آسیبپذیریهای حیاتی هفته سوم فروردینماه
این هفته آسیبپذیریهای «حیاتی» و «پرخطر» بسیاری در محصولات مهم Microsoft گزارش و وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شد. همچنین در محصولات شرکتهای Fortinet، Dell ، IBM، Cisco، VMware و کرنل لینوکس چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت.
لیست این آسیبپذیریها بههمراه سطح خطر آنها در جدول زیر آمده است.
شناسه آسیبپذیری |
امتیاز مبنا |
عنوان آسیبپذیری |
ارزش روز صفر |
رفع آسیبپذیری |
CVE-2022-26676 |
۹.۸ |
aEnrich a+HRD API Function privileges management |
$۲k-$5k |
Not Defined |
CVE-2022-26675 |
۶.۴ |
aEnrich a+HRD URL path traversal |
$۱k-$2k |
Not Defined |
CVE-2022-27062 |
۳.۵ |
AeroCMS add_post.php cross site scripting |
$۰-$۱k |
Not Defined |
CVE-2022-27061 |
۵.۵ |
AeroCMS Admin Panel unrestricted upload |
$۱k-$2k |
Not Defined |
CVE-2022-27063 |
۳.۵ |
AeroCMS view_all_comments.php cross site scripting |
$۰-$۱k |
Not Defined |
CVE-2022-0825 |
۵.۵ |
Amelia Plugin Appointment authorization |
$۱k-$2k |
Official Fix |
CVE-2022-0837 |
۵.۵ |
Amelia Plugin SMS Service authorization |
$۱k-$2k |
Official Fix |
CVE-2022-26612 |
۵.۵ |
Apache Hadoop unTarUsingJava symlink |
$۱۰k-$25k |
Official Fix |
CVE-2022-26850 |
۴.۳ |
Apache NiFi Login Credential Update temp file |
$۱۰k-$25k |
Official Fix |
CVE-2022-23974 |
۳.۵ |
Apache Pinot Pinot Table recursion |
$۲k-$5k |
Official Fix |
CVE-2021-40374 |
۳.۵ |
Apperta OpenEyes cross site scripting |
$۰-$۱k |
Not Defined |
CVE-2021-40375 |
۴.۳ |
Apperta OpenEyes Server Response information exposure |
$۱k-$2k |
Not Defined |
CVE-2022-25596 |
۸.۸ |
Asus RT-AC56U out-of-bounds write |
$۲k-$5k |
Not Defined |
CVE-2022-25597 |
۸.۸ |
Asus RT-AC86U LPD Service os command injection |
$۲k-$5k |
Not Defined |
CVE-2022-25595 |
۶.۵ |
Asus RT-AC86U Request denial of service |
$۰-$۱k |
Not Defined |
CVE-2022-23971 |
۷.۲ |
Asus RT-AX56U PORT path traversal |
$۱k-$2k |
Not Defined |
CVE-2022-23973 |
۸.۸ |
Asus RT-AX56U Profile Configuration out-of-bounds write |
$۲k-$5k |
Not Defined |
CVE-2022-23972 |
۷.۵ |
Asus RT-AX56U sql injection |
$۱k-$2k |
Not Defined |
CVE-2022-23970 |
۷.۲ |
Asus RT-AX56U URL Parameter update_json path traversal |
$۱k-$2k |
Not Defined |
CVE-2021-32984 |
۹.۸ |
Automation Direct CLICK PLC CPU authentication bypass |
$۲k-$5k |
Official Fix |
CVE-2021-32980 |
۸.۵ |
Automation Direct CLICK PLC CPU authentication bypass |
$۱k-$2k |
Official Fix |
CVE-2021-32986 |
۹.۸ |
Automation Direct CLICK PLC CPU authentication bypass |
$۲k-$5k |
Official Fix |
CVE-2021-32978 |
۶.۴ |
Automation Direct CLICK PLC CPU credentials storage |
$۲k-$5k |
Official Fix |
CVE-2021-32982 |
۵.۶ |
Automation Direct CLICK PLC CPU Project Transfer missing encryption |
$۰-$۱k |
Official Fix |
CVE-2021-33010 |
۶.۴ |
AVEVA System Platform denial of service |
$۰-$۱k |
Not Defined |
CVE-2021-33008 |
۷.۵ |
AVEVA System Platform missing authentication |
$۱k-$2k |
Not Defined |
CVE-2021-32985 |
۷.۲ |
AVEVA System Platform origin validation |
$۲k-$5k |
Not Defined |
CVE-2021-32981 |
۵.۹ |
AVEVA System Platform path traversal |
$۱k-$2k |
Not Defined |
CVE-2021-32977 |
۶.۹ |
AVEVA System Platform signature verification |
$۱k-$2k |
Not Defined |
CVE-2021-27117 |
۷.۰ |
beego profile.go GetCPUProfile symlink |
$۲k-$5k |
Not Defined |
CVE-2021-27116 |
۷.۰ |
beego profile.go MemProf symlink |
$۲k-$5k |
Not Defined |
CVE-2021-30080 |
۵.۵ |
beego Route Lookup access control |
