info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته چهارم مردادماه

 

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Cisco  گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد.  همچنین در  محصولات شرکت‌های Apache، Adobe، Google، IBM،  Mozilla، افزونه‌های WordPress و کرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری

امتیاز مبنا

عنوان آسیب‌پذیری

ارزش روز صفر

رفع آسیب‌پذیری

CVE-2021-35992

۳.۳

Adobe Bridge out-of-bounds read

$۰-$۵k

Official Fix

CVE-2021-35990

۷.۸

Adobe Bridge out-of-bounds write

$۵k-$25k

Official Fix

CVE-2021-35989

۷.۸

Adobe Bridge out-of-bounds write

$۵k-$25k

Official Fix

CVE-2021-35991

۳.۳

Adobe Bridge uninitialized pointer

$۰-$۵k

Official Fix

CVE-2021-36000

۷.۸

Adobe Character Animator memory corruption

$۵k-$25k

Official Fix

CVE-2021-36001

۳.۳

Adobe Character Animator out-of-bounds read

$۰-$۵k

Official Fix

CVE-2021-28624

۷.۸

Adobe Context heap-based overflow

$۵k-$25k

Official Fix

CVE-2021-28595

۷.۸

Adobe Dimension uncontrolled search path

$۵k-$25k

Official Fix

CVE-2021-36009

۶.۳

Adobe Illustrator memory corruption

$۵k-$25k

Official Fix

CVE-2021-36011

۵.۰

Adobe Illustrator os command injection

$۵k-$25k

Official Fix

CVE-2021-36010

۴.۳

Adobe Illustrator out-of-bounds read

$۰-$۵k

Official Fix

CVE-2021-28592

۶.۳

Adobe Illustrator out-of-bounds write

$۵k-$25k

Official Fix

CVE-2021-28591

۶.۳

Adobe Illustrator out-of-bounds write

$۵k-$25k

Official Fix

CVE-2021-36008

۴.۳

Adobe Illustrator use after free

$۵k-$25k

Official Fix

CVE-2021-28593

۴.۳

Adobe Illustrator use after free

$۵k-$25k

Official Fix

CVE-2021-36015

۶.۳

Adobe Media Encoder memory corruption

$۵k-$25k

Official Fix

CVE-2021-36016

۴.۳

Adobe Media Encoder out-of-bounds read

$۰-$۵k

Official Fix

CVE-2021-28590

۴.۳

Adobe Media Encoder out-of-bounds read

$۰-$۵k

Official Fix

CVE-2021-28589

۴.۳

Adobe Media Encoder out-of-bounds read

$۰-$۵k

Official Fix

CVE-2021-36014

۴.۳

Adobe Media Encoder uninitialized pointer

$۰-$۵k

Official Fix

CVE-2021-36006

۴.۳

Adobe Photoshop input validation

$۵k-$25k

Official Fix

CVE-2021-36005

۵.۵

Adobe Photoshop stack-based overflow

$۵k-$25k

Official Fix

CVE-2021-35999

۶.۳

Adobe Prelude memory corruption

$۵k-$25k

Official Fix

CVE-2021-36007

۴.۳

Adobe Prelude uninitialized pointer

$۰-$۵k

Official Fix

CVE-2021-35997

۶.۳

Adobe Premiere Pro memory corruption

$۵k-$25k

Official Fix

CVE-2021-35936

۵.۳

Apache Airflow CeleryExecutor/LocalExecutor information disclosure

$۵k-$10k

Official Fix

CVE-2021-33193

۷.۳

Apache HTTP Server mod_proxy access control

$۲۵k-$50k

Official Fix

CVE-2021-37608

۶.۳

Apache OFBiz unrestricted upload

$۱۰k-$25k

Official Fix

CVE-2021-30785

۶.۳

Apple iCloud ImageIO buffer overflow

$۱۰k-$25k

Official Fix

CVE-2021-30779

۶.۳

Apple iCloud ImageIO Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-21814

۵.۵

AT&T Xmill Command Line HandleFileArg buffer overflow

$۲k-$5k

Not Defined

CVE-2021-21815

۵.۵

AT&T Xmill Command Line HandleFileArg stack-based overflow

$۲k-$5k

Not Defined

CVE-2021-21813

۵.۵

AT&T Xmill Command Line HandleFileArg stack-based overflow

$۲k-$5k

Not Defined

CVE-2021-21812

۵.۵

AT&T Xmill Command Line HandleFileArg stack-based overflow

$۲k-$5k

Not Defined

CVE-2021-21828

۶.۳

AT&T Xmill XML Decompression AddLabel heap-based overflow

$۰-$۵k

Not Defined

CVE-2021-21826

۶.۳

AT&T Xmill XML Decompression DecodeTreeBlock heap-based overflow

$۰-$۵k

Not Defined

CVE-2021-21827

۶.۳

AT&T Xmill XML Decompression heap-based overflow

$۰-$۵k

Not Defined

CVE-2021-21830

۶.۳

AT&T Xmill XML Decompression Load heap-based overflow

$۲k-$5k

Not Defined

CVE-2021-21825

۶.۳

AT&T Xmill XML Decompression UncompressItem heap-based overflow

$۲k-$5k

Not Defined

CVE-2021-21829

۶.۳

AT&T Xmill XML Decompression UncompressItem heap-based overflow

$۲k-$5k

Not Defined

CVE-2021-21810

۶.۳

AT&T Xmill XML File heap-based overflow

$۲k-$5k

Not Defined

CVE-2021-26086

۴.۳

Atlassian JIRA Server/Data Center Endpoint web.xml path traversal

$۱k-$2k

Official Fix

CVE-2020-23334

۳.۵

Bento4 AP4_NullTerminatedStringAtom memory corruption

$۱k-$2k

Not Defined

CVE-2020-21066

۳.۵

Bento4 Ap4Dec3Atom.cpp AP4_Dec3Atom heap-based overflow

$۱k-$2k

Not Defined

CVE-2020-23331

۳.۵

Bento4 Ap4Descriptor.h WriteFields null pointer dereference

$۰-$۱k

Not Defined

CVE-2020-21064

۳.۵

Bento4 Ap4RtpAtom.cpp AP4_RtpAtom buffer overflow

$۱k-$2k

Not Defined

CVE-2020-23332

۳.۵

Bento4 Ap4StdCFileByteStream.cpp ReadPartial heap-based overflow

$۱k-$2k

Not Defined

CVE-2020-23330

۳.۵

Bento4 Ap4Stz2Atom.cpp GetSampleSize null pointer dereference

$۰-$۱k

Not Defined

CVE-2020-23333

۳.۵

Bento4 Ap4Utils.h AP4_CttsAtom heap-based overflow

$۱k-$2k

Not Defined

CVE-2021-23423

۳.۳

bikeshed Source File code injection

$۱k-$2k

Official Fix

CVE-2021-23422

۴.۸

bikeshed Source File os command injection

$۱k-$2k

Official Fix

CVE-2021-34715

۴.۷

Cisco Expressway/TelePresence Video Communication Server Administrative Web Interface signature verification

$۵k-$10k

Official Fix

CVE-2021-34716

۷.۲

Cisco Expressway/TelePresence Video Communication Server Web-based Management Interface unrestricted upload

$۱۰k-$25k

Official Fix

CVE-2021-34730

۹.۸

Cisco RV110W/RV130/RV130W/RV215W UPnP Request stack-based overflow

$۲۵k-$50k

Official Fix

CVE-2021-1561

۶.۳

Cisco Secure Email and Web Manager Spam Quarantine access control

$۱۰k-$25k

Official Fix

CVE-2021-34734

۴.۳

Cisco Video Surveillance 7000 Link Layer Discovery Protocol double free

$۱۰k-$25k

Official Fix

CVE-2021-34749

۷.۳

Cisco Web Security Appliance SNI Filter access control

$۲۵k-$50k

Official Fix

CVE-2021-22932

۲.۶

Citrix ShareFile Storage Zones Controller Mitigation Tool missing encryption

$۲k-$5k

Not Defined

CVE-2021-21867

۶.۳

CODESYS Development System ObjectStream.ProfileByteArray deserialization

$۲k-$5k

Not Defined

CVE-2021-21868

۶.۳

CODESYS Development System Project.get_MissingTypes deserialization

$۲k-$5k

Not Defined

CVE-2021-24536

۳.۵

Custom Login Redirect Plugin cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-34655

