Not Defined |
|
CVE-2022-26244 |
3.5 |
Hospital Patient Record Management System cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-22404 |
5.4 |
IBM App Connect Enterprise Certified Container Dashboard UI resource consumption |
$2k-$5k |
Official Fix |
|
CVE-2022-22332 |
5.6 |
IBM Partner Engagement Manager JWT Token Remote Code Execution |
$10k-$25k |
Official Fix |
|
CVE-2022-22311 |
5.2 |
IBM Security Verify Access channel accessible |
$10k-$25k |
Official Fix |
|
CVE-2022-22328 |
6.3 |
IBM SterlingPartner Engagement Manager access control |
$10k-$25k |
Official Fix |
|
CVE-2022-22331 |
6.3 |
IBM SterlingPartner Engagement Manager authorization |
$10k-$25k |
Official Fix |
|
CVE-2022-22327 |
3.7 |
IBM UrbanCode Deploy inadequate encryption |
$5k-$10k |
Official Fix |
|
CVE-2022-28136 |
4.3 |
JiraTestResultReporter Plugin cross-site request forgery |
$0-$1k |
Not Defined |
|
CVE-2022-28137 |
5.5 |
JiraTestResultReporter Plugin URL authorization |
$1k-$2k |
Not Defined |
|
CVE-2022-28151 |
5.5 |
Job and Node Ownership Plugin authorization |
$1k-$2k |
Not Defined |
|
CVE-2022-28149 |
3.5 |
Job and Node Ownership Plugin cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-28152 |
4.3 |
Job and Node Ownership Plugin cross-site request forgery |
$0-$1k |
Not Defined |
|
CVE-2022-28150 |
4.3 |
Job and Node Ownership Plugin cross-site request forgery |
$0-$1k |
Not Defined |
|
CVE-2022-23796 |
3.5 |
Joomla com_fields cross site scripting |
$2k-$5k |
Not Defined |
|
CVE-2022-23801 |
3.5 |
Joomla com_media cross site scripting |
$2k-$5k |
Not Defined |
|
CVE-2022-23800 |
3.5 |
Joomla Filter cross site scripting |
$2k-$5k |
Not Defined |
|
CVE-2022-23795 |
6.3 |
Joomla improper authentication |
$5k-$10k |
Not Defined |
|
CVE-2022-23799 |
5.5 |
Joomla Privilege Escalation |
$10k-$25k |
Not Defined |
|
CVE-2022-23798 |
5.5 |
Joomla redirect |
$5k-$10k |
Not Defined |
|
CVE-2022-23794 |
4.3 |
Joomla Source Code information disclosure |
$5k-$10k |
Not Defined |
|
CVE-2022-23797 |
6.3 |
Joomla sql injection |
$10k-$25k |
Not Defined |
|
CVE-2022-23793 |
5.5 |
Joomla tar path traversal |
$5k-$10k |
Not Defined |
|
CVE-2022-24758 |
7.5 |
Jupyter Notebook Error log file |
$1k-$2k |
Official Fix |
|
CVE-2021-27223 |
6.5 |
Kaspersky Anti-Virus/Endpoint Security Binary Module denial of service |
$0-$1k |
Not Defined |
|
CVE-2022-27534 |
6.3 |
Kaspersky Anti-Virus/Endpoint Security Data Parser Remote Code Execution |
$2k-$5k |
Official Fix |
|
CVE-2020-35501 |
5.5 |
Linux Kernel Audit Rule access control |
$10k-$25k |
Not Defined |
|
CVE-2022-28390 |
5.5 |
Linux Kernel ems_usb.c ems_usb_start_xmit double free |
$5k-$25k |
Official Fix |
|
CVE-2022-28389 |
5.5 |
Linux Kernel mcba_usb.c mcba_usb_start_xmit double free |
$5k-$25k |
Official Fix |
|
CVE-2021-3847 |
6.3 |
Linux Kernel OverlayFS Subsystem permissions |
$10k-$25k |
Not Defined |
|
CVE-2022-28356 |
4.3 |
Linux Kernel Refcount af_llc.c memory leak |
$0-$5k |
Official Fix |
|
CVE-2022-1055 |
5.6 |
Linux Kernel tc_new_tfilter use after free |
$10k-$25k |
Official Fix |
|
CVE-2022-28388 |
5.5 |
Linux Kernel usb_8dev.c usb_8dev_start_xmit double free |
