info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته سوم فروردین‌ماه

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Microsoft  گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد.  همچنین در  محصولات شرکت‌های  Fortinet، Dell ، IBM، Cisco،  VMware و کرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری

امتیاز مبنا

عنوان آسیب‌پذیری

ارزش روز صفر

رفع آسیب‌پذیری

CVE-2022-26676

۹.۸

aEnrich a+HRD API Function privileges management

$۲k-$5k

Not Defined

CVE-2022-26675

۶.۴

aEnrich a+HRD URL path traversal

$۱k-$2k

Not Defined

CVE-2022-27062

۳.۵

AeroCMS add_post.php cross site scripting

$۰-$۱k

Not Defined

CVE-2022-27061

۵.۵

AeroCMS Admin Panel unrestricted upload

$۱k-$2k

Not Defined

CVE-2022-27063

۳.۵

AeroCMS view_all_comments.php cross site scripting

$۰-$۱k

Not Defined

CVE-2022-0825

۵.۵

Amelia Plugin Appointment authorization

$۱k-$2k

Official Fix

CVE-2022-0837

۵.۵

Amelia Plugin SMS Service authorization

$۱k-$2k

Official Fix

CVE-2022-26612

۵.۵

Apache Hadoop unTarUsingJava symlink

$۱۰k-$25k

Official Fix

CVE-2022-26850

۴.۳

Apache NiFi Login Credential Update temp file

$۱۰k-$25k

Official Fix

CVE-2022-23974

۳.۵

Apache Pinot Pinot Table recursion

$۲k-$5k

Official Fix

CVE-2021-40374

۳.۵

Apperta OpenEyes cross site scripting

$۰-$۱k

Not Defined

CVE-2021-40375

۴.۳

Apperta OpenEyes Server Response information exposure

$۱k-$2k

Not Defined

CVE-2022-25596

۸.۸

Asus RT-AC56U out-of-bounds write

$۲k-$5k

Not Defined

CVE-2022-25597

۸.۸

Asus RT-AC86U LPD Service os command injection

$۲k-$5k

Not Defined

CVE-2022-25595

۶.۵

Asus RT-AC86U Request denial of service

$۰-$۱k

Not Defined

CVE-2022-23971

۷.۲

Asus RT-AX56U PORT path traversal

$۱k-$2k

Not Defined

CVE-2022-23973

۸.۸

Asus RT-AX56U Profile Configuration out-of-bounds write

$۲k-$5k

Not Defined

CVE-2022-23972

۷.۵

Asus RT-AX56U sql injection

$۱k-$2k

Not Defined

CVE-2022-23970

۷.۲

Asus RT-AX56U URL Parameter update_json path traversal

$۱k-$2k

Not Defined

CVE-2021-32984

۹.۸

Automation Direct CLICK PLC CPU authentication bypass

$۲k-$5k

Official Fix

CVE-2021-32980

۸.۵

Automation Direct CLICK PLC CPU authentication bypass

$۱k-$2k

Official Fix

CVE-2021-32986

۹.۸

Automation Direct CLICK PLC CPU authentication bypass

$۲k-$5k

Official Fix

CVE-2021-32978

۶.۴

Automation Direct CLICK PLC CPU credentials storage

$۲k-$5k

Official Fix

CVE-2021-32982

۵.۶

Automation Direct CLICK PLC CPU Project Transfer missing encryption

$۰-$۱k

Official Fix

CVE-2021-33010

۶.۴

AVEVA System Platform denial of service

$۰-$۱k

Not Defined

CVE-2021-33008

۷.۵

AVEVA System Platform missing authentication

$۱k-$2k

Not Defined

CVE-2021-32985

۷.۲

AVEVA System Platform origin validation

$۲k-$5k

Not Defined

CVE-2021-32981

۵.۹

AVEVA System Platform path traversal