۴.۳

Custom Post Type Relations Plugin Parameter admin-page.php cross site scripting

$۰-$۱k

Official Fix

CVE-2021-34654

۴.۳

Custom Post Type Relations Plugin Parameter admin-page.php cross site scripting

$۰-$۱k

Official Fix

CVE-2021-20756

۴.۳

Cybozu Garoon Address access control

$۲k-$5k

Not Defined

CVE-2021-20764

۵.۴

Cybozu Garoon Attachment access control

$۲k-$5k

Not Defined

CVE-2021-20772

۴.۳

Cybozu Garoon Bulletin Title information disclosure

$۱k-$2k

Not Defined

CVE-2021-20775

۴.۳

Cybozu Garoon Comment access control

$۲k-$5k

Not Defined

CVE-2021-20774

۳.۵

Cybozu Garoon cross site scripting

$۰-$۱k

Not Defined

CVE-2021-20771

۳.۵

Cybozu Garoon cross site scripting

$۰-$۱k

Not Defined

CVE-2021-20770

۳.۵

Cybozu Garoon cross site scripting

$۰-$۱k

Not Defined

CVE-2021-20769

۳.۵

Cybozu Garoon cross site scripting

$۰-$۱k

Not Defined

CVE-2021-20766

۳.۵

Cybozu Garoon cross site scripting

$۰-$۱k

Not Defined

CVE-2021-20765

۳.۵

Cybozu Garoon cross site scripting

$۰-$۱k

Not Defined

CVE-2021-20753

۳.۵

Cybozu Garoon cross site scripting

$۰-$۱k

Not Defined

CVE-2021-20762

۵.۴

Cybozu Garoon E-Mail access control

$۲k-$5k

Not Defined

CVE-2021-20761

۳.۸

Cybozu Garoon E-Mail access control

$۱k-$2k

Not Defined

CVE-2021-20767

۳.۵

Cybozu Garoon Full Text Search cross site scripting

$۰-$۱k

Not Defined

CVE-2021-20755

۴.۳

Cybozu Garoon Portal access control

$۲k-$5k

Not Defined

CVE-2021-20763

۶.۳

Cybozu Garoon Portal Data access control

$۲k-$5k

Not Defined

CVE-2021-20759

۶.۳

Cybozu Garoon Portal Data access control

$۲k-$5k

Not Defined

CVE-2021-20757

۶.۳

Cybozu Garoon Portal Data access control

$۲k-$5k

Not Defined

CVE-2021-20773

۵.۴

Cybozu Garoon Route access control

$۲k-$5k

Not Defined

CVE-2021-20768

۶.۳

Cybozu Garoon Scheduler/MultiReport access control

$۲k-$5k

Not Defined

CVE-2021-20760

۵.۴

Cybozu Garoon User Profile access control

$۲k-$5k

Not Defined

CVE-2021-20754

۶.۳

Cybozu Garoon Workflow Data access control

$۲k-$5k

Not Defined

CVE-2021-20758

۳.۵

Cybozu Request cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-36792

۵.۵

dated_news Extension access control

$۱k-$2k

Not Defined

CVE-2021-36791

۳.۵

dated_news Extension Application Registration information disclosure

$۰-$۱k

Not Defined

CVE-2021-36790

۳.۵

dated_news Extension cross site scripting

$۰-$۱k

Not Defined

CVE-2021-36789

۶.۳

dated_news Extension sql injection

$۱k-$2k

Not Defined

CVE-2021-36281

۵.۵

Dell EMC PowerScale OneFS default permission

$۱۰k-$25k

Not Defined

CVE-2021-21592

۴.۳

Dell EMC PowerScale OneFS exceptional condition

$۱۰k-$25k

Not Defined

CVE-2021-21594

۵.۳

Dell EMC PowerScale OneFS GET Request information disclosure

$۵k-$10k

Not Defined

CVE-2021-36282

۳.۱

Dell EMC PowerScale OneFS ifs uninitialized resource

$۵k-$10k

Not Defined

CVE-2021-21568

۴.۳

Dell EMC PowerScale OneFS Log denial of service

$۲k-$5k

Not Defined

CVE-2021-36278

۵.۴

Dell EMC PowerScale OneFS Log File log file

$۵k-$10k

Not Defined

CVE-2021-36280

۶.۳

Dell EMC PowerScale OneFS permission assignment

$۱۰k-$25k

Not Defined

CVE-2021-36279

۶.۳

Dell EMC PowerScale OneFS permission assignment

$۱۰k-$25k

Not Defined

CVE-2021-21595

۳.۸

Dell EMC PowerScale OneFS Smartlock WORM Compliance Mode command injection

$۱۰k-$25k

Official Fix

CVE-2021-21599

۷.۲

Dell EMC PowerScale OneFS Smartlock WORM Compliance Mode os command injection

$۱۰k-$25k

Official Fix

CVE-2021-37693

۵.۶

Discourse Email session expiration

$۱k-$2k

Official Fix

CVE-2021-37703

۴.۳

Discourse information disclosure

$۱k-$2k

Official Fix

CVE-2020-18704

۶.۳

Django-Widgy Change Widgy Page unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-3707

۵.۵

D-Link DSL-2750U Configuration os command injection

$۱۰k-$25k

Not Defined

CVE-2021-3708

۶.۳

D-Link DSL-2750U os command injection

$۱۰k-$25k

Not Defined

CVE-2021-25956

۴.۷

Dolibarr access control

$۱k-$2k

Official Fix

CVE-2021-25955

۳.۵

Dolibarr ERP WYSIWYG Editor Module cross site scripting

$۰-$۱k

Official Fix

CVE-2021-25957

۶.۳

Dolibarr password recovery

$۲k-$5k

Official Fix

CVE-2020-18759

۳.۵

Dut Computer Control Engineering PLC MAC1100 EPA Protocol information disclosure

$۰-$۱k

Not Defined

CVE-2020-18756

۳.۵

Dut Computer Control Engineering PLC MAC1100 EPA Protocol memory corruption

$۱k-$2k

Not Defined

CVE-2020-18754

۳.۵

Dut Computer Control Engineering PLC MAC1100 information disclosure

$۰-$۱k

Not Defined

CVE-2020-18757

۳.۵

Dut Computer Control Engineering PLC MAC1100 Packet denial of service

$۰-$۱k

Not Defined

CVE-2020-18753

۵.۵

Dut Computer Control Engineering PLC MAC1100 Packet Privilege Escalation

$۲k-$5k

Not Defined

CVE-2020-18758

۵.۵

Dut Computer Control Engineering PLC MAC1100 Privilege Escalation

$۲k-$5k

Not Defined

CVE-2020-18899

۳.۵

Exiv2 DataBufdata resource consumption

$۰-$۵k

Not Defined

CVE-2020-18898

۴.۳

Exiv2 printIFDStructure denial of service

$۰-$۵k

Not Defined

CVE-2020-20645

۳.۵

EyouCMS cross site scripting

$۰-$۵k

Not Defined

CVE-2020-20642

۳.۵

EyouCMS cross-site request forgery

$۰-$۵k

Not Defined

CVE-2020-19669

۳.۵

Eyoucms cross-site request forgery

$۰-$۱k

Not Defined

CVE-2020-28146

۳.۵

Eyoucms Parameter cross site scripting

$۰-$۱k

Not Defined

CVE-2021-24038

۵.۳

Facebook Oculus Desktop Handle Management OVRServiceLauncher.exe privileges management

$۵k-$10k

Official Fix

CVE-2021-38171

۵.۵

FFmpeg Argument adtsenc.c adts_decode_extradata return value

$۰-$۵k

Official Fix

CVE-2021-32602

۴.۳

Fortinet FortiPortal GUI Web Page Generation cross site scripting

$۰-$۱k

Official Fix

CVE-2021-32588

۹.۸

Fortinet FortiPortal hard-coded credentials

$۲k-$5k

Official Fix

CVE-2021-22254

۳.۱

GitLab Community Edition/Enterprise Edition Shell information disclosure

$۰-$۵k

Not Defined

CVE-2021-22238

۳.۵

GitLab Design Feature cross site scripting

$۰-$۵k

Not Defined

CVE-2021-22246

۴.۳

GitLab Webhook denial of service

$۰-$۵k

Official Fix

CVE-2021-0574

۵.۳

Google Android ASF Extractor out-of-bounds write

$۲۵k-$50k

Official Fix

CVE-2021-0573

۵.۳

Google Android ASF Extractor out-of-bounds write

$۲۵k-$50k

Official Fix

CVE-2021-0591

۵.۳

Google Android BluetoothPermissionActivity.java sendReplyIntentToReceiver permission