$5k-$25k |
Official Fix |
|
CVE-2022-0998 |
6.3 |
Linux Kernel Virtio Device Driver vdpa.c vhost_vdpa_config_validate integer overflow |
$10k-$25k |
Official Fix |
|
CVE-2021-32933 |
9.9 |
MDT Autosave API command injection |
$2k-$5k |
Official Fix |
|
CVE-2021-32961 |
7.5 |
MDT Autosave getfile unrestricted upload |
$2k-$5k |
Official Fix |
|
CVE-2021-32945 |
5.6 |
MDT AutoSave inadequate encryption |
$0-$1k |
Official Fix |
|
CVE-2021-32949 |
7.0 |
MDT AutoSave path traversal |
$1k-$2k |
Official Fix |
|
CVE-2021-32957 |
7.4 |
MDT Autosave sql injection |
$2k-$5k |
Official Fix |
|
CVE-2021-32953 |
8.5 |
MDT Autosave sql injection |
$2k-$5k |
Official Fix |
|
CVE-2021-32937 |
6.4 |
MDT AutoSave Working Directory information exposure |
$1k-$2k |
Official Fix |
|
CVE-2022-28209 |
5.5 |
MediaWiki AntiSpoof Extension permission |
$1k-$2k |
Not Defined |
|
CVE-2022-28205 |
5.5 |
MediaWiki CentralAuth Extension Privilege Escalation |
$2k-$5k |
Not Defined |
|
CVE-2022-28206 |
5.5 |
MediaWiki FileImporter ImportPlanValidator.php access control |
$1k-$2k |
Not Defined |
|
CVE-2022-28202 |
3.5 |
MediaWiki Message Special:RevisionDelete cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2022-25159 |
5.6 |
Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ authentication replay |
$1k-$2k |
Not Defined |
|
CVE-2022-25160 |
5.3 |
Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ cleartext storage |
$1k-$2k |
Not Defined |
|
CVE-2022-25158 |
3.1 |
Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ Password Hash cleartext storage |
$0-$1k |
Not Defined |
|
CVE-2022-25155 |
5.6 |
Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ Password Hash Handler authentication replay |
$1k-$2k |
Not Defined |
|
CVE-2022-25157 |
5.6 |
Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ Password Hash Handler improper authentication |
$1k-$2k |
Not Defined |
|
CVE-2022-25156 |
3.7 |
Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ unknown vulnerability |
$0-$1k |
Not Defined |
|
CVE-2021-32968 |
7.5 |
Moxa IAW5000A buffer overflow |
$2k-$5k |
Not Defined |
|
CVE-2021-32970 |
6.4 |
Moxa NPort IAW5000A Web Server denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-32974 |
9.8 |
Moxa NPort IAW5000A Web Server input validation |
$2k-$5k |
Not Defined |
|
CVE-2021-32976 |
9.8 |
Moxa NPort IAW5000A Web Server stack-based overflow |
$2k-$5k |
Not Defined |
|
CVE-2020-24771 |
5.5 |
NexusPHP access control |
$1k-$2k |
Official Fix |
|
CVE-2020-24770 |
6.3 |
NexusPHP modrules.php sql injection |
$1k-$2k |
Official Fix |
|
CVE-2020-24769 |
6.3 |
NexusPHP SQL Command takeconfirm.php sql injection |
$1k-$2k |
Official Fix |
|
CVE-2022-27306 |
5.5 |
Node.js Hostname url.parse Privilege Escalation |
$2k-$5k |
Official Fix |
|
CVE-2022-21821 |
7.8 |
NVIDIA CUDA Toolkit SDK cuobjdump buffer overflow |
$2k-$5k |
Not Defined |
|
CVE-2022-25959 |
7.0 |
Omron CX-Position Project File memory corruption |
$2k-$5k |
Not Defined |
|
CVE-2022-26022 |
7.0 |
Omron CX-Position Project File out-of-bounds write |
$2k-$5k |
Not Defined |
|
CVE-2022-26419 |
7.0 |
Omron CX-Position Project File Parser stack-based overflow |
