info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته دوم اردیبهشت‌ماه

 

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Apple  گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد.  همچنین در  محصولات شرکت‌های Cisco، NVIDIA، Apache، IBM،  Foxit ومرورگر Google Chromeچندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری

امتیاز مبنا

عنوان آسیب‌پذیری

ارزش روز صفر

رفع آسیب‌پذیری

CVE-2021-22669

۵.۵

Advantech WebAccess/SCADA Portal permission assignment

$۱k-$2k

Not Defined

CVE-2021-28359

۳.۵

Apache Airflow trigger cross site scripting

$۰-$۵k

Official Fix

CVE-2021-30128

۵.۵

Apache OFBiz deserialization

$۱۰k-$25k

Official Fix

CVE-2021-29200

۷.۳

Apache OFBiz deserialization

$۱۰k-$25k

Official Fix

CVE-2020-17517

۶.۳

Apache Ozone improper authorization

$۱۰k-$25k

Official Fix

CVE-2021-28125

۴.۹

Apache Superset External URL redirect

$۵k-$10k

Not Defined

CVE-2021-30638

۳.۵

Apache Tapestry URL information disclosure

$۲k-$5k

Not Defined

CVE-2021-1865

۲.۱

Apple iOS/iPadOS Password Manager information disclosure

$۰-$۱k

Official Fix

CVE-2021-1740

۵.۳

Apple iOS/iPadOS Preferences access control

$۲۵k-$50k

Official Fix

CVE-2021-1739

۵.۳

Apple iOS/iPadOS Preferences access control

$۲۵k-$50k

Official Fix

CVE-2021-1815

۵.۳

Apple iOS/iPadOS Preferences access control

$۲۵k-$50k

Official Fix

CVE-2021-1807

۵.۳

Apple iOS/iPadOS Safari access control

$۲۵k-$50k

Official Fix

CVE-2021-1831

۵.۳

Apple iOS/iPadOS Shortcuts permission

$۲۵k-$50k

Official Fix

CVE-2021-1868

۵.۳

Apple iOS/iPadOS Tailspin state issue

$۲۵k-$50k

Official Fix

CVE-2021-1854

۵.۶

Apple iOS/iPadOS Telephony behavioral workflow

$۵۰k-$100k

Official Fix

CVE-2021-1848

۳.۳

Apple iOS/iPadOS Wallet information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-1826

۴.۳

Apple iOS/iPadOS WebKit cross site scripting

$۲۵k-$50k

Official Fix

CVE-2021-1825

۴.۳

Apple iOS/iPadOS WebKit cross site scripting

$۲۵k-$50k

Official Fix

CVE-2021-1820

۴.۳

Apple iOS/iPadOS WebKit initialization

$۲۵k-$50k

Official Fix

CVE-2021-1817

۶.۳

Apple iOS/iPadOS WebKit memory corruption

$۱۰۰k and more

Official Fix

CVE-2021-30661

۶.۳

Apple iOS/iPadOS WebKit Storage use after free

$۱۰۰k and more

Official Fix

CVE-2020-7463

۷.۲

Apple iOS/iPadOS WebRTC use after free

$۱۰۰k and more

Official Fix

CVE-2021-1853

۵.۳

Apple macOS APFS state issue

$۵k-$10k

Official Fix

CVE-2021-1867

۷.۸

Apple macOS Apple Neural Engine out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-1849

۵.۳

Apple macOS AppleMobileFileIntegrity signature verification

$۲k-$5k

Official Fix

CVE-2021-1810

۵.۳

Apple macOS Archive Utility state issue

$۵k-$10k

Official Fix

CVE-2021-1808

۳.۳

Apple macOS Audio memory corruption

$۵k-$10k

Official Fix

CVE-2021-1857

۴.۳

Apple macOS CFNetwork initialization

$۵k-$10k

Official Fix

CVE-2021-1809

۴.۳

Apple macOS CoreAudio memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1846

۴.۳

Apple macOS CoreAudio out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-30659

۳.۵

Apple macOS CoreFoundation information disclosure

$۲k-$5k

Official Fix

CVE-2021-1847

۶.۳

Apple macOS CoreGraphics memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1811

۴.۳

Apple macOS CoreText information disclosure

$۵k-$10k

Official Fix

CVE-2020-8285

۵.۹

Apple macOS curl buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-8286

۶.۵

Apple macOS curl certificate validation

$۵k-$10k

Official Fix

CVE-2021-1784

۵.۳

Apple macOS DiskArbitration permission

$۵k-$10k

Official Fix

CVE-2021-1872

۶.۵

Apple macOS FaceTime state issue

$۱۰k-$25k

Official Fix

CVE-2021-1881

۶.۳

Apple macOS FontParser out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-1813

۷.۸

Apple macOS Foundation behavioral workflow

$۱۰k-$25k

Official Fix

CVE-2021-1882

۵.۳

Apple macOS Foundation memory corruption

$۵k-$10k

Official Fix

CVE-2021-1884

۴.۳

Apple macOS Heimdal denial of service

$۲k-$5k

Official Fix

CVE-2021-1883

۷.۳

Apple macOS Heimdal heap-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1885

۶.۳

Apple macOS ImageIO out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-1858

۶.۳

Apple macOS ImageIO out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-1843

۶.۳

Apple macOS ImageIO Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-1814

۶.۳

Apple macOS ImageIO Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-30653

۶.۳

Apple macOS ImageIO Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-1880

۶.۳

Apple macOS ImageIO Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-30658

۵.۳

Apple macOS Installer access control

$۵k-$10k

Official Fix

CVE-2021-1834

۷.۸

Apple macOS Intel Graphics Driver out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-1841

۷.۸

Apple macOS Intel Graphics Driver out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-1860