$۲۵k-$50k

Official Fix

CVE-2021-0593

۵.۳

Google Android DevicePickerFragment.java sendDevicePickedtent Local Privilege Escalation

$۲۵k-$50k

Official Fix

CVE-2021-0645

۵.۳

Google Android ExternalStorageProvider.java shouldBlockFromTree permission

$۲۵k-$50k

Official Fix

CVE-2021-0576

۵.۳

Google Android FLV Extractor out-of-bounds write

$۲۵k-$50k

Official Fix

CVE-2021-0519

۳.۳

Google Android ih264e_bitstream.h BITSTREAM_FLUSH out-of-bounds write

$۲۵k-$50k

Official Fix

CVE-2021-0639

۳.۳

Google Android libl3oemcrypto.cpp information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-0584

۳.۳

Google Android Parcel.cpp verifyBufferObject out-of-bounds read

$۱۰k-$25k

Official Fix

CVE-2021-0646

۵.۳

Google Android sqlite3.c sqlite3_str_vappendf out-of-bounds write

$۲۵k-$50k

Official Fix

CVE-2021-0640

۵.۳

Google Android StatsdStats.cpp noteAtomLogged out-of-bounds write

$۲۵k-$50k

Official Fix

CVE-2021-0641

۳.۳

Google Android SubscriptionController.java getAvailableSubscriptionInfoList information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-0642

۳.۳

Google Android VoicemailSettingsFragment.java onResume information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-0582

