آسیبپذیریهای حیاتی هفته اول فروردینماه
این هفته آسیبپذیریهای «حیاتی» و «پرخطر» بسیاری در محصولات مهم Google گزارش و وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شد. همچنین در محصولات شرکتهای Sophos، McAfee، Rockwell ، IBM، Netgear، Facebook و کرنل لینوکس چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت.
لیست این آسیبپذیریها بههمراه سطح خطر آنها در جدول زیر آمده است.
|
شناسه آسیبپذیری |
امتیاز مبنا |
عنوان آسیبپذیری |
ارزش روز صفر |
رفع آسیبپذیری |
|
CVE-2022-0627 |
۳.۵ |
Amelia Plugin Admin Page cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2022-0834 |
۴.۹ |
Amelia Plugin Booking Calendar AddCustomerController.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-0616 |
۴.۳ |
Amelia Plugin cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2022-0687 |
۵.۵ |
Amelia Plugin Image Blob code injection |
$۱k-$2k |
Official Fix |
|
CVE-2022-26526 |
۶.۳ |
Anaconda/Miniconda3 Environment Variable uncontrolled search path |
$۲k-$5k |
Not Defined |
|
CVE-2022-25576 |
۴.۳ |
Anchor CMS Post posts.php cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2021-44040 |
۵.۵ |
Apache Traffic Server Request Line Parser input validation |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-44759 |
۷.۳ |
Apache Traffic Server TLS Origin improper authentication |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-20095 |
۶.۳ |
Apple iOS iMessage clickjacking |
$۵۰k-$100k |
Not Defined |
|
CVE-2022-24768 |
۸.۱ |
Argo CD access control |
$۲k-$5k |
Official Fix |
|
CVE-2022-24731 |
۴.۷ |
Argo CD path traversal |
$۱k-$2k |
Official Fix |
|
CVE-2022-24730 |
۶.۰ |
Argo CD path traversal |
$۱k-$2k |
Official Fix |
|
CVE-2021-45757 |
۵.۷ |
Asus RT-AC68U blocking.cgi denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-45756 |
۵.۵ |
Asus RT-AC68U/RT-AC5300 blocking_request.cgi buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2022-25248 |
۵.۳ |
Axeda Agent/Desktop Server information disclosure |
$۱k-$2k |
Not Defined |
|
CVE-2022-25252 |
۷.۴ |
Axeda Agent/Desktop Server Service missing authentication |
$۱k-$2k |
Not Defined |
|
CVE-2022-25250 |
۷.۴ |
Axeda Agent/Desktop Server Service missing authentication |
$۱k-$2k |
Not Defined |
|
CVE-2022-25249 |
۶.۴ |
Axeda Agent/Desktop Server Web Server path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2022-25251 |
۸.۵ |
Axeda Agent/Desktop Server XML Message missing authentication |
$۱k-$2k |
Not Defined |
|
CVE-2022-23346 |
۵.۵ |
Bigantsoft BigAnt Server access control |
$۱k-$2k |
Not Defined |
|
CVE-2022-23345 |
۵.۵ |
Bigantsoft BigAnt Server access control |
$۱k-$2k |
Not Defined |
|
CVE-2022-23350 |
۳.۵ |
Bigantsoft BigAnt Server cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-23349 |
۴.۳ |
Bigantsoft BigAnt Server cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2022-23352 |
۳.۵ |
Bigantsoft BigAnt Server denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2022-23347 |
۵.۵ |
Bigantsoft BigAnt Server pathname traversal |
$۱k-$2k |
Not Defined |
|
CVE-2022-23348 |
۲.۶ |
Bigantsoft BigAnt Server unknown vulnerability |
$۰-$۱k |
Not Defined |
|
CVE-2021-38745 |
۵.۵ |
Chamilo LMS Plugin code injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-40662 |
۴.۳ |
Chamilo LMS URL cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2021-40905 |
۶.۳ |
CheckMK Enterprise Edition Web Management Console unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2021-40904 |
۶.۳ |
CheckMK Raw Edition Web Management Console Privilege Escalation |
$۲k-$5k |
Not Defined |
|
CVE-2021-40906 |
۴.۳ |
CheckMK Raw Edition Web Service cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-43736 |
۶.۳ |
CmsWing Privilege Escalation |
$۲k-$5k |
Not Defined |
|
CVE-2021-43735 |
۶.۳ |
CmsWing sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-0514 |
۵.۹ |
crater-invoice behavioral workflow |
$۲k-$5k |
Official Fix |
|
CVE-2022-0515 |
۴.۳ |
crater-invoice cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2022-1033 |
۶.۷ |
crater-invoice unrestricted upload |