$۱k-$2k |
Official Fix |
CVE-2022-0677 |
۷.۵ |
BitDefender Endpoint Security Tools Update Server denial of service |
$۰-$۱k |
Official Fix |
CVE-2022-0405 |
۴.۳ |
Calibre-Web access control |
$۲k-$5k |
Official Fix |
CVE-2022-0406 |
۵.۳ |
Calibre-Web improper authorization |
$۲k-$5k |
Official Fix |
CVE-2022-0990 |
۸.۳ |
Calibre-Web server-side request forgery |
$۲k-$5k |
Official Fix |
CVE-2022-0939 |
۶.۸ |
Calibre-Web server-side request forgery |
$۱k-$2k |
Official Fix |
CVE-2022-20675 |
۵.۳ |
Cisco Email Security Appliance Service Port 199 denial of service |
$۱۰k-$25k |
Official Fix |
CVE-2022-20782 |
۴.۶ |
Cisco Identity Services Engine Web-based Management Interface privileges assignment |
$۱۰k-$25k |
Official Fix |
CVE-2022-20774 |
۵.۵ |
Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 Web-based Interface cross-site request forgery |
$۵k-$10k |
Official Fix |
CVE-2022-20741 |
۴.۴ |
Cisco Secure Network Analytics Network Diagrams Application cross site scripting |
$۲k-$5k |
Official Fix |
CVE-2022-20665 |
۶.۶ |
Cisco StarOS CLI command injection |
$۱۰k-$25k |
Official Fix |
CVE-2022-20781 |
۴.۴ |
Cisco Web Security Appliance Web-based Management Interface cross site scripting |
$۵k-$10k |
Official Fix |
CVE-2022-20784 |
۶.۶ |
Cisco Web Security Appliance Web-Based Reputation Score Engine access control |
$۲۵k-$50k |
Official Fix |
CVE-2022-20763 |
۵.۹ |
Cisco WebEx Meetings Application Login Authorization deserialization |
$۱۰k-$25k |
Official Fix |
CVE-2022-22518 |
۵.۹ |
CODESYS Control CmpUserMgr improper authorization |
$۲k-$5k |
Not Defined |
CVE-2022-22515 |
۷.۲ |
CODESYS Control Runtime System Configuration File exposure of resource |
$۱k-$2k |
Not Defined |
CVE-2022-22516 |
۷.۶ |
CODESYS Control Runtime System SysDrv3S Driver permission assignment |
$۲k-$5k |
Not Defined |
CVE-2022-22519 |
۶.۴ |
CODESYS Control Runtime System Webserver buffer overflow |
$۲k-$5k |
Not Defined |
CVE-2022-22513 |
۶.۹ |
CODESYS Products CmpSettings null pointer dereference |
$۰-$۱k |
Not Defined |
CVE-2022-22514 |
۶.۸ |
CODESYS Products CmpSettings uninitialized pointer |
$۰-$۱k |
Not Defined |
CVE-2022-22517 |
۶.۴ |
CODESYS Products Communication Channel random values |
$۱k-$2k |
Not Defined |
CVE-2022-24811 |
۴.۴ |
Combodo iTop HTML Attachment cross site scripting |
$۰-$۱k |
Official Fix |
CVE-2021-41245 |
۵.۴ |
Combodo iTop privUITransactionFile cross-site request forgery |
$۰-$۱k |
Official Fix |
CVE-2022-24780 |
۸.۸ |
Combodo iTop User Portal code injection |
$۲k-$5k |
Official Fix |
CVE-2022-24426 |
۷.۸ |
Dell Command Update/Alienware Update Advanced Driver Restore uncontrolled search path |
$۱۰k-$25k |
Official Fix |
CVE-2022-26855 |
۵.۵ |
Dell EMC PowerScale OneFS default permission |
$۵k-$25k |
Not Defined |
CVE-2022-26851 |
۷.۸ |
Dell EMC PowerScale OneFS Filename random values |
$۵k-$25k |
Not Defined |
CVE-2022-22563 |
۴.۱ |
Dell EMC PowerScale OneFS master.passwd unknown vulnerability |
$۵k-$25k |
Not Defined |
CVE-2022-24428 |
۶.۳ |
Dell EMC PowerScale OneFS Remote Filesystem permissions |
$۵k-$25k |
Not Defined |
CVE-2022-26854 |
۸.۱ |
Dell EMC PowerScale OneFS risky encryption |
$۵k-$25k |
Not Defined |
CVE-2022-26852 |
۳.۷ |
Dell EMC PowerScale OneFS weak prng |
$۵k-$25k |
Not Defined |
CVE-2021-33616 |
۳.۵ |
Dell EMC RSA Archer cross site scripting |
$۲k-$5k |
Not Defined |
CVE-2021-36293 |
۶.۴ |
Dell VNX2 os command injection |
