info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته سوم بهمن‌ماه

 

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Cisco گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد.  همچنین در  محصولات شرکت‌های Apache، HPE، Google، Solarwinds، D-Link،  IBM وکرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری

امتیاز مبنا

عنوان آسیب‌پذیری

ارزش روز صفر

رفع آسیب‌پذیری

CVE-2020-13947

۳.۵

Apache ActiveMQ Administration Console message.jsp cross site scripting

$۰-$۵k

Not Defined

CVE-2020-17516

۷.۵

Apache Cassandra missing encryption

$۲k-$5k

Not Defined

CVE-2021-25646

۸.۸

Apache Druid cross site scripting

$۲k-$5k

Official Fix

CVE-2020-17523

۹.۸

Apache Shiro Spring Support improper authentication

$۵k-$10k

Official Fix

CVE-2021-1761

۴.۳

Apple macOS Analytics denial of service

$۲k-$5k

Official Fix

CVE-2021-1797

۳.۳

Apple macOS APFS permission

$۵k-$10k

Official Fix

CVE-2020-27945

۶.۳

Apple macOS CFNetwork Cache integer overflow

$۱۰k-$25k

Official Fix

CVE-2021-1760

۵.۳

Apple macOS CoreAnimation memory corruption

$۵k-$10k

Official Fix

CVE-2021-1747

۶.۳

Apple macOS CoreAudio out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-1776

۶.۳

Apple macOS CoreGraphics out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-1759

۶.۳

Apple macOS CoreMedia out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-1792

۶.۳

Apple macOS CoreText out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-1772

۶.۳

Apple macOS CoreText stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1787

۵.۳

Apple macOS Crash Reporter behavioral workflow

$۵k-$10k

Official Fix

CVE-2021-1761

۴.۳

Apple macOS Crash Reporter denial of service

$۲k-$5k

Official Fix

CVE-2021-1786

۵.۳

Apple macOS Crash Reporter state issue

$۵k-$10k

Official Fix

CVE-2021-1773

۶.۳

Apple macOS denial of service

$۵k-$10k

Official Fix

CVE-2020-27937

۳.۳

Apple macOS Directory Utility state issue

$۵k-$10k

Official Fix

CVE-2021-1802

۵.۳

Apple macOS Endpoint Security state issue

$۵k-$10k

Official Fix

CVE-2021-1791

۳.۳

Apple macOS FairPlay out-of-bounds read

$۲k-$5k

Official Fix

CVE-2021-1758

۶.۳

Apple macOS FontParser out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-29608

۶.۳

Apple macOS FontParser out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-1790

۶.۳

Apple macOS FontParser out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-1775

۶.۳

Apple macOS FontParser Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-1766

۴.۳

Apple macOS ImageIO denial of service

$۵k-$10k

Official Fix

CVE-2021-1783

۶.۳

Apple macOS ImageIO memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1785

۶.۳

Apple macOS ImageIO out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-1736

۶.۳

Apple macOS ImageIO out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-1778

۵.۵

Apple macOS ImageIO out-of-bounds read

Calculating

Official Fix

CVE-2021-1743

۶.۳

Apple macOS ImageIO out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-1741

۶.۳

Apple macOS ImageIO out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-1744

۶.۳

Apple macOS ImageIO out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-1738

۶.۳

Apple macOS ImageIO out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-1737

۶.۳

Apple macOS ImageIO out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-1793

۶.۳

Apple macOS ImageIO Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-1777

۶.۳

Apple macOS ImageIO Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-1774

۶.۳

Apple macOS ImageIO Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-1754

۶.۳

Apple macOS ImageIO Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-1746

۶.۳

Apple macOS ImageIO Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-1742

۶.۳

Apple macOS ImageIO Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-1818

۶.۳

Apple macOS ImageIO state issue

$۱۰k-$25k

Official Fix

CVE-2021-1779

۷.۸

Apple macOS IOKit state issue

$۱۰k-$25k

Official Fix

CVE-2021-1757

۵.۳

Apple macOS IOSkywalkFamily out-of-bounds read

$۲k-$5k

Official Fix

CVE-2021-1750

۷.۸

Apple macOS Kernel behavioral workflow

$۱۰k-$25k

Official Fix

CVE-2020-27904

۷.۸

Apple macOS Kernel memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1782

۴.۵

Apple macOS Kernel race condition

$۲k-$5k

Official Fix

CVE-2021-1764

۴.۳

Apple macOS Kernel use after free

$۱۰k-$25k

Official Fix

CVE-2020-29633

۵.۰

Apple macOS Login Window improper authentication

$۵k-$10k

Official Fix

CVE-2021-1771

۵.۶

Apple macOS Messages access control

$۱۰k-$25k

Official Fix

CVE-2021-1753

۶.۳

Apple macOS Model I/O out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-1763

۶.۳

Apple macOS Model IO buffer overflow

$۱۰k-$25k

Official Fix

CVE-2021-1767

۶.۳

Apple macOS Model IO heap-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1768

