info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته دوم فروردین‌ماه

 

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Apple و Mozilla گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد.  همچنین در  محصولات شرکت‌های Apache، Adobe، Netgear، Foxit،  VMware، IBM وکرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری

امتیاز مبنا

عنوان آسیب‌پذیری

ارزش روز صفر

رفع آسیب‌پذیری

CVE-2021-3476

۳.۵

Academy Software Foundation OpenEXR B44 Uncompression integer overflow

$۱k-$2k

Official Fix

CVE-2021-3477

۳.۵

Academy Software Foundation OpenEXR Deep Tile Sample Size Calculator integer overflow

$۱k-$2k

Official Fix

CVE-2021-20296

۳.۵

Academy Software Foundation OpenEXR Dwa Decompression null pointer dereference

$۰-$۱k

Official Fix

CVE-2021-3475

۳.۵

Academy Software Foundation OpenEXR File integer overflow

$۱k-$2k

Official Fix

CVE-2021-3474

۳.۵

Academy Software Foundation OpenEXR Input File FastHufDecoder buffer overflow

$۱k-$2k

Official Fix

CVE-2021-3479

۳.۵

Academy Software Foundation OpenEXR Scanline API resource consumption

$۰-$۱k

Official Fix

CVE-2021-3478

۳.۵

Academy Software Foundation OpenEXR Scanline Input File resource consumption

$۰-$۱k

Official Fix

CVE-2021-21782

۵.۵

AccuSoft ImageGear SGI Format out-of-bounds write

$۲k-$5k

Not Defined

CVE-2021-21776

۵.۵

AccuSoft ImageGear SGI Format out-of-bounds write

$۲k-$5k

Not Defined

CVE-2021-21773

۵.۵

AccuSoft ImageGear TIFF Header out-of-bounds write

$۲k-$5k

Not Defined

CVE-2021-28546

۸.۱

Adobe Acrobat Reader PDF File improper validation of integrity check value

$۲۵k-$50k

Official Fix

CVE-2021-28545

۸.۱

Adobe Acrobat Reader PDF File improper validation of integrity check value

$۲۵k-$50k

Official Fix

CVE-2021-24141

۴.۷

Advanced Database Cleaner Plugin sql injection

$۱k-$2k

Official Fix

CVE-2021-27349

۳.۵

Advanced Order Export cross site scripting

$۰-$۱k

Official Fix

CVE-2019-18231

۳.۱

Advantech Spectre RT ERT351 cleartext transmission

$۰-$۱k

Official Fix

CVE-2019-18235

۳.۷

Advantech Spectre RT ERT351 excessive authentication

$۱k-$2k

Official Fix

CVE-2019-18233

۳.۵

Advantech Spectre RT Industrial Routers ERT351 Error Response cross site scripting

$۰-$۱k

Official Fix

CVE-2021-27436

۳.۵

Advantech WebAccess/SCADA cross site scripting

$۰-$۱k

Not Defined

CVE-2020-13924

۷.۵

Apache Ambari pathname traversal

$۵k-$10k

Not Defined

CVE-2021-22696

۴.۶

Apache CXF JWT Token server-side request forgery

$۱۰k-$25k

Official Fix

CVE-2021-26919

۸.۸

Apache Druid JDBC permission

$۱۰k-$25k

Official Fix

CVE-2020-1926

۵.۹

Apache Hive Cookie Signature Verification timing discrepancy

$۲k-$5k

Official Fix

CVE-2021-26295

۹.۸

Apache OFBiz deserialization

$۱۰k-$25k

Official Fix

CVE-2021-27906

۵.۵

Apache PDFbox memory allocation

$۲k-$5k

Not Defined

CVE-2021-27807

۵.۵

Apache PDFbox PDF File iteration

$۲k-$5k

Not Defined

CVE-2020-17525

۷.۵

Apache Subversion mod_authz_svn null pointer dereference

$۲k-$5k

Official Fix

CVE-2021-28657

۵.۵

Apache Tika MP3Parser infinite loop

$۲k-$5k

Official Fix

CVE-2020-27933

۶.۳

Apple iCloud Image memory corruption

$۱۰k-$25k

Official Fix

CVE-2020-9926

۶.۳

Apple iCloud XML use after free

$۱۰k-$25k

Official Fix

CVE-2020-29610

۴.۳

Apple iOS/iPadOS Audio File out-of-bounds read

$۲۵k-$50k

Official Fix

CVE-2020-29623

۴.۴

Apple iOS/iPadOS Clear History information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-1781

۳.۳

Apple iOS/iPadOS Contact Card information disclosure

$۱۰k-$25k

Official Fix

CVE-2020-29624

۶.۳

Apple iOS/iPadOS Font File memory corruption

$۱۰۰k and more

Official Fix

CVE-2020-29639

۴.۳

Apple iOS/iPadOS Font out-of-bounds read

$۲۵k-$50k

Official Fix

CVE-2020-27933

۶.۳

Apple iOS/iPadOS Image memory corruption

$۱۰۰k and more

Official Fix

CVE-2020-29615

۴.۳

Apple iOS/iPadOS Image out-of-bounds read

$۲۵k-$50k

Official Fix

CVE-2020-9955

۵.۵

Apple iOS/iPadOS Image out-of-bounds write

$۵۰k-$100k

Official Fix

CVE-2021-1756

۲.۴

Apple iOS/iPadOS Lock Screen access control

$۵k-$10k

Official Fix

CVE-2021-1780

۳.۱

Apple iOS/iPadOS memory corruption

$۵۰k-$100k

Official Fix

CVE-2021-1794

۶.۳

Apple iOS/iPadOS out-of-bounds read

$۲۵k-$50k

Official Fix

CVE-2021-1796

۶.۳

Apple iOS/iPadOS out-of-bounds write

$۱۰۰k and more

Official Fix

CVE-2021-1795

۷.۳

Apple iOS/iPadOS out-of-bounds write

$۱۰۰k and more

Official Fix

CVE-2020-27935

۵.۵

Apple iOS/iPadOS sandbox

$۵۰k-$100k

Official Fix

CVE-2021-1748

۴.۳

Apple iOS/iPadOS URL cross site scripting

$۲۵k-$50k

Official Fix

CVE-2020-27899

۵.۳

Apple iOS/iPadOS use after free

$۲۵k-$50k

Official Fix

CVE-2020-9926

۶.۳

Apple iOS/iPadOS XML use after free

$۱۰۰k and more

Official Fix

CVE-2020-10008

۲.۳

Apple macOS access control

$۲k-$5k

Official Fix

CVE-2020-29610

۴.۳

Apple macOS Audio File out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-29623

۴.۴

Apple macOS Clear History information disclosure

$۲k-$5k

Official Fix

CVE-2021-1781

۳.۳

Apple macOS Contact Card information disclosure

$۲k-$5k

Official Fix

CVE-2020-29624

۶.۳

Apple macOS Font File memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1803