۳.۳

Apple macOS Kernel initialization

$۲k-$5k

Official Fix

CVE-2021-1840

۵.۳

Apple macOS Kernel memory corruption

$۵k-$10k

Official Fix

CVE-2021-30660

۳.۳

Apple macOS Kernel out-of-bounds read

$۲k-$5k

Official Fix

CVE-2021-1832

۵.۳

Apple macOS Kernel permission

$۵k-$10k

Official Fix

CVE-2021-1851

۷.۸

Apple macOS Kernel state issue

$۱۰k-$25k

Official Fix

CVE-2021-30652

۷.۸

Apple macOS libxpc race condition

$۵k-$10k

Official Fix

CVE-2021-1875

۶.۳

Apple macOS libxslt double free

$۱۰k-$25k

Official Fix

CVE-2021-1824

۲.۵

Apple macOS Login Window information disclosure

$۲k-$5k

Official Fix

CVE-2021-1859

۳.۳

Apple macOS Notes state issue

$۵k-$10k

Official Fix

CVE-2021-1876

۶.۳

Apple macOS NSRemoteView use after free

$۱۰k-$25k

Official Fix

CVE-2021-1740

۵.۳

Apple macOS Preferences path traversal

$۵k-$10k

Official Fix

CVE-2021-1739

۵.۳

Apple macOS Preferences path traversal

$۵k-$10k

Official Fix

CVE-2021-1815

۵.۳

Apple macOS Preferences path traversal

$۵k-$10k

Official Fix

CVE-2021-1861

۴.۳

Apple macOS Safari information disclosure

$۵k-$10k

Official Fix

CVE-2021-1855

۴.۳

Apple macOS Safari state issue

$۱۰k-$25k

Official Fix

CVE-2021-1868

۵.۳

Apple macOS SampleAnalysis state issue

$۵k-$10k

Official Fix

CVE-2021-1878

۳.۷

Apple macOS smbx integer overflow

$۱۰k-$25k

Official Fix

CVE-2021-30657

۵.۳

Apple macOS System Preferences state issue

$۵k-$10k

Official Fix

CVE-2020-8037

۵.۹

Apple macOS tcpdump resource consumption

$۵k-$10k

Official Fix

CVE-2021-1839

۵.۳

Apple macOS Time Machine permission

$۵k-$10k

Official Fix

CVE-2021-1826

۴.۳

Apple macOS WebKit cross site scripting

$۵k-$10k

Official Fix

CVE-2021-1825

۴.۳

Apple macOS WebKit cross site scripting

$۵k-$10k

Official Fix

CVE-2021-1820

۴.۳

Apple macOS WebKit initialization

$۵k-$10k

Official Fix

CVE-2021-1817

۶.۳

Apple macOS WebKit memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-30661

۶.۳

Apple macOS WebKit Storage use after free

$۱۰k-$25k

Official Fix

CVE-2020-7463

۷.۲

Apple macOS WebRTC use after free

$۲۵k-$50k

Official Fix

CVE-2021-1828

۷.۸

Apple macOS Wi-Fi memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-30655

۷.۸

Apple macOS Wi-Fi permission

$۱۰k-$25k

Official Fix

CVE-2021-1829

۷.۸

Apple macOS Wi-Fi type confusion

$۱۰k-$25k

Official Fix

CVE-2021-1873

۳.۵

Apple macOS Windows Server permission

$۵k-$10k

Official Fix

CVE-2021-1825

۴.۳

Apple Safari WebKit cross site scripting

$۱۰k-$25k

Official Fix

CVE-2020-7463

۵.۹

Apple Safari WebRTC use after free

$۲۵k-$50k

Official Fix

CVE-2021-1849

۵.۳

Apple tvOS AppleMobileFileIntegrity signature verification

$۱k-$2k

Official Fix

CVE-2021-1836

۵.۳

Apple tvOS Assets access control

$۲k-$5k

Official Fix

CVE-2021-1808

۵.۳

Apple tvOS Audio memory corruption

$۲k-$5k

Official Fix

CVE-2021-1857

۴.۳

Apple tvOS CFNetwork initialization

$۲k-$5k

Official Fix

CVE-2021-1809

۳.۳

Apple tvOS CoreAudio memory corruption

$۲k-$5k

Official Fix

CVE-2021-1846

۶.۳

Apple tvOS CoreAudio out-of-bounds read

$۲k-$5k

Official Fix

CVE-2021-1811

۴.۳

Apple tvOS CoreText state issue

$۵k-$10k

Official Fix

CVE-2021-1881

۶.۳

Apple tvOS FontParser out-of-bounds read

$۲k-$5k

Official Fix

CVE-2021-1813

۷.۸

Apple tvOS Foundation behavioral workflow

$۵k-$10k

Official Fix

CVE-2021-1882

۵.۳

Apple tvOS Foundation memory corruption

$۲k-$5k

Official Fix

CVE-2021-1884

۴.۳

Apple tvOS Heimdal denial of service

$۱k-$2k

Official Fix

CVE-2021-1883

۶.۳

Apple tvOS Heimdal heap-based overflow

$۵k-$10k

Official Fix

CVE-2021-1885

۶.۳

Apple tvOS ImageIO out-of-bounds read

$۲k-$5k

Official Fix

CVE-2021-1858

۶.۳

Apple tvOS ImageIO out-of-bounds write

$۵k-$10k

Official Fix

CVE-2021-1843

۶.۳

Apple tvOS ImageIO Remote Code Execution

$۵k-$10k

Official Fix

CVE-2021-30653

۶.۳

Apple tvOS ImageIO Remote Code Execution

$۵k-$10k

Official Fix

CVE-2021-1864

۶.۳

Apple tvOS iTunes Store use after free

$۵k-$10k

Official Fix

CVE-2021-1816

۷.۸

Apple tvOS Kernel buffer overflow

$۵k-$10k

Official Fix

CVE-2021-1860

۳.۳

Apple tvOS Kernel initialization

$۱k-$2k

Official Fix

CVE-2021-30660

۳.۳

Apple tvOS Kernel out-of-bounds read

$۱k-$2k

Official Fix

CVE-2021-1832

۵.۳

Apple tvOS Kernel permission

$۲k-$5k

Official Fix

CVE-2021-1851

۷.۸

Apple tvOS Kernel state issue

$۵k-$10k

Official Fix

CVE-2021-30652

۷.۸

Apple tvOS libxpc race condition

$۲k-$5k

Official Fix

CVE-2021-1875

۶.۳

Apple tvOS libxslt double free

$۵k-$10k

Official Fix

CVE-2021-1822

۵.۳

Apple tvOS MobileInstallation Local Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-1740