۶.۳

Apple macOS Model IO out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-1745

۶.۳

Apple macOS Model IO out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-1762

۶.۳

Apple macOS Model IO out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2020-29614

۶.۳

Apple macOS Model IO Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-1751

۶.۳

Apple macOS NetFSFramework state issue

$۱۰k-$25k

Official Fix

CVE-2020-25709

۴.۳

Apple macOS OpenLDAP denial of service

$۲k-$5k

Official Fix

CVE-2020-27938

۵.۳

Apple macOS Power Management state issue

$۵k-$10k

Official Fix

CVE-2020-14155

۵.۵

Apple macOS Screen Sharing unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2019-20838

۵.۵

Apple macOS Screen Sharing unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-15358

۵.۵

Apple macOS SQLite sql injection

$۵k-$10k

Official Fix

CVE-2021-1769

۵.۵

Apple macOS Swift memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1801

۶.۳

Apple macOS WebKit access control

$۱۰k-$25k

Official Fix

CVE-2021-1765

۶.۳

Apple macOS WebKit access control

$۱۰k-$25k

Official Fix

CVE-2021-1870

۶.۳

Apple macOS WebKit Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-1871

۶.۳

Apple macOS WebKit Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-1789

۶.۳

Apple macOS WebKit type confusion

$۱۰k-$25k

Official Fix

CVE-2021-1788

۶.۳

Apple macOS WebKit use after free

$۱۰k-$25k

Official Fix

CVE-2021-1799

۵.۵

Apple macOS WebRTC redirect

$۵k-$10k

Official Fix

CVE-2021-3229

۳.۵

Asus RT-AX3000 Login Error denial of service

$۰-$۵k

Not Defined

CVE-2020-36109

۵.۵

ASUS RT-AX86U httpd module blocking_request.cgi buffer overflow

$۲k-$5k

Official Fix

CVE-2020-36231

۴.۳

Atlassian JIRA Server/Data Center Metadata resource injection

$۲k-$5k

Official Fix

CVE-2021-25310

۸.۸

Belkin Linksys WRT160NL mini_httpd apply.cgi do_upgrade_post os command injection

$۲k-$5k

Workaround

CVE-2021-3401

۶.۳

Bitcoin Core bitcoin-qt state issue

$۲k-$5k

Official Fix

CVE-2021-1128

۳.۳

Cisco IOS XR CLI Parser insertion of sensitive information into sent data

$۱۰k-$25k

Official Fix

CVE-2021-1370

۷.۸

Cisco IOS XR Command Line os command injection

$۲۵k-$50k

Official Fix

CVE-2021-1288

۷.۵

Cisco IOS XR denial of service

$۱۰k-$25k

Official Fix

CVE-2021-1268

۴.۳

Cisco IOS XR IPv6 denial of service

$۵k-$10k

Official Fix

CVE-2021-1313

۵.۸

Cisco IOS XR resource management

$۱۰k-$25k

Official Fix

CVE-2021-1244

۶.۷

Cisco IOS XR signature verification

$۱۰k-$25k

Official Fix

CVE-2021-1136

۶.۷

Cisco IOS XR signature verification

$۱۰k-$25k

Official Fix

CVE-2021-1243

۵.۳

Cisco IOS XR SNMP access control

$۲۵k-$50k

Official Fix

CVE-2021-1389

۷.۳

Cisco IOS XR/NX-OS IPv6 Access Control List access control

$۲۵k-$50k

Official Fix

CVE-2021-1266

۴.۳

Cisco Managed Services Accelerator REST API denial of service

$۲k-$5k

Official Fix

CVE-2021-1318

۸.۸

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface command injection

$۱۰k-$25k

Official Fix

CVE-2021-1317

۸.۸

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface command injection

$۱۰k-$25k

Official Fix

CVE-2021-1316

۸.۸

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface command injection

$۱۰k-$25k

Official Fix

CVE-2021-1315

۸.۸

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface command injection

$۱۰k-$25k

Official Fix

CVE-2021-1314

۸.۸

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface command injection

$۱۰k-$25k

Official Fix

CVE-2021-1348

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1347

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1346

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1345

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1344

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1343

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1342

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1341

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1340

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1339

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1338

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1337

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1336

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1335

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1334

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1333

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1332

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1331

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1330

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1329

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1328

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1327

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1326

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1325

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1324

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1323

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1322

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1321

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1320

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1319

۷.۲

Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-1297

۷.۳

Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface pathname traversal

$۱۰k-$25k

Official Fix

CVE-2021-1296

۷.۳

Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface pathname traversal

$۱۰k-$25k

Official Fix

CVE-2021-1295

۹.۸

Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2021-1294

۹.۸

Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2021-1293

۹.۸

Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2021-1292

۹.۸

Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2021-1291

۹.۸

Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2021-1290

۹.۸

Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2021-1289

۹.۸

Cisco RV160/RV160W/RV260/RV260P/RV260W Web-based Management Interface Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2021-1354

