info[at]nsec.ir
(+98)-31-33915336

آسیب‌پذیری‌های حیاتی هفته سوم فروردین‌ماه

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Microsoft  گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد.  همچنین در  محصولات شرکت‌های  Fortinet، Dell ، IBM، Cisco،  VMware و کرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری

امتیاز مبنا

عنوان آسیب‌پذیری

ارزش روز صفر

رفع آسیب‌پذیری

CVE-2022-26676

9.8

aEnrich a+HRD API Function privileges management

$2k-$5k

Not Defined

CVE-2022-26675

6.4

aEnrich a+HRD URL path traversal

$1k-$2k

Not Defined

CVE-2022-27062

3.5

AeroCMS add_post.php cross site scripting

$0-$1k

Not Defined

CVE-2022-27061

5.5

AeroCMS Admin Panel unrestricted upload

$1k-$2k

Not Defined

CVE-2022-27063

3.5

AeroCMS view_all_comments.php cross site scripting

$0-$1k

Not Defined

CVE-2022-0825

5.5

Amelia Plugin Appointment authorization

$1k-$2k

Official Fix

CVE-2022-0837

5.5

Amelia Plugin SMS Service authorization

$1k-$2k

Official Fix

CVE-2022-26612

5.5

Apache Hadoop unTarUsingJava symlink

$10k-$25k

Official Fix

CVE-2022-26850

4.3

Apache NiFi Login Credential Update temp file

$10k-$25k

Official Fix

CVE-2022-23974

3.5

Apache Pinot Pinot Table recursion

$2k-$5k

Official Fix

CVE-2021-40374

3.5

Apperta OpenEyes cross site scripting

$0-$1k

Not Defined

CVE-2021-40375

4.3

Apperta OpenEyes Server Response information exposure

$1k-$2k

Not Defined

CVE-2022-25596

8.8

Asus RT-AC56U out-of-bounds write

$2k-$5k

Not Defined

CVE-2022-25597

8.8

Asus RT-AC86U LPD Service os command injection

$2k-$5k

Not Defined

CVE-2022-25595

6.5

Asus RT-AC86U Request denial of service

$0-$1k

Not Defined

CVE-2022-23971

7.2

Asus RT-AX56U PORT path traversal

$1k-$2k

Not Defined

CVE-2022-23973

8.8

Asus RT-AX56U Profile Configuration out-of-bounds write

$2k-$5k

Not Defined

CVE-2022-23972

7.5

Asus RT-AX56U sql injection

$1k-$2k

Not Defined

CVE-2022-23970

7.2

Asus RT-AX56U URL Parameter update_json path traversal

$1k-$2k

Not Defined

CVE-2021-32984

9.8

Automation Direct CLICK PLC CPU authentication bypass

$2k-$5k

Official Fix

CVE-2021-32980

8.5

Automation Direct CLICK PLC CPU authentication bypass

$1k-$2k

Official Fix

CVE-2021-32986

9.8

Automation Direct CLICK PLC CPU authentication bypass

$2k-$5k

Official Fix

CVE-2021-32978

6.4

Automation Direct CLICK PLC CPU credentials storage

$2k-$5k

Official Fix

CVE-2021-32982

5.6

Automation Direct CLICK PLC CPU Project Transfer missing encryption

$0-$1k

Official Fix

CVE-2021-33010

6.4

AVEVA System Platform denial of service

$0-$1k

Not Defined

CVE-2021-33008

7.5

AVEVA System Platform missing authentication

$1k-$2k

Not Defined

CVE-2021-32985

7.2

AVEVA System Platform origin validation

$2k-$5k

Not Defined

CVE-2021-32981

5.9

AVEVA System Platform path traversal