۵.۳

Apple tvOS Preferences path traversal

$۲k-$5k

Official Fix

CVE-2021-1739

۵.۳

Apple tvOS Preferences path traversal

$۲k-$5k

Official Fix

CVE-2021-1815

۵.۳

Apple tvOS Preferences path traversal

$۲k-$5k

Official Fix

CVE-2021-1868

۵.۳

Apple tvOS Tailspin state issue

$۲k-$5k

Official Fix

CVE-2021-1826

۴.۳

Apple tvOS WebKit cross site scripting

$۲k-$5k

Official Fix

CVE-2021-1825

۴.۳

Apple tvOS WebKit cross site scripting

$۲k-$5k

Official Fix

CVE-2021-1820

۴.۳

Apple tvOS WebKit initialization

$۲k-$5k

Official Fix

CVE-2021-1817

۶.۳

Apple tvOS WebKit memory corruption

$۵k-$10k

Official Fix

CVE-2021-1844

۷.۵

Apple tvOS WebKit memory corruption

$۵k-$10k

Official Fix

CVE-2021-30661

۶.۳

Apple tvOS WebKit Storage use after free

$۵k-$10k

Official Fix

CVE-2021-1849

۵.۳

Apple watchOS AppleMobileFileIntegrity signature verification

$۱k-$2k

Official Fix

CVE-2021-1808

۳.۳

Apple watchOS Audio memory corruption

$۲k-$5k

Official Fix

CVE-2021-1857

۴.۳

Apple watchOS CFNetwork initialization

$۲k-$5k

Official Fix

CVE-2021-1809

۳.۳

Apple watchOS CoreAudio memory corruption

$۲k-$5k

Official Fix

CVE-2021-1846

۴.۳

Apple watchOS CoreAudio out-of-bounds read

$۲k-$5k

Official Fix

CVE-2021-30659

۳.۵

Apple watchOS CoreFoundation behavioral workflow

$۲k-$5k

Official Fix

CVE-2021-1811

۴.۳

Apple watchOS CoreText state issue

$۵k-$10k

Official Fix

CVE-2021-1872

۵.۰

Apple watchOS FaceTime state issue

$۵k-$10k

Official Fix

CVE-2021-1881

۶.۳

Apple watchOS FontParser out-of-bounds read

$۲k-$5k

Official Fix

CVE-2021-1813

۷.۸

Apple watchOS Foundation behavioral workflow

$۵k-$10k

Official Fix

CVE-2021-1882

۵.۳

Apple watchOS Foundation memory corruption

$۲k-$5k

Official Fix

CVE-2021-1884

۴.۳

Apple watchOS Heimdal denial of service

$۲k-$5k

Official Fix

CVE-2021-1883

۶.۳

Apple watchOS Heimdal heap-based overflow

$۵k-$10k

Official Fix

CVE-2021-1885

۶.۳

Apple watchOS ImageIO out-of-bounds read

$۲k-$5k

Official Fix

CVE-2021-1858

۶.۳

Apple watchOS ImageIO out-of-bounds write

$۵k-$10k

Official Fix

CVE-2021-1843

۶.۳

Apple watchOS ImageIO Remote Code Execution

$۵k-$10k

Official Fix

CVE-2021-1814

۶.۳

Apple watchOS ImageIO Remote Code Execution

$۵k-$10k

Official Fix

CVE-2021-30653

۶.۳

Apple watchOS ImageIO Remote Code Execution

$۵k-$10k

Official Fix

CVE-2021-1880

۶.۳

Apple watchOS ImageIO Remote Code Execution

$۵k-$10k

Official Fix

CVE-2021-1864

۶.۳

Apple watchOS iTunes Store use after free

$۵k-$10k

Official Fix

CVE-2021-1816

۷.۸

Apple watchOS Kernel buffer overflow

$۵k-$10k

Official Fix

CVE-2021-1860

۳.۳

Apple watchOS Kernel initialization

$۱k-$2k

Official Fix

CVE-2021-30660

۳.۳

Apple watchOS Kernel out-of-bounds read

$۱k-$2k

Official Fix

CVE-2021-1832

۵.۳

Apple watchOS Kernel permission

$۲k-$5k

Official Fix

CVE-2021-1851

۷.۸

Apple watchOS Kernel state issue

$۵k-$10k

Official Fix

CVE-2021-30652

۷.۸

Apple watchOS libxpc race condition

$۲k-$5k

Official Fix

CVE-2021-1875

۶.۳

Apple watchOS libxslt double free

$۵k-$10k

Official Fix

CVE-2021-1822

۵.۳

Apple watchOS MobileInstallation access control

$۲k-$5k

Official Fix

CVE-2021-1740

۵.۳

Apple watchOS Preferences path traversal

$۲k-$5k

Official Fix

CVE-2021-1739

۵.۳

Apple watchOS Preferences path traversal

$۲k-$5k

Official Fix

CVE-2021-1815

۵.۳

Apple watchOS Preferences path traversal

$۲k-$5k

Official Fix

CVE-2021-1807

۵.۳

Apple watchOS Safari access control

$۲k-$5k

Official Fix

CVE-2021-1868

۵.۳

Apple watchOS Tailspin state issue

$۲k-$5k

Official Fix

CVE-2021-1826

۴.۳

Apple watchOS WebKit cross site scripting

$۲k-$5k

Official Fix

CVE-2021-1825

۴.۳

Apple watchOS WebKit cross site scripting

$۲k-$5k

Official Fix

CVE-2021-1820

۴.۳

Apple watchOS WebKit initialization

$۲k-$5k

Official Fix

CVE-2021-1817

۶.۳

Apple watchOS WebKit memory corruption

$۵k-$10k

Official Fix

CVE-2021-30661

۶.۳

Apple watchOS WebKit Storage use after free

$۵k-$10k

Official Fix

CVE-2021-21300

۶.۹

Apple Xcode Git link following

$۱۰k-$25k

Official Fix

CVE-2021-25152

۶.۳

Aruba AirWave Management Platform deserialization

$۲k-$5k

Official Fix

CVE-2021-25151

۶.۳

Aruba AirWave Management Platform deserialization

$۲k-$5k

Official Fix

CVE-2021-25147

۷.۳

Aruba AirWave Management Platform improper authentication

$۱k-$2k

Official Fix

CVE-2021-25167

۶.۳

Aruba AirWave Management Platform improper authorization

$۲k-$5k

Official Fix

CVE-2021-25166

۶.۳

Aruba AirWave Management Platform improper authorization

$۲k-$5k

Official Fix

CVE-2021-29137

۵.۵

Aruba AirWave Management Platform redirect

$۱k-$2k

Official Fix

CVE-2021-25154

۶.۳

Aruba AirWave Management Platform Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-25153

