info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته دوم فروردین‌ماه

 

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Google  گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد.  همچنین در  محصولات شرکت‌های  Jupyther، Joomla ، IBM، Qualcomm،  VMware و کرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری

امتیاز مبنا

عنوان آسیب‌پذیری

ارزش روز صفر

رفع آسیب‌پذیری

CVE-2022-25598

۳.۵

Apache DolphinScheduler User Registration resource consumption

$۲k-$5k

Official Fix

CVE-2022-22675

۷.۸

Apple iOS/iPadOS AAppleAVD out-of-bounds write

$۵۰k-$100k

Official Fix

CVE-2022-22675

۷.۸

Apple macOS AppleAVD out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2022-22674

۳.۳

Apple macOS Intel Graphics Driver out-of-bounds read

$۲k-$5k

Official Fix

CVE-2021-43099

۵.۵

bbs Archive Extraction UpgradeManageAction.java UpgradeNow pathname traversal

$۱k-$2k

Not Defined

CVE-2021-43103

۶.۳

bbs ForumManageAction.java GetType unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-43102

۶.۳

bbs HelpManageAction.java GetType unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-43101

۶.۳

bbs MembershipCardManageAction.java GetType unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-43098

۵.۵

bbs QuestionManageAction.java getType unrestricted upload

$۱k-$2k

Not Defined

CVE-2021-43097

۵.۵

bbs Template TemplateManageAction.java injection

$۱k-$2k

Not Defined

CVE-2021-43100

۶.۳

bbs TopicManageAction.java GetType unrestricted upload

$۲k-$5k

Not Defined

CVE-2022-28134

۵.۵

Bitbucket Server Integration Plugin HTTP Endpoint authorization

$۱k-$2k

Not Defined

CVE-2022-28133

۳.۵

Bitbucket Server Integration Plugin URL Scheme cross site scripting

$۰-$۱k

Not Defined

CVE-2021-23850

۸.۳

Bosch CCP TCP stack-based overflow

$۲k-$5k

Official Fix

CVE-2021-23851

۸.۳

Bosch CPP TCP stack-based overflow

$۲k-$5k

Official Fix

CVE-2022-0405

۴.۳

Calibre-Web access control

$۰-$۵k

Official Fix

CVE-2022-0406

۵.۳

Calibre-Web improper authorization

$۰-$۵k

Official Fix

CVE-2022-28147

۵.۵

Continuous Integration with Toad Edge Plugin authorization

$۱k-$2k

Not Defined

CVE-2022-28145

۳.۵

Continuous Integration with Toad Edge Plugin cross site scripting

$۰-$۱k

Not Defined

CVE-2022-28148

۳.۵

Continuous Integration with Toad Edge Plugin File Browser path traversal

$۱k-$2k

Not Defined

CVE-2022-28146

۳.۵

Continuous Integration with Toad Edge Plugin path traversal

$۱k-$2k

Not Defined

CVE-2022-24426

۷.۸

Dell Command Update/Alienware Update Advanced Driver Restore uncontrolled search path