۳.۵

Cisco Unified Computing System Registration API certificate validation

$۵k-$10k

Official Fix

CVE-2021-1221

۵.۵

Cisco WebEx Meetings/WebEx Meetings Server Meeting Invitation Email input validation

$۱۰k-$25k

Official Fix

CVE-2020-20294

۵.۵

CMSWing Log unknown vulnerability

$۲k-$5k

Not Defined

CVE-2020-20296

۵.۵

CMSWing rechargeAction sql injection

$۱k-$2k

Not Defined

CVE-2020-20295

۵.۵

CMSWing updateAction sql injection

$۱k-$2k

Not Defined

CVE-2020-28450

۷.۳

Decal Package extend Remote Code Execution

$۲k-$5k

Official Fix

CVE-2020-28449

۷.۳

Decal Package set Remote Code Execution

$۲k-$5k

Official Fix

CVE-2020-29557

۷.۳

D-Link DIR-825 R1 Web Interface buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-25506

۹.۸

D-Link DNS-320 system_mgr.cgi command injection

$۱۰k-$25k

Not Defined

CVE-2020-18568

۹.۸

D-Link DSR-250/DSR-1000N UPnP Service command injection

$۱۰k-$25k

Not Defined

CVE-2021-21285

۴.۳

Docker Docker Image Manifest resource consumption

$۵k-$10k

Official Fix

CVE-2021-21284

۵.۵

Docker Remapped Root <remapping> path traversal

$۵k-$10k

Official Fix

CVE-2020-8807

۳.۵

Electric Coin Company Zcashd Time Offset information disclosure

$۰-$۱k

Official Fix

CVE-2020-8806

۵.۰

Electric Coin Company Zcashd Timestamp Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2020-10539

۶.۳

Epikur checkPasswort backdoor

$۲k-$5k

Official Fix

CVE-2020-10538

۲.۶

Epikur hash without salt

$۰-$۱k

Official Fix

CVE-2020-10537

۶.۳

Epikur Service Port 4848 improper authentication

$۱k-$2k

Official Fix

CVE-2020-9014

۶.۵

Epson iProjection Device Driver EMP_NSAU.sys denial of service

$۰-$۵k

Not Defined

CVE-2020-9453

۶.۳

Epson iProjection Driver File EMP_MPAU.sys null pointer dereference

$۰-$۵k

Not Defined

CVE-2020-1896

۴.۶

Facebook Hermes stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2020-1910

۶.۳

Facebook WhatsApp/WhatsApp Business Image out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-26023

۳.۵

Favorites Component cross site scripting

$۰-$۱k

Official Fix

CVE-2021-26024

۵.۵

Favorites Component resource injection

$۱k-$2k

Official Fix

CVE-2020-13548

۶.۳

Foxit PhantomPDF PDF File use after free

$۰-$۵k

Official Fix

CVE-2020-27860

۶.۳

Foxit PhantomPDF XFA Template out-of-bounds write

$۰-$۵k

Official Fix

CVE-2020-14391

۳.۳

GNOME Control Center Settings User Interface insufficiently protected credentials

$۰-$۵k

Official Fix

CVE-2021-3349

۴.۶

GNOME Evolution Valid Signature signature verification

$۰-$۱k

Official Fix

CVE-2020-36241

۵.۵

GNOME gnome-autoar Extraction autoar-extractor.c pathname traversal

$۱k-$2k

Official Fix

CVE-2021-0362

۴.۲

Google Android aee stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-0347

۲.۳

Google Android ccu out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-0349

۶.۷

Google Android Display Driver memory corruption

$۵۰k-$100k

Official Fix

CVE-2021-0365

۴.۲

Google Android Display Driver use after free

$۱۰k-$25k

Official Fix

CVE-2021-0350

۴.۴

Google Android ged denial of service

$۲k-$5k

Official Fix

CVE-2021-0354

۴.۲

Google Android ged out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-0353

۴.۲

Google Android kisd heap-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-0361

۲.۳

Google Android kisd out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-0343

۶.۷

Google Android kisd out-of-bounds write

$۵۰k-$100k

Official Fix

CVE-2021-0355

۴.۲

Google Android kisd out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-0364

۴.۲

Google Android mobile_log_d command injection

$۱۰k-$25k

Official Fix

CVE-2021-0363

۴.۲

Google Android mobile_log_d command injection

$۱۰k-$25k

Official Fix

CVE-2021-0345

۶.۷

Google Android mobile_log_d privileges management

$۲۵k-$50k

Official Fix

CVE-2021-0344

۶.۷

Google Android mtkpower memory corruption

$۵۰k-$100k

Official Fix

CVE-2021-0358

۴.۲

Google Android netdiag command injection

$۱۰k-$25k

Official Fix

CVE-2021-0356

۴.۲

Google Android netdiag command injection

$۱۰k-$25k

Official Fix

CVE-2021-0360

۴.۲

Google Android netdiag out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-0359

۴.۲

Google Android netdiag out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-0357

۴.۲

Google Android netdiag out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-0352

۴.۴

Google Android RT Regmap Driver memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-0348