۲.۱

Google Android WiFi Driver out-of-bounds read

$۰-$۱k

Official Fix

CVE-2021-0581

۲.۱

Google Android WiFi Driver out-of-bounds read

$۰-$۱k

Official Fix

CVE-2021-0580

۲.۱

Google Android WiFi Driver out-of-bounds read

$۰-$۱k

Official Fix

CVE-2021-0579

۲.۱

Google Android WiFi Driver out-of-bounds read

$۰-$۱k

Official Fix

CVE-2021-0578

۲.۴

Google Android WiFi Driver out-of-bounds read

$۲k-$5k

Official Fix

CVE-2021-30604

۶.۳

Google Chrome ANGLE use after free

$۵۰k-$100k

Official Fix

CVE-2021-30601

۶.۳

Google Chrome Extensions API use after free

$۵۰k-$100k

Official Fix

CVE-2021-30600

۶.۳

Google Chrome Printing use after free

$۵۰k-$100k

Official Fix

CVE-2021-30599

۶.۳

Google Chrome V8 type confusion

$۵۰k-$100k

Official Fix

CVE-2021-30598

۶.۳

Google Chrome V8 type confusion

$۵۰k-$100k

Official Fix

CVE-2021-30603

۵.۰

Google Chrome WebAudio race condition

$۲۵k-$50k

Official Fix

CVE-2021-30602

۶.۳

Google Chrome WebRTC use after free

$۵۰k-$100k

Official Fix

CVE-2021-21843

۶.۳

GPAC Advanced Content MPEG-4 Decoding GF_SubsegmentRangeInfo integer overflow

$۲k-$5k

Not Defined

CVE-2021-21862

۶.۳

GPAC Advanced Content MPEG-4 Decoding integer overflow

$۲k-$5k

Not Defined

CVE-2021-21858

۶.۳

GPAC Advanced Content MPEG-4 Decoding integer overflow

$۲k-$5k

Not Defined

CVE-2021-21857

۶.۳

GPAC Advanced Content MPEG-4 Decoding integer overflow

$۲k-$5k

Not Defined

CVE-2021-21856

۶.۳

GPAC Advanced Content MPEG-4 Decoding integer overflow

$۲k-$5k

Not Defined

CVE-2021-21855

۶.۳

GPAC Advanced Content MPEG-4 Decoding integer overflow

$۲k-$5k

Not Defined

CVE-2021-21854

۶.۳

GPAC Advanced Content MPEG-4 Decoding integer overflow

$۲k-$5k

Not Defined

CVE-2021-21853

۶.۳

GPAC Advanced Content MPEG-4 Decoding integer overflow

$۲k-$5k

Not Defined

CVE-2021-21852

۶.۳

GPAC Advanced Content MPEG-4 Decoding integer overflow

$۲k-$5k

Not Defined

CVE-2021-21851

۶.۳

GPAC Advanced Content MPEG-4 Decoding integer overflow

$۲k-$5k

Not Defined

CVE-2021-21847

۶.۳

GPAC Advanced Content MPEG-4 Decoding integer overflow

$۲k-$5k

Not Defined

CVE-2021-21846

۶.۳

GPAC Advanced Content MPEG-4 Decoding integer overflow

$۲k-$5k

Not Defined

CVE-2021-21845

۶.۳

GPAC Advanced Content MPEG-4 Decoding integer overflow

$۲k-$5k

Not Defined

CVE-2021-21844

۶.۳

GPAC Advanced Content MPEG-4 Decoding integer overflow

$۲k-$5k

Not Defined

CVE-2021-21839

۶.۳

GPAC Advanced Content MPEG-4 Decoding integer overflow

$۲k-$5k

Not Defined

CVE-2021-21838

۶.۳

GPAC Advanced Content MPEG-4 Decoding integer overflow

$۲k-$5k

Not Defined

CVE-2021-21837

۶.۳

GPAC Advanced Content MPEG-4 Decoding integer overflow

$۲k-$5k

Not Defined

CVE-2021-21861

۶.۳

GPAC Advanced Content MPEG-4 heap-based overflow

$۲k-$5k

Not Defined

CVE-2021-21860

۶.۳

GPAC Advanced Content MPEG-4 heap-based overflow

$۲k-$5k

Not Defined

CVE-2021-21859

۶.۳

GPAC Advanced Content stri_box_read Remote Code Execution

$۲k-$5k

Not Defined

CVE-2021-39242

۷.۳

HAProxy HTTP Host Header access control

$۲k-$5k

Official Fix

CVE-2021-39241

۶.۳

HAProxy HTTP Method admin access control

$۲k-$5k

Official Fix

CVE-2021-39240

۷.۳

HAProxy URL injection

$۲k-$5k

Official Fix

CVE-2021-38553

۵.۵

Hashicorp Vault/Vault Enterprise default permission

$۱k-$2k

Official Fix

CVE-2021-38554

۳.۵

Hashicorp Vault/Vault Enterprise UI information disclosure