$۱۰k-$25k

Official Fix

CVE-2021-38362

۵.۵

Dell EMC RSA Archer REST API Endpoint resource injection

$۱۰k-$25k

Not Defined

CVE-2022-23158

۴.۱

Dell Wyse Device Agent information disclosure

$۱k-$2k

Not Defined

CVE-2022-23156

۴.۱

Dell Wyse Device Agent WMS Server improper authentication

$۱k-$2k

Not Defined

CVE-2022-23157

۳.۳

Dell Wyse Device Agent WMS Server information disclosure

$۱k-$2k

Not Defined

CVE-2022-23155

۷.۲

Dell Wyse Management Suite unrestricted upload

$۱۰k-$25k

Not Defined

CVE-2022-26836

۷.۷

Delta Electronics DIAEnergie Calendar sql injection

$۲k-$5k

Official Fix

CVE-2022-26839

۷.۸

Delta Electronics DIAEnergie default permission

$۲k-$5k

Official Fix

CVE-2022-26013

۷.۷

Delta Electronics DIAEnergie DIAE_dmdsetHandler.ashx sql injection

$۲k-$5k

Official Fix

CVE-2022-26349

۷.۷

Delta Electronics DIAEnergie DIAE_eccoefficientHandler.ashx sql injection

$۲k-$5k

Official Fix

CVE-2022-26887

۷.۷

Delta Electronics DIAEnergie DIAE_HandlerTag_KID.ashx sql injection

$۲k-$5k

Official Fix

CVE-2022-26338

۷.۷

Delta Electronics DIAEnergie DIAE_hierarchyHandler.ashx sql injection

$۲k-$5k

Official Fix

CVE-2022-25880

۷.۷

Delta Electronics DIAEnergie DIAE_hierarchyHandler.ashx sql injection

$۲k-$5k

Official Fix

CVE-2022-26514

۷.۷

Delta Electronics DIAEnergie DIAE_tagHandler.ashx sql injection

$۲k-$5k

Official Fix

CVE-2022-27175

۷.۷

Delta Electronics DIAEnergie GetCalcTagList sql injection

$۲k-$5k

Official Fix

CVE-2022-26667

۷.۷

Delta Electronics DIAEnergie GetDemandAnalysisData sql injection

$۲k-$5k

Official Fix

CVE-2022-26065

۷.۷

Delta Electronics DIAEnergie GetDemandAnalysisData sql injection

$۲k-$5k

Official Fix

CVE-2022-26059

۷.۷

Delta Electronics DIAEnergie GetQueryData sql injection

$۲k-$5k

Official Fix

CVE-2022-25980

۷.۷

Delta Electronics DIAEnergie HandlerCommon.ashx sql injection

$۲k-$5k

Official Fix

CVE-2022-0923

۸.۵

Delta Electronics DIAEnergie HandlerDialog_KID.ashx sql injection

$۲k-$5k

Official Fix

CVE-2022-26666

۷.۷

Delta Electronics DIAEnergie HandlerDialogECC.ashx sql injection

$۲k-$5k

Official Fix

CVE-2022-26069

۷.۷

Delta Electronics DIAEnergie HandlerPage_KID.ashx sql injection

$۲k-$5k

Official Fix

CVE-2022-25347

۸.۵

Delta Electronics DIAEnergie path traversal

$۲k-$5k

Official Fix

CVE-2022-1098

۸.۳

Delta Electronics DIAEnergie uncontrolled search path

$۲k-$5k

Official Fix

CVE-2021-43722

۵.۵

D-Link DIR-645 cgibin hnap_main buffer overflow

$۱۰k-$25k

Not Defined

CVE-2021-37517

۳.۵

Dolibarr ERP/CRM Email Address denial of service

$۰-$۱k

Official Fix

CVE-2021-36625

۶.۳

Dolibarr ERP/CRM UPDATE Statement sql injection

$۱k-$2k

Official Fix

CVE-2021-44310

۳.۵

Firmware Analysis and Comparison Tool cross site scripting

$۰-$۱k

Not Defined

CVE-2021-44312

۴.۳

Firmware Analysis and Comparison Tool cross-site request forgery

$۰-$۱k

Not Defined

CVE-2022-0123

۵.۰

GitLab CI Service certificate validation

$۱k-$2k

Official Fix

CVE-2022-0390

۴.۳

GitLab Community Edition/Enterprise Edition access control

$۲k-$5k

Not Defined

CVE-2021-39876

۴.۳

GitLab Community Edition/Enterprise Edition Assignee information disclosure

$۱k-$2k

Not Defined

CVE-2022-0741

۴.۰

GitLab Community Edition/Enterprise Edition Email Address information disclosure

$۰-$۱k

Not Defined

CVE-2022-0489

۳.۵

GitLab Community Edition/Enterprise Edition Formula denial of service

$۰-$۱k

Not Defined

CVE-2021-4191

۵.۳

GitLab Community Edition/Enterprise Edition GraphQL API information disclosure

$۱k-$2k

Not Defined

CVE-2022-0427

۵.۷

GitLab Community Edition/Enterprise Edition HTTP POST Request injection

$۲k-$5k

Not Defined

CVE-2022-0425

۵.۹

GitLab Community Edition/Enterprise Edition IRC Gateway server-side request forgery

$۲k-$5k

Not Defined

CVE-2022-0488

۳.۵

GitLab Community Edition/Enterprise Edition Markdown denial of service

$۰-$۱k

Not Defined

CVE-2021-39908

۵.۹

GitLab Community Edition/Enterprise Edition Merge Request unknown vulnerability

$۲k-$5k

Official Fix

CVE-2022-0549

۵.۹

GitLab Community Edition/Enterprise Edition REST API access control

$۲k-$5k

Official Fix

CVE-2022-0735

۷.۶

GitLab Community Edition/Enterprise Edition Runner Registration Token information disclosure

$۱k-$2k

Official Fix

CVE-2022-0371

۴.۳

GitLab Community Edition/Enterprise Edition Search information disclosure

$۱k-$2k

Official Fix

CVE-2022-0373

۴.۳

GitLab Community Edition/Enterprise Edition Service Desk Email Address access control