۶.۷

Google Android vpu out-of-bounds write

$۵۰k-$100k

Official Fix

CVE-2021-0346

۶.۷

Google Android vpu out-of-bounds write

$۵۰k-$100k

Official Fix

CVE-2021-0351

۷.۵

Google Android WLAN Driver denial of service

$۱۰k-$25k

Official Fix

CVE-2021-21148

۶.۳

Google Chrome V8 heap-based overflow

$۵۰k-$100k

Official Fix

CVE-2021-3283

۵.۵

Hashicorp Nomad/Nomad Enterprise Java Task Driver unknown vulnerability

$۲k-$5k

Official Fix

CVE-2021-3024

۵.۳

Hashicorp Vault/Vault Enterprise information disclosure

$۱k-$2k

Official Fix

CVE-2021-3282

۶.۳

Hashicorp Vault/Vault Enterprise Rast Operator Command improper authentication

$۱k-$2k

Official Fix

CVE-2020-25594

۴.۳

Hashicorp Vault/Vault Enterprise Secrets Engine information disclosure

$۱k-$2k

Official Fix

CVE-2020-14255

۳.۵

HCL Digital Experience Container information disclosure

$۰-$۱k

Not Defined

CVE-2020-14221

۳.۵

HCL Digital Experience information disclosure

$۰-$۱k

Not Defined

CVE-2020-4081

۳.۵

HCL Digital Experience WSRP Consumer cross site scripting

$۰-$۱k

Not Defined

CVE-2020-14246

۵.۶

HCL OneTest Performance Basic Authentication improper authentication

$۱k-$2k

Not Defined

CVE-2020-14247

۳.۷

HCL OneTest Performance excessive authentication

$۱k-$2k

Not Defined

CVE-2020-14245

۵.۳

HCL OneTest UI resource consumption

$۰-$۱k

Not Defined

CVE-2020-24666

۳.۵

Hitachi Vantara Pentaho Analysis Report cross site scripting

$۰-$۱k

Official Fix

CVE-2020-24664

۳.۵

Hitachi Vantara Pentaho Dashboard Editor cross site scripting

$۰-$۱k

Official Fix

CVE-2020-24670

۳.۵

Hitachi Vantara Pentaho Dashboard Editor dashboardXml cross site scripting

$۰-$۱k

Official Fix

CVE-2020-24665

۴.۳

Hitachi Vantara Pentaho Dashboard Editor xml external entity reference

$۱k-$2k

Official Fix

CVE-2020-24669

۲.۶

Hitachi Vantara Pentaho New Analysis Report cross site scripting

$۰-$۱k

Official Fix

CVE-2020-29165

۶.۳

HP Access Control access control

$۱۰k-$25k

Official Fix

CVE-2021-25123

۵.۳

HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller addlicense_func buffer overflow

$۵k-$10k

Not Defined

CVE-2021-25138

۸.۸

HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow

$۲۵k-$50k

Official Fix

CVE-2021-25137

۸.۸

HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow

$۲۵k-$50k

Official Fix

CVE-2021-25136

۸.۸

HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow

$۲۵k-$50k

Official Fix

CVE-2021-25135

۸.۸

HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow

$۲۵k-$50k

Official Fix

CVE-2021-25134

۸.۸

HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow

$۲۵k-$50k

Official Fix

CVE-2021-25133

۸.۸

HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow

$۲۵k-$50k

Official Fix

CVE-2021-25132

۸.۸

HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow

$۲۵k-$50k

Official Fix

CVE-2021-25131

۸.۸

HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow

$۲۵k-$50k

Official Fix

CVE-2021-25130

۸.۸

HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow

$۲۵k-$50k

Official Fix

CVE-2021-25127

۸.۸

HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow

$۲۵k-$50k

Official Fix

CVE-2021-25126

۸.۸

HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware buffer overflow

$۲۵k-$50k

Official Fix

CVE-2021-25129

۸.۸

HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware path traversal

$۱۰k-$25k

Official Fix

CVE-2021-25128

۸.۸

HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware path traversal

$۱۰k-$25k

Official Fix

CVE-2021-25125

۸.۸

HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware path traversal

$۱۰k-$25k

Official Fix

CVE-2021-25124

۸.۸

HPE Cloudline CL5800 Gen9 Server Baseboard Management Controller cloudline_cl3100_gen10_server_firmware path traversal