$۵k-$25k |
Not Defined |
CVE-2021-36287 |
۷.۳ |
Dell VNX2 os command injection |
$۵k-$25k |
Not Defined |
CVE-2021-36288 |
۷.۳ |
Dell VNX2 path traversal |
$۵k-$25k |
Not Defined |
CVE-2021-36290 |
۶.۴ |
Dell VNX2 permission assignment |
$۵k-$25k |
Not Defined |
CVE-2022-23158 |
۴.۱ |
Dell Wyse Device Agent information disclosure |
$۱k-$2k |
Not Defined |
CVE-2022-23156 |
۴.۱ |
Dell Wyse Device Agent WMS Server improper authentication |
$۱k-$2k |
Not Defined |
CVE-2022-23157 |
۳.۳ |
Dell Wyse Device Agent WMS Server information disclosure |
$۱k-$2k |
Not Defined |
CVE-2022-23155 |
۷.۲ |
Dell Wyse Management Suite unrestricted upload |
$۱۰k-$25k |
Not Defined |
CVE-2022-1098 |
۸.۳ |
Delta Electronics DIAEnergie uncontrolled search path |
$۲k-$5k |
Official Fix |
CVE-2022-26952 |
۶.۳ |
Digi Passport Location Header improper authentication |
$۱k-$2k |
Official Fix |
CVE-2022-26953 |
۶.۳ |
Digi Passport reboot.asp buffer overflow |
$۲k-$5k |
Official Fix |
CVE-2021-43474 |
۵.۵ |
D-Link DIR-823G HNAP1 access control |
$۱۰k-$25k |
Not Defined |
CVE-2022-26670 |
۸.۸ |
D-Link DIR-878 Input Field os command injection |
$۱۰k-$25k |
Not Defined |
CVE-2020-27373 |
۲.۹ |
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 Bluetooth LE cleartext transmission |
$۰-$۱k |
Not Defined |
CVE-2020-27374 |
۶.۳ |
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 BP Monitoring authentication replay |
$۱k-$2k |
Not Defined |
CVE-2020-27376 |
۶.۳ |
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 improper authentication |
$۱k-$2k |
Not Defined |
CVE-2020-27375 |
۵.۵ |
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 Privilege Escalation |
$۲k-$5k |
Not Defined |
CVE-2022-27346 |
۶.۳ |
Ecommece-Website PHP File unrestricted upload |
$۲k-$5k |
Not Defined |
CVE-2022-27436 |
۳.۵ |
Ecommerce-Website cross site scripting |
$۰-$۱k |
Not Defined |
CVE-2022-27357 |
۶.۳ |
Ecommerce-Website PHP File customer_register.php unrestricted upload |
$۲k-$5k |
Not Defined |
CVE-2022-27435 |
۶.۳ |
Ecommerce-Website Product Image unrestricted upload |
$۲k-$5k |
Not Defined |
CVE-2021-26116 |
۷.۸ |
Fortinet FortiAuthenticator Command Line Interpreter os command injection |
$۲k-$5k |
Official Fix |
CVE-2021-43205 |
۴.۳ |
Fortinet FortiClient information disclosure |
$۱k-$2k |
Not Defined |
CVE-2021-44169 |
۸.۱ |
Fortinet FortiClient initialization |
$۲k-$5k |
Not Defined |
CVE-2021-22127 |
۷.۱ |
Fortinet FortiClient input validation |
$۲k-$5k |
Official Fix |
CVE-2022-23440 |
۷.۸ |
Fortinet FortiEDR hard-coded key |
$۰-$۱k |
Not Defined |
CVE-2022-23441 |
۸.۲ |
Fortinet FortiEDR hard-coded key |
$۱k-$2k |
Official Fix |
CVE-2022-23446 |
۳.۵ |
Fortinet FortiEDR permission |
$۱k-$2k |
Official Fix |
CVE-2021-26104 |
۸.۳ |
Fortinet FortiManager/FortiAnalyzer/FortiPortal Command Line Interface os command injection |
$۲k-$5k |
Not Defined |
CVE-2020-29013 |
۴.۸ |
Fortinet FortiSandbox Sniffer Interface denial of service |
$۰-$۱k |
Official Fix |
CVE-2021-32593 |
۶.۵ |
Fortinet FortiWan Dynamic Tunnel Protocol risky encryption |
$۱k-$2k |
Official Fix |
CVE-2021-32585 |
۵.۷ |
Fortinet FortiWAN HTTP Request cross site scripting |
$۰-$۱k |
Official Fix |
CVE-2021-26114 |
۹.۳ |
Fortinet FortiWan HTTP sql injection |
$۲k-$5k |
Official Fix |
CVE-2021-26112 |
۸.۱ |
Fortinet FortiWan Network Daemon stack-based overflow |
$۲k-$5k |
Official Fix |
CVE-2021-26113 |