۶.۳

Aruba AirWave Management Platform sql injection

$۱k-$2k

Official Fix

CVE-2021-25163

۶.۳

Aruba AirWave Management Platform XML Data xml external entity reference

$۱k-$2k

Official Fix

CVE-2021-25165

۶.۳

Aruba AirWave Management Platform xml external entity reference

$۱k-$2k

Official Fix

CVE-2021-25164

۶.۳

Aruba AirWave Management Platform XML xml external entity reference

$۱k-$2k

Official Fix

CVE-2021-29147

۶.۳

Aruba ClearPass Policy Manager command injection

$۲k-$5k

Official Fix

CVE-2021-29146

۳.۵

Aruba ClearPass Policy Manager cross site scripting

$۰-$۱k

Official Fix

CVE-2021-29142

۳.۵

Aruba ClearPass Policy Manager cross site scripting

$۰-$۱k

Official Fix

CVE-2021-29139

۳.۵

Aruba ClearPass Policy Manager cross site scripting

$۰-$۱k

Official Fix

CVE-2021-29144

۴.۳

Aruba ClearPass Policy Manager information disclosure

$۱k-$2k

Official Fix

CVE-2021-29141

۴.۳

Aruba ClearPass Policy Manager information disclosure

$۱k-$2k

Official Fix

CVE-2021-29138

۴.۳

Aruba ClearPass Policy Manager information disclosure

$۱k-$2k

Official Fix

CVE-2020-7123

۵.۳

Aruba ClearPass Policy Manager Local Privilege Escalation

$۱k-$2k

Official Fix

CVE-2021-29145

۶.۳

Aruba ClearPass Policy Manager server-side request forgery

$۲k-$5k

Official Fix

CVE-2021-29140

۶.۳

Aruba ClearPass Policy Manager XML Data xml external entity reference

$۱k-$2k

Official Fix

CVE-2020-7038

۷.۳

Avaya Equinox Conferencing Management access control

$۲k-$5k

Official Fix

CVE-2020-7037

۶.۳

Avaya Equinox Conferencing xml external entity reference

$۱k-$2k

Official Fix

CVE-2020-21994

۴.۳

AVE DOMINAplus authClients.xml improper authentication

$۱k-$2k

Not Defined

CVE-2020-21991

۶.۳

AVE DOMINAplus changeparams.php improper authentication

$۱k-$2k

Not Defined

CVE-2020-21996

۴.۳

AVE DOMINAplus denial of service

$۰-$۱k

Not Defined

CVE-2021-31776

۸.۸

Aviatrix VPN Client unquoted search path

$۲k-$5k

Official Fix

CVE-2021-21211

۵.۴

Baidu Navigation unknown vulnerability

$۲k-$5k

Official Fix

CVE-2021-3511

۵.۳

Buffalo BHR-4GRV Configuration information disclosure

$۱k-$2k

Not Defined

CVE-2021-3512

۹.۸

Buffalo BHR-4GRV Telnet Service access control

$۲k-$5k

Workaround

CVE-2021-20716

۶.۳

Buffalo BHR-4RV Debug Option os command injection

$۲k-$5k

Not Defined

CVE-2021-20090

۷.۳

Buffalo WSR-2533DHPL2/WSR-2533DHP3 path traversal

$۲k-$5k

Not Defined

CVE-2021-20092

۳.۵

Buffalo WSR-2533DHPL2/WSR-2533DHP3 Web Interface information disclosure

$۰-$۱k

Not Defined

CVE-2021-20091

۶.۳

Buffalo WSR-2533DHPL2/WSR-2533DHP3 Web Interface Remote Privilege Escalation

$۲k-$5k

Not Defined

CVE-2021-30232

۶.۳

China Mobile An Lianbao WF-1 set_IGMP_PROXY Interface os command injection

$۲k-$5k

Not Defined

CVE-2021-30234

۶.۳

China Mobile An Lianbao WF-1 set_MLD_PROXY Interface os command injection

$۲k-$5k

Not Defined

CVE-2021-25812

۵.۵

China Mobile An Lianbao WF-1 set_online_client command injection

$۱k-$2k

Not Defined

CVE-2021-30230

۶.۳

China Mobile An Lianbao WF-1 set_time_zone Interface os command injection

$۲k-$5k

Not Defined

CVE-2021-30228

۶.۳

China Mobile An Lianbao WF-1 set_ZRAndlink Interface os command injection

$۲k-$5k

Not Defined

CVE-2021-30229

۶.۳

China Mobile An Lianbao WF-1 set_zrDm Interface os command injection

$۲k-$5k

Not Defined

CVE-2021-30231

۶.۳

China Mobile An Lianbao WF-1 set_ZRElink Interface os command injection

$۲k-$5k

Not Defined

CVE-2021-30233

۶.۳

China Mobile An Lianbao WF-1 setIptvInfo Interface os command injection

$۲k-$5k

Not Defined

CVE-2021-1476

۶.۷

Cisco ASA/Firepower Threat Defense CLI os command injection

$۱۰k-$25k

Official Fix

CVE-2021-1504

۸.۶

Cisco ASA/Firepower Threat Defense HTTPS Request out-of-bounds write

$۲۵k-$50k

Official Fix

CVE-2021-1445

۸.۶

Cisco ASA/Firepower Threat Defense HTTPS Request out-of-bounds write

$۲۵k-$50k

Official Fix

CVE-2021-1501

۸.۶

Cisco ASA/Firepower Threat Defense SIP Inspection Engine denial of service

$۱۰k-$25k

Official Fix

CVE-2021-1488

۶.۷

Cisco ASA/Firepower Threat Defense Upgrade Package command injection

$۱۰k-$25k

Official Fix

CVE-2021-1493

۸.۵

Cisco ASA/Firepower Threat Defense Web Services Interface buffer overflow

$۲۵k-$50k

Official Fix

CVE-2021-1369

۵.۴

Cisco Firepower Device Manager REST API xml external entity reference

$۵k-$10k

Official Fix

CVE-2021-1489

۴.۹

Cisco Firepower Device Manager Web-based Management resource consumption

$۲k-$5k

Official Fix

CVE-2021-1477

۶.۳

Cisco FirePOWER Management Center access control

$۱۰k-$25k

Official Fix

CVE-2021-1458

۴.۳

Cisco FirePOWER Management Center Web-based Management Interface cross site scripting

$۵k-$10k

Official Fix

CVE-2021-1457

۴.۳

Cisco FirePOWER Management Center Web-based Management Interface cross site scripting

$۵k-$10k

Official Fix

CVE-2021-1456

۴.۳

Cisco FirePOWER Management Center Web-based Management Interface cross site scripting

$۵k-$10k

Official Fix

CVE-2021-1455

۴.۳

Cisco FirePOWER Management Center Web-based Management Interface cross site scripting

$۵k-$10k

Official Fix

CVE-2021-1256

۵.۳

Cisco Firepower Threat Defense CLI Command pathname traversal

$۵k-$10k

Official Fix

CVE-2021-1448

۷.۸

Cisco Firepower Threat Defense CLI input validation

$۱۰k-$25k

Official Fix

CVE-2021-1402

۵.۳

Cisco Firepower Threat Defense TLS Message memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1495