$۲k-$5k |
Official Fix |
|
CVE-2021-44127 |
۵.۵ |
D-Link DAP-1360 F1 webupg os command injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-31326 |
۵.۴ |
D-Link DIR-816 A2 form2Reboot.cgi denial of service |
$۲k-$5k |
Not Defined |
|
CVE-2022-26258 |
۶.۳ |
D-Link DIR-820L lan.asp Privilege Escalation |
$۱۰k-$25k |
Not Defined |
|
CVE-2022-26659 |
۶.۳ |
Docker Desktop Log File symlink |
$۲k-$5k |
Official Fix |
|
CVE-2021-39383 |
۶.۳ |
DWSurvey SysPropertyAction.java Privilege Escalation |
$۲k-$5k |
Not Defined |
|
CVE-2021-39384 |
۵.۵ |
DWSurvey ToHtmlServlet.java access control |
$۱k-$2k |
Not Defined |
|
CVE-2021-42194 |
۵.۵ |
EyouCMS Index.php wechat_return xml external entity reference |
$۱k-$2k |
Not Defined |
|
CVE-2022-26273 |
۵.۵ |
EyouCMS Payment shop.php behavioral workflow |
$۱k-$2k |
Not Defined |
|
CVE-2022-26279 |
۵.۵ |
EyouCMS sqldata access control |
$۱k-$2k |
Not Defined |
|
CVE-2020-20094 |
۴.۳ |
Facebook Instagram URL clickjacking |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-20093 |
۶.۳ |
Facebook Messenger URL clickjacking |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-20096 |
۶.۳ |
Facebook WhatsApp URL clickjacking |
$۱۰k-$25k |
Not Defined |
|
CVE-2022-0145 |
۴.۶ |
ForkCMS cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2022-1064 |
۷.۶ |
ForkCMS Marking Blog Comment sql injection |
$۱k-$2k |
Official Fix |
|
CVE-2022-0153 |
۷.۹ |
ForkCMS sql injection |
$۱k-$2k |
Official Fix |
|
CVE-2021-44751 |
۵.۳ |
F-Secure Safe Browser USSD Code access control |
$۲k-$5k |
Official Fix |
|
CVE-2021-27430 |
۷.۶ |
GE UR IED Boot Sequence hard-coded credentials |
$۰-$۱k |
Not Defined |
|
CVE-2021-27428 |
۹.۸ |
GE UR IED Enervista UR Setup unrestricted upload |
$۲k-$5k |
Official Fix |
|
CVE-2021-27426 |
۹.۸ |
GE UR IED Factory Mode config |
$۲k-$5k |
Official Fix |
|
CVE-2021-27420 |
۵.۳ |
GE UR IED HTTP Verb denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-27424 |
۵.۳ |
GE UR IED Modbus information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2021-27418 |
۴.۸ |
GE UR IED Web Interface cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-27422 |
۶.۴ |
GE UR IED Web Server Interface information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2022-27811 |
۵.۵ |
GNOME OCRFeeder Filename os command injection |
$۱k-$2k |
Official Fix |
|
CVE-2022-27943 |
۳.۵ |
GNU gcc rust-demangle.c demangle_const resource consumption |
$۰-$۱k |
Official Fix |
|
CVE-2021-39698 |
۵.۳ |
Google Android aio.c aio_poll_complete_work memory corruption |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39693 |
۵.۳ |
Google Android AppOpsService.java onUidStateChanged state issue |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39707 |
۵.۳ |
Google Android AppRestrictionsFragment.java onReceive permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39733 |
۴.۲ |
Google Android audiometrics.c amcs_cdev_unlocked_ioctl out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39695 |
۵.۳ |
Google Android BasePermission.java createOrUpdate permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39701 |
۵.۳ |
Google Android ControlsProviderLifecycleManager.kt serviceConnection permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39706 |
۵.۳ |
Google Android CredentialStorage.java onResume permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39697 |
۵.۳ |
Google Android DownloadProvider.java checkFileUriDestination permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0957 |
۵.۳ |
Google Android Factory Reset NotificationStackScrollLayout.java NotificationStackScrollLayout stack-based overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39735 |
۴.۲ |
Google Android gasket_page_table.c gasket_alloc_coherent_memory memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39725 |
۴.۲ |
Google Android gasket_page_table.c gasket_free_coherent_memory_all memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39714 |
۵.۳ |