۳.۳

Apple macOS iCloud Document permission

$۵k-$10k

Official Fix

CVE-2020-27933

۶.۳

Apple macOS Image memory corruption

$۱۰k-$25k

Official Fix

CVE-2020-29615

۴.۳

Apple macOS Image out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-9955

۵.۵

Apple macOS Image out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2020-29625

۶.۳

Apple macOS Image Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2020-27939

۶.۳

Apple macOS Image Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2020-27936

۵.۳

Apple macOS Kernel Memory out-of-bounds read

$۲k-$5k

Official Fix

CVE-2021-1755

۲.۴

Apple macOS Lock Screen access control

$۱k-$2k

Official Fix

CVE-2020-10001

۳.۳

Apple macOS memory corruption

$۵k-$10k

Official Fix

CVE-2020-9930

۶.۶

Apple macOS out-of-bounds read

$۲k-$5k

Official Fix

CVE-2020-27935

۵.۵

Apple macOS sandbox

$۱۰k-$25k

Official Fix

CVE-2020-27893

۳.۵

Apple macOS Screen Sharing state issue

$۵k-$10k

Official Fix

CVE-2020-27899

۵.۳

Apple macOS use after free

Calculating

Official Fix

CVE-2020-9926

۶.۳

Apple macOS XML use after free

$۱۰k-$25k

Official Fix

CVE-2021-28789

۶.۳

Apple swift-format Workspace Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2020-29610

۴.۳

Apple tvOS Audio File out-of-bounds read

$۲k-$5k

Official Fix

CVE-2020-29623

۴.۴

Apple tvOS Clear History information disclosure

$۱k-$2k

Official Fix

CVE-2020-29624

۶.۳

Apple tvOS Font File memory corruption

$۵k-$10k

Official Fix

CVE-2020-27933

۶.۳

Apple tvOS Image memory corruption

$۵k-$10k

Official Fix

CVE-2020-29615

۴.۳

Apple tvOS Image out-of-bounds read

$۲k-$5k

Official Fix

CVE-2020-9955

۵.۵

Apple tvOS Image out-of-bounds write

$۵k-$10k

Official Fix

CVE-2020-27935

۵.۵

Apple tvOS sandbox

$۲k-$5k

Official Fix

CVE-2021-1748

۴.۳

Apple tvOS URL cross site scripting

$۲k-$5k

Official Fix

CVE-2020-27899

۵.۳

Apple tvOS use after free

Calculating

Official Fix

CVE-2020-9926

۶.۳

Apple tvOS XML use after free

$۵k-$10k

Official Fix

CVE-2020-29610

۴.۳

Apple watchOS Audio File out-of-bounds read

$۲k-$5k

Official Fix

CVE-2020-27933

۶.۳

Apple watchOS Image memory corruption

$۵k-$10k

Official Fix

CVE-2020-29615

۴.۳

Apple watchOS Image out-of-bounds read

$۲k-$5k

Official Fix

CVE-2020-9955

۵.۵

Apple watchOS Image out-of-bounds write

$۵k-$10k

Official Fix

CVE-2020-27935

۵.۵

Apple watchOS sandbox

$۲k-$5k

Official Fix

CVE-2021-1748

۴.۳

Apple watchOS URL cross site scripting

$۲k-$5k

Official Fix

CVE-2020-27899

۵.۳

Apple watchOS use after free

Calculating

Official Fix

CVE-2020-9926

۶.۳

Apple watchOS XML use after free

$۵k-$10k

Official Fix

CVE-2021-25149

۶.۳

Aruba Instant Access Point buffer overflow

$۲k-$5k

Official Fix

CVE-2021-25144

۶.۳

Aruba Instant Access Point buffer overflow

$۲k-$5k

Official Fix

CVE-2020-24636

۶.۳

Aruba Instant Access Point command injection

$۲k-$5k

Official Fix

CVE-2020-24635

۶.۳

Aruba Instant Access Point command injection

$۲k-$5k

Official Fix

CVE-2021-25161

۳.۵

Aruba Instant Access Point cross site scripting

$۰-$۱k

Official Fix

CVE-2021-25143

۴.۳

Aruba Instant Access Point denial of service

$۰-$۱k

Official Fix

CVE-2019-5317

۵.۳

Aruba Instant Access Point improper authentication

$۰-$۱k

Official Fix

CVE-2021-25158

۴.۳

Aruba Instant Access Point information disclosure

$۱k-$2k

Official Fix

CVE-2021-25157

۴.۳

Aruba Instant Access Point information disclosure

$۱k-$2k

Official Fix

CVE-2021-25145

۴.۳

Aruba Instant Access Point information disclosure

$۱k-$2k

Official Fix

CVE-2021-25162

۶.۳

Aruba Instant Access Point Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-25156

۶.۳

Aruba Instant Access Point Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-25150

۶.۳

Aruba Instant Access Point Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-25146

۶.۳

Aruba Instant Access Point Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-25160

۵.۴

Aruba Instant Access Point unknown vulnerability

$۲k-$5k

Official Fix

CVE-2021-25159

۵.۴

Aruba Instant Access Point unknown vulnerability

$۲k-$5k

Official Fix

CVE-2021-25155

۵.۴

Aruba Instant Access Point unknown vulnerability

$۲k-$5k

Official Fix

CVE-2021-25148

۵.۴

Aruba Instant Access Point unknown vulnerability

$۲k-$5k

Official Fix

CVE-2019-5319

۶.۳

Aruba Instant buffer overflow

$۲k-$5k

Official Fix

CVE-2021-26943

۶.۶

ASUS UX360CA BIOS SMM Local Privilege Escalation

$۱k-$2k

Not Defined

CVE-2021-26072

۶.۳

Atlassian Confluence Server/Confluence Data Center WidgetConnector Plugin server-side request forgery

$۲k-$5k

Official Fix

CVE-2021-26069

۴.۳

Atlassian JIRA Server/Data Center API Endpoint ActionsAndOperations information disclosure

$۱k-$2k

Official Fix

CVE-2021-26070

۷.۳

Atlassian JIRA Server/Data Center behind-the-firewall Protection improper authentication

$۱k-$2k

Official Fix

CVE-2020-36286

۴.۳

Atlassian JIRA Server/Data Center JQL Search membersOf information disclosure

$۱k-$2k

Official Fix

CVE-2020-36238

۴.۳

Atlassian JIRA Server/Data Center render information disclosure

$۱k-$2k

Official Fix

CVE-2021-26071

۳.۵

Atlassian JIRA Server/Data Center SetFeatureEnabled.jspa cross-site request forgery

$۰-$۱k

Official Fix

CVE-2021-27241

۶.۱

Avast Premium Security AvastSvc.exe link following

$۱k-$2k

Not Defined

CVE-2021-1287

۷.۲

Cisco RV132W ADSL2+/RV134W VDSL2 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-28688