$۱۰k-$25k

Official Fix

CVE-2020-9118

۵.۵

Huawei AIS-BW80H-00 improper validation of integrity check value

$۵k-$25k

Not Defined

CVE-2021-22293

۳.۵

Huawei Campusesight/ManageOne/Taurus-AL00A HTTP Request information disclosure

$۰-$۵k

Not Defined

CVE-2021-22292

۴.۳

Huawei eCNS280 Message resource consumption

$۰-$۵k

Not Defined

CVE-2021-22300

۳.۵

Huawei eCNS280_TD Temporary Files information disclosure

$۰-$۵k

Not Defined

CVE-2020-9205

۵.۵

Huawei ManageOne CSV csv injection

$۵k-$25k

Not Defined

CVE-2021-22298

۵.۵

Huawei ManageOne sql injection

$۵k-$25k

Not Defined

CVE-2021-22299

۵.۳

Huawei ManageOne/NFV_FusionSphere/SMC/iMaster MAE-M access control

$۵k-$25k

Not Defined

CVE-2021-22301

۶.۸

Huawei Mate 30 buffer overflow

$۵k-$25k

Not Defined

CVE-2021-22305

۵.۵

Huawei Mate 30 Module buffer overflow

$۵k-$25k

Not Defined

CVE-2021-22306

۵.۵

Huawei Mate 30 Module out-of-bounds read

$۵k-$25k

Not Defined

CVE-2021-22307

۳.۳

Huawei Mate 30 risky encryption

$۰-$۵k

Not Defined

CVE-2021-22302

۵.۵

Huawei Taurus-AL00A Module out-of-bounds read

$۵k-$25k

Not Defined

CVE-2021-22304

۵.۵

Huawei Taurus-AL00A Module use after free

$۵k-$25k

Not Defined

CVE-2021-22303

۵.۵

Huawei Taurus-AL00A Multi-Thread double free

$۵k-$25k

Not Defined

CVE-2020-4827

۴.۳

IBM API Connect cross-site request forgery

$۵k-$10k

Not Defined

CVE-2020-4826

۴.۳

IBM API Connect cross-site request forgery

$۵k-$10k

Not Defined

CVE-2020-4828

۷.۳

IBM API Connect HTTP Request input validation

$۱۰k-$25k

Not Defined

CVE-2020-4640

۳.۰

IBM API Connect URL Fragment information disclosure

$۲k-$5k

Not Defined

CVE-2020-4825

۳.۵

IBM API Connect Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2020-4934

۴.۳

IBM Content Navigator URL Request path traversal

$۵k-$10k

Not Defined

CVE-2020-4832

۴.۰

IBM PowerHA Discovery information disclosure

$۲k-$5k

Not Defined

CVE-2020-5032

۴.۳

IBM QRadar SIEM denial of service

$۲k-$5k

Not Defined

CVE-2020-8672

۵.۹

Intel Core/Celeron Processor 4000 BIOS Firmware out-of-bounds read

$۵k-$10k

Not Defined

CVE-2020-8734

۵.۳

Intel Server Board M10JNP2SB Firmware input validation

$۵k-$10k

Official Fix

CVE-2021-25755

۳.۱

JetBrains Code With Me Session ID random values

$۰-$۱k

Official Fix

CVE-2021-25759

۴.۶

JetBrains Hub 2FA Settings denial of service

$۰-$۱k

Official Fix

CVE-2021-25760

۳.۵

JetBrains Hub Public API information disclosure

$۰-$۱k

Official Fix

CVE-2021-25757

۵.۵

JetBrains Hub redirect

$۱k-$2k

Official Fix

CVE-2021-25756

۳.۷

JetBrains IntelliJ IDEA HTTP Links cleartext transmission

$۰-$۱k

Official Fix

CVE-2021-25758

۵.۵

JetBrains IntelliJ IDEA Workspace Model deserialization

$۱k-$2k

Official Fix

CVE-2020-29582

۳.۵

JetBrains Kotlin Java API temp file

$۱k-$2k

Official Fix

CVE-2021-25762

۵.۵

JetBrains Ktor HTTP Request request smuggling

$۱k-$2k

Official Fix

CVE-2021-25763

۲.۶

JetBrains Ktor risky encryption

$۰-$۱k

Official Fix

CVE-2021-25761

۲.۶

JetBrains Ktor SessionStorage Key inadequate encryption

$۰-$۱k

Official Fix

CVE-2021-25775

۴.۳

JetBrains TeamCity Access Token access control

$۱k-$2k

Official Fix

CVE-2021-25773

۳.۵

JetBrains TeamCity cross site scripting

$۰-$۱k

Official Fix

CVE-2021-25776

۳.۵

JetBrains TeamCity ECR Token information disclosure

$۰-$۱k

Official Fix

CVE-2021-25774

۳.۵

JetBrains TeamCity GitHub Access Token information disclosure

$۰-$۱k

Official Fix

CVE-2020-35667

۳.۵

JetBrains TeamCity Plugin server-side request forgery

$۱k-$2k

Official Fix

CVE-2021-25772

۳.۵

JetBrains TeamCity Server Integration denial of service

$۰-$۱k

Official Fix

CVE-2021-25777

۵.۵

JetBrains TeamCity Token Removal permission

$۱k-$2k

Official Fix

CVE-2021-25778

۵.۵

JetBrains TeamCity User permission

$۱k-$2k

Official Fix