۴.۶ |
Fortinet FortiWan Password File inadequate encryption |
$۰-$۱k |
Official Fix |
CVE-2021-24009 |
۷.۲ |
Fortinet FortiWan Web GUI os command injection |
$۲k-$5k |
Official Fix |
CVE-2021-41026 |
۵.۴ |
Fortinet FortiWeb path traversal |
$۱k-$2k |
Not Defined |
CVE-2022-0390 |
۴.۳ |
GitLab Community Edition/Enterprise Edition access control |
$۲k-$5k |
Not Defined |
CVE-2022-1100 |
۴.۳ |
GitLab Community Edition/Enterprise Edition API resource consumption |
$۰-$۱k |
Official Fix |
CVE-2022-0740 |
۳.۷ |
GitLab Community Edition/Enterprise Edition Asana improper authorization |
$۲k-$5k |
Official Fix |
CVE-2022-0741 |
۴.۰ |
GitLab Community Edition/Enterprise Edition Email Address information disclosure |
$۰-$۱k |
Not Defined |
CVE-2022-0489 |
۳.۵ |
GitLab Community Edition/Enterprise Edition Formula denial of service |
$۰-$۱k |
Not Defined |
CVE-2022-1148 |
۴.۵ |
GitLab Community Edition/Enterprise Edition improper authorization |
$۲k-$5k |
Official Fix |
CVE-2022-1189 |
۳.۱ |
GitLab Community Edition/Enterprise Edition information disclosure |
$۱k-$2k |
Official Fix |
CVE-2022-1120 |
۳.۷ |
GitLab Community Edition/Enterprise Edition information exposure |
$۰-$۱k |
Official Fix |
CVE-2022-0425 |
۵.۹ |
GitLab Community Edition/Enterprise Edition IRC Gateway server-side request forgery |
$۲k-$5k |
Not Defined |
CVE-2021-39908 |
۵.۹ |
GitLab Community Edition/Enterprise Edition Merge Request unknown vulnerability |
$۲k-$5k |
Official Fix |
CVE-2022-1190 |
۶.۱ |
GitLab Community Edition/Enterprise Edition Multi-Word Milestone Reference cross site scripting |
$۰-$۱k |
Official Fix |
CVE-2022-1175 |
۶.۱ |
GitLab Community Edition/Enterprise Edition Note cross site scripting |
$۰-$۱k |
Official Fix |
CVE-2022-1162 |
۸.۲ |
GitLab Community Edition/Enterprise Edition OmniAuth hard-coded password |
$۱k-$2k |
Official Fix |
CVE-2022-1105 |
۴.۳ |
GitLab Community Edition/Enterprise Edition Pipeline Analytic access control |
$۲k-$5k |
Official Fix |
CVE-2022-1111 |
۳.۰ |
GitLab Community Edition/Enterprise Edition Project Membership Page behavioral workflow |
$۱k-$2k |
Official Fix |
CVE-2022-1185 |
۵.۴ |
GitLab Community Edition/Enterprise Edition RDoc denial of service |
$۰-$۱k |
Not Defined |
CVE-2022-1188 |
۴.۶ |
GitLab Community Edition/Enterprise Edition Repository Mirror server-side request forgery |
$۱k-$2k |
Official Fix |
CVE-2022-1174 |
۴.۳ |
GitLab Community Edition/Enterprise Edition resource consumption |
$۰-$۱k |
Official Fix |
CVE-2022-1121 |
۵.۳ |
GitLab Community Edition/Enterprise Edition resource consumption |
$۰-$۱k |
Official Fix |
CVE-2022-0373 |
۴.۳ |
GitLab Community Edition/Enterprise Edition Service Desk Email Address access control |
$۲k-$5k |
Not Defined |
CVE-2022-1099 |
۴.۳ |
GitLab Community Edition/Enterprise Edition Tag denial of service |
$۰-$۱k |
Official Fix |
CVE-2022-1232 |
۶.۳ |
Google Chrome V8 type confusion |
$۵۰k-$100k |
Official Fix |
CVE-2022-27146 |
۳.۵ |
GPAC gf_isom_apple_enum_tag heap-based overflow |
$۱k-$2k |
Not Defined |
CVE-2022-1222 |
۳.۶ |
GPAC infinite loop |
$۰-$۱k |
Official Fix |
CVE-2022-27145 |
۵.۵ |
GPAC MP4Box gf_isom_get_sample_for_movie_time stack-based overflow |
$۲k-$5k |
Not Defined |
CVE-2022-27147 |
۵.۵ |
GPAC MP4Box gf_node_get_attribute_by_tag use after free |
$۲k-$5k |
Not Defined |
CVE-2022-27148 |
۵.۵ |
GPAC MP4Box integer overflow |
$۲k-$5k |
Not Defined |
CVE-2022-23700 |