۶.۵

Citrix Hypervisor resource consumption

Calculating

Official Fix

CVE-2021-28123

۳.۷

Cohesity DataPlatform SSH Key hard-coded key

$۰-$۱k

Not Defined

CVE-2021-28124

۳.۷

Cohesity DataPlatform Support Channel channel accessible

$۲k-$5k

Not Defined

CVE-2021-24144

۶.۳

Contact Form 7 Database Addon Plugin csv injection

$۲k-$5k

Official Fix

CVE-2021-24125

۶.۳

Contact Form Submissions Plugin sql injection

$۱k-$2k

Not Defined

CVE-2021-22876

۴.۳

cURL/libcURL Referer information disclosure

$۱k-$2k

Official Fix

CVE-2021-22890

۷.۳

cURL/libcURL TLS 1.‎3 Handshake certificate validation

$۱k-$2k

Official Fix

CVE-2021-20628

۳.۵

Cybozu Office Address Book cross site scripting

$۰-$۱k

Official Fix

CVE-2021-20627

۳.۵

Cybozu Office Address Book cross site scripting

$۰-$۱k

Official Fix

CVE-2021-20632

۵.۵

Cybozu Office Bulletin Board access control

$۱k-$2k

Official Fix

CVE-2021-20625

۵.۵

Cybozu Office Bulletin Board access control

$۱k-$2k

Official Fix

CVE-2021-20633

۵.۵

Cybozu Office Cabinet access control

$۱k-$2k

Official Fix

CVE-2021-20634

۵.۵

Cybozu Office Custom App access control

$۱k-$2k

Official Fix

CVE-2021-20631

۵.۵

Cybozu Office Custom App input validation

$۱k-$2k

Official Fix

CVE-2021-20629

۳.۵

Cybozu Office E-Mail cross site scripting

$۰-$۱k

Official Fix

CVE-2021-20630

۵.۵

Cybozu Office Phone Message access control

$۱k-$2k

Official Fix

CVE-2021-20624

۵.۵

Cybozu Office Scheduler access control

$۱k-$2k

Official Fix

CVE-2021-20626

۵.۵

Cybozu Office Workflow access control

$۱k-$2k

Official Fix

CVE-2021-21529

۳.۳

Dell System Update resource consumption

$۰-$۵k

Not Defined

CVE-2021-21533

۴.۳

Dell Wyse Management Suite Job Status Retrieval Page denial of service

$۰-$۵k

Not Defined

CVE-2021-21532

۴.۶

Dell Wyse ThinOS Management Server certificate validation

$۵k-$25k

Not Defined

CVE-2021-28047

۳.۵

Devolutions Remote Desktop Manager Administrative Reports cross site scripting

$۰-$۱k

Official Fix

CVE-2021-23922

۳.۵

Devolutions Remote Desktop Manager Webviews cross site scripting

$۰-$۱k

Official Fix

CVE-2021-23924

۳.۵

Devolutions Server Diagnostic File information disclosure

$۰-$۱k

Official Fix

CVE-2021-23921

۵.۵

Devolutions SERVER Password List Entry access control

$۱k-$2k

Official Fix

CVE-2021-23925

۳.۵

Devolutions Server Type Document cross site scripting

$۰-$۱k

Official Fix

CVE-2021-23923

۶.۳

Devolutions Server Windows Domain User improper authentication

$۱k-$2k

Official Fix

CVE-2021-21416

۴.۳

django-registration User Registration information exposure

$۱k-$2k

Official Fix

CVE-2021-26810

۶.۳

D-Link DIR-816 A2 dir_setWanWifi command injection

$۱۰k-$25k

Not Defined

CVE-2020-27600

۶.۳

D-Link DIR-846 SetMasterWLanSettings.php os command injection

$۱۰k-$25k

Not Defined

CVE-2021-30072

۵.۵

D-Link DIR-878 prog.cgi strcat stack-based overflow

$۱۰k-$25k

Not Defined

CVE-2021-29011

۳.۵

DMA Softlab Radius Manager admin.php cross site scripting

$۰-$۱k

Not Defined

CVE-2021-29012

۵.۶

DMA Softlab Radius Manager Session Cookie improper authorization

$۲k-$5k

Not Defined

CVE-2021-28164

۵.۳

Eclipse Jetty Default Compliance Mode web.xml information disclosure

$۱k-$2k

Not Defined

CVE-2021-28163

۳.۷

Eclipse Jetty Directory information disclosure

$۱k-$2k

Not Defined

CVE-2021-28165

۵.۳

Eclipse Jetty TLS Frame resource consumption

$۰-$۱k

Not Defined

CVE-2021-22860

۷.۳

EIC E-Document System permission

$۲k-$5k

Not Defined

CVE-2021-22859

۷.۳

EIC E-Document System sql injection

$۲k-$5k

Not Defined

CVE-2021-28970

۶.۳

eMPS Central Management sql injection

$۱k-$2k

Official Fix

CVE-2021-28969

۶.۳

eMPS Email Search sql injection

$۱k-$2k

Official Fix

CVE-2021-23007

۳.۵

F5 BIG-IP Traffic Management Microkernel denial of service

$۲k-$5k

Not Defined

CVE-2021-24029

۳.۵

Facebook mvfst QUIC Session assertion

$۲k-$5k

Official Fix

CVE-2021-26236

۶.۳

FastStone Image Viewer CUR File buffer overflow

$۲k-$5k

Not Defined

CVE-2021-26237

۶.۳

FastStone Image Viewer CUR File FSViewer.exe memory corruption

$۲k-$5k

Not Defined

CVE-2021-26235

۶.۳

FastStone Image Viewer CUR File FSViewer.exe memory corruption

$۲k-$5k

Not Defined

CVE-2021-26234

۶.۳

FastStone Image Viewer CUR File FSViewer.exe memory corruption

$۲k-$5k

Not Defined

CVE-2021-26233

۶.۳

FastStone Image Viewer CUR File FSViewer.exe memory corruption

$۲k-$5k

Not Defined

CVE-2021-27270

۷.۸

Foxit PhantomPDF JPEG2000 Images out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-27271

۷.۸

Foxit PhantomPDF U3D Object memory corruption

$۲k-$5k

Not Defined

CVE-2021-27266

۳.۳

Foxit PhantomPDF U3D Object out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-27265

۳.۳

Foxit PhantomPDF U3D Object out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-27264

۳.۳

Foxit PhantomPDF U3D Object out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-27263

۳.۳

Foxit PhantomPDF U3D Object out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-27262

۳.۳

Foxit PhantomPDF U3D Object out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-27261

۷.۸

Foxit PhantomPDF U3D Object out-of-bounds read

$۱k-$2k

Not Defined

CVE-2021-27269

۷.۸

Foxit PhantomPDF U3D Object out-of-bounds write

$۲k-$5k

Not Defined

CVE-2021-27268

۷.۸

Foxit PhantomPDF U3D Object use after free

$۲k-$5k

Not Defined

CVE-2021-27267

۷.۸

Foxit PhantomPDF U3D Object use after free

$۲k-$5k

Not Defined

CVE-2020-25583

۹.۸

FreeBSD DNSSL Option buffer overflow

$۱۰k-$25k

Official Fix

CVE-2021-22202

۴.۳

GitLab Community Edition/Enterprise Edition API cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-22197