CVE-2021-25766

۶.۳

JetBrains YouTrack access control

$۲k-$5k

Official Fix

CVE-2021-25768

۵.۵

JetBrains YouTrack Attachment permission

$۱k-$2k

Official Fix

CVE-2021-25769

۵.۵

JetBrains YouTrack Attachment unknown vulnerability

$۲k-$5k

Official Fix

CVE-2021-25765

۳.۵

JetBrains YouTrack Attachment Upload cross-site request forgery

$۰-$۱k

Official Fix

CVE-2021-25767

۳.۵

JetBrains YouTrack Command information disclosure

$۰-$۱k

Official Fix

CVE-2021-25771

۳.۵

JetBrains YouTrack Project information disclosure

$۰-$۱k

Official Fix

CVE-2021-25771

۳.۵

JetBrains YouTrack Project information disclosure

$۰-$۱k

Official Fix

CVE-2020-25208

۳.۵

JetBrains YouTrack REST API information disclosure

$۰-$۱k

Official Fix

CVE-2021-25770

۵.۵

JetBrains YouTrack Template injection

$۱k-$2k

Official Fix

CVE-2020-21179

۶.۳

koa2-blog Signin Page sql injection

$۱k-$2k

Not Defined

CVE-2020-21180

۶.۳

koa2-blog Signup Page sql injection

$۱k-$2k

Not Defined

CVE-2021-26687

۵.۵

LG Mobile Device unknown vulnerability

$۱۰k-$25k

Not Defined

CVE-2021-26689

۵.۵

LG Mobile Devices USB laf Gadget use after free

$۱۰k-$25k

Not Defined

CVE-2021-26688

۵.۵

LG Wing Mobile Devices Biometric Sensor unknown vulnerability

$۱۰k-$25k

Not Defined

CVE-2021-3348

۵.۵

Linux Kernel IO Request nbd.c nbd_add_socket use after free

$۱۰k-$25k

Official Fix

CVE-2021-3347

۷.۸

Linux Kernel PI Futex use after free

$۲۵k-$50k

Official Fix

CVE-2021-26708

۵.۰

Linux Kernel VSOCK af_vsock.c race condition

$۵k-$10k

Official Fix

CVE-2021-22499

۳.۵

Micro Focus Application Performance Management cross site scripting

$۰-$۵k

Not Defined

CVE-2021-22500

۳.۵

Micro Focus Application Performance Management cross-site request forgery

$۰-$۵k

Not Defined

CVE-2019-25018

۵.۵

MIT krb5-appl rcp Client access control

$۱۰k-$25k

Official Fix

CVE-2019-25017

۵.۵

MIT krb5-appl rcp pathname traversal

$۵k-$10k

Official Fix

CVE-2020-8589

۳.۵

NetApp Clustered Data ONTAP information disclosure

$۰-$۱k

Official Fix

CVE-2020-8588

۳.۵

NetApp Clustered Data ONTAP information disclosure

$۰-$۱k

Official Fix

CVE-2020-27872

۶.۳

Netgear R7450 mini_httpd improper authorization

$۱۰k-$25k

Not Defined

CVE-2020-27873

۴.۳

Netgear R7450 SOAP API endpoint access control

$۱۰k-$25k

Not Defined

CVE-2020-8294

۳.۵

Nextcloud Server Markdown cross site scripting

$۰-$۱k

Official Fix

CVE-2021-1072

۳.۸

NVIDIA GeForce Experience GameStream rxdiag.dll denial of service

$۰-$۵k

Official Fix

CVE-2021-21436

۳.۵

OTRS OTRSCIsInCustomerFrontend Config Item access control

$۰-$۵k

Not Defined

CVE-2020-1779

۲.۱

OTRS OTRSTicketForms Dynamic Template information disclosure

$۰-$۵k

Not Defined

CVE-2021-21434

۲.۴

OTRS Survey Agent Interface cross site scripting

$۰-$۵k

Not Defined

CVE-2021-21435

۳.۵

OTRS Ticket Print information disclosure

$۰-$۵k

Not Defined

CVE-2021-20623

۸.۸

Panasonic Video Insight VMS Remote Privilege Escalation

$۱۰k-$25k

Official Fix

CVE-2021-21702

۵.۳

PHP SoapClient query null pointer dereference

$۵k-$25k

Official Fix

CVE-2020-13564

۳.۵

phpGACL HTTP Request cross site scripting

$۰-$۱k

Not Defined

CVE-2020-13563

۳.۵

phpGACL HTTP Request cross site scripting

$۰-$۱k

Not Defined

CVE-2020-13562

۳.۵

phpGACL Template cross site scripting

$۰-$۱k

Not Defined

CVE-2020-10552

۶.۳

Psyprax Firebird Database access control

$۰-$۵k

Official Fix

CVE-2020-10553

۶.۳

Psyprax Lockscreen PPScreen.ini permission

$۰-$۵k

Official Fix

CVE-2020-10554

۳.۱

Psyprax Password inadequate encryption

$۰-$۵k

Official Fix

CVE-2021-3392

۴.۳

QEMU SCSI IO Request mptsas.c mptsas_process_scsi_io_request use after free

$۵k-$25k

Official Fix

CVE-2020-17380

۵.۷

QEMU SDHCI Device Emulator sdhci.c sdhci_sdma_transfer_multi_blocks denial of service