۳.۳ |
HPE OneView access control |
$۵k-$10k |
Official Fix |
CVE-2022-23697 |
۳.۵ |
HPE OneView cross site scripting |
$۲k-$5k |
Official Fix |
CVE-2022-23699 |
۵.۳ |
HPE OneView improper authentication |
$۲k-$5k |
Official Fix |
CVE-2022-23698 |
۵.۳ |
HPE OneView information disclosure |
$۵k-$10k |
Official Fix |
CVE-2022-26110 |
۵.۵ |
HTCondor CLAIMTOBE Method improper authentication |
$۱k-$2k |
Official Fix |
CVE-2021-45104 |
۵.۰ |
HTCondor Network Data channel accessible |
$۲k-$5k |
Official Fix |
CVE-2021-45103 |
۵.۵ |
HTCondor S3 Cloud Storage access control |
$۱k-$2k |
Official Fix |
CVE-2022-22356 |
۴.۲ |
IBM MQ Appliance information exposure |
$۵k-$10k |
Official Fix |
CVE-2022-22355 |
۵.۳ |
IBM MQ Appliance Login denial of service |
$۵k-$10k |
Official Fix |
CVE-2022-22339 |
۶.۳ |
IBM Planning Analytics server-side request forgery |
$۱۰k-$25k |
Official Fix |
CVE-2020-4668 |
۴.۳ |
IBM Sterling B2B Integrator Standard Edition cross-site request forgery |
$۵k-$10k |
Official Fix |
CVE-2022-22410 |
۴.۱ |
IBM Watson Query information disclosure |
$۵k-$10k |
Official Fix |
CVE-2021-41751 |
۵.۵ |
JerryScript ecma-builtin-array-prototype.c ecma_builtin_array_prototype_object_slice buffer overflow |
$۲k-$5k |
Official Fix |
CVE-2021-43453 |
۵.۵ |
JerryScript js-parser-statm.c parser_parse_for_statement_start heap-based overflow |
$۲k-$5k |
Not Defined |
CVE-2021-41752 |
۵.۵ |
JerryScript opt stack-based overflow |
$۲k-$5k |
Official Fix |
CVE-2022-28651 |
۶.۳ |
JetBrains IntelliJ IDEA Protected Field information disclosure |
$۱k-$2k |
Official Fix |
CVE-2022-28650 |
۵.۴ |
JetBrains YouTrack Classic UI cross site scripting |
$۰-$۱k |
Official Fix |
CVE-2022-28648 |
۴.۶ |
JetBrains YouTrack Issue Description cross site scriting |
$۰-$۱k |
Official Fix |
CVE-2022-28649 |
۵.۱ |
JetBrains YouTrack Issue Description unknown vulnerability |
$۲k-$5k |
Official Fix |
CVE-2021-27223 |
۶.۵ |
Kaspersky Anti-Virus/Endpoint Security Binary Module denial of service |
$۰-$۱k |
Not Defined |
CVE-2022-27534 |
۶.۳ |
Kaspersky Anti-Virus/Endpoint Security Data Parser Remote Code Execution |
$۲k-$5k |
Official Fix |
CVE-2021-3461 |
۵.۵ |
Keycloak session expiration |
$۱k-$2k |
Not Defined |
CVE-2022-27046 |
۵.۵ |
libsixel dither.c use after free |
$۲k-$5k |
Not Defined |
CVE-2021-41715 |
۵.۵ |
libsixel dither.c use after free |
$۲k-$5k |
Not Defined |
CVE-2021-40656 |
۵.۵ |
libsixel quant.c buffer overflow |
$۲k-$5k |
Official Fix |
CVE-2022-27044 |
۵.۵ |
libsixel quant.c buffer overflow |
$۲k-$5k |
Not Defined |
CVE-2022-28390 |
۷.۸ |
Linux Kernel ems_usb.c ems_usb_start_xmit double free |
$۱۰k-$25k |
Official Fix |
CVE-2022-28389 |
۷.۸ |
Linux Kernel mcba_usb.c mcba_usb_start_xmit double free |
$۱۰k-$25k |
Official Fix |
CVE-2021-3847 |
۶.۳ |
Linux Kernel OverlayFS Subsystem permissions |
$۱۰k-$25k |
Not Defined |
CVE-2022-28356 |
۷.۵ |
Linux Kernel Refcount af_llc.c memory leak |
$۲k-$5k |
Official Fix |
CVE-2022-28796 |
۵.۵ |
Linux Kernel transaction.c jbd2_journal_wait_updates use after free |
$۱۰k-$25k |
Official Fix |
CVE-2022-28388 |
۷.۸ |
Linux Kernel usb_8dev.c usb_8dev_start_xmit double free |
$۱۰k-$25k |
Official Fix |
CVE-2022-1234 |
۶.۵ |
livehelperchat cross site scripting |
$۰-$۱k |
Official Fix |
CVE-2022-0935 |
۷.۵ |
livehelperchat Password Reset behavioral workflow |
$۲k-$5k |
Official Fix |
CVE-2022-1213 |
۶.۳ |