۳.۵

GitLab Community Edition/Enterprise Edition Branch infinite loop

$۰-$۱k

Not Defined

CVE-2021-22177

۴.۳

GitLab Community Edition/Enterprise Edition gitlab-shell denial of service

$۰-$۱k

Not Defined

CVE-2021-22201

۴.۳

GitLab Community Edition/Enterprise Edition Import File information disclosure

$۱k-$2k

Not Defined

CVE-2021-22196

۳.۵

GitLab Community Edition/Enterprise Edition Merge Request cross site scripting

$۰-$۱k

Not Defined

CVE-2021-22198

۵.۴

GitLab Community Edition/Enterprise Edition Public Project denial of service

$۰-$۱k

Not Defined

CVE-2021-22200

۳.۷

GitLab Community Edition/Enterprise Edition Public Project information disclosure

$۱k-$2k

Not Defined

CVE-2021-22203

۳.۷

GitLab Community Edition/Enterprise Edition Wiki Page information disclosure

$۱k-$2k

Not Defined

CVE-2021-22195

۵.۳

GitLab gitlab-vscode-extension Local Privilege Escalation

$۱k-$2k

Not Defined

CVE-2021-28650

۵.۵

GNOME gnome-autoar Symlink autoar-extractor.c pathname traversal

$۱k-$2k

Official Fix

CVE-2021-21193

۸.۸

Google Chrome Blink use after free

$۵۰k-$100k

Official Fix

CVE-2021-21192

۸.۸

Google Chrome Tab Groups heap-based overflow

$۵۰k-$100k

Official Fix

CVE-2021-21191

۸.۸

Google Chrome WebRTC use after free

$۵۰k-$100k

Official Fix

CVE-2021-22538

۶.۳

Google Exposure Notification Verification Server permission

$۱۰k-$25k

Official Fix

CVE-2021-27962

۶.۳

Grafana Enterprise Dashboard permission

$۲k-$5k

Official Fix

CVE-2021-28146

۵.۵

Grafana Enterprise HTTP API access control

$۱k-$2k

Official Fix

CVE-2021-28147

۵.۵

Grafana Enterprise Team Sync HTTP API improper authentication

$۱k-$2k

Official Fix

CVE-2021-28148

۴.۳

Grafana Enterprise Usage Insights HTTP API Endpoint denial of service

$۰-$۱k

Official Fix

CVE-2021-27358

۵.۳

Grafana Snapshot denial of service

$۰-$۱k

Official Fix

CVE-2020-25217

۸.۰

Grandstream GRP261x Administrative Web Interface command injection

$۲k-$5k

Not Defined

CVE-2020-25218

۶.۳

Grandstream GRP261x Administrative Web Interface improper authentication

$۱k-$2k

Not Defined

CVE-2020-29556

۷.۳

Grav CMS Backup path traversal

$۲k-$5k

Not Defined

CVE-2020-29555

۷.۳

Grav CMS path traversal

$۲k-$5k

Not Defined

CVE-2020-29553

۳.۵

Grav CMS Scheduler cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-3418

۶.۳

grub2 improper validation of integrity check value

$۲k-$5k

Official Fix

CVE-2020-27278

۴.۳

Hamilton Medical T1-Ventillator Configuration Interface hard-coded credentials

$۰-$۱k

Not Defined

CVE-2020-27290

۲.۴

Hamilton Medical T1-Ventillator Configuration Interface information disclosure

$۰-$۱k

Not Defined

CVE-2020-27282

۲.۴

Hamilton Medical T1-Ventillator XML Validation denial of service

$۰-$۱k

Not Defined

CVE-2021-26580

۳.۵

HPE iLO Amplifier Pack cross site scripting

$۲k-$5k

Official Fix

CVE-2021-26578

۶.۳

HPE Network Orchestrator sql injection

$۱۰k-$25k

Official Fix

CVE-2021-26581

۴.۳

HPE Superdome Flex Server BMC Web Interface denial of service

$۲k-$5k

Not Defined

CVE-2021-26579

۳.۵

HPE Unified Data Management hard-coded key

$۲k-$5k

Official Fix

CVE-2019-10196

۴.۳

http-proxy-agent resource consumption

$۰-$۱k

Official Fix

CVE-2020-9206

۴.۳

Huawei eUDC660 information disclosure

$۵k-$10k

Not Defined

CVE-2021-22314

۵.۳

Huawei ManageOne access control

$۵k-$10k

Not Defined

CVE-2021-22311

۴.۶

Huawei ManageOne permission

$۱۰k-$25k

Not Defined

CVE-2020-9213

۳.۵

Huawei Secospace SG9500 Packet denial of service

$۲k-$5k

Not Defined

CVE-2021-22320

۳.۵

Huawei Secospace USG6600 Message denial of service

$۲k-$5k

Not Defined

CVE-2021-22310

۳.۵

Huawei Secospace USG9500 log file

$۵k-$10k

Not Defined

CVE-2021-22321

۵.۵

Huawei Secospace USG9500 use after free

$۱۰k-$25k

Not Defined

CVE-2020-9148

۴.۴

Huawei Smartphone Interface denial of service

$۲k-$5k

Not Defined

CVE-2020-9146

۳.۳

Huawei Smartphone Interface memory leak

$۱k-$2k

Not Defined

CVE-2020-9147

۳.۳

Huawei Smartphone Interface out-of-bounds read

$۲k-$5k

Not Defined

CVE-2020-9149

۴.۴

Huawei Smartphone Interface unknown vulnerability

$۵k-$10k

Not Defined

CVE-2020-9212

۳.۵

Huawei USG9500 information disclosure

$۲k-$5k

Not Defined

CVE-2021-22309

۲.۶

Huawei USG9500/USG9520/USG9560/USG9580 random values

$۲k-$5k

Not Defined

CVE-2021-20440

۵.۰

IBM API Connect Registration Remote Privilege Escalation

$۱۰k-$25k

Not Defined

CVE-2021-20482

۶.۳

IBM Cloud Pak for Automation xml external entity reference

$۵k-$10k

Not Defined

CVE-2021-20520

۳.۵

IBM Jazz Foundation Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2021-20518

۳.۵

IBM Jazz Foundation Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2021-20504

۳.۵

IBM Jazz Foundation Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2021-20503

۳.۵

IBM Jazz Foundation Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2021-20447

۳.۵

IBM Jazz Foundation Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2021-20352

۳.۵

IBM Jazz Foundation Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2021-20502