$1k-$2k

Not Defined

CVE-2021-32977

6.9

AVEVA System Platform signature verification

$1k-$2k

Not Defined

CVE-2021-27117

7.0

beego profile.go GetCPUProfile symlink

$2k-$5k

Not Defined

CVE-2021-27116

7.0

beego profile.go MemProf symlink

$2k-$5k

Not Defined

CVE-2021-30080

5.5

beego Route Lookup access control

$1k-$2k

Official Fix

CVE-2022-0677

7.5

BitDefender Endpoint Security Tools Update Server denial of service

$0-$1k

Official Fix

CVE-2022-0405

4.3

Calibre-Web access control

$2k-$5k

Official Fix

CVE-2022-0406

5.3

Calibre-Web improper authorization

$2k-$5k

Official Fix

CVE-2022-0990

8.3

Calibre-Web server-side request forgery

$2k-$5k

Official Fix

CVE-2022-0939

6.8

Calibre-Web server-side request forgery

$1k-$2k

Official Fix

CVE-2022-20675

5.3

Cisco Email Security Appliance Service Port 199 denial of service

$10k-$25k

Official Fix

CVE-2022-20782

4.6

Cisco Identity Services Engine Web-based Management Interface privileges assignment

$10k-$25k

Official Fix

CVE-2022-20774

5.5

Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 Web-based Interface cross-site request forgery

$5k-$10k

Official Fix

CVE-2022-20741

4.4

Cisco Secure Network Analytics Network Diagrams Application cross site scripting

$2k-$5k

Official Fix

CVE-2022-20665

6.6

Cisco StarOS CLI command injection

$10k-$25k

Official Fix

CVE-2022-20781

4.4

Cisco Web Security Appliance Web-based Management Interface cross site scripting

$5k-$10k

Official Fix

CVE-2022-20784

6.6

Cisco Web Security Appliance Web-Based Reputation Score Engine access control

$25k-$50k

Official Fix

CVE-2022-20763

5.9

Cisco WebEx Meetings Application Login Authorization deserialization

$10k-$25k

Official Fix

CVE-2022-22518

5.9

CODESYS Control CmpUserMgr improper authorization

$2k-$5k

Not Defined

CVE-2022-22515

7.2

CODESYS Control Runtime System Configuration File exposure of resource

$1k-$2k

Not Defined

CVE-2022-22516

7.6

CODESYS Control Runtime System SysDrv3S Driver permission assignment

$2k-$5k

Not Defined

CVE-2022-22519

6.4

CODESYS Control Runtime System Webserver buffer overflow

$2k-$5k

Not Defined

CVE-2022-22513

6.9

CODESYS Products CmpSettings null pointer dereference

$0-$1k

Not Defined

CVE-2022-22514

6.8

CODESYS Products CmpSettings uninitialized pointer

$0-$1k

Not Defined

CVE-2022-22517

6.4

CODESYS Products Communication Channel random values

$1k-$2k

Not Defined

CVE-2022-24811

4.4

Combodo iTop HTML Attachment cross site scripting

$0-$1k

Official Fix

CVE-2021-41245

5.4

Combodo iTop privUITransactionFile cross-site request forgery

$0-$1k

Official Fix

CVE-2022-24780

8.8

Combodo iTop User Portal code injection

$2k-$5k

Official Fix

CVE-2022-24426

7.8

Dell Command Update/Alienware Update Advanced Driver Restore uncontrolled search path