$۱k-$2k

Not Defined

CVE-2021-32977

۶.۹

AVEVA System Platform signature verification

$۱k-$2k

Not Defined

CVE-2021-27117

۷.۰

beego profile.go GetCPUProfile symlink

$۲k-$5k

Not Defined

CVE-2021-27116

۷.۰

beego profile.go MemProf symlink

$۲k-$5k

Not Defined

CVE-2021-30080

۵.۵

beego Route Lookup access control

$۱k-$2k

Official Fix

CVE-2022-0677

۷.۵

BitDefender Endpoint Security Tools Update Server denial of service

$۰-$۱k

Official Fix

CVE-2022-0405

۴.۳

Calibre-Web access control

$۲k-$5k

Official Fix

CVE-2022-0406

۵.۳

Calibre-Web improper authorization

$۲k-$5k

Official Fix

CVE-2022-0990

۸.۳

Calibre-Web server-side request forgery

$۲k-$5k

Official Fix

CVE-2022-0939

۶.۸

Calibre-Web server-side request forgery

$۱k-$2k

Official Fix

CVE-2022-20675

۵.۳

Cisco Email Security Appliance Service Port 199 denial of service

$۱۰k-$25k

Official Fix

CVE-2022-20782

۴.۶

Cisco Identity Services Engine Web-based Management Interface privileges assignment

$۱۰k-$25k

Official Fix

CVE-2022-20774

۵.۵

Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 Web-based Interface cross-site request forgery

$۵k-$10k

Official Fix

CVE-2022-20741

۴.۴

Cisco Secure Network Analytics Network Diagrams Application cross site scripting

$۲k-$5k

Official Fix

CVE-2022-20665

۶.۶

Cisco StarOS CLI command injection

$۱۰k-$25k

Official Fix

CVE-2022-20781

۴.۴

Cisco Web Security Appliance Web-based Management Interface cross site scripting

$۵k-$10k

Official Fix

CVE-2022-20784

۶.۶

Cisco Web Security Appliance Web-Based Reputation Score Engine access control

$۲۵k-$50k

Official Fix

CVE-2022-20763

۵.۹

Cisco WebEx Meetings Application Login Authorization deserialization

$۱۰k-$25k

Official Fix

CVE-2022-22518

۵.۹

CODESYS Control CmpUserMgr improper authorization

$۲k-$5k

Not Defined

CVE-2022-22515

۷.۲

CODESYS Control Runtime System Configuration File exposure of resource

$۱k-$2k

Not Defined

CVE-2022-22516

۷.۶

CODESYS Control Runtime System SysDrv3S Driver permission assignment

$۲k-$5k

Not Defined

CVE-2022-22519

۶.۴

CODESYS Control Runtime System Webserver buffer overflow

$۲k-$5k

Not Defined

CVE-2022-22513

۶.۹

CODESYS Products CmpSettings null pointer dereference

$۰-$۱k

Not Defined

CVE-2022-22514

۶.۸

CODESYS Products CmpSettings uninitialized pointer

$۰-$۱k

Not Defined

CVE-2022-22517

۶.۴

CODESYS Products Communication Channel random values

$۱k-$2k

Not Defined

CVE-2022-24811

۴.۴

Combodo iTop HTML Attachment cross site scripting

$۰-$۱k

Official Fix

CVE-2021-41245

۵.۴

Combodo iTop privUITransactionFile cross-site request forgery

$۰-$۱k

Official Fix

CVE-2022-24780

۸.۸

Combodo iTop User Portal code injection

$۲k-$5k

Official Fix

CVE-2022-24426

۷.۸

Dell Command Update/Alienware Update Advanced Driver Restore uncontrolled search path