$۲k-$5k

Not Defined

CVE-2020-2507

۷.۳

QNAP QTS Helpdesk access control

$۲k-$5k

Official Fix

CVE-2020-2506

۹.۸

QNAP QTS Helpdesk os command injection

$۲k-$5k

Official Fix

CVE-2020-29164

۳.۵

RainbowFish PacsOne Server cross site scripting

$۰-$۱k

Official Fix

CVE-2020-29166

۴.۳

RainbowFish PacsOne Server information disclosure

$۱k-$2k

Official Fix

CVE-2020-29163

۶.۳

RainbowFish PacsOne Server sql injection

$۱k-$2k

Official Fix

CVE-2020-25853

۵.۵

Realtek RTL8195A WPA2 Handshake CheckMic stack-based overflow

$۲k-$5k

Official Fix

CVE-2020-25857

۵.۵

Realtek RTL8195A WPA2 Handshake ClientEAPOLKeyRecvd stack-based overflow

$۲k-$5k

Official Fix

CVE-2020-25856

۶.۳

Realtek RTL8195A WPA2 Handshake DecWPA2KeyData stack-based overflow

$۲k-$5k

Official Fix

CVE-2020-25854

۶.۳

Realtek RTL8195A WPA2 Handshake DecWPA2KeyData stack-based overflow

$۲k-$5k

Official Fix

CVE-2020-14312

۶.۳

Red Hat Enterprise Linux dnsmasq access control

$۵k-$25k

Official Fix

CVE-2021-26711

۶.۳

Redwood Report2Web default.htm injection

$۲k-$5k

Not Defined

CVE-2021-26710

۳.۵

Redwood Report2Web signIn.do cross site scripting

$۰-$۱k

Not Defined

CVE-2020-18713

۶.۳

RockOA customerAction.php sql injection

$۱k-$2k

Not Defined

CVE-2020-18716

۶.۳

RockOA wordAction.php sql injection

$۱k-$2k

Not Defined

CVE-2020-18714

۶.۳

RockOA wordModel.php getdata sql injection

$۱k-$2k

Not Defined

CVE-2020-27249

۶.۳

SoftMaker Office PlanMaker heap-based overflow

$۲k-$5k

Not Defined

CVE-2020-27248

۶.۳

SoftMaker Office PlanMaker heap-based overflow

$۲k-$5k

Not Defined

CVE-2020-27247

۶.۳

SoftMaker Office PlanMaker heap-based overflow

$۲k-$5k

Not Defined

CVE-2020-13586

۶.۳

SoftMaker Office PlanMaker heap-based overflow

$۲k-$5k

Not Defined

CVE-2020-13580

۶.۳

SoftMaker Office PlanMaker heap-based overflow

$۲k-$5k

Not Defined

CVE-2020-13579

۶.۳

SoftMaker Office PlanMaker integer underflow

$۲k-$5k

Not Defined

CVE-2021-25274

۹.۸

SolarWinds Orion Platform MSMQ permission

$۲k-$5k

Official Fix

CVE-2021-25275

۷.۸

SolarWinds Orion Platform SQL Server Backend access control

$۰-$۱k

Official Fix

CVE-2020-35482

۵.۴

SolarWinds Serv-U cross site scripting

$۰-$۱k

Official Fix

CVE-2020-28001

۵.۴

SolarWinds Serv-U cross site scripting

$۰-$۱k

Official Fix

CVE-2021-25276

۶.۳

SolarWinds Serv-U Home Directory permission

$۲k-$5k

Official Fix

CVE-2020-35481

۶.۳

SolarWinds Serv-U Macro injection

$۲k-$5k

Official Fix

CVE-2020-27994

۵.۵

SolarWinds Serv-U pathname traversal

$۱k-$2k

Official Fix

CVE-2021-20016

۷.۳

SonicWall SSLVPN SMA100 sql injection

$۲k-$5k

Not Defined

CVE-2020-11920

۶.۶

Svakom Siime Eye NFS Settings Menu IP os command injection

$۰-$۵k

Not Defined

CVE-2020-11915

۶.۴

Svakom Siime Eye Web Server hard-coded password

$۰-$۵k

Not Defined

CVE-2019-20470

۵.۳

TK-Star Q90 Junior GPS Horloge Communication Channel hard-coded password

$۱k-$2k

Not Defined

CVE-2019-20471

۶.۳

TK-Star Q90 Junior GPS Horloge hard-coded password

$۱k-$2k

Not Defined

CVE-2019-20468

۵.۵

TK-Star Q90 Junior GPS Horloge SeTracker2 permission

$۱k-$2k

Not Defined

CVE-2019-20473

۳.۹

TK-Star Q90 Junior GPS Horloge SIM Card PIN locking

$۰-$۱k

Not Defined

CVE-2020-28494

۷.۳

total.js image.stream injection

$۲k-$5k

Official Fix

CVE-2020-28495

۷.۳

total.js set code injection

$۲k-$5k

Official Fix

CVE-2021-25227

۵.۳

Trend Micro Antivirus Scanning Engine memory allocation

$۵k-$10k

Official Fix