$10k-$25k

Official Fix

CVE-2022-26855

5.5

Dell EMC PowerScale OneFS default permission

$5k-$25k

Not Defined

CVE-2022-26851

7.8

Dell EMC PowerScale OneFS Filename random values

$5k-$25k

Not Defined

CVE-2022-22563

4.1

Dell EMC PowerScale OneFS master.passwd unknown vulnerability

$5k-$25k

Not Defined

CVE-2022-24428

6.3

Dell EMC PowerScale OneFS Remote Filesystem permissions

$5k-$25k

Not Defined

CVE-2022-26854

8.1

Dell EMC PowerScale OneFS risky encryption

$5k-$25k

Not Defined

CVE-2022-26852

3.7

Dell EMC PowerScale OneFS weak prng

$5k-$25k

Not Defined

CVE-2021-33616

3.5

Dell EMC RSA Archer cross site scripting

$2k-$5k

Not Defined

CVE-2021-36293

6.4

Dell VNX2 os command injection

$5k-$25k

Not Defined

CVE-2021-36287

7.3

Dell VNX2 os command injection

$5k-$25k

Not Defined

CVE-2021-36288

7.3

Dell VNX2 path traversal

$5k-$25k

Not Defined

CVE-2021-36290

6.4

Dell VNX2 permission assignment

$5k-$25k

Not Defined

CVE-2022-23158

4.1

Dell Wyse Device Agent information disclosure

$1k-$2k

Not Defined

CVE-2022-23156

4.1

Dell Wyse Device Agent WMS Server improper authentication

$1k-$2k

Not Defined

CVE-2022-23157

3.3

Dell Wyse Device Agent WMS Server information disclosure

$1k-$2k

Not Defined

CVE-2022-23155

7.2

Dell Wyse Management Suite unrestricted upload

$10k-$25k

Not Defined

CVE-2022-1098

8.3

Delta Electronics DIAEnergie uncontrolled search path

$2k-$5k

Official Fix

CVE-2022-26952

6.3

Digi Passport Location Header improper authentication

$1k-$2k

Official Fix

CVE-2022-26953

6.3

Digi Passport reboot.asp buffer overflow

$2k-$5k

Official Fix

CVE-2021-43474

5.5

D-Link DIR-823G HNAP1 access control

$10k-$25k

Not Defined

CVE-2022-26670

8.8

D-Link DIR-878 Input Field os command injection

$10k-$25k

Not Defined

CVE-2020-27373

2.9

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 Bluetooth LE cleartext transmission

$0-$1k

Not Defined

CVE-2020-27374

6.3

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 BP Monitoring authentication replay

$1k-$2k

Not Defined

CVE-2020-27376

6.3

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 improper authentication

$1k-$2k

Not Defined

CVE-2020-27375

5.5

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 Privilege Escalation

$2k-$5k

Not Defined

CVE-2022-27346

6.3

Ecommece-Website PHP File unrestricted upload

$2k-$5k

Not Defined

CVE-2022-27436

3.5

Ecommerce-Website cross site scripting

$0-$1k

Not Defined

CVE-2022-27357

6.3

Ecommerce-Website PHP File customer_register.php unrestricted upload

$2k-$5k

Not Defined

CVE-2022-27435

6.3

Ecommerce-Website Product Image unrestricted upload

$2k-$5k

Not Defined

CVE-2021-26116

7.8

Fortinet FortiAuthenticator Command Line Interpreter os command injection

$2k-$5k

Official Fix

CVE-2021-43205

4.3

Fortinet FortiClient information disclosure

$1k-$2k

Not Defined

CVE-2021-44169

8.1

Fortinet FortiClient initialization

$2k-$5k

Not Defined

CVE-2021-22127

7.1

Fortinet FortiClient input validation

$2k-$5k

Official Fix

CVE-2022-23440

7.8

Fortinet FortiEDR hard-coded key

$0-$1k

Not Defined

CVE-2022-23441

8.2

Fortinet FortiEDR hard-coded key

$1k-$2k

Official Fix

CVE-2022-23446

3.5

Fortinet FortiEDR permission

$1k-$2k

Official Fix

CVE-2021-26104

8.3

Fortinet FortiManager/FortiAnalyzer/FortiPortal Command Line Interface os command injection