۶.۳

IBM Jazz Foundation xml external entity reference

$۵k-$10k

Not Defined

CVE-2020-4882

۶.۳

IBM Planning Analytics server-side request forgery

$۱۰k-$25k

Not Defined

CVE-2020-4635

۳.۷

IBM Resilient SOAR information disclosure

$۵k-$10k

Not Defined

CVE-2020-4184

۷.۳

IBM Security Guardium unknown vulnerability

$۱۰k-$25k

Not Defined

CVE-2020-4851

۵.۵

IBM Spectrum Scale Log File injection

$۱۰k-$25k

Not Defined

CVE-2020-4890

۴.۴

IBM Spectrum Scale REST API denial of service

$۰-$۱k

Not Defined

CVE-2020-4891

۵.۵

IBM Spectrum Scale REST API excessive authentication

$۵k-$10k

Not Defined

CVE-2020-4884

۴.۳

IBM UrbanCode Deploy credentials storage

$۱۰k-$25k

Not Defined

CVE-2020-4944

۳.۱

IBM UrbanCode Deploy Manual Edit credentials storage

$۱۰k-$25k

Not Defined

CVE-2020-4848

۶.۳

IBM UrbanCode Deploy Plugin access control

$۱۰k-$25k

Not Defined

CVE-2020-19640

۴.۳

INSMA Wifi Mini Spy 1080P HD Security IP Camera denial of service

$۰-$۱k

Not Defined

CVE-2020-19641

۶.۳

INSMA Wifi Mini Spy 1080P HD Security IP Camera formUserMng Remote Privilege Escalation

$۲k-$5k

Not Defined

CVE-2020-19643

۳.۵

INSMA Wifi Mini Spy 1080P HD Security IP Camera FTP Settings Page formSetFtpCfg cross site scripting

$۰-$۱k

Not Defined

CVE-2020-19642

۵.۳

INSMA Wifi Mini Spy 1080P HD Security IP Camera SD Card recdata.db Local Privilege Escalation

$۱k-$2k

Not Defined

CVE-2020-19639

۳.۵

INSMA Wifi Mini Spy 1080P HD Security IP Camera WebUI cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-21633

۳.۵

Jenkins OWASP Dependency-Track Plugin cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-21637

۵.۵

Jenkins Team Foundation Server Plugin authorization

$۱k-$2k

Not Defined

CVE-2021-22887

۸.۰

Juniper Pulse Secure PSA5000/Pulse Secure PSA7000 BIOS Firmware unknown vulnerability

$۱۰k-$25k

Not Defined

CVE-2021-26718

۷.۳

Kaspersky Internet Security Anti-Virus Protection protection mechanism

$۱۰k-$25k

Not Defined

CVE-2021-29648

۵.۷

Linux Kernel BPF Subsystem syscall.c map_create denial of service

$۲k-$5k

Official Fix

CVE-2021-28964

۴.۷

Linux Kernel Cloning Operation ctree.c get_old_root denial of service

$۲k-$5k

Official Fix

CVE-2021-28950

۵.۵

Linux Kernel Inode fuse_i.h infinite loop

$۲k-$5k

Official Fix

CVE-2021-28660

۷.۸

Linux Kernel ioctl_linux.c rtw_wx_set_scan buffer overflow

$۱۰k-$25k

Official Fix

CVE-2021-29650

۳.۵

Linux Kernel Netfilter Subsystem x_tables.c denial of service

$۲k-$5k

Official Fix

CVE-2021-29646

۵.۵

Linux Kernel node.c tipc_nl_retrieve_key buffer overflow

$۱۰k-$25k

Official Fix

CVE-2021-28971

۵.۵

Linux Kernel PEBS Status ds.c intel_pmu_drain_pebs_nhm denial of service

$۲k-$5k

Official Fix

CVE-2021-29647

۳.۵

Linux Kernel qrtr.c qrtr_recvmsg uninitialized pointer

$۲k-$5k

Official Fix

CVE-2021-28972

۷.۸

Linux Kernel RPA PCI Hotplug Driver rpadlpar_sysfs.c buffer overflow

$۲۵k-$50k

Official Fix

CVE-2021-28952

۷.۸

Linux Kernel Soundwire Device Driver sdm845.c buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-27171

۵.۵

Linux Kernel Spectre Mitigation verifier.c integer underflow

$۱۰k-$25k

Official Fix

CVE-2020-27170

۴.۷

Linux Kernel Spectre Mitigation verifier.c out-of-bounds read

$۲k-$5k

Official Fix

CVE-2021-28951

۵.۵

Linux Kernel Thread io_uring.c deadlock

$۲k-$5k

Official Fix

CVE-2021-29649

۳.۵

Linux Kernel User Mode Driver usermode_driver.c copy_process memory leak

$۲k-$5k

Official Fix

CVE-2021-30002

۳.۵

Linux Kernel Webcam v4l2-ioctl.c video_usercopy memory leak

$۲k-$5k

Official Fix

CVE-2020-19618

۳.۵

mblog editing cross site scripting

$۰-$۱k

Not Defined

CVE-2020-19616

۳.۵

mblog Header Field editing cross site scripting

$۰-$۱k

Not Defined

CVE-2020-19619

۳.۵

mblog profile cross site scripting

$۰-$۱k

Not Defined

CVE-2020-19617

۳.۵

mblog profile cross site scripting

$۰-$۱k

Not Defined

CVE-2021-23879

۶.۷

McAfee Endpoint Product Removal Tool unquoted search path

$۱۰k-$25k

Official Fix

CVE-2021-28790

۷.۸

Microsoft Workspace Remote Code Execution

$۲k-$5k

Official Fix

CVE-2020-35137

۶.۳

MobileIron Agent API Key RegisterActivity.java hard-coded credentials

$۱k-$2k

Not Defined

CVE-2020-35138

۴.۳

MobileIron Agent hard-coded key

$۰-$۱k

Not Defined

CVE-2021-3391

۲.۶

MobileIron Mobile@Work Lockout information exposure

$۰-$۱k

Not Defined

CVE-2021-24147

۳.۵

Modern Events Calendar Lite Plugin cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24146

۴.۳

Modern Events Calendar Lite Plugin Export access control

$۲k-$5k

Official Fix

CVE-2021-24145

۵.۵

Modern Events Calendar Lite Plugin File Import unrestricted upload

$۱k-$2k

Official Fix

CVE-2021-24149

۶.۳

Modern Events Calendar Lite Plugin POST Parameter mec_fes_form sql injection

$۱k-$2k

Official Fix

CVE-2019-14829

۵.۵

Moodle Activity Creation unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2019-14828

۴.۶

Moodle Course improper authorization

$۱۰k-$25k

Not Defined

CVE-2021-20280

۳.۵

Moodle Feedback Answer cross site scripting

$۲k-$5k

Official Fix

CVE-2019-14831

۵.۵

Moodle Forum Subscribe Link redirect

$۵k-$10k

Official Fix

CVE-2019-14830

۵.۵

Moodle Mobile Launch Endpoint redirect

$۵k-$10k

Official Fix

CVE-2021-20281

۳.۵

Moodle Online Users Block information disclosure

$۲k-$5k

Official Fix

CVE-2021-20282

۴.۳

Moodle Verification authorization

$۱۰k-$25k

Official Fix

CVE-2021-20283

۳.۵

Moodle Web Service authorization

$۵k-$10k

Official Fix

CVE-2021-23983

۶.۳

Mozilla Firefox CSS Rule memory corruption

$۲۵k-$50k

Official Fix

CVE-2021-23985

۳.۱

Mozilla Firefox Devtools Remote Debugging information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-23986