$۰-$۱k

Official Fix

CVE-2021-27741

۵.۵

HCL Commerce Management Center xml external entity reference

$۱k-$2k

Not Defined

CVE-2021-38757

۳.۵

Hospital Management System contact.php cross site scripting

$۰-$۱k

Not Defined

CVE-2021-38755

۵.۴

Hospital Management System Doctor Entry admin-panel1.php denial of service

$۰-$۱k

Not Defined

CVE-2021-38754

۶.۳

Hospital Management System messearch.php sql injection

$۱k-$2k

Not Defined

CVE-2021-38756

۳.۵

Hospital Management System prescribe.php cross site scripting

$۰-$۱k

Not Defined

CVE-2021-34656

۴.۳

HTML5 Webcam Videochat Plugin requirements.php vws_notice cross site scripting

$۰-$۱k

Official Fix

CVE-2021-37028

۴.۶

Huawei HG8045Q Command-Line Interface command injection

$۱۰k-$25k

Not Defined

CVE-2020-4706

۳.۵

IBM API Connect HTTP Host Header injection

$۱۰k-$25k

Official Fix

CVE-2020-4992

۴.۳

IBM DataPower Gateway cross-site request forgery

$۵k-$10k

Official Fix

CVE-2021-29880

۳.۱

IBM QRadar SIEM information disclosure

$۵k-$10k

Official Fix

CVE-2021-0114

۵.۳

Intel BSSA DFT initialization

$۵k-$10k

Official Fix

CVE-2021-31228

۳.۷

InterNiche NicheStack DNS Response entropy

$۰-$۱k

Not Defined

CVE-2021-31227

۵.۵

InterNiche NicheStack HTTP POST Request wbs_multidata heap-based overflow

$۲k-$5k

Not Defined

CVE-2021-31226

۵.۵

InterNiche NicheStack HTTP POST Request wbs_post heap-based overflow

$۲k-$5k

Not Defined

CVE-2021-27565

۴.۳

InterNiche NicheStack HTTP Request wbs_loop infinite loop

$۰-$۱k

Not Defined

CVE-2020-35683

۵.۳

InterNiche NicheStack ICMP Checksum denial of service

$۰-$۱k

Not Defined

CVE-2020-35684

۵.۳

InterNiche NicheStack IP Header out-of-bounds read

$۱k-$2k

Not Defined

CVE-2020-25767

۳.۵

InterNiche NicheStack IPv4 DNS Domain Name Parser dnc_copy_in out-of-bounds read

$۰-$۱k

Not Defined

CVE-2020-35685

۳.۷

InterNiche NicheStack ISN Gene random values

$۰-$۱k

Not Defined

CVE-2021-31401

۷.۳

InterNiche NicheStack TCP Header nptcp.c tcp_rcv integer overflow

$۲k-$5k

Not Defined

CVE-2021-31400

۷.۵

InterNiche NicheStack TCP Segment tcp_in.c tcp_pulloutofband infinite loop

$۰-$۱k

Not Defined

CVE-2020-25926

۵.۶

InterNiche NicheStack TCPIP DNS dns_query_type entropy

$۱k-$2k

Not Defined

CVE-2020-25928

۶.۳

InterNiche NicheStack TCPIP DNS Response dnc_set_answer buffer overflow

$۲k-$5k

Not Defined

CVE-2020-25927

۴.۳

InterNiche NicheStack TCPIP DNS Response dns_upcall out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-36762

۵.۳

InterNiche NicheStack TFTP Packet tfshnd:tftpsrv.c out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-39249

۳.۵

Invision Power Services Community Suite Filename mt_rand cross site scripting

$۰-$۱k

Official Fix

CVE-2021-39250

۳.۵

Invision Power Services Community Suite IFRAME cross site scripting

$۰-$۱k

Official Fix

CVE-2021-34663

۴.۳

jQuery Tagline Rotator Plugin jquery-tagline-rotator.php cross site scripting

$۰-$۱k

Official Fix

CVE-2021-0284

۷.۵

Juniper Junos OS TCP/IP Stack buffer overflow

$۱۰k-$25k

Official Fix

CVE-2021-3633

۸.۸

Lenovo Driver Management signature verification

$۲k-$5k

Official Fix

CVE-2021-3616

۷.۳

Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E improper authorization

$۲k-$5k

Official Fix

CVE-2021-3617

۴.۷

Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E Network Configuration os command injection