$2k-$5k |
Not Defined |
|
CVE-2022-26417 |
7.0 |
Omron CX-Position Project File use after free |
$2k-$5k |
Not Defined |
|
CVE-2022-26645 |
6.3 |
Online Banking System Image unrestricted upload |
$2k-$5k |
Not Defined |
|
CVE-2022-26644 |
3.5 |
Online Banking System Protect cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-26646 |
5.5 |
Online Banking System Protect file inclusion |
$1k-$2k |
Not Defined |
|
CVE-2022-1181 |
5.7 |
OpenEMR cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2022-1180 |
4.0 |
OpenEMR cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2022-1178 |
5.4 |
OpenEMR cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2022-1177 |
5.4 |
OpenEMR Patient Report access control |
$2k-$5k |
Official Fix |
|
CVE-2022-1179 |
4.0 |
OpenEMR Rule cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2022-26019 |
6.3 |
pfSense CE/pfSense Plus NTP GPS Setting access control |
$2k-$5k |
Official Fix |
|
CVE-2022-24299 |
6.3 |
pfSense CE/pfSense Plus Server Setting input validation |
$2k-$5k |
Official Fix |
|
CVE-2021-20729 |
3.5 |
pfSense CE/pfSense Plus URL cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-0922 |
4.3 |
Philips e-Alert missing authentication |
$1k-$2k |
Not Defined |
|
CVE-2021-33022 |
5.6 |
Philips Vue PACS cleartext transmission |
$0-$1k |
Not Defined |
|
CVE-2021-33024 |
3.7 |
Philips Vue PACS insufficiently protected credentials |
$1k-$2k |
Not Defined |
|
CVE-2021-33020 |
7.2 |
Philips Vue PACS key management |
$2k-$5k |
Not Defined |
|
CVE-2021-27493 |
6.2 |
Philips Vue PACS Message Remote Code Execution |
$2k-$5k |
Not Defined |
|
CVE-2021-27501 |
7.5 |
Philips Vue PACS neutralization |
$2k-$5k |
Not Defined |
|
CVE-2021-27497 |
6.0 |
Philips Vue PACS protection mechanism |
$2k-$5k |
Not Defined |
|
CVE-2021-33018 |
5.3 |
Philips Vue PACS risky encryption |
$0-$1k |
Not Defined |
|
CVE-2022-28158 |
5.5 |
Pipeline Phoenix AutoTest Plugin authorization |
$1k-$2k |
Not Defined |
|
CVE-2022-28157 |
5.5 |
Pipeline Phoenix AutoTest Plugin FTP path traversal |
$1k-$2k |
Not Defined |
|
CVE-2022-28156 |
5.5 |
Pipeline Phoenix AutoTest Plugin path traversal |
$1k-$2k |
Not Defined |
|
CVE-2022-28155 |
5.5 |
Pipeline Phoenix AutoTest Plugin XML Parser xml external entity reference |
$1k-$2k |
Not Defined |
|
CVE-2022-28142 |
5.0 |
Proxmox Plugin certificate validation |
$1k-$2k |
Not Defined |
|
CVE-2022-28141 |
3.5 |
Proxmox Plugin config.xml credentials storage |
$1k-$2k |
Not Defined |
|
CVE-2022-28143 |
4.3 |
Proxmox Plugin cross-site request forgery |
$0-$1k |
Not Defined |
|
CVE-2022-28144 |
5.5 |
Proxmox Plugin HTTP Endpoint authorization |
$1k-$2k |
Not Defined |
|
CVE-2021-30331 |
5.5 |
Qualcomm Snapdragon Auto DIAG Interface buffer overflow |
$10k-$25k |
Official Fix |
|
CVE-2021-30333 |
7.8 |
Qualcomm Snapdragon Auto EFS File memory corruption |
$10k-$25k |
Official Fix |
|
CVE-2021-35105 |
8.1 |
Qualcomm Snapdragon Auto Graphics Profiling out-of-bounds read |
$5k-$10k |
Official Fix |
|
CVE-2021-35117 |
7.7 |
Qualcomm Snapdragon Auto IBSS Beacon out-of-bounds read |
$5k-$10k |
Official Fix |
|
CVE-2021-1950 |
7.8 |