$۱۰k-$25k

Official Fix

CVE-2022-26855

۵.۵

Dell EMC PowerScale OneFS default permission

$۵k-$25k

Not Defined

CVE-2022-26851

۷.۸

Dell EMC PowerScale OneFS Filename random values

$۵k-$25k

Not Defined

CVE-2022-22563

۴.۱

Dell EMC PowerScale OneFS master.passwd unknown vulnerability

$۵k-$25k

Not Defined

CVE-2022-24428

۶.۳

Dell EMC PowerScale OneFS Remote Filesystem permissions

$۵k-$25k

Not Defined

CVE-2022-26854

۸.۱

Dell EMC PowerScale OneFS risky encryption

$۵k-$25k

Not Defined

CVE-2022-26852

۳.۷

Dell EMC PowerScale OneFS weak prng

$۵k-$25k

Not Defined

CVE-2021-33616

۳.۵

Dell EMC RSA Archer cross site scripting

$۲k-$5k

Not Defined

CVE-2021-36293

۶.۴

Dell VNX2 os command injection

$۵k-$25k

Not Defined

CVE-2021-36287

۷.۳

Dell VNX2 os command injection

$۵k-$25k

Not Defined

CVE-2021-36288

۷.۳

Dell VNX2 path traversal

$۵k-$25k

Not Defined

CVE-2021-36290

۶.۴

Dell VNX2 permission assignment

$۵k-$25k

Not Defined

CVE-2022-23158

۴.۱

Dell Wyse Device Agent information disclosure

$۱k-$2k

Not Defined

CVE-2022-23156

۴.۱

Dell Wyse Device Agent WMS Server improper authentication

$۱k-$2k

Not Defined

CVE-2022-23157

۳.۳

Dell Wyse Device Agent WMS Server information disclosure

$۱k-$2k

Not Defined

CVE-2022-23155

۷.۲

Dell Wyse Management Suite unrestricted upload

$۱۰k-$25k

Not Defined

CVE-2022-1098

۸.۳

Delta Electronics DIAEnergie uncontrolled search path

$۲k-$5k

Official Fix

CVE-2022-26952

۶.۳

Digi Passport Location Header improper authentication

$۱k-$2k

Official Fix

CVE-2022-26953

۶.۳

Digi Passport reboot.asp buffer overflow

$۲k-$5k

Official Fix

CVE-2021-43474

۵.۵

D-Link DIR-823G HNAP1 access control

$۱۰k-$25k

Not Defined

CVE-2022-26670

۸.۸

D-Link DIR-878 Input Field os command injection

$۱۰k-$25k

Not Defined

CVE-2020-27373

۲.۹

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 Bluetooth LE cleartext transmission

$۰-$۱k

Not Defined

CVE-2020-27374

۶.۳

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 BP Monitoring authentication replay

$۱k-$2k

Not Defined

CVE-2020-27376

۶.۳

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 improper authentication

$۱k-$2k

Not Defined

CVE-2020-27375

۵.۵

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 Privilege Escalation

$۲k-$5k

Not Defined

CVE-2022-27346

۶.۳

Ecommece-Website PHP File unrestricted upload

$۲k-$5k

Not Defined

CVE-2022-27436

۳.۵

Ecommerce-Website cross site scripting

$۰-$۱k

Not Defined

CVE-2022-27357

۶.۳

Ecommerce-Website PHP File customer_register.php unrestricted upload

$۲k-$5k

Not Defined

CVE-2022-27435

۶.۳

Ecommerce-Website Product Image unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-26116

۷.۸

Fortinet FortiAuthenticator Command Line Interpreter os command injection

$۲k-$5k

Official Fix

CVE-2021-43205

۴.۳

Fortinet FortiClient information disclosure

$۱k-$2k

Not Defined

CVE-2021-44169

۸.۱

Fortinet FortiClient initialization

$۲k-$5k

Not Defined

CVE-2021-22127

۷.۱

Fortinet FortiClient input validation

$۲k-$5k

Official Fix

CVE-2022-23440

۷.۸

Fortinet FortiEDR hard-coded key

$۰-$۱k

Not Defined

CVE-2022-23441

۸.۲

Fortinet FortiEDR hard-coded key

$۱k-$2k

Official Fix

CVE-2022-23446

۳.۵

Fortinet FortiEDR permission

$۱k-$2k

Official Fix

CVE-2021-26104

۸.۳

Fortinet FortiManager/FortiAnalyzer/FortiPortal Command Line Interface os command injection