$۲k-$5k

Official Fix

CVE-2021-3615

۴.۳

Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E SD Card code injection

$۰-$۱k

Official Fix

CVE-2020-18900

۵.۵

libyal libexe libexe_io_handle_read_coff_optional_header heap-based overflow

$۰-$۵k

Official Fix

CVE-2020-18897

۵.۵

libyal Libpff pff File libpff_item_tree_create_node use after free

$۰-$۵k

Official Fix

CVE-2021-24535

۲.۴

Light Messages Plugin Message Content cross-site request forgery

$۰-$۱k

Not Defined

CVE-2020-18701

۵.۶

Lin-CMS-Flask Authentication Token session fixiation

$۱k-$2k

Not Defined

CVE-2020-18699

۳.۵

Lin-CMS-Flask user.py cross site scripting

$۰-$۱k

Not Defined

CVE-2020-18698

۳.۷

Lin-CMS-Flask user.py login excessive authentication

$۱k-$2k

Not Defined

CVE-2021-21781

۴.۳

Linux Kernel ARM SIGPAGE information disclosure

$۵k-$10k

Official Fix

CVE-2021-39282

۳.۵

Live555 AC3 File memory leak

$۰-$۱k

Not Defined

CVE-2021-39283

۵.۵

Live555 Command FramedSource.cpp assertion

$۲k-$5k

Not Defined

CVE-2021-28000

۳.۵

Local Services Search Engine Management System Project cross site scripting

$۰-$۱k

Not Defined

CVE-2021-27999

۲.۲

Local Services Search Engine Management System Project sql injection

$۱k-$2k

Not Defined

CVE-2021-34652

۴.۳

Media Usage Plugin Parameter mmu_admin.php cross site scripting

$۰-$۱k

Official Fix

CVE-2021-0626

۵.۳

MediaTek MT6768/MT6771/MT6779/MT6785 ged out-of-bounds write

$۱k-$2k

Official Fix

CVE-2021-0627

۵.۳

MediaTek MT6885 OMA DRM integer overflow

$۱k-$2k

Official Fix

CVE-2021-0628

۵.۳

MediaTek MT6885 OMA DRM memory corruption

$۱k-$2k

Official Fix

CVE-2021-0408

۳.۳

MediaTek MT6893 ASF Extractor out-of-bounds read

$۰-$۱k

Official Fix

CVE-2021-0420

۵.۵

MediaTek MT6893 Memory Management Driver denial of service

$۰-$۱k

Official Fix

CVE-2021-0419

۵.۵

MediaTek MT6893 Memory Management Driver denial of service

$۰-$۱k

Official Fix

CVE-2021-0418

۵.۵

MediaTek MT6893 Memory Management Driver denial of service

$۰-$۱k

Official Fix

CVE-2021-0417

۵.۵

MediaTek MT6893 Memory Management Driver denial of service

$۰-$۱k

Official Fix

CVE-2021-0416

۵.۷

MediaTek MT6893 Memory Management Driver denial of service

$۰-$۱k

Official Fix

CVE-2021-0415

۳.۳

MediaTek MT6893 Memory Management Driver information disclosure

$۰-$۱k

Official Fix

CVE-2021-0407

۵.۳

MediaTek MT6893 out-of-bounds write

$۱k-$2k

Official Fix

CVE-2021-36786

۳.۵

miniorange_saml Extension API Credential information disclosure

$۰-$۱k

Official Fix

CVE-2021-36785

۳.۵

miniorange_saml Extension cross site scripting

$۰-$۱k

Official Fix

CVE-2021-39302

۶.۳

MISP Log.php sql injection

$۱k-$2k

Official Fix

CVE-2021-37586

۲.۴

Mitel Interaction Recording Multitenancy System PowerPlay Web information disclosure

$۰-$۱k

Official Fix

CVE-2021-32069

۲.۶

Mitel MiCollab AWV channel accessible

$۱k-$2k

Official Fix

CVE-2021-32068

۲.۶

Mitel MiCollab AWV/Client Service channel accessible

$۱k-$2k

Official Fix

CVE-2021-32070

۳.۵

Mitel MiCollab Client Service clickjacking

$۱k-$2k

Official Fix

CVE-2021-32067

۳.۵

Mitel MiCollab Client Service information disclosure

$۰-$۱k

Official Fix

CVE-2021-32072

۴.۳

Mitel MiCollab Client Service information disclosure

$۱k-$2k

Official Fix

CVE-2021-32071

۶.۳

Mitel MiCollab Client Service Remote Code Execution

$۲k-$5k

Official Fix

CVE-2021-27402

۶.۳

Mitel MiCollab SAS Admin Portal pathname traversal

$۱k-$2k

Official Fix

CVE-2021-27401

۳.۵

Mitel MiCollab Web Client Join Meeting Page cross site scripting

$۰-$۱k

Official Fix

CVE-2021-3352

۶.۳

Mitel MiContact Center Business Software Development Kit improper authorization

$۲k-$5k

Not Defined

CVE-2021-24526

۳.۵

Mobile-Friendly Drag & Drop Contact Form Builder Plugin Form Title cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24363

۵.۵

Mobile-Friendly Image Gallery Plugin path traversal

$۱k-$2k

Official Fix

CVE-2021-24362

۳.۵

Mobile-Friendly Image Gallery Plugin SVG File cross site scripting

$۰-$۱k

Official Fix

CVE-2021-3458

۴.۳

Motorola MM1000 Device Configuration Portal improper authentication

$۰-$۱k

Not Defined

CVE-2021-3459

۴.۳

Motorola MM1000 Device Configuration Web Server os command injection

$۰-$۱k

Not Defined

CVE-2021-29983

۴.۳

Mozilla Firefox Fullscreen Mode denial of service

$۱۰k-$25k

Official Fix

CVE-2021-29990

۶.۳

Mozilla Firefox memory corruption

$۲۵k-$50k

Official Fix

CVE-2021-29980

۴.۳

Mozilla Firefox/Firefox ESR/Thunderbird Canvas Object free uninitialized resource