Google Android ion.c ion_buffer_kmap_get integer overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39705 |
۳.۳ |
Google Android LegacyVoicemailNotifier.java getNotificationTag information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39719 |
۴.۲ |
Google Android lwis_device_top.c lwis_top_register_io out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39732 |
۵.۳ |
Google Android lwis_ioctl.c copy_io_entries out-of-bounds write |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39736 |
۴.۲ |
Google Android lwis_ioctl.c prepare_response out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39793 |
۵.۳ |
Google Android mali_kbase_mem.c kbase_jd_user_buf_pin_pages out-of-bounds write |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39704 |
۵.۳ |
Google Android NotificationManagerService.java deleteNotificationChannelGroup permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39689 |
۴.۲ |
Google Android odsign_main.cpp Local Privilege Escalation |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39721 |
۴.۲ |
Google Android out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39624 |
۵.۵ |
Google Android Package Manger resource consumption |
$۵k-$10k |
Official Fix |
|
CVE-2021-39731 |
۴.۲ |
Google Android protocolstkadapter.cpp Init out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39718 |
۵.۳ |
Google Android protocolstkadapter.cpp Init out-of-bounds write |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39734 |
۵.۳ |
Google Android RCS Message OneToOneChatImpl.java sendMessage permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39702 |
۴.۸ |
Google Android RequestManageCredentials.java onCreate improper restriction of rendered ui layers |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39694 |
۵.۳ |
Google Android RoleParser.java parse permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39709 |
۵.۳ |
Google Android SipAccountRegistry.java sendSipAccountsRemovedNotification permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39729 |
۴.۲ |
Google Android TitanM Chip out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39685 |
۵.۳ |
Google Android USB Gadget Subsystem out-of-bounds write |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39703 |
۵.۳ |
Google Android UsbDeviceManager.java updateState improper authorization |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39712 |
۲.۳ |
Google Android use after free |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39690 |
۳.۳ |
Google Android WallpaperManagerService.java setDisplayPadding denial of service |
$۵k-$10k |
Official Fix |
|
CVE-2021-39692 |
۴.۸ |
Google Android Work Profile SetupLayoutActivity.java onCreate improper restriction of rendered ui layers |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-0978 |
۶.۳ |
Google Chrome ANGLE use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-0975 |
۶.۳ |
Google Chrome ANGLE use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-0971 |
۶.۳ |
Google Chrome Blink Layout use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-0977 |
۶.۳ |
Google Chrome Browser UI use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-0972 |
۶.۳ |
Google Chrome Extensions use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-0976 |
۶.۳ |
Google Chrome GPU heap-based overflow |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-0980 |
۶.۳ |
Google Chrome New Tab Page use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-0979 |
۶.۳ |
Google Chrome Safe Browsing use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-0973 |
۶.۳ |
Google Chrome Safe Browsing use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-0974 |
۶.۳ |
Google Chrome Splitscreen use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-27191 |
۳.۵ |
Google Go ssh Library denial of service |
$۲k-$5k |
Official Fix |
|
CVE-2021-22571 |
۴.۴ |
Google SA360 tmp permission |
$۵k-$10k |
Official Fix |
|
CVE-2022-24291 |
۷.۵ |
HP Color LaserJet Pro denial of service |
$۵k-$10k |