CVE-2021-25243

۴.۳

Trend Micro Apex One access control

$۱۰k-$25k

Official Fix

CVE-2021-25242

۴.۳

Trend Micro Apex One access control

$۱۰k-$25k

Not Defined

CVE-2021-25240

۴.۳

Trend Micro Apex One access control

$۱۰k-$25k

Not Defined

CVE-2021-25239

۴.۳

Trend Micro Apex One access control

$۱۰k-$25k

Not Defined

CVE-2021-25237

۴.۳

Trend Micro Apex One access control

$۱۰k-$25k

Not Defined

CVE-2021-25233

۴.۳

Trend Micro Apex One access control

$۱۰k-$25k

Not Defined

CVE-2021-25231

۴.۳

Trend Micro Apex One access control

$۱۰k-$25k

Not Defined

CVE-2021-25228

۴.۳

Trend Micro Apex One access control

$۱۰k-$25k

Not Defined

CVE-2021-25234

۴.۳

Trend Micro Apex One Configuration File access control

$۱۰k-$25k

Not Defined

CVE-2021-25246

۳.۱

Trend Micro Apex One information disclosure

$۵k-$10k

Not Defined

CVE-2021-25249

۵.۳

Trend Micro Apex One out-of-bounds write

$۵k-$10k

Not Defined

CVE-2021-25232

۴.۳

Trend Micro Apex One/OfficeScan XG access control

$۱۰k-$25k

Not Defined

CVE-2021-25230

۴.۳

Trend Micro Apex One/OfficeScan XG access control

$۱۰k-$25k

Not Defined

CVE-2021-25229

۴.۳

Trend Micro Apex One/OfficeScan XG access control

$۱۰k-$25k

Not Defined

CVE-2021-25235

۴.۳

Trend Micro Apex One/OfficeScan XG Configuration File access control

$۱۰k-$25k

Not Defined

CVE-2021-25248

۳.۵

Trend Micro Apex One/OfficeScan/Worry-Free Business Security Named Pipe out-of-bounds read

$۲k-$5k

Not Defined

CVE-2021-25241

۴.۳

Trend Micro Apex One/Worry-Free Business Security server-side request forgery

$۱۰k-$25k

Not Defined

CVE-2021-25238

۴.۳

Trend Micro OfficeScan XG/Worry-Free Business Security information disclosure

$۵k-$10k

Not Defined

CVE-2021-25236

۴.۳

Trend Micro OfficeScan XG/Worry-Free Business Security server-side request forgery

$۱۰k-$25k

Not Defined

CVE-2021-25245

۴.۳

Trend Micro Worry-Free Business Security access control

$۱۰k-$25k

Not Defined

CVE-2021-25244

۴.۳

Trend Micro Worry-Free Business Security access control

$۱۰k-$25k

Official Fix

CVE-2020-25036

۶.۳

UCOPIA Wi-Fi Appliance Administration Shell CLI sandbox

$۲k-$5k

Not Defined

CVE-2020-25035

۸.۰

UCOPIA Wi-Fi Appliance chroothole_client unknown vulnerability

$۲k-$5k

Not Defined

CVE-2020-25037

۶.۸

UCOPIA Wi-Fi Appliance Command unknown vulnerability

$۲k-$5k

Not Defined

CVE-2020-28895

۷.۳

Wind River VxWorks calloc memory corruption

$۲k-$5k

Not Defined

CVE-2021-26754

۶.۳

wpDataTables sql injection

$۰-$۵k

Official Fix

CVE-2020-20289

۶.۳

yccms no_top sql injection

$۱k-$2k

Not Defined

CVE-2020-20290

۵.۵

yccms pathname traversal

$۱k-$2k

Not Defined

CVE-2020-20287

۶.۳

yccms xhUp unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-25910

۵.۳

ZIV Automation 4CCT-EA6-334126BF improper authentication

$۰-$۱k

Not Defined

CVE-2021-25909

۵.۳

ZIV Automation 4CCT-EA6-334126BF Service Port 7919 denial of service

$۰-$۱k

Official Fix

CVE-2020-35765

۶.۳

Zoho ManageEngine Applications Manager com.adventnet.appmanager.filter.UriCollector showresource.do sql injection

$۱k-$2k

Not Defined

CVE-2020-28653

۶.۳

Zoho ManageEngine OpManager Smart Update Manager Servlet Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2019-16268

۶.۳

Zoho ManageEngine Remote Access Plus User Administration Screen injection

$۲k-$5k

Not Defined

CVE-2020-10858

۵.۵

Zulip Desktop Request permission

$۰-$۵k

Official Fix

CVE-2020-10857

۶.۳

Zulip Desktop shell.openItem Remote Privilege Escalation

$۰-$۵k

Official Fix