$۱۰k-$25k

Official Fix

CVE-2021-29984

۴.۳

Mozilla Firefox/Firefox ESR/Thunderbird Garbage Collection memory corruption

$۲۵k-$50k

Official Fix

CVE-2021-29986

۶.۳

Mozilla Firefox/Firefox ESR/Thunderbird getaddrinfo memory corruption

$۲۵k-$50k

Official Fix

CVE-2021-29988

۶.۳

Mozilla Firefox/Firefox ESR/Thunderbird List-Item Element out-of-bounds read

$۱۰k-$25k

Official Fix

CVE-2021-29989

۶.۳

Mozilla Firefox/Firefox ESR/Thunderbird memory corruption

$۲۵k-$50k

Official Fix

CVE-2021-29985

۶.۳

Mozilla Firefox/Firefox ESR/Thunderbird use after free

$۲۵k-$50k

Official Fix

CVE-2021-29981

۴.۳

Mozilla Firefox/Thunderbird JIT Code denial of service

$۱۰k-$25k

Official Fix

CVE-2021-29982

۴.۳

Mozilla Firefox/Thunderbird JIT Optimizer information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-29987

۴.۹

Mozilla Firefox/Thunderbird Permissions improper restriction of rendered ui layers

$۱۰k-$25k

Official Fix

CVE-2021-32728

۴.۳

Nextcloud Desktop Client Key certificate validation

$۱k-$2k

Official Fix

CVE-2021-37617

۸.۰

Nextcloud Desktop Client Uninstallation Uninstall.exe untrusted search path

$۲k-$5k

Official Fix

CVE-2021-22931

۶.۳

Node.js Domain Name Server null termination

$۲k-$5k

Official Fix

CVE-2021-22939

۵.۶

Node.js https API certificate validation

$۱k-$2k

Not Defined

CVE-2021-22940

۵.۵

Node.js use after free

$۲k-$5k

Official Fix

CVE-2021-34398

۸.۰

NVIDIA DCGM DIAG Module uncontrolled search path

$۲k-$5k

Official Fix

CVE-2021-38708

۳.۵

ocProducts Composr CMS Comcode cross site scripting

$۰-$۱k

Official Fix

CVE-2021-38709

۳.۵

ocProducts Composr CMS staff_messaging System cross site scripting

$۰-$۱k

Official Fix

CVE-2021-31820

۲.۱

Octopus Server/Server Web Request Proxy information disclosure

$۰-$۱k

Not Defined

CVE-2021-38583

۳.۵

openBaraza HCM subscription.jsp cross site scripting

$۰-$۱k

Not Defined

CVE-2021-38619

۴.۳

openBaraza HCM subscription.jsp cross site scripting

$۰-$۱k

Not Defined

CVE-2021-28490

۴.۳

OWASP CSRFGuard Cookie cross-site request forgery

$۰-$۵k

Not Defined

CVE-2020-18886

۶.۳

PHPMyWind upload_file_do.php unrestricted upload

$۰-$۵k

Not Defined

CVE-2020-18885

۶.۳

PHPMyWind web_config.php command injection

$۰-$۵k

Not Defined

CVE-2021-39270

۵.۵

Ping Identity RSA SecurID Integration Kit Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-22938

۴.۳

Pulse Secure Pulse Connect Secure Administrator Web Console command injection

$۱k-$2k

Official Fix

CVE-2021-22937

۴.۳

Pulse Secure Pulse Connect Secure Administrator Web Interface unrestricted upload