$۲k-$5k

Not Defined

CVE-2020-29013

۴.۸

Fortinet FortiSandbox Sniffer Interface denial of service

$۰-$۱k

Official Fix

CVE-2021-32593

۶.۵

Fortinet FortiWan Dynamic Tunnel Protocol risky encryption

$۱k-$2k

Official Fix

CVE-2021-32585

۵.۷

Fortinet FortiWAN HTTP Request cross site scripting

$۰-$۱k

Official Fix

CVE-2021-26114

۹.۳

Fortinet FortiWan HTTP sql injection

$۲k-$5k

Official Fix

CVE-2021-26112

۸.۱

Fortinet FortiWan Network Daemon stack-based overflow

$۲k-$5k

Official Fix

CVE-2021-26113

۴.۶

Fortinet FortiWan Password File inadequate encryption

$۰-$۱k

Official Fix

CVE-2021-24009

۷.۲

Fortinet FortiWan Web GUI os command injection

$۲k-$5k

Official Fix

CVE-2021-41026

۵.۴

Fortinet FortiWeb path traversal

$۱k-$2k

Not Defined

CVE-2022-0390

۴.۳

GitLab Community Edition/Enterprise Edition access control

$۲k-$5k

Not Defined

CVE-2022-1100

۴.۳

GitLab Community Edition/Enterprise Edition API resource consumption

$۰-$۱k

Official Fix

CVE-2022-0740

۳.۷

GitLab Community Edition/Enterprise Edition Asana improper authorization

$۲k-$5k

Official Fix

CVE-2022-0741

۴.۰

GitLab Community Edition/Enterprise Edition Email Address information disclosure

$۰-$۱k

Not Defined

CVE-2022-0489

۳.۵

GitLab Community Edition/Enterprise Edition Formula denial of service

$۰-$۱k

Not Defined

CVE-2022-1148

۴.۵

GitLab Community Edition/Enterprise Edition improper authorization

$۲k-$5k

Official Fix

CVE-2022-1189

۳.۱

GitLab Community Edition/Enterprise Edition information disclosure

$۱k-$2k

Official Fix

CVE-2022-1120

۳.۷

GitLab Community Edition/Enterprise Edition information exposure

$۰-$۱k

Official Fix

CVE-2022-0425

۵.۹

GitLab Community Edition/Enterprise Edition IRC Gateway server-side request forgery

$۲k-$5k

Not Defined

CVE-2021-39908

۵.۹

GitLab Community Edition/Enterprise Edition Merge Request unknown vulnerability

$۲k-$5k

Official Fix

CVE-2022-1190

۶.۱

GitLab Community Edition/Enterprise Edition Multi-Word Milestone Reference cross site scripting

$۰-$۱k

Official Fix

CVE-2022-1175

۶.۱

GitLab Community Edition/Enterprise Edition Note cross site scripting

$۰-$۱k

Official Fix

CVE-2022-1162

۸.۲

GitLab Community Edition/Enterprise Edition OmniAuth hard-coded password

$۱k-$2k

Official Fix

CVE-2022-1105

۴.۳

GitLab Community Edition/Enterprise Edition Pipeline Analytic access control

$۲k-$5k

Official Fix

CVE-2022-1111

۳.۰

GitLab Community Edition/Enterprise Edition Project Membership Page behavioral workflow

$۱k-$2k

Official Fix

CVE-2022-1185

۵.۴

GitLab Community Edition/Enterprise Edition RDoc denial of service

$۰-$۱k

Not Defined

CVE-2022-1188

۴.۶

GitLab Community Edition/Enterprise Edition Repository Mirror server-side request forgery

$۱k-$2k

Official Fix

CVE-2022-1174

۴.۳

GitLab Community Edition/Enterprise Edition resource consumption

$۰-$۱k

Official Fix

CVE-2022-1121

۵.۳

GitLab Community Edition/Enterprise Edition resource consumption

$۰-$۱k

Official Fix

CVE-2022-0373

۴.۳

GitLab Community Edition/Enterprise Edition Service Desk Email Address access control