livehelperchat server-side request forgery |
$۲k-$5k |
Official Fix |
CVE-2022-1235 |
۵.۶ |
livehelperchat unknown vulnerability |
$۰-$۱k |
Official Fix |
CVE-2021-32933 |
۹.۹ |
MDT Autosave API command injection |
$۲k-$5k |
Official Fix |
CVE-2021-32961 |
۷.۵ |
MDT Autosave getfile unrestricted upload |
$۲k-$5k |
Official Fix |
CVE-2021-32945 |
۵.۶ |
MDT AutoSave inadequate encryption |
$۰-$۱k |
Official Fix |
CVE-2021-32949 |
۷.۰ |
MDT AutoSave path traversal |
$۱k-$2k |
Official Fix |
CVE-2021-32957 |
۷.۴ |
MDT Autosave sql injection |
$۲k-$5k |
Official Fix |
CVE-2021-32953 |
۸.۵ |
MDT Autosave sql injection |
$۲k-$5k |
Official Fix |
CVE-2021-32937 |
۶.۴ |
MDT AutoSave Working Directory information exposure |
$۱k-$2k |
Official Fix |
CVE-2022-26912 |
۸.۳ |
Microsoft Edge Remote Code Execution |
$۵۰k-$100k |
Official Fix |
CVE-2022-26909 |
۸.۳ |
Microsoft Edge Remote Code Execution |
$۵۰k-$100k |
Official Fix |
CVE-2022-26908 |
۸.۳ |
Microsoft Edge Remote Code Execution |
$۵۰k-$100k |
Official Fix |
CVE-2022-26900 |
۸.۳ |
Microsoft Edge Remote Code Execution |
$۵۰k-$100k |
Official Fix |
CVE-2022-26895 |
۸.۳ |
Microsoft Edge Remote Code Execution |
$۵۰k-$100k |
Official Fix |
CVE-2022-26894 |
۸.۳ |
Microsoft Edge Remote Code Execution |
$۵۰k-$100k |
Official Fix |
CVE-2022-26891 |
۸.۳ |
Microsoft Edge Remote Code Execution |
$۵۰k-$100k |
Official Fix |
CVE-2022-24475 |
۸.۳ |
Microsoft Edge Remote Code Execution |
$۵۰k-$100k |
Official Fix |
CVE-2022-24523 |
۴.۳ |
Microsoft Edge unknown vulnerability |
$۵۰k-$100k |
Official Fix |
CVE-2022-25159 |
۵.۶ |
Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ authentication replay |
$۱k-$2k |
Not Defined |
CVE-2022-25160 |
۵.۳ |
Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ cleartext storage |
$۱k-$2k |
Not Defined |
CVE-2022-25158 |
۳.۱ |
Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ Password Hash cleartext storage |
$۰-$۱k |
Not Defined |
CVE-2022-25155 |
۵.۶ |
Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ Password Hash Handler authentication replay |
$۱k-$2k |
Not Defined |
CVE-2022-25157 |
۵.۶ |
Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ Password Hash Handler improper authentication |
$۱k-$2k |
Not Defined |
CVE-2022-25156 |
۳.۷ |
Mitsubishi Electric MELSEC iQ-F FX5U(C)/MELSEC iQ-F FX5UJ unknown vulnerability |
$۰-$۱k |
Not Defined |
CVE-2021-32968 |
۷.۵ |
Moxa IAW5000A buffer overflow |
$۲k-$5k |
Not Defined |
CVE-2021-32970 |
۶.۴ |
Moxa NPort IAW5000A Web Server denial of service |
$۰-$۱k |
Not Defined |
CVE-2021-32974 |
۹.۸ |
Moxa NPort IAW5000A Web Server input validation |
$۲k-$5k |
Not Defined |
CVE-2021-32976 |
۹.۸ |
Moxa NPort IAW5000A Web Server stack-based overflow |
$۲k-$5k |
Not Defined |
CVE-2022-1201 |
۵.۳ |
mruby Interpreter mrb_vm_exec null pointer dereference |
$۰-$۱k |
Official Fix |
CVE-2022-1212 |
۸.۳ |
mruby str_escape use after free |
$۲k-$5k |
Official Fix |
CVE-2022-27306 |
۵.۵ |
Node.js Hostname url.parse Privilege Escalation |
$۲k-$5k |
Official Fix |
CVE-2021-44109 |
۴.۳ |
Open5GS sbi Request message.c denial of service |
$۰-$۱k |
Official Fix |
CVE-2021-44108 |
۴.۳ |
Open5GS sbi Request namf-handler.c null pointer dereference |
$۰-$۱k |
Official Fix |
CVE-2022-27108 |
۵.۵ |
OrangeHRM createTimesheet authorization |
$۱k-$2k |
Not Defined |
CVE-2022-27110 |
۵.۵ |
OrangeHRM Host Header injection |
$۲k-$5k |
Not Defined |
CVE-2022-27109 |