$2k-$5k

Not Defined

CVE-2020-29013

4.8

Fortinet FortiSandbox Sniffer Interface denial of service

$0-$1k

Official Fix

CVE-2021-32593

6.5

Fortinet FortiWan Dynamic Tunnel Protocol risky encryption

$1k-$2k

Official Fix

CVE-2021-32585

5.7

Fortinet FortiWAN HTTP Request cross site scripting

$0-$1k

Official Fix

CVE-2021-26114

9.3

Fortinet FortiWan HTTP sql injection

$2k-$5k

Official Fix

CVE-2021-26112

8.1

Fortinet FortiWan Network Daemon stack-based overflow

$2k-$5k

Official Fix

CVE-2021-26113

4.6

Fortinet FortiWan Password File inadequate encryption

$0-$1k

Official Fix

CVE-2021-24009

7.2

Fortinet FortiWan Web GUI os command injection

$2k-$5k

Official Fix

CVE-2021-41026

5.4

Fortinet FortiWeb path traversal

$1k-$2k

Not Defined

CVE-2022-0390

4.3

GitLab Community Edition/Enterprise Edition access control

$2k-$5k

Not Defined

CVE-2022-1100

4.3

GitLab Community Edition/Enterprise Edition API resource consumption

$0-$1k

Official Fix

CVE-2022-0740

3.7

GitLab Community Edition/Enterprise Edition Asana improper authorization

$2k-$5k

Official Fix

CVE-2022-0741

4.0

GitLab Community Edition/Enterprise Edition Email Address information disclosure

$0-$1k

Not Defined

CVE-2022-0489

3.5

GitLab Community Edition/Enterprise Edition Formula denial of service

$0-$1k

Not Defined

CVE-2022-1148

4.5

GitLab Community Edition/Enterprise Edition improper authorization

$2k-$5k

Official Fix

CVE-2022-1189

3.1

GitLab Community Edition/Enterprise Edition information disclosure

$1k-$2k

Official Fix

CVE-2022-1120

3.7

GitLab Community Edition/Enterprise Edition information exposure

$0-$1k

Official Fix

CVE-2022-0425

5.9

GitLab Community Edition/Enterprise Edition IRC Gateway server-side request forgery

$2k-$5k

Not Defined

CVE-2021-39908

5.9

GitLab Community Edition/Enterprise Edition Merge Request unknown vulnerability

$2k-$5k

Official Fix

CVE-2022-1190

6.1

GitLab Community Edition/Enterprise Edition Multi-Word Milestone Reference cross site scripting

$0-$1k

Official Fix

CVE-2022-1175

6.1

GitLab Community Edition/Enterprise Edition Note cross site scripting

$0-$1k

Official Fix

CVE-2022-1162

8.2

GitLab Community Edition/Enterprise Edition OmniAuth hard-coded password

$1k-$2k

Official Fix

CVE-2022-1105

4.3

GitLab Community Edition/Enterprise Edition Pipeline Analytic access control

$2k-$5k

Official Fix

CVE-2022-1111

3.0

GitLab Community Edition/Enterprise Edition Project Membership Page behavioral workflow

$1k-$2k

Official Fix

CVE-2022-1185

5.4

GitLab Community Edition/Enterprise Edition RDoc denial of service

$0-$1k

Not Defined

CVE-2022-1188

4.6

GitLab Community Edition/Enterprise Edition Repository Mirror server-side request forgery

$1k-$2k

Official Fix

CVE-2022-1174

4.3

GitLab Community Edition/Enterprise Edition resource consumption

$0-$1k

Official Fix

CVE-2022-1121

5.3

GitLab Community Edition/Enterprise Edition resource consumption

$0-$1k

Official Fix

CVE-2022-0373

4.3

GitLab Community Edition/Enterprise Edition Service Desk Email Address access control