$۲k-$5k

Not Defined

CVE-2022-0751

۶.۴

GitLab Community Edition/Enterprise Edition Snippet Privilege Escalation

$۲k-$5k

Not Defined

CVE-2022-0283

۴.۵

GitLab Jira redirect

$۱k-$2k

Official Fix

CVE-2022-0738

۳.۱

GitLab Mirror information disclosure

$۰-$۱k

Official Fix

CVE-2022-0344

۳.۱

GitLab Private Project information disclosure

$۱k-$2k

Official Fix

CVE-2022-0136

۵.۹

GitLab Project Import server-side request forgery

$۲k-$5k

Not Defined

CVE-2022-0249

۳.۷

GitLab server-side request forgery

$۲k-$5k

Not Defined

CVE-2021-39740

۳.۳

Google Android Attachment information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-39760

۲.۵

Google Android AudioService information exposure

$۵k-$10k

Official Fix

CVE-2021-39774

۳.۳

Google Android Bluetooth out-of-bounds read

$۱۰k-$25k

Official Fix

CVE-2021-39772

۵.۳

Google Android Bluetooth permission

$۲۵k-$50k

Official Fix

CVE-2021-39752

۵.۳

Google Android Bubbles permission

$۲۵k-$50k

Official Fix

CVE-2021-39784

۵.۳

Google Android CellBroadcastReceiver permission

$۲۵k-$50k

Official Fix

CVE-2021-1000

۵.۳

Google Android ConnectedDevicesSliceProvider.java createBluetoothDeviceSlice permission

$۲۵k-$50k

Official Fix

CVE-2021-1033

۵.۳

Google Android ConnectedDevicesSliceProvider.java.java createGeneralSlice permission

$۲۵k-$50k

Official Fix

CVE-2021-39754

۲.۵

Google Android ContextImpl information exposure

$۵k-$10k

Official Fix

CVE-2021-39769

۳.۳

Google Android Device Policy information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-39744

۳.۳

Google Android DevicePolicyManager information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-39745

۲.۵

Google Android DevicePolicyManager information exposure

$۵k-$10k

Official Fix

CVE-2021-39755

۲.۵

Google Android DevicePolicyManager information exposure

$۵k-$10k

Official Fix

CVE-2021-39790

۵.۳

Google Android Dialer permission

$۲۵k-$50k

Official Fix

CVE-2021-39753

۳.۳

Google Android DomainVerificationService information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-39756

۲.۵

Google Android Framework information exposure

$۵k-$10k

Official Fix

CVE-2021-39765

۳.۳

Google Android Gallery information disclosure

$۱۰k-$25k

Official Fix

CVE-2022-20002

۴.۲

Google Android incfs permission

$۱۰k-$25k

Official Fix

CVE-2021-39770

۳.۳

Google Android information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-39748

۳.۳

Google Android InputMethodEditor information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-39741

۴.۲

Google Android Keymaster out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-39759

۵.۳

Google Android libstagefright out-of-bounds write

$۲۵k-$50k

Official Fix

CVE-2021-39761

۲.۵

Google Android Media information exposure

$۵k-$10k

Official Fix

CVE-2021-39767

۵.۳

Google Android MiniaDB access control

$۲۵k-$50k

Official Fix

CVE-2021-39786

۴.۲

Google Android NFC out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-39776

۵.۳

Google Android NFC use after free

$۲۵k-$50k

Official Fix

CVE-2021-39750

۵.۳

Google Android PackageManager permission

$۲۵k-$50k

Official Fix

CVE-2021-39743

۵.۳

Google Android PackageManager permission

$۲۵k-$50k

Official Fix

CVE-2021-39775

۳.۳

Google Android People information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-39757

۳.۳

Google Android Permission Controller information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-39746

۵.۳

Google Android PermissionController permission

$۲۵k-$50k

Official Fix

CVE-2021-39783

۵.۳

Google Android rcsservice permission

$۲۵k-$50k

Official Fix

CVE-2021-39763

۵.۳

Google Android Settings access control

$۲۵k-$50k

Official Fix

CVE-2021-39751

۳.۳

Google Android Settings information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-39766

۲.۵

Google Android Settings information exposure

$۵k-$10k

Official Fix

CVE-2021-39771

۵.۳

Google Android Settings input validation

$۲۵k-$50k

Official Fix

CVE-2021-39764

۵.۳

Google Android Settings input validation

$۲۵k-$50k

Official Fix

CVE-2021-39768

۵.۳

Google Android Settings permission

$۲۵k-$50k

Official Fix

CVE-2021-39747

۳.۳

Google Android Settings Provider information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-39739

۳.۳

Google Android SMS Message log file

$۱۰k-$25k

Official Fix

CVE-2021-39781

۳.۳

Google Android SmsController information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-39787