۷.۳

Cisco Open Source Snort 2 Snort Detection Engine access control

$۲۵k-$50k

Official Fix

CVE-2021-21544

۲.۷

Dell EMC iDRAC9 Comment improper authentication

$۵k-$25k

Official Fix

CVE-2021-21540

۶.۳

Dell EMC iDRAC9 Configuration stack-based overflow

$۵k-$25k

Official Fix

CVE-2021-21541

۴.۳

Dell EMC iDRAC9 cross site scripting

$۵k-$25k

Official Fix

CVE-2021-21543

۳.۵

Dell EMC iDRAC9 cross site scripting

$۰-$۵k

Official Fix

CVE-2021-21542

۳.۵

Dell EMC iDRAC9 cross site scripting

$۰-$۵k

Official Fix

CVE-2021-21539

۴.۶

Dell EMC iDRAC9 Web Interface toctou

$۵k-$25k

Official Fix

CVE-2021-21507

۴.۳

Dell EMC Networking X-Series/PowerEdge VRTX Switch Module access control

$۵k-$25k

Official Fix

CVE-2021-21547

۱.۹

Dell EMC Unity/UnityVSA/Unity XT Upgrade Readiness Utility cleartext storage

$۰-$۵k

Official Fix

CVE-2021-21537

۵.۳

Dell Hybrid Client access control

$۵k-$25k

Official Fix

CVE-2021-21534

۳.۳

Dell Hybrid Client Local API information disclosure

$۰-$۵k

Official Fix

CVE-2021-21535

۷.۸

Dell Hybrid Client missing authentication

$۵k-$25k

Official Fix

CVE-2021-21536

۳.۳

Dell Hybrid Client Register information disclosure

$۰-$۵k

Official Fix

CVE-2021-21530

۶.۳

Dell OpenManage Enterprise-Modular Environment os command injection

$۵k-$25k

Official Fix

CVE-2021-21531

۵.۳

Dell Unisphere for PowerMax Monitor Role authorization

$۵k-$25k

Official Fix

CVE-2021-27480

۶.۳

Delta Electronics Industrial Automation COMMGR stack-based overflow

$۲k-$5k

Not Defined

CVE-2021-22660

۳.۵

Delta Industrial Automation CNCSoft-B out-of-bounds read

$۰-$۱k

Not Defined

CVE-2021-22664

۶.۶

Delta Industrial Automation CNCSoft-B out-of-bounds write

$۲k-$5k

Not Defined

CVE-2020-15225

۵.۳

django-filter numeric conversion

$۰-$۱k

Official Fix

CVE-2020-22781

۳.۵

Etherpad Cache denial of service

$۰-$۱k

Official Fix

CVE-2020-22783

۳.۵

Etherpad Database Backend log file

$۰-$۱k

Official Fix

CVE-2020-22782

۳.۵

Etherpad Import Endpoint denial of service

$۰-$۱k

Official Fix

CVE-2020-22785

۳.۵

Etherpad Import Endpoint denial of service

$۰-$۱k

Official Fix

CVE-2020-22784

۶.۳

Etherpad UeberDB Trailing Space access control

$۲k-$5k

Official Fix

CVE-2021-29464

۶.۳

Exiv2 Metadata heap-based overflow

$۰-$۵k

Official Fix

CVE-2021-29463

۵.۳

Exiv2 Metadata out-of-bounds read

$۰-$۵k

Official Fix

CVE-2021-29473

۳.۳

Exiv2 Metadata out-of-bounds read

$۰-$۱k

Official Fix

CVE-2021-31433

۷.۸

Foxit Studio Photo ARW File out-of-bounds write

$۲k-$5k

Not Defined

CVE-2021-31435

۷.۸

Foxit Studio Photo CMP File initialization

$۲k-$5k

Not Defined

CVE-2021-31437

۷.۸

Foxit Studio Photo JP2 File out-of-bounds write

$۲k-$5k

Not Defined

CVE-2021-31434

۷.۸

Foxit Studio Photo JPM File out-of-bounds write

$۲k-$5k

Not Defined

CVE-2021-31438

۷.۸

Foxit Studio Photo PSP File stack-based overflow

$۲k-$5k

Not Defined

CVE-2021-31436

۷.۸

Foxit Studio Photo SGI File heap-based overflow

$۲k-$5k

Not Defined

CVE-2021-20294

۵.۰

GNU Binutils readelf memory corruption

$۲k-$5k

Not Defined

CVE-2021-31879

۴.۳

GNU wget HTTP Header information disclosure

$۱k-$2k

Not Defined

CVE-2021-21233

۸.۸

Google Chrome ANGLE heap-based overflow

$۲۵k-$100k

Official Fix

CVE-2021-21216

۶.۵

Google Chrome Autofill authentication spoofing

$۲۵k-$50k

Official Fix

CVE-2021-21215

۶.۵

Google Chrome Autofill authentication spoofing

$۲۵k-$50k

Official Fix

CVE-2021-21206

۸.۸

Google Chrome Blink use after free

$۵۰k-$100k

Official Fix

CVE-2021-21204

۸.۸

Google Chrome Blink use after free

$۵۰k-$100k

Official Fix

CVE-2021-21203

۸.۸

Google Chrome Blink use after free

$۵۰k-$100k

Official Fix

CVE-2021-21232

۸.۸

Google Chrome Dev Tools use after free

$۲۵k-$100k

Official Fix

CVE-2021-21229

۴.۳

Google Chrome Downloads clickjacking

$۲۵k-$100k

Official Fix

CVE-2021-21202

۸.۶