$2k-$5k

Not Defined

CVE-2022-1099

4.3

GitLab Community Edition/Enterprise Edition Tag denial of service

$0-$1k

Official Fix

CVE-2022-1232

6.3

Google Chrome V8 type confusion

$50k-$100k

Official Fix

CVE-2022-27146

3.5

GPAC gf_isom_apple_enum_tag heap-based overflow

$1k-$2k

Not Defined

CVE-2022-1222

3.6

GPAC infinite loop

$0-$1k

Official Fix

CVE-2022-27145

5.5

GPAC MP4Box gf_isom_get_sample_for_movie_time stack-based overflow

$2k-$5k

Not Defined

CVE-2022-27147

5.5

GPAC MP4Box gf_node_get_attribute_by_tag use after free

$2k-$5k

Not Defined

CVE-2022-27148

5.5

GPAC MP4Box integer overflow

$2k-$5k

Not Defined

CVE-2022-23700

3.3

HPE OneView access control

$5k-$10k

Official Fix

CVE-2022-23697

3.5

HPE OneView cross site scripting

$2k-$5k

Official Fix

CVE-2022-23699

5.3

HPE OneView improper authentication

$2k-$5k

Official Fix

CVE-2022-23698

5.3

HPE OneView information disclosure

$5k-$10k

Official Fix

CVE-2022-26110

5.5

HTCondor CLAIMTOBE Method improper authentication

$1k-$2k

Official Fix

CVE-2021-45104

5.0

HTCondor Network Data channel accessible

$2k-$5k

Official Fix

CVE-2021-45103

5.5

HTCondor S3 Cloud Storage access control

$1k-$2k

Official Fix

CVE-2022-22356

4.2

IBM MQ Appliance information exposure

$5k-$10k

Official Fix

CVE-2022-22355

5.3

IBM MQ Appliance Login denial of service

$5k-$10k

Official Fix

CVE-2022-22339

6.3

IBM Planning Analytics server-side request forgery

$10k-$25k

Official Fix

CVE-2020-4668

4.3

IBM Sterling B2B Integrator Standard Edition cross-site request forgery

$5k-$10k

Official Fix

CVE-2022-22410

4.1

IBM Watson Query information disclosure

$5k-$10k

Official Fix

CVE-2021-41751

5.5

JerryScript ecma-builtin-array-prototype.c ecma_builtin_array_prototype_object_slice buffer overflow

$2k-$5k

Official Fix

CVE-2021-43453

5.5

JerryScript js-parser-statm.c parser_parse_for_statement_start heap-based overflow