۵.۳

Google Android SystemUI access control

$۲۵k-$50k

Official Fix

CVE-2021-39789

۵.۳

Google Android Telecom permission

$۲۵k-$50k

Official Fix

CVE-2021-39779

۳.۳

Google Android Telecom Service information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-39778

۳.۳

Google Android Telecomm information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-39788

۲.۵

Google Android TelecomManager information exposure

$۵k-$10k

Official Fix

CVE-2021-39777

۳.۳

Google Android Telephony information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-39782

۵.۳

Google Android Telephony permission

$۲۵k-$50k

Official Fix

CVE-2021-39780

۵.۳

Google Android Traceur permission

$۲۵k-$50k

Official Fix

CVE-2021-39762

۴.۳

Google Android Tremolo out-of-bounds read

$۲۵k-$50k

Official Fix

CVE-2021-39742

۳.۳

Google Android Voicemail information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-39773

۲.۵

Google Android VpnManagerService information exposure

$۵k-$10k

Official Fix

CVE-2021-39791

۲.۵

Google Android WallpaperManagerService information exposure

$۵k-$10k

Official Fix

CVE-2021-39758

۵.۳

Google Android WindowManager permission

$۲۵k-$50k

Official Fix

CVE-2021-39749

۵.۳

Google Android WindowManager permission

$۲۵k-$50k

Official Fix

CVE-2022-1139

۶.۳

Google Chrome Background Fetch API Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2022-1131

۶.۳

Google Chrome Cast UI use after free

$۵۰k-$100k

Official Fix

CVE-2022-1137

۶.۳

Google Chrome Extensions Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2022-1145

۶.۳

Google Chrome Extensions use after free

$۵۰k-$100k

Official Fix

CVE-2022-1141

۶.۳

Google Chrome File Manager use after free

$۵۰k-$100k

Official Fix

CVE-2022-1129

۶.۳

Google Chrome Full Screen Mode Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2022-1125

۶.۳

Google Chrome Portals use after free

$۵۰k-$100k

Official Fix

CVE-2022-1127

۶.۳

Google Chrome QR Code Generator use after free

$۵۰k-$100k

Official Fix

CVE-2022-1146

۶.۳

Google Chrome Resource Timing Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2022-1135

۶.۳

Google Chrome Shopping Cart use after free

$۵۰k-$100k

Official Fix

CVE-2022-1136

۶.۳

Google Chrome Tab Strip use after free

$۵۰k-$100k

Official Fix

CVE-2022-1134

۶.۳

Google Chrome v8 type confusion

$۵۰k-$100k

Official Fix

CVE-2022-1096

۶.۳

Google Chrome v8 type confusion

$۵۰k-$100k

Official Fix

CVE-2022-1132

۶.۳

Google Chrome Virtual Keyboard Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2022-1138

۶.۳

Google Chrome Web Cursor Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2022-1128

۶.۳

Google Chrome Web Share API Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2022-1130

۶.۳

Google Chrome WebOTP Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2022-1133

۶.۳

Google Chrome WebRTC use after free

$۵۰k-$100k

Official Fix

CVE-2022-1143

۶.۳

Google Chrome WebUI heap-based overflow

$۵۰k-$100k

Official Fix

CVE-2022-1142

۶.۳

Google Chrome WebUI heap-based overflow

$۵۰k-$100k

Official Fix

CVE-2022-1144

۶.۳

Google Chrome WebUI use after free

$۵۰k-$100k

Official Fix

CVE-2021-22572

۴.۹

Google Data Transfer Project File.createTempFile temp file

$۱۰k-$25k

Official Fix

CVE-2022-0343

۴.۱

Google run-dev-server HTTP Request permission

$۵k-$10k

Official Fix

CVE-2022-26546

۳.۵

Hospital Management System improper authorization

$۱k-$2k

Not Defined

CVE-2022-24136

۵.۵

Hospital Management System treatmentrecord.php unrestricted upload

$۱k-$2k

Not Defined

CVE-2022-26244

۳.۵

Hospital Patient Record Management System cross site scripting

$۰-$۱k

Not Defined

CVE-2022-22404

۵.۴

IBM App Connect Enterprise Certified Container Dashboard UI resource consumption

$۲k-$5k

Official Fix

CVE-2022-22332

۵.۶

IBM Partner Engagement Manager JWT Token Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2022-22311