Google Chrome Extension use after free

$۵۰k-$100k

Official Fix

CVE-2021-21228

۵.۰

Google Chrome Extensions access control

$۲۵k-$100k

Official Fix

CVE-2021-21207

۸.۶

Google Chrome IndexedDB use after free

$۵۰k-$100k

Official Fix

CVE-2021-21221

۶.۵

Google Chrome Mojo unknown vulnerability

$۵۰k-$100k

Official Fix

CVE-2021-21214

۸.۸

Google Chrome Network API use after free

$۵۰k-$100k

Official Fix

CVE-2021-21212

۶.۵

Google Chrome Network Config UI Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2021-21210

۶.۵

Google Chrome Network exposure of resource

$۲۵k-$50k

Official Fix

CVE-2021-21219

۵.۵

Google Chrome PDFium uninitialized pointer

$۲۵k-$50k

Official Fix

CVE-2021-21218

۵.۵

Google Chrome PDFium uninitialized pointer

$۲۵k-$50k

Official Fix

CVE-2021-21217

۵.۵

Google Chrome PDFium uninitialized pointer

$۲۵k-$50k

Official Fix

CVE-2021-21201

۹.۶

Google Chrome Permissions use after free

$۵۰k-$100k

Official Fix

CVE-2021-21208

۶.۵

Google Chrome QR Scanner clickjacking

$۵۰k-$100k

Official Fix

CVE-2021-21209

۶.۵

Google Chrome Storage unknown vulnerability

$۵۰k-$100k

Official Fix

CVE-2021-21231

۶.۳

Google Chrome V8 heap-based overflow

$۲۵k-$100k

Official Fix

CVE-2021-21227

۸.۸

Google Chrome V8 heap-based overflow

$۲۵k-$100k

Official Fix

CVE-2021-21220

۸.۸

Google Chrome V8 heap-based overflow

$۵۰k-$100k

Official Fix

CVE-2021-21230

۸.۸

Google Chrome V8 type confusion

$۲۵k-$100k

Official Fix

CVE-2021-21213

۸.۸

Google Chrome WebMIDI use after free

$۵۰k-$100k

Official Fix

CVE-2021-29474

۴.۳

HedgeDoc findNote path traversal

$۱k-$2k

Not Defined

CVE-2021-29475

۷.۳

HedgeDoc PDF Export server-side request forgery

$۲k-$5k

Official Fix

CVE-2020-21987

۳.۵

HomeAutomation cross site scripting

$۰-$۱k

Not Defined

CVE-2020-21989

۲.۴

HomeAutomation cross-site request forgery

$۰-$۱k

Not Defined

CVE-2020-22000

۵.۵

HomeAutomation Custom Command Plugin customcommand.plugin.php exec os command injection

$۱k-$2k

Not Defined

CVE-2020-21998

۶.۳

HomeAutomation GET Parameter api.php redirect

$۱k-$2k

Official Fix

CVE-2020-22001

۷.۳

HomeAutomation HTTP Header improper authentication

$۱k-$2k

Not Defined

CVE-2021-22393

۳.۵

Huawei CloudEngine 12800 Message denial of service

$۲k-$5k

Not Defined

CVE-2021-22332

۴.۶

Huawei CloudEngine 12800 Module double free

$۱۰k-$25k

Not Defined

CVE-2021-22331

۳.۵

Huawei P30 cross site scripting

$۲k-$5k

Official Fix

CVE-2021-22327

۵.۵

Huawei P30 File Parser memory corruption

$۱۰k-$25k

Not Defined

CVE-2021-22330

۶.۳

Huawei P30 Message out-of-bounds write

$۱۰k-$25k

Not Defined

CVE-2021-20550

۵.۴

IBM Content Navigator Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2021-20549

۵.۴

IBM Content Navigator Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2021-20448

۵.۴

IBM Content Navigator Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2021-20515

۶.۷

IBM Informix Dynamic Server stack-based overflow

$۵k-$25k

Not Defined

CVE-2020-4562

۵.۳

IBM Planning Analytics unknown vulnerability

$۱۰k-$25k

Not Defined

CVE-2021-20546

۵.۵

IBM Spectrum Protect buffer overflow

$۵k-$10k

Not Defined

CVE-2021-29672

۷.۸

IBM Spectrum Protect Client stack-based overflow

$۱۰k-$25k

Not Defined

CVE-2021-20532

۷.۸

IBM Spectrum Protect permission

$۱۰k-$25k

Not Defined

CVE-2021-20432

۶.۵

IBM Spectrum Protect Plus Domain Name unknown vulnerability

$۱۰k-$25k

Not Defined

CVE-2021-20536

۶.۲

IBM Spectrum Protect Plus File Systems Agent log file

$۵k-$10k

Not Defined

CVE-2021-29694

۷.۵

IBM Spectrum Protect Plus inadequate encryption

$۵k-$10k

Not Defined

CVE-2020-4981

۴.۴

IBM Spectrum Scale access control

$۵k-$10k

Not Defined

CVE-2021-29667

۷.۰

IBM Spectrum Scale csv injection

$۵k-$10k

Not Defined

CVE-2021-29666

۵.۴

IBM Spectrum Scale Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2019-25041