۴.۹ |
OrangeHRM Referer Header injection |
$۱k-$2k |
Not Defined |
CVE-2022-27107 |
۳.۵ |
OrangeHRM Share Video cross site scripting |
$۰-$۱k |
Not Defined |
CVE-2021-33022 |
۵.۶ |
Philips Vue PACS cleartext transmission |
$۰-$۱k |
Not Defined |
CVE-2021-33024 |
۳.۷ |
Philips Vue PACS insufficiently protected credentials |
$۱k-$2k |
Not Defined |
CVE-2021-33020 |
۷.۲ |
Philips Vue PACS key management |
$۲k-$5k |
Not Defined |
CVE-2021-27493 |
۶.۲ |
Philips Vue PACS Message Remote Code Execution |
$۲k-$5k |
Not Defined |
CVE-2021-27501 |
۷.۵ |
Philips Vue PACS neutralization |
$۲k-$5k |
Not Defined |
CVE-2021-27497 |
۶.۰ |
Philips Vue PACS protection mechanism |
$۲k-$5k |
Not Defined |
CVE-2021-33018 |
۵.۳ |
Philips Vue PACS risky encryption |
$۰-$۱k |
Not Defined |
CVE-2022-26613 |
۶.۳ |
PHP-CMS categorymenu.php sql injection |
$۱k-$2k |
Not Defined |
CVE-2022-27992 |
۶.۳ |
PHPGurukul Zoo Management System animals sql injection |
$۱k-$2k |
Not Defined |
CVE-2022-27351 |
۶.۳ |
PHPGurukul Zoo Management System PHP File apply_vacancy unrestricted upload |
$۲k-$5k |
Not Defined |
CVE-2022-1223 |
۵.۴ |
phpipam access control |
$۲k-$5k |
Official Fix |
CVE-2022-1224 |
۵.۴ |
phpipam improper authorization |
$۲k-$5k |
Official Fix |
CVE-2022-1225 |
۵.۴ |
phpipam privileges assignment |
$۲k-$5k |
Official Fix |
CVE-2022-24793 |
۶.۴ |
PJSIP DNS Resolution buffer overflow |
$۲k-$5k |
Official Fix |
CVE-2022-24786 |
۸.۵ |
PJSIP RTCP Feedback RPSI Packet pjmedia_rtcp_fb_parse_rpsi out-of-bounds write |
$۲k-$5k |
Official Fix |
CVE-2022-1237 |
۷.۴ |
radare2 array index |
$۲k-$5k |
Official Fix |
CVE-2022-1244 |
۶.۴ |
radare2 heap-based overflow |
$۲k-$5k |
Official Fix |
CVE-2022-1240 |
۶.۹ |
radare2 mach0.c r_str_ncpy heap-based overflow |
$۲k-$5k |
Official Fix |
CVE-2022-1238 |
۶.۹ |
radare2 ne.c heap-based overflow |
$۲k-$5k |
Official Fix |
CVE-2022-1207 |
۵.۰ |
radare2 out-of-bounds read |
$۰-$۱k |
Official Fix |
CVE-2022-1283 |
۵.۰ |
radare2 r_bin_ne_get_entrypoints null pointer dereference |
$۰-$۱k |
Official Fix |
CVE-2022-1284 |
۶.۴ |
radare2 use after free |
$۲k-$5k |
Official Fix |
CVE-2021-32960 |
۸.۰ |
Rockwell Automation FactoryTalk Services Platform Policy access control |
$۲k-$5k |
Not Defined |
CVE-2022-1018 |
۵.۵ |
Rockwell Automation ISaGRAF Solution File xml external entity reference |
$۱k-$2k |
Not Defined |
CVE-2021-43462 |
۳.۵ |
Rumble Mail Server cross site scripting |
$۰-$۱k |
Not Defined |
CVE-2021-43461 |
۳.۵ |
Rumble Mail Server cross site scripting |
$۰-$۱k |
Not Defined |
CVE-2021-43459 |
۳.۵ |
Rumble Mail Server cross site scripting |
$۰-$۱k |
Not Defined |
CVE-2021-43456 |
۶.۳ |
Rumble Mail Server File unquoted search path |
$۲k-$5k |
Not Defined |
CVE-2022-25154 |
۶.۳ |
Samsung Portable SSD T5 PC access control |
$۲k-$5k |
Official Fix |
CVE-2022-1248 |
۷.۳ |
SAP Information System POST Request add_admin.php improper authentication |
$۱k-$2k |
Not Defined |
CVE-2021-45894 |
۳.۷ |
Softwarebüro Zauner ARC cleartext transmission |
$۰-$۱k |
Not Defined |
CVE-2021-45893 |
۵.۰ |
Softwarebüro Zauner ARC comparison |
$۲k-$5k |
Not Defined |
CVE-2021-45892 |
۳.۵ |
Softwarebüro Zauner ARC credentials storage |
$۱k-$2k |
Not Defined |
CVE-2021-45891 |
۵.۵ |
Softwarebüro Zauner ARC permission |
$۱k-$2k |
Not Defined |
CVE-2021-36776 |
۷.۵ |
SUSE Rancher access control |
$۱۰k-$25k |
Official Fix |
CVE-2021-36775 |
۷.۵ |