۵.۲

IBM Security Verify Access channel accessible

$۱۰k-$25k

Official Fix

CVE-2022-22328

۶.۳

IBM SterlingPartner Engagement Manager access control

$۱۰k-$25k

Official Fix

CVE-2022-22331

۶.۳

IBM SterlingPartner Engagement Manager authorization

$۱۰k-$25k

Official Fix

CVE-2022-22327

۳.۷

IBM UrbanCode Deploy inadequate encryption

$۵k-$10k

Official Fix

CVE-2022-28136

۴.۳

JiraTestResultReporter Plugin cross-site request forgery

$۰-$۱k

Not Defined

CVE-2022-28137

۵.۵

JiraTestResultReporter Plugin URL authorization

$۱k-$2k

Not Defined

CVE-2022-28151

۵.۵

Job and Node Ownership Plugin authorization

$۱k-$2k

Not Defined

CVE-2022-28149

۳.۵

Job and Node Ownership Plugin cross site scripting

$۰-$۱k

Not Defined

CVE-2022-28152

۴.۳

Job and Node Ownership Plugin cross-site request forgery

$۰-$۱k

Not Defined

CVE-2022-28150

۴.۳

Job and Node Ownership Plugin cross-site request forgery

$۰-$۱k

Not Defined

CVE-2022-23796

۳.۵

Joomla com_fields cross site scripting

$۲k-$5k

Not Defined

CVE-2022-23801

۳.۵

Joomla com_media cross site scripting

$۲k-$5k

Not Defined

CVE-2022-23800

۳.۵

Joomla Filter cross site scripting

$۲k-$5k

Not Defined

CVE-2022-23795

۶.۳

Joomla improper authentication

$۵k-$10k

Not Defined

CVE-2022-23799

۵.۵

Joomla Privilege Escalation

$۱۰k-$25k

Not Defined

CVE-2022-23798

۵.۵

Joomla redirect

$۵k-$10k

Not Defined

CVE-2022-23794

۴.۳

Joomla Source Code information disclosure

$۵k-$10k

Not Defined

CVE-2022-23797

۶.۳

Joomla sql injection

$۱۰k-$25k

Not Defined

CVE-2022-23793

۵.۵

Joomla tar path traversal

$۵k-$10k

Not Defined

CVE-2022-24758

۷.۵

Jupyter Notebook Error log file

$۱k-$2k

Official Fix

CVE-2021-27223

۶.۵

Kaspersky Anti-Virus/Endpoint Security Binary Module denial of service

$۰-$۱k

Not Defined

CVE-2022-27534

۶.۳

Kaspersky Anti-Virus/Endpoint Security Data Parser Remote Code Execution

$۲k-$5k

Official Fix

CVE-2020-35501

۵.۵

Linux Kernel Audit Rule access control

$۱۰k-$25k

Not Defined

CVE-2022-28390

۵.۵

Linux Kernel ems_usb.c ems_usb_start_xmit double free

$۵k-$25k

Official Fix

CVE-2022-28389

۵.۵

Linux Kernel mcba_usb.c mcba_usb_start_xmit double free

$۵k-$25k

Official Fix

CVE-2021-3847

۶.۳

Linux Kernel OverlayFS Subsystem permissions

$۱۰k-$25k

Not Defined

CVE-2022-28356

۴.۳

Linux Kernel Refcount af_llc.c memory leak

$۰-$۵k

Official Fix

CVE-2022-1055

۵.۶

Linux Kernel tc_new_tfilter use after free

$۱۰k-$25k

Official Fix

CVE-2022-28388

۵.۵

Linux Kernel usb_8dev.c usb_8dev_start_xmit double free

$۵k-$25k

Official Fix

CVE-2022-0998

۶.۳

Linux Kernel Virtio Device Driver vdpa.c vhost_vdpa_config_validate integer overflow

$۱۰k-$25k

Official Fix

CVE-2021-32933

۹.۹

MDT Autosave API command injection

$۲k-$5k

Official Fix

CVE-2021-32961

۷.۵

MDT Autosave getfile unrestricted upload

$۲k-$5k

Official Fix

CVE-2021-32945

۵.۶

MDT AutoSave inadequate encryption

$۰-$۱k

Official Fix

CVE-2021-32949

۷.۰

MDT AutoSave path traversal

$۱k-$2k

Official Fix

CVE-2021-32957

۷.۴

MDT Autosave sql injection

$۲k-$5k

Official Fix

CVE-2021-32953

۸.۵

MDT Autosave sql injection

$۲k-$5k

Official Fix

CVE-2021-32937

۶.۴

MDT AutoSave Working Directory information exposure

$۱k-$2k

Official Fix

CVE-2022-28209

۵.۵

MediaWiki AntiSpoof Extension permission

$۱k-$2k

Not Defined

CVE-2022-28205

۵.۵

MediaWiki CentralAuth Extension Privilege Escalation

$۲k-$5k

Not Defined

CVE-2022-28206

۵.۵

MediaWiki FileImporter ImportPlanValidator.php access control

$۱k-$2k

Not Defined

CVE-2022-28202

۳.۵

MediaWiki Message Special:RevisionDelete cross site scripting

$۰-$۱k

Official Fix

CVE-2022-25159

۵.۶

Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ authentication replay

$۱k-$2k

Not Defined

CVE-2022-25160

۵.۳

Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ cleartext storage

$۱k-$2k

Not Defined

CVE-2022-25158

۳.۱

Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ Password Hash cleartext storage