Official Fix |
|
CVE-2022-24293 |
۹.۸ |
HP Color LaserJet Pro Remote Code Execution |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-24292 |
۹.۸ |
HP Color LaserJet Pro Remote Code Execution |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-23158 |
۴.۳ |
htmldoc ps-pdf.cxx pspdf_export double free |
$۲k-$5k |
Official Fix |
|
CVE-2021-23165 |
۶.۳ |
htmldoc ps-pdf.cxx pspdf_prepare_outpages heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2022-22316 |
۵.۳ |
IBM MQ Appliance denial of service |
$۲k-$5k |
Official Fix |
|
CVE-2022-22374 |
۶.۰ |
IBM Power 9 OP940 downgrade |
$۵k-$10k |
Official Fix |
|
CVE-2022-22394 |
۶.۹ |
IBM Spectrum Protect access control |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-26600 |
۴.۶ |
ImpressCMS autologin.php type confusion |
$۱k-$2k |
Official Fix |
|
CVE-2021-26598 |
۶.۳ |
ImpressCMS findusers.php access control |
$۲k-$5k |
Official Fix |
|
CVE-2021-26599 |
۶.۳ |
ImpressCMS findusers.php sql injection |
$۱k-$2k |
Official Fix |
|
CVE-2021-26601 |
۵.۵ |
ImpressCMS image-edit.php pathname traversal |
$۱k-$2k |
Official Fix |
|
CVE-2022-0635 |
۷.۵ |
ISC BIND DNSSEC query.c query_dname assertion |
$۵k-$10k |
Official Fix |
|
CVE-2022-0667 |
۷.۵ |
ISC BIND DS Record resume_dslookup assertion |
$۵k-$10k |
Official Fix |
|
CVE-2021-25220 |
۳.۸ |
ISC BIND Forwarder dns rebinding |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-0396 |
۵.۳ |
ISC BIND TCP Packet denial of service |
$۵k-$10k |
Official Fix |
|
CVE-2021-28275 |
۳.۵ |
jhead exif.c Get16u denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-28278 |
۵.۵ |
jhead jpgfile.c RemoveSectionType heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-28277 |
۵.۵ |
jhead jpgfile.c RemoveUnknownSections heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-28276 |
۳.۵ |
jhead makernote.c ProcessCanonMakerNoteDir denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2022-24757 |
۷.۵ |
Jupyter Server log file |
$۱k-$2k |
Official Fix |
|
CVE-2022-25949 |
۶.۳ |
Kingsoft Internet Security 9 Plus Kernel Mode Driver stack-based overflow |
$۱۰k-$25k |
Not Defined |
|
CVE-2022-26081 |
۶.۳ |
Kingsoft WPS Office Installer shcore.dll uncontrolled search path |
$۲k-$5k |
Not Defined |
|
CVE-2022-25969 |
۶.۳ |
Kingsoft WPS Office Installer VERSION.DLL uncontrolled search path |
$۲k-$5k |
Not Defined |
|
CVE-2022-24934 |
۵.۵ |
Kingsoft WPS Office Registry wpsupdater.exe access control |
$۱k-$2k |
Not Defined |
|
CVE-2022-26511 |
۶.۳ |
Kingsoft WPS Presentation PPS File d3dx9_41.dll uncontrolled search path |
$۲k-$5k |
Not Defined |
|
CVE-2022-0500 |
۶.۳ |
Linux Kernel BPF Subsystem memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-4149 |
۶.۵ |
Linux Kernel btrfs extent-tree.c btrfs_alloc_tree_b locking |
$۲k-$5k |
Official Fix |
|
CVE-2022-0854 |
۳.۳ |
Linux Kernel DMA Subsystem swiotlb.c DMA_FROM_DEVICE memory leak |
$۱k-$2k |
Official Fix |
|
CVE-2022-27666 |
۵.۵ |
Linux Kernel ESP Transformation esp4.c buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-4148 |
۶.۵ |
Linux Kernel Filesystem buffer.c block_invalidatepage improper validation of integrity check value |
$۲k-$5k |
Official Fix |
|
CVE-2022-1011 |
۶.۳ |
Linux Kernel FUSE Filesystem dev.c write cleanup |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-0330 |
۶.۳ |
Linux Kernel GPU i915 Kernel Driver memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-27950 |
۳.۵ |
Linux Kernel hid-elo.c hid_parse memory leak |
$۲k-$5k |
Official Fix |
|
CVE-2022-0742 |
۹.۱ |
Linux Kernel ICMPv6 Packet igmp6_event_report resource consumption |
$۵k-$10k |
Official Fix |
|
CVE-2021-4197 |
۷.۶ |
Linux Kernel Namespace Subsystem improper authentication |
$۵k-$10k |
Official Fix |
|
CVE-2021-4202 |
۵.۰ |
Linux Kernel NFC Controller Interface core.c nci_request use after free |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-4157 |
۷.۶ |
Linux Kernel NFS Subsystem decode_nfs_fh memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-4150 |