$2k-$5k

Not Defined

CVE-2021-41752

5.5

JerryScript opt stack-based overflow

$2k-$5k

Official Fix

CVE-2022-28651

6.3

JetBrains IntelliJ IDEA Protected Field information disclosure

$1k-$2k

Official Fix

CVE-2022-28650

5.4

JetBrains YouTrack Classic UI cross site scripting

$0-$1k

Official Fix

CVE-2022-28648

4.6

JetBrains YouTrack Issue Description cross site scriting

$0-$1k

Official Fix

CVE-2022-28649

5.1

JetBrains YouTrack Issue Description unknown vulnerability

$2k-$5k

Official Fix

CVE-2021-27223

6.5

Kaspersky Anti-Virus/Endpoint Security Binary Module denial of service

$0-$1k

Not Defined

CVE-2022-27534

6.3

Kaspersky Anti-Virus/Endpoint Security Data Parser Remote Code Execution

$2k-$5k

Official Fix

CVE-2021-3461

5.5

Keycloak session expiration

$1k-$2k

Not Defined

CVE-2022-27046

5.5

libsixel dither.c use after free

$2k-$5k

Not Defined

CVE-2021-41715

5.5

libsixel dither.c use after free

$2k-$5k

Not Defined

CVE-2021-40656

5.5

libsixel quant.c buffer overflow

$2k-$5k

Official Fix

CVE-2022-27044

5.5

libsixel quant.c buffer overflow

$2k-$5k

Not Defined

CVE-2022-28390

7.8

Linux Kernel ems_usb.c ems_usb_start_xmit double free

$10k-$25k

Official Fix

CVE-2022-28389

7.8

Linux Kernel mcba_usb.c mcba_usb_start_xmit double free

$10k-$25k

Official Fix

CVE-2021-3847

6.3

Linux Kernel OverlayFS Subsystem permissions

$10k-$25k

Not Defined

CVE-2022-28356

7.5

Linux Kernel Refcount af_llc.c memory leak

$2k-$5k

Official Fix

CVE-2022-28796

5.5

Linux Kernel transaction.c jbd2_journal_wait_updates use after free

$10k-$25k

Official Fix

CVE-2022-28388

7.8

Linux Kernel usb_8dev.c usb_8dev_start_xmit double free

$10k-$25k

Official Fix

CVE-2022-1234

6.5

livehelperchat cross site scripting

$0-$1k

Official Fix

CVE-2022-0935

7.5

livehelperchat Password Reset behavioral workflow

$2k-$5k

Official Fix

CVE-2022-1213

6.3

livehelperchat server-side request forgery

$2k-$5k

Official Fix

CVE-2022-1235

5.6

livehelperchat unknown vulnerability

$0-$1k

Official Fix

CVE-2021-32933

9.9

MDT Autosave API command injection

$2k-$5k

Official Fix

CVE-2021-32961

7.5

MDT Autosave getfile unrestricted upload

$2k-$5k

Official Fix

CVE-2021-32945

5.6

MDT AutoSave inadequate encryption

$0-$1k

Official Fix

CVE-2021-32949

7.0

MDT AutoSave path traversal

$1k-$2k

Official Fix

CVE-2021-32957

7.4

MDT Autosave sql injection

$2k-$5k

Official Fix

CVE-2021-32953

8.5

MDT Autosave sql injection

$2k-$5k

Official Fix

CVE-2021-32937

6.4

MDT AutoSave Working Directory information exposure

$1k-$2k

Official Fix

CVE-2022-26912

8.3

Microsoft Edge Remote Code Execution

$50k-$100k

Official Fix

CVE-2022-26909

8.3

Microsoft Edge Remote Code Execution

$50k-$100k

Official Fix

CVE-2022-26908

8.3

Microsoft Edge Remote Code Execution

$50k-$100k

Official Fix

CVE-2022-26900

8.3

Microsoft Edge Remote Code Execution

$50k-$100k

Official Fix

CVE-2022-26895

8.3

Microsoft Edge Remote Code Execution

$50k-$100k

Official Fix

CVE-2022-26894

8.3

Microsoft Edge Remote Code Execution

$50k-$100k

Official Fix

CVE-2022-26891

8.3

Microsoft Edge Remote Code Execution

$50k-$100k

Official Fix

CVE-2022-24475

8.3

Microsoft Edge Remote Code Execution

$50k-$100k

Official Fix

CVE-2022-24523

4.3

Microsoft Edge unknown vulnerability

$50k-$100k

Official Fix

CVE-2022-25159

5.6

Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ authentication replay

$1k-$2k

Not Defined

CVE-2022-25160

5.3

Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ cleartext storage

$1k-$2k

Not Defined

CVE-2022-25158

3.1

Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ Password Hash cleartext storage

$0-$1k

Not Defined

CVE-2022-25155

5.6

Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ Password Hash Handler authentication replay

$1k-$2k

Not Defined

CVE-2022-25157

5.6

Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ Password Hash Handler improper authentication