$۰-$۱k

Not Defined

CVE-2022-25155

۵.۶

Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ Password Hash Handler authentication replay

$۱k-$2k

Not Defined

CVE-2022-25157

۵.۶

Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ Password Hash Handler improper authentication

$۱k-$2k

Not Defined

CVE-2022-25156

۳.۷

Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ unknown vulnerability

$۰-$۱k

Not Defined

CVE-2021-32968

۷.۵

Moxa IAW5000A buffer overflow

$۲k-$5k

Not Defined

CVE-2021-32970

۶.۴

Moxa NPort IAW5000A Web Server denial of service

$۰-$۱k

Not Defined

CVE-2021-32974

۹.۸

Moxa NPort IAW5000A Web Server input validation

$۲k-$5k

Not Defined

CVE-2021-32976

۹.۸

Moxa NPort IAW5000A Web Server stack-based overflow

$۲k-$5k

Not Defined

CVE-2020-24771

۵.۵

NexusPHP access control

$۱k-$2k

Official Fix

CVE-2020-24770

۶.۳

NexusPHP modrules.php sql injection

$۱k-$2k

Official Fix

CVE-2020-24769

۶.۳

NexusPHP SQL Command takeconfirm.php sql injection

$۱k-$2k

Official Fix

CVE-2022-27306

۵.۵

Node.js Hostname url.parse Privilege Escalation

$۲k-$5k

Official Fix

CVE-2022-21821

۷.۸

NVIDIA CUDA Toolkit SDK cuobjdump buffer overflow

$۲k-$5k

Not Defined

CVE-2022-25959

۷.۰

Omron CX-Position Project File memory corruption

$۲k-$5k

Not Defined

CVE-2022-26022

۷.۰

Omron CX-Position Project File out-of-bounds write

$۲k-$5k

Not Defined

CVE-2022-26419

۷.۰

Omron CX-Position Project File Parser stack-based overflow

$۲k-$5k

Not Defined

CVE-2022-26417

۷.۰

Omron CX-Position Project File use after free

$۲k-$5k

Not Defined

CVE-2022-26645

۶.۳

Online Banking System Image unrestricted upload

$۲k-$5k

Not Defined

CVE-2022-26644

۳.۵

Online Banking System Protect cross site scripting

$۰-$۱k

Not Defined

CVE-2022-26646

۵.۵

Online Banking System Protect file inclusion

$۱k-$2k

Not Defined

CVE-2022-1181

۵.۷

OpenEMR cross site scripting

$۰-$۱k

Official Fix

CVE-2022-1180

۴.۰

OpenEMR cross site scripting

$۰-$۱k

Official Fix

CVE-2022-1178

۵.۴

OpenEMR cross site scripting

$۰-$۱k

Official Fix

CVE-2022-1177

۵.۴

OpenEMR Patient Report access control

$۲k-$5k

Official Fix

CVE-2022-1179

۴.۰

OpenEMR Rule cross site scripting

$۰-$۱k

Official Fix

CVE-2022-26019

۶.۳

pfSense CE/pfSense Plus NTP GPS Setting access control

$۲k-$5k

Official Fix

CVE-2022-24299

۶.۳

pfSense CE/pfSense Plus Server Setting input validation

$۲k-$5k

Official Fix

CVE-2021-20729

۳.۵

pfSense CE/pfSense Plus URL cross site scripting

$۰-$۱k

Not Defined

CVE-2022-0922

۴.۳

Philips e-Alert missing authentication

$۱k-$2k

Not Defined

CVE-2021-33022

۵.۶

Philips Vue PACS cleartext transmission

$۰-$۱k

Not Defined

CVE-2021-33024

۳.۷

Philips Vue PACS insufficiently protected credentials

$۱k-$2k

Not Defined

CVE-2021-33020

۷.۲

Philips Vue PACS key management

$۲k-$5k

Not Defined

CVE-2021-27493

۶.۲

Philips Vue PACS Message Remote Code Execution

$۲k-$5k

Not Defined

CVE-2021-27501

۷.۵

Philips Vue PACS neutralization

$۲k-$5k

Not Defined

CVE-2021-27497

۶.۰

Philips Vue PACS protection mechanism

$۲k-$5k

Not Defined

CVE-2021-33018

۵.۳

Philips Vue PACS risky encryption

$۰-$۱k

Not Defined

CVE-2022-28158

۵.۵

Pipeline Phoenix AutoTest Plugin authorization

$۱k-$2k

Not Defined

CVE-2022-28157

۵.۵

Pipeline Phoenix AutoTest Plugin FTP path traversal

$۱k-$2k

Not Defined

CVE-2022-28156

۵.۵

Pipeline Phoenix AutoTest Plugin path traversal

$۱k-$2k

Not Defined

CVE-2022-28155

۵.۵

Pipeline Phoenix AutoTest Plugin XML Parser xml external entity reference

$۱k-$2k

Not Defined

CVE-2022-28142

۵.۰

Proxmox Plugin certificate validation