$۲k-$5k

Not Defined

CVE-2022-1099

۴.۳

GitLab Community Edition/Enterprise Edition Tag denial of service

$۰-$۱k

Official Fix

CVE-2022-1232

۶.۳

Google Chrome V8 type confusion

$۵۰k-$100k

Official Fix

CVE-2022-27146

۳.۵

GPAC gf_isom_apple_enum_tag heap-based overflow

$۱k-$2k

Not Defined

CVE-2022-1222

۳.۶

GPAC infinite loop

$۰-$۱k

Official Fix

CVE-2022-27145

۵.۵

GPAC MP4Box gf_isom_get_sample_for_movie_time stack-based overflow

$۲k-$5k

Not Defined

CVE-2022-27147

۵.۵

GPAC MP4Box gf_node_get_attribute_by_tag use after free

$۲k-$5k

Not Defined

CVE-2022-27148

۵.۵

GPAC MP4Box integer overflow

$۲k-$5k

Not Defined

CVE-2022-23700

۳.۳

HPE OneView access control

$۵k-$10k

Official Fix

CVE-2022-23697

۳.۵

HPE OneView cross site scripting

$۲k-$5k

Official Fix

CVE-2022-23699

۵.۳

HPE OneView improper authentication

$۲k-$5k

Official Fix

CVE-2022-23698

۵.۳

HPE OneView information disclosure

$۵k-$10k

Official Fix

CVE-2022-26110

۵.۵

HTCondor CLAIMTOBE Method improper authentication

$۱k-$2k

Official Fix

CVE-2021-45104

۵.۰

HTCondor Network Data channel accessible

$۲k-$5k

Official Fix

CVE-2021-45103

۵.۵

HTCondor S3 Cloud Storage access control

$۱k-$2k

Official Fix

CVE-2022-22356

۴.۲

IBM MQ Appliance information exposure

$۵k-$10k

Official Fix

CVE-2022-22355

۵.۳

IBM MQ Appliance Login denial of service

$۵k-$10k

Official Fix

CVE-2022-22339

۶.۳

IBM Planning Analytics server-side request forgery

$۱۰k-$25k

Official Fix

CVE-2020-4668

۴.۳

IBM Sterling B2B Integrator Standard Edition cross-site request forgery

$۵k-$10k

Official Fix

CVE-2022-22410

۴.۱

IBM Watson Query information disclosure

$۵k-$10k

Official Fix

CVE-2021-41751

۵.۵

JerryScript ecma-builtin-array-prototype.c ecma_builtin_array_prototype_object_slice buffer overflow

$۲k-$5k

Official Fix

CVE-2021-43453

۵.۵

JerryScript js-parser-statm.c parser_parse_for_statement_start heap-based overflow