۶.۵ |
Linux Kernel Partition core.c add_partition use after free |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-45868 |
۵.۵ |
Linux Kernel Quota Tree quota_tree.c use after free |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-0494 |
۴.۳ |
Linux Kernel scsi_ioctl.c scsi_ioctl information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2022-0322 |
۴.۳ |
Linux Kernel SCTP Network Protocol sm_make_chunk.c sctp_make_strreset_req numeric conversion |
$۲k-$5k |
Official Fix |
|
CVE-2021-4203 |
۷.۶ |
Linux Kernel sock.c sock_getsockopt use after free |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-0435 |
۷.۶ |
Linux Kernel TIPC Protocol Subsystem stack-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-0995 |
۷.۶ |
Linux Kernel watch_queue Subsystem out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-27887 |
۳.۵ |
Maccms data.html cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-27885 |
۳.۵ |
Maccms data.html cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-26573 |
۳.۵ |
Maccms data.html cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-27886 |
۳.۵ |
Maccms index.html cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-27884 |
۳.۵ |
Maccms index.html cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-0862 |
۳.۷ |
McAfee being API password recovery |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-0861 |
۴.۱ |
McAfee ePolicy Orchestrator Extension Import xml external entity reference |
$۵k-$10k |
Official Fix |
|
CVE-2022-0859 |
۶.۵ |
McAfee ePolicy Orchestrator insufficiently protected credentials |
$۲k-$5k |
Official Fix |
|
CVE-2022-0857 |
۴.۸ |
McAfee ePolicy Orchestrator Link cross site scripting |
$۵k-$10k |
Official Fix |
|
CVE-2022-0858 |
۴.۳ |
McAfee ePolicy Orchestrator Link cross site scripting |
$۵k-$10k |
Official Fix |
|
CVE-2022-0842 |
۴.۰ |
McAfee ePolicy Orchestrator sql injection |
$۵k-$10k |
Official Fix |
|
CVE-2022-25221 |
۳.۵ |
Money Transfer Management System cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-25222 |
۶.۳ |
Money Transfer Management System manage_branch.php injection |
$۲k-$5k |
Not Defined |
|
CVE-2022-25223 |
۵.۵ |
Money Transfer Management System sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-24655 |
۶.۳ |
Netgear EX6100v1/CAX80/DC112A UPnP Service stack-based overflow |
$۱۰k-$25k |
Not Defined |
|
CVE-2022-27946 |
۶.۳ |
Netgear R8500 admin_account.cgi os command injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2022-27947 |
۶.۳ |
Netgear R8500 ipv6_fix.cgi os command injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2022-27945 |
۶.۳ |
Netgear R8500 password.cgi os command injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-44261 |
۷.۳ |
Netgear W104 BRS_top.html improper authentication |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-44262 |
۷.۳ |
Netgear W104 MNU_top.htm improper authentication |
$۱۰k-$25k |
Not Defined |
|
CVE-2022-0889 |
۵.۲ |
Ninja Forms File Uploads Extension Plugin uploads.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-0888 |
۸.۵ |
Ninja Forms File Uploads Extension Plugin uploads.php unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2022-21820 |
۶.۳ |
NVIDIA DCGM input validation |
$۲k-$5k |
Not Defined |
|
CVE-2022-21822 |
۷.۵ |
Nvidia Flare Admin Interface allocation of resources |
$۰-$۱k |
Not Defined |
|
CVE-2022-27882 |
۴.۶ |
OpenBSD IPv6 Route heap-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-27881 |
۴.۶ |
OpenBSD slaacd engine.c buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-25041 |
۵.۵ |
OpenEMR access control |
$۱k-$2k |
Not Defined |
|
CVE-2022-24643 |
۳.۵ |
OpenEMR Hospital Information Management System cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-3941 |
۴.۳ |
OpenEXR ImfChromaticities.cpp RGBtoXYZ divide by zero |
$۰-$۱k |
Official Fix |
|
CVE-2021-20299 |
۳.۵ |
OpenEXR Multipart Input File null pointer dereference |
$۰-$۱k |
Official Fix |
|
CVE-2021-3933 |
۵.۵ |