۵.۰

Mozilla Firefox Extension information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-23988

۶.۳

Mozilla Firefox memory corruption

$۲۵k-$50k

Official Fix

CVE-2021-23987

۶.۳

Mozilla Firefox/Firefox ESR/Thunderbird memory corruption

$۲۵k-$50k

Official Fix

CVE-2021-23984

۶.۳

Mozilla Firefox/Firefox ESR/Thunderbird Popup Window clickjacking

$۲۵k-$50k

Official Fix

CVE-2021-23981

۶.۳

Mozilla Firefox/Firefox ESR/Thunderbird WebGL memory corruption

$۲۵k-$50k

Official Fix

CVE-2021-23982

۴.۳

Mozilla Firefox/Firefox ESR/Thunderbird WebRTC Connection information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-20676

۶.۳

M-System DL8-A/DL8-B/DL8-C/DL8-D/DL8-E Access Restriction access control

$۲k-$5k

Official Fix

CVE-2021-20675

۴.۳

M-System DL8-A/DL8-B/DL8-C/DL8-D/DL8-E denial of service

$۰-$۱k

Official Fix

CVE-2021-27949

۳.۵

MyBB Custom Moderator Tools cross site scripting

$۲k-$5k

Official Fix

CVE-2021-27947

۶.۳

MyBB Forum Management sql injection

$۱۰k-$25k

Official Fix

CVE-2021-27889

۳.۵

MyBB Message Parser cross site scripting

$۲k-$5k

Official Fix

CVE-2021-27946

۶.۳

MyBB Poll Vote Count sql injection

$۱۰k-$25k

Official Fix

CVE-2021-27890

۶.۳

MyBB Theme XML File sql injection

$۱۰k-$25k

Official Fix

CVE-2021-27948

۶.۳

MyBB User Group sql injection

$۱۰k-$25k

Official Fix

CVE-2019-14850

۴.۳

nbdkit Backend Plugin resource consumption

$۰-$۱k

Not Defined

CVE-2019-14851

۳.۵

nbdkit denial of service

$۰-$۱k

Not Defined

CVE-2021-26992

۴.۳

NetApp Cloud Manager denial of service

$۰-$۱k

Official Fix

CVE-2021-26991

۶.۳

NetApp Cloud Manager unknown vulnerability

$۲k-$5k

Official Fix

CVE-2021-26990

۵.۴

NetApp Cloud Manager unknown vulnerability

$۲k-$5k

Official Fix

CVE-2021-26987

۷.۳

NetApp Element Plug-In for vCenter Server SpringBoot Framework Remote Code Execution

$۲k-$5k

Official Fix

CVE-2021-27275

۶.۳

Netgear ProSAFE Network Management System ConfigFileController path traversal

$۱۰k-$25k

Not Defined

CVE-2021-27274

۹.۸

Netgear ProSAFE Network Management System MFileUploadController unrestricted upload

$۱۰k-$25k

Not Defined

CVE-2021-27276

۶.۳

Netgear ProSAFE Network Management System MibController path traversal

$۱۰k-$25k

Not Defined

CVE-2021-27272

۵.۴

Netgear ProSAFE Network Management System ReportTemplateController path traversal

$۵k-$10k

Official Fix

CVE-2021-27273

۸.۸

Netgear ProSAFE Network Management System SettingConfigController os command injection

$۱۰k-$25k

Not Defined

CVE-2021-27239

۸.۸

Netgear R6400/R6700 upnpd stack-based overflow

$۲۵k-$50k

Not Defined

CVE-2021-28918

۷.۳

netmask Package input validation

$۲k-$5k

Not Defined

CVE-2021-29418

۵.۵

netmask Package IP Address String access control

$۱k-$2k

Official Fix

CVE-2021-28295

۴.۳

Online Ordering System design.php sql injection

$۱k-$2k

Not Defined

CVE-2021-28294

۶.۳

Online Ordering System initiateorder.php unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-25921

۴.۳

OpenEMR Allergies cross site scripting

$۰-$۱k

Official Fix

CVE-2021-25920

۵.۵

OpenEMR Create New User access control

$۱k-$2k

Official Fix

CVE-2021-25919

۲.۴

OpenEMR Create New User cross site scripting

$۰-$۱k

Official Fix

CVE-2021-25918

۲.۴

OpenEMR Create New User cross site scripting

$۰-$۱k

Official Fix

CVE-2021-25917

۲.۴

OpenEMR Create New User cross site scripting

$۰-$۱k

Official Fix

CVE-2021-25922

۳.۵

OpenEMR cross site scripting

$۰-$۱k

Official Fix

CVE-2021-3344

۲.۶

Openshift Builder Container Image or insufficiently protected credentials

$۰-$۱k

Not Defined

CVE-2019-10200

۶.۳

Openshift Container Platform access control

$۲k-$5k

Official Fix

CVE-2019-10225

۳.۵

Openshift Container Platform GlusterFS StorageClass insufficiently protected credentials

$۰-$۱k

Not Defined

CVE-2020-15075

۵.۵

OpenVPN Connect Installer tmp symlink

$۱k-$2k

Not Defined

CVE-2021-21438

۳.۵

OTRS FAQ Category access control

$۱k-$2k

Not Defined

CVE-2021-21437

۳.۵

OTRSCIsInCustomerFrontend General Catalog access control

$۲k-$5k

Not Defined

CVE-2021-21632

۵.۵

OWASP Dependency-Track Plugin permission

$۱k-$2k

Not Defined

CVE-2021-27243

۷.۸

Parallels Desktop Toolgate integer overflow

$۲k-$5k

Not Defined

CVE-2021-27244

۳.۳

Parallels Desktop Toolgate out-of-bounds read

$۰-$۱k

Not Defined

CVE-2021-27242

۷.۸

Parallels Parallels Desktop Toolgate memory corruption

$۲k-$5k

Not Defined

CVE-2021-25290

۵.۵

Pillow Offset TiffDecode.c memcpy unknown vulnerability

$۲k-$5k

Official Fix

CVE-2021-25292

۳.۵

Pillow PDF Parser incorrect regex

$۱k-$2k

Official Fix

CVE-2021-25293

۳.۵

Pillow SGIRleDecode.c out-of-bounds read

$۰-$۱k

Official Fix

CVE-2021-25291

۳.۵

Pillow TiffDecode.c TiffreadRGBATile out-of-bounds read

$۰-$۱k

Official Fix

CVE-2021-25289

۵.۵

Pillow YCbCr File TiffDecode heap-based overflow

$۲k-$5k

Official Fix

CVE-2021-3393

۴.۳

PostgreSQL UPDATE Permission information exposure

$۱k-$2k

Official Fix

CVE-2019-10128

۶.۳

PostgreSQL Windows Installer access control

$۲k-$5k

Official Fix

CVE-2019-10127

۵.۰

PostgreSQL Windows Installer access control

$۲k-$5k

Official Fix

CVE-2020-11218

۷.۵

Qualcomm Snapdragon Auto Baseband denial of service

$۲k-$5k

Official Fix

CVE-2020-11226

۷.۵

Qualcomm Snapdragon Auto Data Modem out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-11199