$1k-$2k

Not Defined

CVE-2022-25156

3.7

Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ unknown vulnerability

$0-$1k

Not Defined

CVE-2021-32968

7.5

Moxa IAW5000A buffer overflow

$2k-$5k

Not Defined

CVE-2021-32970

6.4

Moxa NPort IAW5000A Web Server denial of service

$0-$1k

Not Defined

CVE-2021-32974

9.8

Moxa NPort IAW5000A Web Server input validation

$2k-$5k

Not Defined

CVE-2021-32976

9.8

Moxa NPort IAW5000A Web Server stack-based overflow

$2k-$5k

Not Defined

CVE-2022-1201

5.3

mruby Interpreter mrb_vm_exec null pointer dereference

$0-$1k

Official Fix

CVE-2022-1212

8.3

mruby str_escape use after free

$2k-$5k

Official Fix

CVE-2022-27306

5.5

Node.js Hostname url.parse Privilege Escalation

$2k-$5k

Official Fix

CVE-2021-44109

4.3

Open5GS sbi Request message.c denial of service

$0-$1k

Official Fix

CVE-2021-44108

4.3

Open5GS sbi Request namf-handler.c null pointer dereference

$0-$1k

Official Fix

CVE-2022-27108

5.5

OrangeHRM createTimesheet authorization

$1k-$2k

Not Defined

CVE-2022-27110

5.5

OrangeHRM Host Header injection

$2k-$5k

Not Defined

CVE-2022-27109

4.9

OrangeHRM Referer Header injection

$1k-$2k

Not Defined

CVE-2022-27107

3.5

OrangeHRM Share Video cross site scripting

$0-$1k

Not Defined

CVE-2021-33022

5.6

Philips Vue PACS cleartext transmission

$0-$1k

Not Defined

CVE-2021-33024

3.7

Philips Vue PACS insufficiently protected credentials

$1k-$2k

Not Defined

CVE-2021-33020

7.2

Philips Vue PACS key management

$2k-$5k

Not Defined

CVE-2021-27493

6.2

Philips Vue PACS Message Remote Code Execution

$2k-$5k

Not Defined

CVE-2021-27501

7.5

Philips Vue PACS neutralization

$2k-$5k

Not Defined

CVE-2021-27497

6.0

Philips Vue PACS protection mechanism

$2k-$5k

Not Defined

CVE-2021-33018

5.3

Philips Vue PACS risky encryption

$0-$1k

Not Defined

CVE-2022-26613

6.3

PHP-CMS categorymenu.php sql injection

$1k-$2k

Not Defined

CVE-2022-27992

6.3

PHPGurukul Zoo Management System animals sql injection

$1k-$2k

Not Defined

CVE-2022-27351

6.3

PHPGurukul Zoo Management System PHP File apply_vacancy unrestricted upload

$2k-$5k

Not Defined

CVE-2022-1223

5.4

phpipam access control

$2k-$5k

Official Fix

CVE-2022-1224

5.4

phpipam improper authorization

$2k-$5k

Official Fix

CVE-2022-1225

5.4

phpipam privileges assignment

$2k-$5k

Official Fix

CVE-2022-24793

6.4

PJSIP DNS Resolution buffer overflow

$2k-$5k

Official Fix

CVE-2022-24786

8.5

PJSIP RTCP Feedback RPSI Packet pjmedia_rtcp_fb_parse_rpsi out-of-bounds write

$2k-$5k

Official Fix

CVE-2022-1237

7.4

radare2 array index

$2k-$5k

Official Fix

CVE-2022-1244

6.4

radare2 heap-based overflow

$2k-$5k

Official Fix

CVE-2022-1240

6.9

radare2 mach0.c r_str_ncpy heap-based overflow

$2k-$5k

Official Fix

CVE-2022-1238

6.9

radare2 ne.c heap-based overflow

$2k-$5k

Official Fix

CVE-2022-1207

5.0

radare2 out-of-bounds read

$0-$1k

Official Fix

CVE-2022-1283

5.0

radare2 r_bin_ne_get_entrypoints null pointer dereference

$0-$1k

Official Fix

CVE-2022-1284

6.4

radare2 use after free

$2k-$5k

Official Fix

CVE-2021-32960

8.0

Rockwell Automation FactoryTalk Services Platform Policy access control

$2k-$5k

Not Defined

CVE-2022-1018

5.5

Rockwell Automation ISaGRAF Solution File xml external entity reference

$1k-$2k

Not Defined

CVE-2021-43462

3.5

Rumble Mail Server cross site scripting

$0-$1k

Not Defined

CVE-2021-43461

3.5

Rumble Mail Server cross site scripting

$0-$1k

Not Defined

CVE-2021-43459

3.5

Rumble Mail Server cross site scripting

$0-$1k

Not Defined

CVE-2021-43456

6.3

Rumble Mail Server File unquoted search path

$2k-$5k

Not Defined

CVE-2022-25154

6.3

Samsung Portable SSD T5 PC access control

$2k-$5k

Official Fix