OpenEXR size_t integer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-43085 |
۵.۵ |
OpenSSL CMAC_Final permission |
$۱۰k-$25k |
Not Defined |
|
CVE-2022-0475 |
۲.۹ |
OTRS Package Manager cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-36100 |
۶.۴ |
OTRS String Privilege Escalation |
$۲k-$5k |
Not Defined |
|
CVE-2022-1004 |
۴.۳ |
OTRS Ticket Detail View TicketDetailView information disclosure |
$۱k-$2k |
Not Defined |
|
CVE-2022-27820 |
۵.۰ |
OWASP ZAP Certificate Chain certificate validation |
$۱k-$2k |
Not Defined |
|
CVE-2021-44208 |
۳.۵ |
OX Software OX App Suite Chat cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-44211 |
۳.۵ |
OX Software OX App Suite HTML Email Signature cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-44209 |
۳.۵ |
OX Software OX App Suite HTML5 cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-44213 |
۳.۵ |
OX Software OX App Suite Multipart Message cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-44210 |
۳.۵ |
OX Software OX App Suite NIFF cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-44212 |
۳.۵ |
OX Software OX App Suite Trailing Control Character cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-45968 |
۵.۵ |
Pascom Cloud Phone System Jive platform server-side request forgery |
$۱k-$2k |
Official Fix |
|
CVE-2021-45966 |
۶.۳ |
Pascom Cloud Phone System Management REST API apply os command injection |
$۲k-$5k |
Official Fix |
|
CVE-2021-45967 |
۵.۵ |
Pascom Cloud Phone System Tomcat config |
$۲k-$5k |
Official Fix |
|
CVE-2022-25269 |
۳.۵ |
Passwork On-Premise Edition cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2022-25266 |
۳.۵ |
Passwork On-Premise Edition downloadExportFile pathname traversal |
$۱k-$2k |
Official Fix |
|
CVE-2022-25268 |
۴.۳ |
Passwork On-Premise Edition Subsystem cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2022-25267 |
۵.۵ |
Passwork On-Premise Edition Upload File uploadExportFile pathname traversal |
$۱k-$2k |
Official Fix |
|
CVE-2022-26354 |
۳.۵ |
QEMU vhost-vsock Device release of resource |
$۲k-$5k |
Official Fix |
|
CVE-2022-26353 |
۳.۵ |
QEMU virtio-net Device release of resource |
$۲k-$5k |
Not Defined |
|
CVE-2021-3748 |
۵.۷ |
QEMU virtio-net Device use after free |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-3582 |
۵.۷ |
QEMU Vmware Paravirtual RDMA Device memory corruption |
$۱۰k-$25k |
Not Defined |
|
CVE-2022-1052 |
۶.۴ |
radare2 iterate_chained_fixups heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2022-1031 |
۶.۳ |
radare2 op_is_set_bp use after free |
$۱k-$2k |
Official Fix |
|
CVE-2022-1061 |
۶.۳ |
radare2 parseDragons heap-based overflow |
$۱k-$2k |
Official Fix |
|
CVE-2022-0237 |
۳.۶ |
Rapid7 Insight Agent runas.exe access control |
$۰-$۱k |
Official Fix |
|
CVE-2022-0757 |
۵.۴ |
Rapid7 Nexpose Search Criteria sql injection |
$۰-$۱k |
Official Fix |
|
CVE-2022-0758 |
۳.۰ |
Rapid7 Nexpose Shared Scan Configuration cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-27473 |
۶.۷ |
Rockwell Automation Automation Connected Components Workbench ccwarc Archive File path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-27475 |
۸.۷ |
Rockwell Automation Connected Components Workbench deserialization |
$۲k-$5k |
Not Defined |
|
CVE-2021-27471 |
۸.۳ |
Rockwell Automation Connected Components Workbench File Parser path traversal |
$۲k-$5k |
Not Defined |
|
CVE-2021-27460 |
۹.۹ |
Rockwell Automation FactoryTalk AssetCentre .NET Remoting Endpoint deserialization |
$۲k-$5k |
Not Defined |
|
CVE-2021-27462 |
۹.۹ |
Rockwell Automation FactoryTalk AssetCentre AosService.rem deserialization |
$۲k-$5k |
Not Defined |
|
CVE-2021-27468 |
۸.۶ |
Rockwell Automation FactoryTalk AssetCentre AosService.rem sql injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-27466 |
۹.۹ |
Rockwell Automation FactoryTalk AssetCentre ArchiveService.rem deserialization |
$۲k-$5k |
Not Defined |
|
CVE-2021-27464 |
۹.۹ |
Rockwell Automation FactoryTalk AssetCentre ArchiveService.rem sql injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-27474 |