$۲k-$5k

Not Defined

CVE-2021-41752

۵.۵

JerryScript opt stack-based overflow

$۲k-$5k

Official Fix

CVE-2022-28651

۶.۳

JetBrains IntelliJ IDEA Protected Field information disclosure

$۱k-$2k

Official Fix

CVE-2022-28650

۵.۴

JetBrains YouTrack Classic UI cross site scripting

$۰-$۱k

Official Fix

CVE-2022-28648

۴.۶

JetBrains YouTrack Issue Description cross site scriting

$۰-$۱k

Official Fix

CVE-2022-28649

۵.۱

JetBrains YouTrack Issue Description unknown vulnerability

$۲k-$5k

Official Fix

CVE-2021-27223

۶.۵

Kaspersky Anti-Virus/Endpoint Security Binary Module denial of service

$۰-$۱k

Not Defined

CVE-2022-27534

۶.۳

Kaspersky Anti-Virus/Endpoint Security Data Parser Remote Code Execution

$۲k-$5k

Official Fix

CVE-2021-3461

۵.۵

Keycloak session expiration

$۱k-$2k

Not Defined

CVE-2022-27046

۵.۵

libsixel dither.c use after free

$۲k-$5k

Not Defined

CVE-2021-41715

۵.۵

libsixel dither.c use after free

$۲k-$5k

Not Defined

CVE-2021-40656

۵.۵

libsixel quant.c buffer overflow

$۲k-$5k

Official Fix

CVE-2022-27044

۵.۵

libsixel quant.c buffer overflow

$۲k-$5k

Not Defined

CVE-2022-28390

۷.۸

Linux Kernel ems_usb.c ems_usb_start_xmit double free

$۱۰k-$25k

Official Fix

CVE-2022-28389

۷.۸

Linux Kernel mcba_usb.c mcba_usb_start_xmit double free

$۱۰k-$25k

Official Fix

CVE-2021-3847

۶.۳

Linux Kernel OverlayFS Subsystem permissions

$۱۰k-$25k

Not Defined

CVE-2022-28356

۷.۵

Linux Kernel Refcount af_llc.c memory leak

$۲k-$5k

Official Fix

CVE-2022-28796

۵.۵

Linux Kernel transaction.c jbd2_journal_wait_updates use after free

$۱۰k-$25k

Official Fix

CVE-2022-28388

۷.۸

Linux Kernel usb_8dev.c usb_8dev_start_xmit double free

$۱۰k-$25k

Official Fix

CVE-2022-1234

۶.۵

livehelperchat cross site scripting

$۰-$۱k

Official Fix

CVE-2022-0935

۷.۵

livehelperchat Password Reset behavioral workflow

$۲k-$5k

Official Fix

CVE-2022-1213

۶.۳

livehelperchat server-side request forgery

$۲k-$5k

Official Fix

CVE-2022-1235

۵.۶

livehelperchat unknown vulnerability

$۰-$۱k

Official Fix

CVE-2021-32933

۹.۹

MDT Autosave API command injection

$۲k-$5k

Official Fix

CVE-2021-32961

۷.۵

MDT Autosave getfile unrestricted upload

$۲k-$5k

Official Fix

CVE-2021-32945

۵.۶

MDT AutoSave inadequate encryption

$۰-$۱k

Official Fix

CVE-2021-32949

۷.۰

MDT AutoSave path traversal

$۱k-$2k

Official Fix

CVE-2021-32957

۷.۴

MDT Autosave sql injection

$۲k-$5k

Official Fix

CVE-2021-32953

۸.۵

MDT Autosave sql injection

$۲k-$5k

Official Fix

CVE-2021-32937

۶.۴

MDT AutoSave Working Directory information exposure

$۱k-$2k

Official Fix

CVE-2022-26912

۸.۳

Microsoft Edge Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2022-26909

۸.۳

Microsoft Edge Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2022-26908

۸.۳

Microsoft Edge Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2022-26900

۸.۳

Microsoft Edge Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2022-26895

۸.۳

Microsoft Edge Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2022-26894

۸.۳

Microsoft Edge Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2022-26891

۸.۳

Microsoft Edge Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2022-24475

۸.۳

Microsoft Edge Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2022-24523

۴.۳

Microsoft Edge unknown vulnerability

$۵۰k-$100k

Official Fix

CVE-2022-25159

۵.۶

Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ authentication replay

$۱k-$2k

Not Defined

CVE-2022-25160

۵.۳

Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ cleartext storage

$۱k-$2k

Not Defined

CVE-2022-25158

۳.۱

Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ Password Hash cleartext storage

$۰-$۱k

Not Defined

CVE-2022-25155

۵.۶

Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ Password Hash Handler authentication replay

$۱k-$2k

Not Defined

CVE-2022-25157

۵.۶

Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ Password Hash Handler improper authentication

$۱k-$2k

Not Defined

CVE-2022-25156

۳.۷

Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ unknown vulnerability

$۰-$۱k

Not Defined

CVE-2021-32968

۷.۵

Moxa IAW5000A buffer overflow

$۲k-$5k

Not Defined

CVE-2021-32970

۶.۴

Moxa NPort IAW5000A Web Server denial of service

$۰-$۱k

Not Defined

CVE-2021-32974

۹.۸

Moxa NPort IAW5000A Web Server input validation

$۲k-$5k

Not Defined

CVE-2021-32976

۹.۸

Moxa NPort IAW5000A Web Server stack-based overflow

$۲k-$5k

Not Defined

CVE-2022-1201

۵.۳

mruby Interpreter mrb_vm_exec null pointer dereference

$۰-$۱k

Official Fix

CVE-2022-1212

۸.۳

mruby str_escape use after free

$۲k-$5k

Official Fix

CVE-2022-27306

۵.۵

Node.js Hostname url.parse Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-44109