۵.۵

Qualcomm Snapdragon Auto EL3 Stack access control

$۱۰k-$25k

Official Fix

CVE-2020-11309

۵.۵

Qualcomm Snapdragon Auto GPU Memory use after free

$۱۰k-$25k

Official Fix

CVE-2020-11186

۵.۵

Qualcomm Snapdragon Auto Histogram Dimension infinite loop

$۲k-$5k

Official Fix

CVE-2020-11290

۵.۵

Qualcomm Snapdragon Auto msm ioctl Event use after free

$۱۰k-$25k

Official Fix

CVE-2020-11222

۹.۱

Qualcomm Snapdragon Auto MT SMS buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11230

۶.۴

Qualcomm Snapdragon Auto qseecom Driver memory corruption

$۱۰k-$25k

Official Fix

CVE-2020-11221

۵.۵

Qualcomm Snapdragon Auto QTEE Diagnostic information disclosure

$۵k-$10k

Official Fix

CVE-2020-11166

۹.۱

Qualcomm Snapdragon Auto ROHC Header out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-11228

۷.۸

Qualcomm Snapdragon Auto RPM Region unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-11227

۹.۸

Qualcomm Snapdragon Auto RTT TTY Packet Parser out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2020-11220

۶.۴

Qualcomm Snapdragon Auto SCM Command unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-11192

۹.۸

Qualcomm Snapdragon Auto SDP String out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2020-11190

۹.۱

Qualcomm Snapdragon Auto SDP Value buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11189

۹.۱

Qualcomm Snapdragon Auto SDP Value buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11188

۹.۱

Qualcomm Snapdragon Auto SDP Value buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11171

۹.۱

Qualcomm Snapdragon Auto SDP Value buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11308

۵.۵

Qualcomm Snapdragon Auto Unicode String buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11299

۶.۳

Qualcomm Snapdragon Auto Video buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11305

۵.۵

Qualcomm Snapdragon Consumer IOT Argument integer overflow

$۱۰k-$25k

Official Fix

CVE-2019-14852

۳.۷

Red Hat 3scale API Management Platform apicast inadequate encryption

$۵k-$10k

Not Defined

CVE-2019-3897

۲.۶

Red Hat Certification rhcert file access

$۵k-$10k

Not Defined

CVE-2019-3867

۵.۶

Red Hat Quay Web Application session expiration

$۱۰k-$25k

Not Defined

CVE-2021-22665

۷.۸

Rockwell Automation DriveTools SP/Drives AOP uncontrolled search path

$۲k-$5k

Official Fix

CVE-2020-14516

۲.۶

Rockwell Automation FactoryTalk Services Platform unknown vulnerability

$۰-$۱k

Not Defined

CVE-2019-20466

۲.۵

Sannce Smart HD Wifi Security Camera EAN 2 Password passwd credentials storage

$۰-$۱k

Not Defined

CVE-2019-20463

۵.۳

Sannce Smart HD Wifi Security Camera EAN 2 Service Port 20188 denial of service

$۰-$۱k

Workaround

CVE-2019-20464

۵.۳

Sannce Smart HD Wifi Security Camera EAN 2 Streaming authentication bypass

$۱k-$2k

Not Defined

CVE-2019-20465

۷.۳

Sannce Smart HD Wifi Security Camera EAN 2 Telnet missing authentication

$۱k-$2k

Workaround

CVE-2021-27596

۴.۳

SAP 3D Visual Enterprise Viewer 3DS File denial of service

$۵k-$10k

Not Defined

CVE-2021-27594

۴.۳

SAP 3D Visual Enterprise Viewer BMP File denial of service

$۵k-$10k

Not Defined

CVE-2021-27593

۴.۳

SAP 3D Visual Enterprise Viewer GIF File denial of service

$۵k-$10k

Not Defined

CVE-2021-27595

۴.۳

SAP 3D Visual Enterprise Viewer PDF File denial of service

$۵k-$10k

Not Defined

CVE-2021-28941

۳.۵

Scripts MagpieRSS HTTPS Request Snoopy.class.inc information disclosure

$۰-$۱k

Official Fix

CVE-2021-28940

۵.۵

Scripts MagpieRSS HTTPS URL Snoopy.class.inc exec command injection

$۱k-$2k

Official Fix

CVE-2021-26215

۳.۵

SeedDMS out.EditDocument.php cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-26216

۳.۵

SeedDMS out.EditFolder.php cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-28420

۳.۵

Seo Panel alerts.php cross site scripting

$۰-$۱k

Not Defined

CVE-2021-28417

۳.۵

Seo Panel archive.php cross site scripting

$۰-$۱k

Not Defined

CVE-2021-28419

۵.۰

Seo Panel archive.php sql injection

$۱k-$2k

Not Defined

CVE-2021-28418

۳.۵

Seo Panel settings.php cross site scripting

$۰-$۱k

Not Defined

CVE-2020-25236

۵.۵

Siemens LOGO!‎ 8 BM exceptional condition

$۵k-$10k

Not Defined

CVE-2021-25667

۸.۸

Siemens RUGGEDCOM RM1224 STP BPDU Frame stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-25676

۷.۵

Siemens SCALANCE SC-600 SSH Authentication excessive authentication

$۵k-$10k

Official Fix

CVE-2020-25241

۷.۵

Siemens SIMATIC MV400 TCP Stack denial of service

$۵k-$10k

Official Fix

CVE-2021-25675

۵.۵

Siemens SIMATIC S7-PLCSIM divide by zero

$۲k-$5k

Not Defined

CVE-2021-25673

۵.۵

Siemens SIMATIC S7-PLCSIM infinite loop

$۲k-$5k

Not Defined

CVE-2021-25674

۵.۵

Siemens SIMATIC S7-PLCSIM null pointer dereference

$۲k-$5k

Not Defined

CVE-2020-25239

۸.۸

Siemens SINEMA Remote Connect Server UMC Authorization Server authorization

$۱۰k-$25k

Official Fix

CVE-2020-25240

۸.۸

Siemens SINEMA Remote Connect Server URL authorization

$۱۰k-$25k

Official Fix

CVE-2020-28385

۷.۸

Siemens Solid Edge SE2020/Solid Edge SE2021 DFT File Parser out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-27381