۹.۹ |
Rockwell Automation FactoryTalk AssetCentre IIS Remoting Services access control |
$۲k-$5k |
Not Defined |
|
CVE-2021-27470 |
۹.۹ |
Rockwell Automation FactoryTalk AssetCentre LogService.rem deserialization |
$۲k-$5k |
Not Defined |
|
CVE-2021-27476 |
۹.۹ |
Rockwell Automation FactoryTalk AssetCentre RACompare SaveConfigFile os command injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-27472 |
۸.۶ |
Rockwell Automation FactoryTalk AssetCentre SearchService RunSearch sql injection |
$۲k-$5k |
Not Defined |
|
CVE-2022-25610 |
۳.۲ |
Simple Ajax Chat cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-25611 |
۳.۸ |
Simple Event Planner Plugin cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-25612 |
۳.۸ |
Simple Event Planner Plugin cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-0760 |
۷.۳ |
Simple Link Directory Plugin SQL Statement qcopd_upvote_action sql injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-0681 |
۴.۳ |
Simple Membership Plugin Transaction cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2022-26260 |
۵.۵ |
Simple-Plist parse code injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-45791 |
۶.۳ |
Slims8 Akasia index.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-45794 |
۶.۳ |
Slims9 Bulian backup.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-45793 |
۶.۳ |
Slims9 Bulian comment.inc.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-45792 |
۳.۵ |
Slims9 Bulian custom_field.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-24235 |
۴.۳ |
Snapt Aria cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2022-24236 |
۶.۳ |
Snapt Aria Email permission |
$۲k-$5k |
Not Defined |
|
CVE-2022-24237 |
۵.۵ |
Snapt Aria snaptPowered2 command injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-35254 |
۸.۲ |
SolarWinds WebHelpDesk input validation |
$۲k-$5k |
Official Fix |
|
CVE-2022-22273 |
۶.۳ |
SonicWALL SMA 100 os command injection |
$۲k-$5k |
Unavailable |
|
CVE-2022-22274 |
۷.۳ |
SonicWALL SonicOS HTTP Request stack-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2022-1040 |
۹.۸ |
Sophos Firewall User Portal/Webadmin improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2022-0652 |
۳.۲ |
Sophos UTM Confd Log File unknown vulnerability |
$۰-$۱k |
Official Fix |
|
CVE-2022-0386 |
۷.۵ |
Sophos UTM Mail Manager sql injection |
$۱k-$2k |
Official Fix |
|
CVE-2021-44088 |
۷.۳ |
SourceCodester Attendance and Payroll System Login improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2021-44087 |
۷.۳ |
SourceCodester Attendance and Payroll System Photo unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2022-1081 |
۴.۳ |
SourceCodester Microfinance Management System addcustomerHandler.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-1082 |
۷.۳ |
SourceCodester Microfinance Management System Login Page login.php sql injection |
$۲k-$5k |
Not Defined |
|
CVE-2022-1080 |
۷.۳ |
SourceCodester One Church Management System attendancy.php sql injection |
$۲k-$5k |
Not Defined |
|
CVE-2022-1079 |
۴.۳ |
SourceCodester One Church Management System cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-1084 |
۷.۳ |
SourceCodester One Church Management System Session userregister.php improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2022-26295 |
۳.۵ |
Sourcecodester Online Project Time Management System cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-26293 |
۶.۳ |
Sourcecodester Online Project Time Management System Users.php save_employee sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-1102 |
۴.۳ |
SourceCodester Royale Event Management System companyprofile.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-1101 |
۷.۳ |
SourceCodester Royale Event Management System userregister.php improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2022-26284 |
۶.۳ |
Sourcecodester Simple Client Management System manage_client endpoint sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-26285 |