Qualcomm Snapdragon Auto improper authentication |
$5k-$10k |
Official Fix |
|
CVE-2021-30328 |
7.5 |
Qualcomm Snapdragon Auto NR CSI-IM Resource Configuration assertion |
$5k-$10k |
Official Fix |
|
CVE-2021-30332 |
7.5 |
Qualcomm Snapdragon Auto OTA Configuration assertion |
$5k-$10k |
Official Fix |
|
CVE-2021-1942 |
9.3 |
Qualcomm Snapdragon Auto Shared Memory memory corruption |
$10k-$25k |
Official Fix |
|
CVE-2021-35088 |
7.7 |
Qualcomm Snapdragon Auto SSID IE Parser out-of-bounds read |
$5k-$10k |
Official Fix |
|
CVE-2021-30329 |
7.5 |
Qualcomm Snapdragon Auto TCI Configuration assertion |
$5k-$10k |
Official Fix |
|
CVE-2021-35103 |
7.8 |
Qualcomm Snapdragon Auto Timer out-of-bounds write |
$10k-$25k |
Official Fix |
|
CVE-2021-35089 |
8.1 |
Qualcomm Snapdragon Auto USER Command buffer overflow |
$10k-$25k |
Official Fix |
|
CVE-2021-35106 |
7.8 |
Qualcomm Snapdragon Auto WMI Message out-of-bounds read |
$5k-$10k |
Official Fix |
|
CVE-2021-35115 |
8.1 |
Qualcomm Snapdragon Auto/Snapdragon Mobile PVM Backend use after free |
$10k-$25k |
Official Fix |
|
CVE-2021-35110 |
7.9 |
Qualcomm Snapdragon Connectivity/Snapdragon Mobile Hash Segment buffer overflow |
$10k-$25k |
Official Fix |
|
CVE-2022-21830 |
3.5 |
RocketChat LiveChat cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-28139 |
5.5 |
RocketChat Notifier Plugin authorization |
$1k-$2k |
Not Defined |
|
CVE-2022-28138 |
4.3 |
RocketChat Notifier Plugin URL cross-site request forgery |
$0-$1k |
Not Defined |
|
CVE-2022-1159 |
7.2 |
Rockwell Automation Compact GuardLogix 5380 code injection |
$2k-$5k |
Workaround |
|
CVE-2021-32960 |
8.0 |
Rockwell Automation FactoryTalk Services Platform Policy access control |
$2k-$5k |
Not Defined |
|
CVE-2022-1018 |
5.5 |
Rockwell Automation ISaGRAF Solution File xml external entity reference |
$1k-$2k |
Not Defined |
|
CVE-2022-1161 |
9.8 |
Rockwell Automation SoftLogix 5800 unknown vulnerability |
$100k and more |
Workaround |
|
CVE-2022-26949 |
5.8 |
RSA Archer Attachment access control |
$10k-$25k |
Official Fix |
|
CVE-2022-26951 |
5.4 |
RSA Archer cross site scripting |
$5k-$10k |
Official Fix |
|
CVE-2022-26947 |
4.9 |
RSA Archer cross site scripting |
$2k-$5k |
Official Fix |
|
CVE-2021-41594 |
6.3 |
RSA Archer Endpoint CheckTaskAccess access control |
$10k-$25k |
Official Fix |
|
CVE-2022-26950 |
5.0 |
RSA Archer redirect |
$5k-$10k |
Official Fix |
|
CVE-2022-26948 |
3.7 |
RSA Archer RSS Feed access control |
$0-$1k |
Official Fix |
|
CVE-2022-22936 |
6.3 |
SaltStack Salt Job authentication replay |
$1k-$2k |
Official Fix |
|
CVE-2022-22941 |
5.5 |
SaltStack Salt Master-of-Masters permission |
$1k-$2k |
Official Fix |
|
CVE-2022-22935 |
4.3 |
SaltStack Salt Minion denial of service |
$0-$1k |
Official Fix |
|
CVE-2022-22934 |
5.5 |
SaltStack Salt Pillar Data signature verification |
$1k-$2k |
Official Fix |
|
CVE-2021-33523 |
4.7 |
Software AG MashZone NextGen Admin Console unrestricted upload |
$1k-$2k |
Not Defined |
|
CVE-2021-33208 |
5.5 |
Software AG MashZone NextGen Register an Ehcache Configuration File xml external entity reference |
$1k-$2k |
Not Defined |
|
CVE-2021-33581 |