$۱k-$2k

Not Defined

CVE-2022-28141

۳.۵

Proxmox Plugin config.xml credentials storage

$۱k-$2k

Not Defined

CVE-2022-28143

۴.۳

Proxmox Plugin cross-site request forgery

$۰-$۱k

Not Defined

CVE-2022-28144

۵.۵

Proxmox Plugin HTTP Endpoint authorization

$۱k-$2k

Not Defined

CVE-2021-30331

۵.۵

Qualcomm Snapdragon Auto DIAG Interface buffer overflow

$۱۰k-$25k

Official Fix

CVE-2021-30333

۷.۸

Qualcomm Snapdragon Auto EFS File memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-35105

۸.۱

Qualcomm Snapdragon Auto Graphics Profiling out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-35117

۷.۷

Qualcomm Snapdragon Auto IBSS Beacon out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-1950

۷.۸

Qualcomm Snapdragon Auto improper authentication

$۵k-$10k

Official Fix

CVE-2021-30328

۷.۵

Qualcomm Snapdragon Auto NR CSI-IM Resource Configuration assertion

$۵k-$10k

Official Fix

CVE-2021-30332

۷.۵

Qualcomm Snapdragon Auto OTA Configuration assertion

$۵k-$10k

Official Fix

CVE-2021-1942

۹.۳

Qualcomm Snapdragon Auto Shared Memory memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-35088

۷.۷

Qualcomm Snapdragon Auto SSID IE Parser out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-30329

۷.۵

Qualcomm Snapdragon Auto TCI Configuration assertion

$۵k-$10k

Official Fix

CVE-2021-35103

۷.۸

Qualcomm Snapdragon Auto Timer out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-35089

۸.۱

Qualcomm Snapdragon Auto USER Command buffer overflow

$۱۰k-$25k

Official Fix

CVE-2021-35106

۷.۸

Qualcomm Snapdragon Auto WMI Message out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-35115

۸.۱

Qualcomm Snapdragon Auto/Snapdragon Mobile PVM Backend use after free

$۱۰k-$25k

Official Fix

CVE-2021-35110

۷.۹

Qualcomm Snapdragon Connectivity/Snapdragon Mobile Hash Segment buffer overflow

$۱۰k-$25k

Official Fix

CVE-2022-21830

۳.۵

RocketChat LiveChat cross site scripting

$۰-$۱k

Not Defined

CVE-2022-28139

۵.۵

RocketChat Notifier Plugin authorization

$۱k-$2k

Not Defined

CVE-2022-28138

۴.۳

RocketChat Notifier Plugin URL cross-site request forgery

$۰-$۱k

Not Defined

CVE-2022-1159

۷.۲

Rockwell Automation Compact GuardLogix 5380 code injection

$۲k-$5k

Workaround

CVE-2021-32960

۸.۰

Rockwell Automation FactoryTalk Services Platform Policy access control

$۲k-$5k

Not Defined

CVE-2022-1018

۵.۵

Rockwell Automation ISaGRAF Solution File xml external entity reference

$۱k-$2k

Not Defined

CVE-2022-1161

۹.۸

Rockwell Automation SoftLogix 5800 unknown vulnerability

$۱۰۰k and more

Workaround

CVE-2022-26949

۵.۸

RSA Archer Attachment access control

$۱۰k-$25k

Official Fix

CVE-2022-26951

۵.۴

RSA Archer cross site scripting

$۵k-$10k

Official Fix

CVE-2022-26947

۴.۹

RSA Archer cross site scripting

$۲k-$5k

Official Fix

CVE-2021-41594

۶.۳

RSA Archer Endpoint CheckTaskAccess access control

$۱۰k-$25k

Official Fix

CVE-2022-26950

۵.۰

RSA Archer redirect

$۵k-$10k

Official Fix

CVE-2022-26948

۳.۷

RSA Archer RSS Feed access control

$۰-$۱k

Official Fix

CVE-2022-22936

۶.۳

SaltStack Salt Job authentication replay

$۱k-$2k

Official Fix

CVE-2022-22941

۵.۵

SaltStack Salt Master-of-Masters permission

$۱k-$2k

Official Fix

CVE-2022-22935

۴.۳

SaltStack Salt Minion denial of service

$۰-$۱k

Official Fix

CVE-2022-22934

۵.۵

SaltStack Salt Pillar Data signature verification

$۱k-$2k

Official Fix

CVE-2021-33523

۴.۷

Software AG MashZone NextGen Admin Console unrestricted upload

$۱k-$2k

Not Defined

CVE-2021-33208

۵.۵

Software AG MashZone NextGen Register an Ehcache Configuration File xml external entity reference