۶.۳ |
Sourcecodester Simple Subscription Website Apply Endpoint sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-26283 |
۵.۵ |
Sourcecodester Simple Subscription Website view_plan endpoint sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-22687 |
۹.۸ |
Synology DiskStation Manager Authentication buffer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2022-22688 |
۸.۸ |
Synology DiskStation Manager File Service command injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-25505 |
۶.۳ |
Taocms Category.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-23880 |
۵.۵ |
taocms File Management Module unrestricted upload |
$۱k-$2k |
Not Defined |
|
CVE-2022-23242 |
۵.۱ |
TeamViewer Connection Password access control |
$۱k-$2k |
Official Fix |
|
CVE-2021-38772 |
۵.۵ |
Tenda AC10-1200 fromSetIpMacBind buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-38278 |
۵.۵ |
Tenda AC10-1200 saveParentControlInfo buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2022-26243 |
۵.۵ |
Tenda AC10-1200 setSmartPowerManagement buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2022-27076 |
۵.۵ |
Tenda M3 delAd command injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-26289 |
۵.۵ |
Tenda M3 exeCommand command injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-27078 |
۵.۵ |
Tenda M3 setAdInfoDetail command injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-26536 |
۵.۵ |
Tenda M3 setFixTools command injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-27082 |
۶.۳ |
Tenda M3 SetInternetLanInfo command injection |
$۲k-$5k |
Not Defined |
|
CVE-2022-27081 |
۵.۵ |
Tenda M3 SetLanInfo command injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-27079 |
۵.۵ |
Tenda M3 setPicListItem command injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-27080 |
۵.۵ |
Tenda M3 setWorkmode command injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-27083 |
۵.۵ |
Tenda M3 uploadAccessCodePic command injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-27077 |
۵.۵ |
Tenda M3 uploadWeiXinPic command injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-26290 |
۵.۵ |
Tenda M3 WriteFacMac command injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-26186 |
۵.۵ |
TOTOLINK N600R exportOvpn Interface cstecgi.cgi command injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-26189 |
۵.۵ |
TOTOLINK N600R Login Interface command injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-26188 |
۵.۵ |
TOTOLINK N600R NTPSyncWithHost command injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-26187 |
۵.۵ |
TOTOLINK N600R pingCheck command injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-43636 |
۵.۵ |
TOTOLINK T10 HTTP Request http_request_parse buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2022-26503 |
۵.۳ |
Veeam Agent deserialization |
$۱k-$2k |
Not Defined |
|
CVE-2022-26501 |
۵.۵ |
Veeam Backup and Replication access control |
$۱k-$2k |
Not Defined |
|
CVE-2022-26500 |
۶.۳ |
Veeam Backup and Replication API unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2022-26504 |
۶.۳ |
Veeam Backup and Replication Veeam.Backup.PSManager.exe improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2022-22951 |
۴.۷ |
Vmware Carbon Black App Control Administration Interface os command injection |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-22952 |
۴.۳ |
Vmware Carbon Black App Control Administration Interface unrestricted upload |
$۵k-$10k |
Official Fix |
|
CVE-2021-44260 |
۷.۳ |
WAVLINK AC1200 live_mfg.html improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2021-44259 |
۷.۳ |
WAVLINK AC1200 wx.html improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2022-26268 |
۶.۳ |
xiaohuanxiong Books.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-43738 |
۴.۳ |
xiaohuanxiong cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2021-43737 |
۴.۳ |
xiaohuanxiong cross-site request forgery |
$۰-$۱k |
Not Defined |