5.5 |
Software AG MashZone NextG en TCP Service server-side request forgery |
$1k-$2k |
Not Defined |
|
CVE-2022-0331 |
5.3 |
Sophos Firewall Webadmin information disclosure |
$1k-$2k |
Not Defined |
|
CVE-2021-45866 |
3.5 |
SourceCodester Attendance Management System index.php cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2021-43505 |
3.5 |
Sourcecodester Simple Client Management System Add New Client/Add New Invoice cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2021-43506 |
6.3 |
Sourcecodester Simple Client Management System Login.php sql injection |
$1k-$2k |
Not Defined |
|
CVE-2021-45865 |
6.3 |
Sourcecodester Student Attendance Management System unrestricted upload |
$2k-$5k |
Not Defined |
|
CVE-2022-21947 |
8.3 |
SUSE Rancher Desktop Dashboard API access control |
$10k-$25k |
Official Fix |
|
CVE-2021-46006 |
6.3 |
TOTOLINK A3100R API test.asp improper authentication |
$1k-$2k |
Not Defined |
|
CVE-2021-46009 |
6.3 |
TOTOLINK A3100R improper authentication |
$1k-$2k |
Not Defined |
|
CVE-2021-46007 |
5.5 |
TOTOLINK A3100R Ping Command os command injection |
$1k-$2k |
Not Defined |
|
CVE-2021-46010 |
3.7 |
TOTOLINK A3100R random values |
$0-$1k |
Not Defined |
|
CVE-2021-46008 |
5.9 |
TOTOLINK A3100R Telnet Service hard-coded password |
$1k-$2k |
Not Defined |
|
CVE-2021-43663 |
5.5 |
TOTOLINK EX300v2 cloudupdate_check command injection |
$1k-$2k |
Not Defined |
|
CVE-2021-43664 |
6.3 |
TOTOLINK EX300v2 command injection |
$2k-$5k |
Not Defined |
|
CVE-2021-43661 |
3.5 |
TOTOLINK EX300v2 home.asp cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2021-43662 |
6.5 |
TOTOLINK EX300v2/A720R resource consumption |
$0-$1k |
Not Defined |
|
CVE-2022-25008 |
6.3 |
TOTOLINK EX300v2/EX1200T improper authentication |
$1k-$2k |
Not Defined |
|
CVE-2022-26641 |
6.3 |
TP-LINK TL-WR840N buffer overflow |
$2k-$5k |
Not Defined |
|
CVE-2022-26642 |
5.5 |
TP-LINK TL-WR840N buffer overflow |
$2k-$5k |
Not Defined |
|
CVE-2022-26640 |
5.5 |
TP-LINK TL-WR840N buffer overflow |
$2k-$5k |
Not Defined |
|
CVE-2022-26639 |
5.5 |
TP-LINK TL-WR840N buffer overflow |
$2k-$5k |
Not Defined |
|
CVE-2022-1160 |
6.8 |
vim get_one_sourceline heap-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2022-1154 |
7.0 |
vim utf_ptr2char use after free |
$2k-$5k |
Official Fix |
|
CVE-2022-22965 |
9.8 |
VMware Spring Boot SpringShell code injection |
$10k-$25k |
Official Fix |
|
CVE-2022-27772 |
5.5 |
VMware Spring Boot temp file |
$10k-$25k |
Official Fix |
|
CVE-2022-22963 |
9.8 |
VMware Spring Cloud Function SpEL Expression code injection |
$10k-$25k |
Official Fix |
|
CVE-2022-22950 |
4.3 |
VMware Spring Framework SpEL Expression allocation of resources |
$5k-$10k |
Official Fix |
|
CVE-2022-22948 |
4.3 |
VMware vCenter Server/Cloud Foundation File permission |
$10k-$25k |
Official Fix |
|
CVE-2019-9564 |
7.4 |
Wyze Cam Pan v2/Cam v2/Cam v3 improper authentication |
$1k-$2k |
Official Fix |
|
CVE-2019-12266 |
7.0 |
Wyze Cam Pan v2/Cam v2/Cam v3 stack-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2022-23136 |
3.5 |
ZTE ZXHN F680 Gateway Name cross site scripting |
$0-$1k |
Not Defined |