$۱k-$2k

Not Defined

CVE-2021-33581

۵.۵

Software AG MashZone NextG en TCP Service server-side request forgery

$۱k-$2k

Not Defined

CVE-2022-0331

۵.۳

Sophos Firewall Webadmin information disclosure

$۱k-$2k

Not Defined

CVE-2021-45866

۳.۵

SourceCodester Attendance Management System index.php cross site scripting

$۰-$۱k

Not Defined

CVE-2021-43505

۳.۵

Sourcecodester Simple Client Management System Add New Client/Add New Invoice cross site scripting

$۰-$۱k

Not Defined

CVE-2021-43506

۶.۳

Sourcecodester Simple Client Management System Login.php sql injection

$۱k-$2k

Not Defined

CVE-2021-45865

۶.۳

Sourcecodester Student Attendance Management System unrestricted upload

$۲k-$5k

Not Defined

CVE-2022-21947

۸.۳

SUSE Rancher Desktop Dashboard API access control

$۱۰k-$25k

Official Fix

CVE-2021-46006

۶.۳

TOTOLINK A3100R API test.asp improper authentication

$۱k-$2k

Not Defined

CVE-2021-46009

۶.۳

TOTOLINK A3100R improper authentication

$۱k-$2k

Not Defined

CVE-2021-46007

۵.۵

TOTOLINK A3100R Ping Command os command injection

$۱k-$2k

Not Defined

CVE-2021-46010

۳.۷

TOTOLINK A3100R random values

$۰-$۱k

Not Defined

CVE-2021-46008

۵.۹

TOTOLINK A3100R Telnet Service hard-coded password

$۱k-$2k

Not Defined

CVE-2021-43663

۵.۵

TOTOLINK EX300v2 cloudupdate_check command injection

$۱k-$2k

Not Defined

CVE-2021-43664

۶.۳

TOTOLINK EX300v2 command injection

$۲k-$5k

Not Defined

CVE-2021-43661

۳.۵

TOTOLINK EX300v2 home.asp cross site scripting

$۰-$۱k

Not Defined

CVE-2021-43662

۶.۵

TOTOLINK EX300v2/A720R resource consumption

$۰-$۱k

Not Defined

CVE-2022-25008

۶.۳

TOTOLINK EX300v2/EX1200T improper authentication

$۱k-$2k

Not Defined

CVE-2022-26641

۶.۳

TP-LINK TL-WR840N buffer overflow

$۲k-$5k

Not Defined

CVE-2022-26642

۵.۵

TP-LINK TL-WR840N buffer overflow

$۲k-$5k

Not Defined

CVE-2022-26640

۵.۵

TP-LINK TL-WR840N buffer overflow

$۲k-$5k

Not Defined

CVE-2022-26639

۵.۵

TP-LINK TL-WR840N buffer overflow

$۲k-$5k

Not Defined

CVE-2022-1160

۶.۸

vim get_one_sourceline heap-based overflow

$۲k-$5k

Official Fix

CVE-2022-1154

۷.۰

vim utf_ptr2char use after free

$۲k-$5k

Official Fix

CVE-2022-22965

۹.۸

VMware Spring Boot SpringShell code injection

$۱۰k-$25k

Official Fix

CVE-2022-27772

۵.۵

VMware Spring Boot temp file

$۱۰k-$25k

Official Fix

CVE-2022-22963

۹.۸

VMware Spring Cloud Function SpEL Expression code injection

$۱۰k-$25k

Official Fix

CVE-2022-22950

۴.۳

VMware Spring Framework SpEL Expression allocation of resources

$۵k-$10k

Official Fix

CVE-2022-22948

۴.۳

VMware vCenter Server/Cloud Foundation File permission

$۱۰k-$25k

Official Fix

CVE-2019-9564

۷.۴

Wyze Cam Pan v2/Cam v2/Cam v3 improper authentication

$۱k-$2k

Official Fix

CVE-2019-12266

۷.۰

Wyze Cam Pan v2/Cam v2/Cam v3 stack-based overflow

$۲k-$5k

Official Fix

CVE-2022-23136

۳.۵

ZTE ZXHN F680 Gateway Name cross site scripting

$۰-$۱k

Not Defined