۶.۵

Infinite Unbound Compressed Name dname_pkt_copy assertion

$۲k-$5k

Official Fix

CVE-2019-25040

۵.۵

Infinite Unbound Compressed Name dname_pkt_copy infinite loop

$۰-$۱k

Official Fix

CVE-2020-22002

۷.۳

Inim Electronics SmartLiving SmartLAN GET Parameter onvif.cgi GetImage server-side request forgery

$۲k-$5k

Not Defined

CVE-2020-21995

۶.۳

Inim Electronics SmartLiving SmartLAN Telnet/SSH/FTP hard-coded credentials

$۱k-$2k

Not Defined

CVE-2020-21992

۹.۸

Inim Electronics SmartLiving SmartLAN testemail Module web.cgi system format string

$۲k-$5k

Not Defined

CVE-2021-25214

۵.۳

ISC BIND IXFR denial of service

$۵k-$10k

Official Fix

CVE-2021-25215

۵.۳

ISC BIND Query denial of service

$۵k-$10k

Official Fix

CVE-2021-25216

۸.۱

ISC BIND SPNEGO buffer overflow

$۲۵k-$50k

Official Fix

CVE-2021-31870

۵.۵

klibc calloc integer overflow

$۲k-$5k

Official Fix

CVE-2021-31872

۵.۵

klibc cpio Command integer overflow

$۲k-$5k

Official Fix

CVE-2021-31871

۵.۵

klibc cpio Command integer overflow

$۲k-$5k

Official Fix

CVE-2021-31873

۵.۵

klibc malloc integer overflow

$۲k-$5k

Official Fix

CVE-2021-3451

۵.۳

Lenovo PCManager Configuration default permission

$۱k-$2k

Official Fix

CVE-2021-3464

۷.۸

Lenovo PCManager uncontrolled search path

$۲k-$5k

Official Fix

CVE-2021-30169

۵.۳

LILIN IP Camera P2/IP Camera Z2 information disclosure

$۱k-$2k

Not Defined

CVE-2021-30168

۵.۳

LILIN IP Camera P2/IP Camera Z2 information disclosure

$۱k-$2k

Not Defined

CVE-2021-30166

۶.۳

LILIN IP Camera P2/IP Camera Z2 NTP Server os command injection

$۲k-$5k

Not Defined

CVE-2021-30167

۶.۳

LILIN IP Camera P2/IP Camera Z2 User Profile insufficiently protected credentials

$۱k-$2k

Not Defined

CVE-2021-25810

۳.۵

Mercusys Mercury X18G cross site scripting

$۰-$۱k

Not Defined

CVE-2021-25811

۳.۵

Mercusys Mercury X18G denial of service

$۰-$۱k

Not Defined

CVE-2021-22514

۶.۳

Micro Focus Application Performance Management Remote Privilege Escalation

$۲k-$5k

Not Defined

CVE-2021-25838

۴.۸

MintHCM File Upload cross site scripting

$۰-$۱k

Not Defined

CVE-2021-25839

۳.۱

MintHCM weak password

$۱k-$2k

Not Defined

CVE-2021-20326

۶.۵

MongoDB Server Find Query denial of service

$۰-$۱k

Official Fix

CVE-2021-29441

۷.۳

Nacos AuthFilter Servlet Filter authentication spoofing

$۱k-$2k

Official Fix

CVE-2021-29442

۵.۳

Nacos ConfigOpsController remove missing authentication

$۱k-$2k

Official Fix

CVE-2021-1081

۷.۸

NVIDIA vGPU Software Kernel Mode Driver buffer overflow

$۲k-$5k

Official Fix

CVE-2021-1086

۷.۱

NVIDIA Virtual GPU Manager access control

$۲k-$5k

Official Fix

CVE-2021-1087

۵.۵

NVIDIA Virtual GPU Manager Address Space Layout Randomization information disclosure

$۰-$۱k

Official Fix

CVE-2021-1084

۷.۸

NVIDIA Virtual GPU Manager Kernel Mode Driver buffer overflow

$۲k-$5k

Official Fix

CVE-2021-1083

۷.۸

NVIDIA Virtual GPU Manager Kernel Mode Driver buffer overflow

$۲k-$5k

Official Fix

CVE-2021-1082

۷.۸

NVIDIA Virtual GPU Manager Local Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-1080

۷.۸

NVIDIA Virtual GPU Manager Local Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-1085