۷.۸

Siemens Solid Edge SE2020/Solid Edge SE2021 PAR File Parser out-of-bounds read

$۵k-$10k

Not Defined

CVE-2021-27380

۷.۸

Siemens Solid Edge SE2020/Solid Edge SE2021 PAR File Parser out-of-bounds write

$۱۰k-$25k

Not Defined

CVE-2020-28387

۵.۵

Siemens Solid Edge SE2020/Solid Edge SE2021 SEECTCXML File xml external entity reference

$۵k-$10k

Official Fix

CVE-2020-28173

۶.۳

Simple College Website Image Upload unrestricted upload

$۲k-$5k

Not Defined

CVE-2020-28172

۷.۳

Simple College Website sql injection

$۲k-$5k

Not Defined

CVE-2021-29660

۳.۵

Softing OPC Toolbox cfg_setpwd.html cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-29661

۳.۵

Softing OPC Toolbox Trace File diag_values.html cross site scripting

$۰-$۱k

Not Defined

CVE-2021-27240

۷.۸

SolarWinds Patch Manager DataGridService WCF Service deserialization

$۲k-$5k

Not Defined

CVE-2020-35454

۳.۵

Taidii Diibear App Configuration information disclosure

$۰-$۱k

Not Defined

CVE-2020-35456

۳.۵

Taidii Diibear App logcat log file

$۰-$۱k

Not Defined

CVE-2020-35455

۳.۵

Taidii Diibear App Shared Preferences information disclosure

$۰-$۱k

Not Defined

CVE-2021-27245

۸.۱

TP-LINK Archer A7/Archer C7 IPv6 SSH protection mechanism

$۲k-$5k

Workaround

CVE-2021-28126

۳.۵

TranzWare e-Commerce Payment Gateway index.jsp cross site scripting

$۰-$۱k

Official Fix

CVE-2021-28110

۶.۳

TranzWare e-Commerce Payment Gateway XML Parser exec Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-28109

۳.۵

TranzWare FIMI login_tw.php cross site scripting

$۰-$۱k

Official Fix

CVE-2021-21340

۳.۵

TYPO3 Database Field cross site scripting

$۲k-$5k

Official Fix

CVE-2021-21358

۳.۵

TYPO3 Form Designer Backend Module cross site scripting

$۲k-$5k

Official Fix

CVE-2021-21357

۶.۳

TYPO3 Form Designer Backend Module unrestricted upload

$۱۰k-$25k

Official Fix

CVE-2021-21359

۵.۳

TYPO3 information exposure

$۵k-$10k

Official Fix

CVE-2021-21338

۶.۳

TYPO3 Login Handling redirect

$۱۰k-$25k

Official Fix

CVE-2021-21370

۳.۵

TYPO3 Page Module cross site scripting

$۲k-$5k

Official Fix

CVE-2021-21355

۷.۳

TYPO3 unrestricted upload

$۱۰k-$25k

Official Fix

CVE-2021-21339

۳.۷

TYPO3 User Session cleartext storage

$۵k-$10k

Official Fix

CVE-2021-21982

۳.۵

VMware Carbon Black Cloud Workload Appliance Administrative Interface information disclosure

$۲k-$5k

Not Defined

CVE-2021-21975

۵.۵

VMware vRealize Operations Manager API server-side request forgery

$۱۰k-$25k

Official Fix

CVE-2021-21983

۵.۵

VMware vRealize Operations Manager API unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2021-22191

۸.۸

Wireshark URL Handling injection

$۲k-$5k

Not Defined

CVE-2020-11923

۳.۳

WiZ Colors A60 API Credential log file

$۰-$۱k

Not Defined

CVE-2020-11922

۳.۷

WiZ Colors A60 information disclosure

$۱k-$2k

Not Defined

CVE-2020-11924

۲.۳

WiZ Colors A60 WiFi Credential cleartext storage

$۰-$۱k

Not Defined

CVE-2021-24135

۳.۵

WP Customer Reviews Plugin cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24130

۴.۷

WP Google Map Plugin Manage Locations Page sql injection

$۱k-$2k

Official Fix

CVE-2021-24124

۶.۱

WP Shieldon Plugin CAPTCHA Page cross site scripting

$۰-$۱k

Not Defined

CVE-2021-28669

۵.۵

Xerox AltaLink C8070 Configuration Attribute unknown vulnerability

$۲k-$5k

Official Fix

CVE-2021-28670

۴.۶

Xerox AltaLink C8070 Scan to Mailbox denial of service

$۰-$۱k

Official Fix

CVE-2021-28672

۶.۳

Xerox Phaser 6510 Parameter buffer overflow

$۲k-$5k

Official Fix

CVE-2021-28671

۶.۳

Xerox Phaser 6510 Web User Interface Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-28673

۶.۳

Xerox VersaLink C9000 Web User Interface Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-28668

۶.۳

Xerox Xerox AltaLink C8070 sql injection

$۱k-$2k

Official Fix

CVE-2021-21341

۵.۳

XStream denial of service

$۰-$۱k

Official Fix

CVE-2021-21351

۴.۶

XStream deserialization

$۲k-$5k

Official Fix

CVE-2021-21350

۵.۰

XStream deserialization

$۲k-$5k

Official Fix

CVE-2021-21349

۵.۰

XStream deserialization

$۲k-$5k

Official Fix

CVE-2021-21348

۳.۱

XStream deserialization

$۲k-$5k

Official Fix

CVE-2021-21347

۵.۰

XStream deserialization

$۲k-$5k

Official Fix

CVE-2021-21346

۵.۰

XStream deserialization

$۲k-$5k

Official Fix

CVE-2021-21345

۵.۰

XStream deserialization

$۲k-$5k

Official Fix

CVE-2021-21344

۵.۰

XStream deserialization

$۲k-$5k

Official Fix

CVE-2021-21343

۵.۰

XStream deserialization

$۲k-$5k

Official Fix

CVE-2021-21342

۵.۰

XStream server-side request forgery

$۲k-$5k

Official Fix

CVE-2021-20234

۴.۳

ZeroMQ Client pipe.cpp resource consumption

$۰-$۱k

Official Fix

CVE-2021-20235

۷.۳

ZeroMQ Server Decoder decoder_allocators.hpp out-of-bounds write

$۲k-$5k

Official Fix

CVE-2020-9367

۶.۳

Zoho ManageEngine Desktop Central MSP DLL dcinventory.exe uncontrolled search path

$۲k-$5k

Not Defined

CVE-2021-20078

۴.۳

Zoho ManageEngine OpManager Spark Gateway denial of service

$۰-$۱k

Official Fix

CVE-2021-28133

۴.۳

Zoom Screen Sharing information disclosure

$۱k-$2k

Workaround

CVE-2021-21727

۴.۳

ZTE ZXHN F623 IPv6 denial of service

$۰-$۱k

Not Defined

CVE-2020-28899

۹.۸

ZyXEL LTE4506-M606 JSON gui.cgi improper authentication

$۵k-$10k

Not Defined