$۱k-$2k

Official Fix

CVE-2021-22935

۴.۳

Pulse Secure Pulse Connect Secure Web Parameter command injection

$۱k-$2k

Official Fix

CVE-2021-22936

۳.۵

Pulse Secure Pulse Connect Secure Web Parameter cross site scripting

$۰-$۱k

Official Fix

CVE-2021-22934

۴.۳

Pulse Secure Pulse Connect Secure Web Request buffer overflow

$۱k-$2k

Official Fix

CVE-2021-22933

۳.۵

Pulse Secure Pulse Connect Secure Web Request path traversal

$۰-$۱k

Official Fix

CVE-2020-18702

۳.۵

Quokka actions.py cross site scripting

$۰-$۱k

Not Defined

CVE-2020-18703

۶.۳

Quokka atom.py xml external entity reference

$۱k-$2k

Not Defined

CVE-2020-18705

۶.۳

Quokka views.py xml external entity reference

$۱k-$2k

Not Defined

CVE-2021-31868

۶.۳

Rapid7 Nexpose Security Console missing authentication

$۱k-$2k

Official Fix

CVE-2020-25351

۴.۳

rConfig configcompare.crud.php information disclosure

$۰-$۵k

Official Fix

CVE-2020-25353

۶.۳

rConfig Connection server-side request forgery

$۰-$۵k

Official Fix

CVE-2020-25352

۳.۵

rConfig devices.php cross site scripting

$۰-$۵k

Official Fix

CVE-2020-27466

۷.۳

rConfig File ajaxEditTemplate.php Remote Code Execution

$۰-$۵k

Not Defined

CVE-2020-25359

۵.۴

rConfig Parameter ajaxDeleteAllLoggingFiles.php unknown vulnerability

$۰-$۵k

Official Fix

CVE-2020-27464

۷.۳

rConfig ZIP File updater.php Remote Code Execution

$۰-$۵k

Official Fix

CVE-2021-35395

۶.۳

Realtek Jungle SDK HTTP Web Server stack-based overflow

$۲k-$5k

Not Defined

CVE-2021-35394

۷.۳

Realtek Jungle SDK MP Daemon UDPServer memory corruption

$۲k-$5k

Not Defined

CVE-2021-35392

۵.۵

Realtek Jungle SDK WiFi Simple Config Server heap-based overflow

$۲k-$5k

Not Defined

CVE-2021-35393

۷.۳

Realtek Jungle SDK WiFi Simple Config Server stack-based overflow

$۲k-$5k

Not Defined

CVE-2021-32829

۶.۳

REST API code injection

$۲k-$5k

Official Fix

CVE-2020-13589

۶.۳

Rukovoditel Project Management App Fields Page copy_selected sql injection

$۱k-$2k

Not Defined

CVE-2020-13588

۳.۵

Rukovoditel Project Management App Fields Page heading_field_id cross-site request forgery

$۰-$۱k

Not Defined

CVE-2020-28846

۳.۵

SeaCMS admin_manager.php cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-29313

۳.۵

SeaCMS admin_video.php cross site scripting

$۰-$۱k

Not Defined

CVE-2021-37358

۶.۳

SeaCMS sql injection

$۱k-$2k

Not Defined

CVE-2020-27461

۶.۳

SEOPanel Import Website unrestricted upload

$۰-$۵k

Official Fix

CVE-2021-34641

۳.۵

SEOPress Plugin TitleDescriptionMeta.php processPut cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24380

۳.۵

Shantz WordPress QOTD Plugin cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-37707

۵.۴

Shopware API input validation

$۲k-$5k

Official Fix

CVE-2021-37709

۴.۳

Shopware Import/Export resource injection

$۲k-$5k

Official Fix

CVE-2021-37708

۶.۳

Shopware Mail Agent String command injection

$۲k-$5k

Official Fix

CVE-2021-37711

۵.۵

Shopware server-side request forgery

$۱k-$2k

Official Fix

CVE-2021-37710

۳.۵

Shopware SVG Media File cross site scripting

$۰-$۱k

Official Fix

CVE-2021-31338

۷.۳

Siemens SINEMA Remote Connect Client Configuration access control

$۱۰k-$25k

Official Fix

CVE-2021-34649

۴.۳

Simple Behance Portfolio Plugin Parameter iframe-font-preview.php cross site scripting

$۰-$۱k

Official Fix

CVE-2021-38753

۵.۵

Simple Image Gallery Web App unrestricted upload

$۱k-$2k

Not Defined

CVE-2021-34658

۴.۳

Simple Popup Newsletter Plugin simple-popup-newsletter.php cross site scripting

$۰-$۱k

Official Fix

CVE-2021-38752

۳.۵

Sourcecodester Online Catering Reservation System Search Bar cross site scripting

$۰-$۱k

Not Defined

CVE-2021-27822

۳.۵

SourceCodester Vehicle Parking Management System Add Categories cross site scripting

$۰-$۱k

Not Defined

CVE-2021-39268

۳.۵

SuiteCRM Web Interface cross site scripting

$۰-$۱k

Official Fix

CVE-2021-39267

۳.۵

SuiteCRM Web Interface cross site scripting

$۰-$۱k

Official Fix

CVE-2021-28002

۳.۵

Textpattern CMS Articles Page cross site scripting

$۰-$۱k

Not Defined

CVE-2021-28001

۳.۵

Textpattern CMS Parameter welcome-to-your-site#comments-head cross site scripting

$۰-$۱k

Not Defined

CVE-2021-34207

۳.۵

TOTOLINK A3002R ddns.htm cross site scripting

$۰-$۵k

Not Defined

CVE-2021-34228

۳.۵

TOTOLINK A3002R parent_control.htm cross site scripting

$۰-$۵k

Not Defined

CVE-2021-34215

۳.۵

TOTOLINK A3002R tcpipwan.htm cross site scripting

$۰-$۵k

Not Defined

CVE-2021-34220

۳.۵

TOTOLINK A3002R tr069config.htm cross site scripting

$۰-$۵k

Not Defined

CVE-2021-34223

۳.۵

TOTOLINK A3002R urlfilter.htm cross site scripting

$۰-$۵k

Not Defined

CVE-2021-34218

۳.۵

TOTOLINK A702R Login Portal file information disclosure

$۰-$۵k

Not Defined

CVE-2021-29280

۶.۳

TP-Link WR840N ARP buffer overflow

$۲k-$5k

Not Defined

CVE-2021-24541

۵.۵

Wonder PDF Embed Plugin Shortcode escape output

$۱k-$2k

Official Fix

CVE-2021-24540

۳.۵

Wonder Video Embed Plugin Shortcode cross site scripting

$۰-$۱k

Official Fix

CVE-2021-37597

۵.۵

WP Cerber MFA improper authentication

$۰-$۵k

Official Fix

CVE-2021-37598

۵.۵

WP Cerber wp-json access control

$۰-$۵k

Official Fix

CVE-2021-34653

۴.۳

WP Fountain Plugin Scripting wp-fountain.php cross site scripting

$۰-$۱k

Official Fix

CVE-2021-34665

۴.۳

WP SEO Tags Plugin Parameter wp-seo-tags.php cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24518

۲.۴

WPFront Notification Bar Plugin Custom CSS Setting cross site scripting

$۰-$۱k

Official Fix

CVE-2021-39274

۵.۰

XeroSecurity Sn1per Configuration File permission

$۲k-$5k

Not Defined

CVE-2021-39273

۶.۳

XeroSecurity Sn1per default permission

$۲k-$5k

Not Defined