۷.۸

NVIDIA Virtual GPU Manager Shared Memory buffer overflow

$۲k-$5k

Official Fix

CVE-2021-31784

۵.۵

Open Design Alliance Drawings SDK out-of-bounds write

$۲k-$5k

Official Fix

CVE-2021-21429

۳.۳

OpenAPI Tools OpenAPI Generator File.createTempFile temp file

$۰-$۱k

Official Fix

CVE-2020-15078

۴.۳

OpenVPN Control Channel Data authentication bypass

$۱k-$2k

Not Defined

CVE-2021-2321

۶.۰

Oracle VM VirtualBox information disclosure

$۲k-$5k

Official Fix

CVE-2021-31934

۳.۵

OX Software OX App Suite Contact Object cross site scripting

$۰-$۵k

Not Defined

CVE-2021-31935

۳.۵

OX Software OX App Suite Distribution List cross site scripting

$۰-$۵k

Not Defined

CVE-2020-28943

۵.۵

OX Software OX App Suite Snippet server-side request forgery

$۰-$۵k

Not Defined

CVE-2020-28944

۳.۵

OX Software OX Guard WKS Server denial of service

$۰-$۵k

Not Defined

CVE-2021-31422

۶.۴

Parallels Desktop e1000e Virtual Device toctou

$۰-$۱k

Not Defined

CVE-2021-31429

۶.۷

Parallels Desktop IDE Virtual Device heap-based overflow

$۲k-$5k

Not Defined

CVE-2021-31428

۶.۷

Parallels Desktop IDE Virtual Device heap-based overflow

$۲k-$5k

Not Defined

CVE-2021-31432

۳.۳

Parallels Desktop IDE Virtual Device out-of-bounds read

$۰-$۱k

Not Defined

CVE-2021-31431

۲.۳

Parallels Desktop IDE Virtual Device out-of-bounds read

$۰-$۱k

Not Defined

CVE-2021-31430

۲.۳

Parallels Desktop IDE Virtual Device out-of-bounds read

$۰-$۱k

Not Defined

CVE-2021-31424

۷.۸

Parallels Desktop Open Tools Gate heap-based overflow

$۲k-$5k

Not Defined

CVE-2021-31426

۷.۸

Parallels Desktop Parallels Tools integer overflow

$۲k-$5k

Not Defined

CVE-2021-31425

۷.۸

Parallels Desktop Parallels Tools integer overflow

$۲k-$5k

Not Defined

CVE-2021-31427

۳.۳

Parallels Desktop toctou

$۰-$۱k

Not Defined

CVE-2021-31421

۵.۳

Parallels Desktop Toolgate path traversal

$۰-$۱k

Not Defined

CVE-2021-31420

۷.۸

Parallels Desktop Toolgate stack-based overflow

$۲k-$5k

Not Defined

CVE-2021-31423

۲.۳

Parallels Desktop Toolgate uninitialized resource

$۰-$۱k

Not Defined

CVE-2021-31419

۷.۸

Parallels Desktop Toolgate uninitialized resource

$۲k-$5k

Not Defined

CVE-2021-31418

۷.۸

Parallels Desktop Toolgate uninitialized resource

$۲k-$5k

Not Defined

CVE-2021-31417

۷.۸

Parallels Desktop Toolgate uninitialized resource

$۲k-$5k

Not Defined

CVE-2021-28280

۳.۵

PHPFusion search.php cross site scripting

$۰-$۱k

Not Defined

CVE-2020-36326

۵.۵

PHPMailer Phar Deserialization addAttachment deserialization

$۱k-$2k

Official Fix

CVE-2021-21414

۶.۳

Prisma getPackedPackage os command injection

$۲k-$5k

Official Fix

CVE-2021-21415

۵.۰

Prisma VS Code Schema File code injection

$۲k-$5k

Official Fix

CVE-2021-28799

۶.۳

QNAP QTS/QuTS Hero/QuTScloud HBS 3 Hybrid Backup Sync improper authorization

$۲k-$5k

Official Fix

CVE-2021-31863

۳.۵

Redmine Git Repository information disclosure

$۰-$۱k

Official Fix

CVE-2021-31864

۵.۵

Redmine Incoming Mail permission

$۱k-$2k

Official Fix

CVE-2021-31866

۲.۶

Redmine SysController/MailHandlerController timing discrepancy

$۰-$۱k

Official Fix

CVE-2020-22790

۳.۵

Safe FME Server cross site scripting

$۰-$۱k

Not Defined

CVE-2020-22789

۴.۳

Safe FME Server cross site scripting

$۰-$۱k

Not Defined

CVE-2021-30219

۳.۵

Samurai Build File build.c printstatus null pointer dereference

$۰-$۱k

Official Fix

CVE-2021-30218

۳.۵

Samurai Build File util.c writefile null pointer dereference

$۰-$۱k

Official Fix

CVE-2021-29159

۳.۵

Sonatype Nexus Repository Manager NXRM Application cross site scripting

$۰-$۱k

Official Fix

CVE-2021-30635

۴.۳

Sonatype Nexus Repository Manager UI Folder pathname traversal

$۱k-$2k

Official Fix

CVE-2021-29388

۳.۵

SourceCodester Budget Management System index.php cross site scripting

$۰-$۱k

Not Defined

CVE-2021-29387

۳.۵

Sourcecodester Equipment Inventory System Add Section cross site scripting

$۰-$۱k

Not Defined

CVE-2021-30642

۷.۳

Symantec Security Analytics Web UI os command injection

$۱۰k-$25k

Official Fix

CVE-2019-25033

۷.۶

Unbound ALIGN_UP Macro integer overflow

$۲k-$5k

Official Fix

CVE-2019-25042

۷.۶

Unbound Compressed Name rdata_copy out-of-bounds write

$۲k-$5k

Official Fix

CVE-2019-25031

۴.۸

Unbound Configuration create_unbound_ad_servers.sh cleartext transmission

$۰-$۱k

Official Fix

CVE-2019-25038

۷.۶

Unbound dnscrypt.c integer overflow

$۲k-$5k

Official Fix

CVE-2019-25037

۵.۵

Unbound Packet dname_pkt_copy denial of service

$۰-$۱k

Official Fix

CVE-2019-25032

۷.۶

Unbound regional_alloc integer overflow

$۲k-$5k

Official Fix

CVE-2019-25039

۷.۶

Unbound respip.c integer overflow

$۲k-$5k

Official Fix

CVE-2019-25035

۷.۶

Unbound sldns_bget_token_par out-of-bounds write

$۲k-$5k

Official Fix

CVE-2019-25034

۷.۶

Unbound sldns_str2wire_dname_buf_origin out-of-bounds write

$۲k-$5k

Official Fix

CVE-2019-25036

۵.۵

Unbound synth_cname denial of service

$۰-$۱k

Official Fix

CVE-2021-20714

۳.۸

WP Fastest Cache pathname traversal

$۱k-$2k

Official Fix

CVE-2021-28959

۷.۳

Zoho ManageEngine EventLog Analyzer ZIP Archive pathname traversal

$۲k-$5k

Not Defined