CVE-2022-1248

7.3

SAP Information System POST Request add_admin.php improper authentication

$1k-$2k

Not Defined

CVE-2021-45894

3.7

Softwarebüro Zauner ARC cleartext transmission

$0-$1k

Not Defined

CVE-2021-45893

5.0

Softwarebüro Zauner ARC comparison

$2k-$5k

Not Defined

CVE-2021-45892

3.5

Softwarebüro Zauner ARC credentials storage

$1k-$2k

Not Defined

CVE-2021-45891

5.5

Softwarebüro Zauner ARC permission

$1k-$2k

Not Defined

CVE-2021-36776

7.5

SUSE Rancher access control

$10k-$25k

Official Fix

CVE-2021-36775

7.5

SUSE Rancher access control

$10k-$25k

Official Fix

CVE-2022-26251

5.5

Synametrics Synaman HTTP Interface access control

$1k-$2k

Not Defined

CVE-2022-26250

5.5

Synametrics Synaman permission

$1k-$2k

Not Defined

CVE-2022-27016

5.5

Tenda AC9 httpd Service SetStaticRouteCfg stack-based overflow

$2k-$5k

Not Defined

CVE-2022-27022

8.0

Tenda AC9 SetSysTimeCfg stack-based overflow

$2k-$5k

Not Defined

CVE-2022-27441

3.5

TPCMS cross site scripting

$0-$1k

Not Defined

CVE-2022-27442

3.5

TPCMS information disclosure

$0-$1k

Not Defined

CVE-2022-27883

6.3

Trend Micro Antivirus symlink

$5k-$25k

Not Defined

CVE-2022-22964

7.8

VMware Horizon Client Configuration File access control

$10k-$25k

Official Fix

CVE-2022-22962

7.8

VMware Horizon Client symlink

$10k-$25k

Official Fix

CVE-2022-22950

4.3

VMware Spring Framework SpEL Expression allocation of resources

$5k-$10k

Official Fix

CVE-2022-22960

7.8

Vmware Workspace ONE Access access control

$10k-$25k

Official Fix

CVE-2022-22961

5.3

Vmware Workspace ONE Access information disclosure

$5k-$10k

Official Fix

CVE-2022-22958

7.2

VMware Workspace ONE Access JDBC deserialization

$10k-$25k

Official Fix

CVE-2022-22957

7.2

VMware Workspace ONE Access JDBC deserialization

$10k-$25k

Official Fix

CVE-2022-22959

4.3

Vmware Workspace ONE Access JDBC URI cross-site request forgery

$5k-$10k

Official Fix

CVE-2022-22956

9.8

Vmware Workspace ONE Access OAuth2 ACS Framework improper authentication

$10k-$25k

Official Fix

CVE-2022-22955

9.8

Vmware Workspace ONE Access OAuth2 ACS Framework improper authentication

$10k-$25k

Official Fix

CVE-2022-22954

9.8

Vmware Workspace ONE Access/Identity Manager Template injection

$10k-$25k

Official Fix

CVE-2022-1168

3.5

WP JobSearch Plugin cross site scripting

$0-$1k

Official Fix

CVE-2022-26361

5.5

Xen PCI Device memory corruption

$10k-$25k

Official Fix

CVE-2022-26360

5.5

Xen PCI Device memory corruption

$10k-$25k

Official Fix

CVE-2022-26359

5.5

Xen PCI Device memory corruption

$10k-$25k

Official Fix

CVE-2022-26358

5.5

Xen PCI Device memory corruption

$10k-$25k

Official Fix

CVE-2022-26356

2.6

Xen VRAM Tracking XEN_DMOP_track_dirty_vram memory leak

$2k-$5k

Official Fix

CVE-2022-26357

4.3

Xen VT-d Domain ID Cleanup memory leak

$0-$1k

Official Fix

CVE-2022-24820

5.3

XWiki Platform information disclosure

$0-$5k

Official Fix

CVE-2022-24819

5.3

XWiki Platform information disclosure

$0-$5k

Official Fix

CVE-2022-24821

5.1

XWiki Platform SSX/JSX access control

$1k-$2k

Official Fix

CVE-2022-24978

6.3

Zoho ManageEngine ADAudit Password Field access control

$2k-$5k

Official Fix

CVE-2022-28219

7.3

Zoho ManageEngine ADAudit xml external entity reference

$1k-$2k

Official Fix

CVE-2022-24681

3.5

Zoho ManageEngine ADSelfService cross site scripting

$0-$1k

Official Fix

CVE-2022-25245

3.5

Zoho ManageEngine ServiceDesk Plus information disclosure

$0-$1k

Official Fix

CVE-2022-25373

3.5

Zoho ManageEngine SupportCenter Plus Request History cross site scripting

$0-$1k

Official Fix

CVE-2022-26671

7.3

ZTE Security Dr.ID Access Control System hard-coded credentials

$1k-$2k

Not Defined