SUSE Rancher access control |
$۱۰k-$25k |
Official Fix |
CVE-2022-26251 |
۵.۵ |
Synametrics Synaman HTTP Interface access control |
$۱k-$2k |
Not Defined |
CVE-2022-26250 |
۵.۵ |
Synametrics Synaman permission |
$۱k-$2k |
Not Defined |
CVE-2022-27016 |
۵.۵ |
Tenda AC9 httpd Service SetStaticRouteCfg stack-based overflow |
$۲k-$5k |
Not Defined |
CVE-2022-27022 |
۸.۰ |
Tenda AC9 SetSysTimeCfg stack-based overflow |
$۲k-$5k |
Not Defined |
CVE-2022-27441 |
۳.۵ |
TPCMS cross site scripting |
$۰-$۱k |
Not Defined |
CVE-2022-27442 |
۳.۵ |
TPCMS information disclosure |
$۰-$۱k |
Not Defined |
CVE-2022-27883 |
۶.۳ |
Trend Micro Antivirus symlink |
$۵k-$25k |
Not Defined |
CVE-2022-22964 |
۷.۸ |
VMware Horizon Client Configuration File access control |
$۱۰k-$25k |
Official Fix |
CVE-2022-22962 |
۷.۸ |
VMware Horizon Client symlink |
$۱۰k-$25k |
Official Fix |
CVE-2022-22950 |
۴.۳ |
VMware Spring Framework SpEL Expression allocation of resources |
$۵k-$10k |
Official Fix |
CVE-2022-22960 |
۷.۸ |
Vmware Workspace ONE Access access control |
$۱۰k-$25k |
Official Fix |
CVE-2022-22961 |
۵.۳ |
Vmware Workspace ONE Access information disclosure |
$۵k-$10k |
Official Fix |
CVE-2022-22958 |
۷.۲ |
VMware Workspace ONE Access JDBC deserialization |
$۱۰k-$25k |
Official Fix |
CVE-2022-22957 |
۷.۲ |
VMware Workspace ONE Access JDBC deserialization |
$۱۰k-$25k |
Official Fix |
CVE-2022-22959 |
۴.۳ |
Vmware Workspace ONE Access JDBC URI cross-site request forgery |
$۵k-$10k |
Official Fix |
CVE-2022-22956 |
۹.۸ |
Vmware Workspace ONE Access OAuth2 ACS Framework improper authentication |
$۱۰k-$25k |
Official Fix |
CVE-2022-22955 |
۹.۸ |
Vmware Workspace ONE Access OAuth2 ACS Framework improper authentication |
$۱۰k-$25k |
Official Fix |
CVE-2022-22954 |
۹.۸ |
Vmware Workspace ONE Access/Identity Manager Template injection |
$۱۰k-$25k |
Official Fix |
CVE-2022-1168 |
۳.۵ |
WP JobSearch Plugin cross site scripting |
$۰-$۱k |
Official Fix |
CVE-2022-26361 |
۵.۵ |
Xen PCI Device memory corruption |
$۱۰k-$25k |
Official Fix |
CVE-2022-26360 |
۵.۵ |
Xen PCI Device memory corruption |
$۱۰k-$25k |
Official Fix |
CVE-2022-26359 |
۵.۵ |
Xen PCI Device memory corruption |
$۱۰k-$25k |
Official Fix |
CVE-2022-26358 |
۵.۵ |
Xen PCI Device memory corruption |
$۱۰k-$25k |
Official Fix |
CVE-2022-26356 |
۲.۶ |
Xen VRAM Tracking XEN_DMOP_track_dirty_vram memory leak |
$۲k-$5k |
Official Fix |
CVE-2022-26357 |
۴.۳ |
Xen VT-d Domain ID Cleanup memory leak |
$۰-$۱k |
Official Fix |
CVE-2022-24820 |
۵.۳ |
XWiki Platform information disclosure |
$۰-$۵k |
Official Fix |
CVE-2022-24819 |
۵.۳ |
XWiki Platform information disclosure |
$۰-$۵k |
Official Fix |
CVE-2022-24821 |
۵.۱ |
XWiki Platform SSX/JSX access control |
$۱k-$2k |
Official Fix |
CVE-2022-24978 |
۶.۳ |
Zoho ManageEngine ADAudit Password Field access control |
$۲k-$5k |
Official Fix |
CVE-2022-28219 |
۷.۳ |
Zoho ManageEngine ADAudit xml external entity reference |
$۱k-$2k |
Official Fix |
CVE-2022-24681 |
۳.۵ |
Zoho ManageEngine ADSelfService cross site scripting |
$۰-$۱k |
Official Fix |
CVE-2022-25245 |
۳.۵ |
Zoho ManageEngine ServiceDesk Plus information disclosure |
$۰-$۱k |
Official Fix |
CVE-2022-25373 |
۳.۵ |
Zoho ManageEngine SupportCenter Plus Request History cross site scripting |
$۰-$۱k |
Official Fix |
CVE-2022-26671 |
۷.۳ |
ZTE Security Dr.ID Access Control System hard-coded credentials |
$۱k-$2k |
Not Defined |