۴.۳

Open5GS sbi Request message.c denial of service

$۰-$۱k

Official Fix

CVE-2021-44108

۴.۳

Open5GS sbi Request namf-handler.c null pointer dereference

$۰-$۱k

Official Fix

CVE-2022-27108

۵.۵

OrangeHRM createTimesheet authorization

$۱k-$2k

Not Defined

CVE-2022-27110

۵.۵

OrangeHRM Host Header injection

$۲k-$5k

Not Defined

CVE-2022-27109

۴.۹

OrangeHRM Referer Header injection

$۱k-$2k

Not Defined

CVE-2022-27107

۳.۵

OrangeHRM Share Video cross site scripting

$۰-$۱k

Not Defined

CVE-2021-33022

۵.۶

Philips Vue PACS cleartext transmission

$۰-$۱k

Not Defined

CVE-2021-33024

۳.۷

Philips Vue PACS insufficiently protected credentials

$۱k-$2k

Not Defined

CVE-2021-33020

۷.۲

Philips Vue PACS key management

$۲k-$5k

Not Defined

CVE-2021-27493

۶.۲

Philips Vue PACS Message Remote Code Execution

$۲k-$5k

Not Defined

CVE-2021-27501

۷.۵

Philips Vue PACS neutralization

$۲k-$5k

Not Defined

CVE-2021-27497

۶.۰

Philips Vue PACS protection mechanism

$۲k-$5k

Not Defined

CVE-2021-33018

۵.۳

Philips Vue PACS risky encryption

$۰-$۱k

Not Defined

CVE-2022-26613

۶.۳

PHP-CMS categorymenu.php sql injection

$۱k-$2k

Not Defined

CVE-2022-27992

۶.۳

PHPGurukul Zoo Management System animals sql injection

$۱k-$2k

Not Defined

CVE-2022-27351

۶.۳

PHPGurukul Zoo Management System PHP File apply_vacancy unrestricted upload

$۲k-$5k

Not Defined

CVE-2022-1223

۵.۴

phpipam access control

$۲k-$5k

Official Fix

CVE-2022-1224

۵.۴

phpipam improper authorization

$۲k-$5k

Official Fix

CVE-2022-1225

۵.۴

phpipam privileges assignment

$۲k-$5k

Official Fix

CVE-2022-24793

۶.۴

PJSIP DNS Resolution buffer overflow

$۲k-$5k

Official Fix

CVE-2022-24786

۸.۵

PJSIP RTCP Feedback RPSI Packet pjmedia_rtcp_fb_parse_rpsi out-of-bounds write

$۲k-$5k

Official Fix

CVE-2022-1237

۷.۴

radare2 array index

$۲k-$5k

Official Fix

CVE-2022-1244

۶.۴

radare2 heap-based overflow

$۲k-$5k

Official Fix

CVE-2022-1240

۶.۹

radare2 mach0.c r_str_ncpy heap-based overflow

$۲k-$5k

Official Fix

CVE-2022-1238

۶.۹

radare2 ne.c heap-based overflow

$۲k-$5k

Official Fix

CVE-2022-1207

۵.۰

radare2 out-of-bounds read

$۰-$۱k

Official Fix

CVE-2022-1283

۵.۰

radare2 r_bin_ne_get_entrypoints null pointer dereference

$۰-$۱k

Official Fix

CVE-2022-1284

۶.۴

radare2 use after free

$۲k-$5k

Official Fix

CVE-2021-32960

۸.۰

Rockwell Automation FactoryTalk Services Platform Policy access control

$۲k-$5k

Not Defined

CVE-2022-1018

۵.۵

Rockwell Automation ISaGRAF Solution File xml external entity reference

$۱k-$2k

Not Defined

CVE-2021-43462

۳.۵

Rumble Mail Server cross site scripting

$۰-$۱k

Not Defined

CVE-2021-43461

۳.۵

Rumble Mail Server cross site scripting

$۰-$۱k

Not Defined

CVE-2021-43459

۳.۵

Rumble Mail Server cross site scripting

$۰-$۱k

Not Defined

CVE-2021-43456

۶.۳

Rumble Mail Server File unquoted search path

$۲k-$5k

Not Defined

CVE-2022-25154

۶.۳

Samsung Portable SSD T5 PC access control

$۲k-$5k

Official Fix

CVE-2022-1248

۷.۳

SAP Information System POST Request add_admin.php improper authentication

$۱k-$2k

Not Defined

CVE-2021-45894

۳.۷

Softwarebüro Zauner ARC cleartext transmission

$۰-$۱k

Not Defined

CVE-2021-45893

۵.۰

Softwarebüro Zauner ARC comparison

$۲k-$5k

Not Defined

CVE-2021-45892

۳.۵

Softwarebüro Zauner ARC credentials storage

$۱k-$2k

Not Defined

CVE-2021-45891

۵.۵

Softwarebüro Zauner ARC permission

$۱k-$2k

Not Defined

CVE-2021-36776

۷.۵

SUSE Rancher access control

$۱۰k-$25k

Official Fix

CVE-2021-36775

۷.۵

SUSE Rancher access control

$۱۰k-$25k

Official Fix

CVE-2022-26251

۵.۵

Synametrics Synaman HTTP Interface access control

$۱k-$2k

Not Defined

CVE-2022-26250

۵.۵

Synametrics Synaman permission

$۱k-$2k

Not Defined

CVE-2022-27016

۵.۵

Tenda AC9 httpd Service SetStaticRouteCfg stack-based overflow

$۲k-$5k

Not Defined

CVE-2022-27022

۸.۰

Tenda AC9 SetSysTimeCfg stack-based overflow

$۲k-$5k

Not Defined

CVE-2022-27441

۳.۵

TPCMS cross site scripting

$۰-$۱k

Not Defined

CVE-2022-27442

۳.۵

TPCMS information disclosure

$۰-$۱k

Not Defined

CVE-2022-27883

۶.۳

Trend Micro Antivirus symlink

$۵k-$25k

Not Defined

CVE-2022-22964

۷.۸

VMware Horizon Client Configuration File access control

$۱۰k-$25k

Official Fix

CVE-2022-22962

۷.۸

VMware Horizon Client symlink

$۱۰k-$25k

Official Fix

CVE-2022-22950

۴.۳

VMware Spring Framework SpEL Expression allocation of resources

$۵k-$10k

Official Fix

CVE-2022-22960

۷.۸

Vmware Workspace ONE Access access control

$۱۰k-$25k

Official Fix

CVE-2022-22961

۵.۳

Vmware Workspace ONE Access information disclosure

$۵k-$10k

Official Fix

CVE-2022-22958

۷.۲

VMware Workspace ONE Access JDBC deserialization

$۱۰k-$25k

Official Fix

CVE-2022-22957

۷.۲

VMware Workspace ONE Access JDBC deserialization

$۱۰k-$25k

Official Fix

CVE-2022-22959

۴.۳

Vmware Workspace ONE Access JDBC URI cross-site request forgery

$۵k-$10k

Official Fix

CVE-2022-22956

۹.۸

Vmware Workspace ONE Access OAuth2 ACS Framework improper authentication

$۱۰k-$25k

Official Fix

CVE-2022-22955

۹.۸

Vmware Workspace ONE Access OAuth2 ACS Framework improper authentication

$۱۰k-$25k

Official Fix

CVE-2022-22954

۹.۸

Vmware Workspace ONE Access/Identity Manager Template injection

$۱۰k-$25k

Official Fix

CVE-2022-1168

۳.۵

WP JobSearch Plugin cross site scripting

$۰-$۱k

Official Fix

CVE-2022-26361

۵.۵

Xen PCI Device memory corruption

$۱۰k-$25k

Official Fix

CVE-2022-26360

۵.۵

Xen PCI Device memory corruption

$۱۰k-$25k

Official Fix

CVE-2022-26359

۵.۵

Xen PCI Device memory corruption

$۱۰k-$25k

Official Fix

CVE-2022-26358

۵.۵

Xen PCI Device memory corruption

$۱۰k-$25k

Official Fix

CVE-2022-26356

۲.۶

Xen VRAM Tracking XEN_DMOP_track_dirty_vram memory leak

$۲k-$5k

Official Fix

CVE-2022-26357

۴.۳

Xen VT-d Domain ID Cleanup memory leak

$۰-$۱k

Official Fix

CVE-2022-24820

۵.۳

XWiki Platform information disclosure

$۰-$۵k

Official Fix

CVE-2022-24819

۵.۳

XWiki Platform information disclosure

$۰-$۵k

Official Fix

CVE-2022-24821

۵.۱

XWiki Platform SSX/JSX access control

$۱k-$2k

Official Fix

CVE-2022-24978

۶.۳

Zoho ManageEngine ADAudit Password Field access control

$۲k-$5k

Official Fix

CVE-2022-28219

۷.۳

Zoho ManageEngine ADAudit xml external entity reference

$۱k-$2k

Official Fix

CVE-2022-24681

۳.۵

Zoho ManageEngine ADSelfService cross site scripting

$۰-$۱k

Official Fix

CVE-2022-25245

۳.۵

Zoho ManageEngine ServiceDesk Plus information disclosure

$۰-$۱k

Official Fix

CVE-2022-25373

۳.۵

Zoho ManageEngine SupportCenter Plus Request History cross site scripting

$۰-$۱k

Official Fix

CVE-2022-26671

۷.۳

ZTE Security Dr.ID Access Control System hard-coded credentials

$۱k-$2k

Not Defined