info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته سوم دی‌ماه

 

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Mozilla  و Google گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد.  همچنین در  محصولات شرکت‌های Citrix، FasterXML، Foxit، NVIDIA، Dell، IBM و کرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری

امتیاز مبنا

عنوان آسیب‌پذیری

ارزش روز صفر

رفع آسیب‌پذیری

CVE-2020-13922

۵.۵

Apache DolphinScheduler API Interface access control

$۱۰k-$25k

Official Fix

CVE-2020-11995

۶.۳

Apache Dubbo hashCode deserialization

$۱۰k-$25k

Official Fix

CVE-2020-17519

۷.۵

Apache Flink REST Interface file access

$۵k-$10k

Official Fix

CVE-2020-17518

۷.۵

Apache Flink REST path traversal

$۵k-$10k

Official Fix

CVE-2020-17509

۷.۳

Apache Traffic Server Cache Option request smuggling

$۱۰k-$25k

Not Defined

CVE-2020-17508

۳.۵

Apache Traffic Server ESI Plugin information disclosure

$۲k-$5k

Official Fix

CVE-2020-35219

۹.۸

ASUS DSL-N17U Admin Interface Advanced_System_Content.asp improper authentication

$۱k-$2k

Not Defined

CVE-2020-17504

۴.۷

Barco NDN-210 Web Administration Panel ngpsystemcmd.php command injection

$۱k-$2k

Official Fix

CVE-2020-17503

۶.۳

Barco NDN-210 Web Administration Panel split_card_cmd.php command injection

$۲k-$5k

Official Fix

CVE-2020-17502

۶.۳

Barco TransForm N Web Administration Panel split_card_cmd.php command injection

$۲k-$5k

Official Fix

CVE-2020-17500

۷.۳

Barco TransForm NDN-210 Lite Web Administration Panel command injection

$۲k-$5k

Official Fix

CVE-2020-29478

۵.۳

Broadcom CA Service Catalog Setup Utility denial of service

$۰-$۱k

Not Defined

CVE-2020-8275

۴.۰

Citrix Secure Mail access control

$۵k-$10k

Official Fix

CVE-2020-8274

۶.۳

Citrix Secure Mail code injection

$۱۰k-$25k

Official Fix

CVE-2020-36112

۵.۰

CSE Bookstore bookPerPub.php sql injection

$۱k-$2k

Not Defined

CVE-2020-5361

۵.۱

Dell Client Consumer/Client Commercial BIOS Password Reset password recovery

$۲k-$5k

Not Defined

CVE-2020-26181

۷.۸

Dell EMC Isilon OneFS/PowerScale OneFS SmartLock Compliance Mode Cluster privileges management

$۱۰k-$25k

Not Defined

CVE-2020-29502

۶.۷

Dell EMC PowerStore cleartext storage

$۰-$۱k

Official Fix

CVE-2020-29501

۶.۷

Dell EMC PowerStore cleartext storage

$۰-$۱k

Official Fix

CVE-2020-29500

۶.۷

Dell EMC PowerStore cleartext storage

$۰-$۱k

Official Fix

CVE-2020-35170

۵.۴

Dell EMC Unisphere for PowerMax/PowerMax OS cross site scripting

$۲k-$5k

Official Fix

CVE-2020-29489

۶.۴

Dell EMC Unity/Unity XT/UnityVSA cleartext storage

$۰-$۱k

Official Fix

CVE-2020-26199

۶.۷

Dell EMC Unity/Unity XT/UnityVSA log file

$۱k-$2k

Official Fix

CVE-2020-29490

۷.۵

Dell EMC Unity/Unity XT/UnityVSA NAS Servers with NFS Export resource consumption

$۲k-$5k

Official Fix

CVE-2020-26186

۶.۸

Dell Inspiron 5675 UEFI BIOS memory corruption

$۰-$۱k

Official Fix

CVE-2020-29496

۴.۸

Dell Wyse Management Suite cross site scripting

$۲k-$5k

Official Fix

CVE-2020-29497

۵.۴

Dell Wyse Management Suite Device Tag cross site scripting

$۲k-$5k

Official Fix

CVE-2020-29498

۶.۱

Dell Wyse Management Suite redirect

$۱۰k-$25k

Official Fix

CVE-2020-29492

۱۰.۰

Dell Wyse ThinOS default permission

$۱۰k-$25k

Not Defined

CVE-2020-29491

۸.۶

Dell Wyse ThinOS information disclosure

$۵k-$10k

Not Defined

CVE-2020-24577

۴.۳

D-Link DSL-2888A One Touch Application passwd information disclosure

$۵k-$10k

Official Fix

CVE-2020-24386

۵.۵

Dovecot IMAP unknown vulnerability

$۲k-$5k

Official Fix

CVE-2020-25275

۵.۵

Dovecot lda/lmtp/imap input validation

$۱k-$2k

Official Fix

CVE-2020-6655

۲.۶

Eaton easySoft E70 File out-of-bounds read

$۰-$۱k

Not Defined

CVE-2020-6656

۵.۰

Eaton easySoft E70 File type confusion

$۲k-$5k

Not Defined

CVE-2021-3118

۶.۳

EVOLUCARE ECS Imaging req_password_user.php sql injection

$۱k-$2k

Not Defined

CVE-2021-3029

۸.۰

EVOLUCARE ECS Imaging showfile.php os command injection

$۲k-$5k

Workaround

CVE-2020-36189

۹.۸

FasterXML jackson-databind Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2020-36188

۹.۸

FasterXML jackson-databind Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2020-36187

۹.۸

FasterXML jackson-databind Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2020-36186

۹.۸

FasterXML jackson-databind Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2020-36185

۹.۸

FasterXML jackson-databind Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2020-36184

۹.۸

FasterXML jackson-databind Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2020-36183

۹.۸

FasterXML jackson-databind unknown vulnerability

$۲k-$5k

Official Fix

CVE-2020-36182

۹.۸

FasterXML jackson-databind unknown vulnerability

$۲k-$5k

Official Fix

CVE-2020-36181

۹.۸

FasterXML jackson-databind unknown vulnerability

$۲k-$5k

Official Fix

CVE-2020-36180

۹.۸

FasterXML jackson-databind unknown vulnerability

$۲k-$5k

Official Fix

CVE-2020-36179

۹.۸

FasterXML jackson-databind unknown vulnerability

$۲k-$5k

Official Fix

CVE-2018-19418

۶.۳

Foxit PDF ActiveX Permission command injection

$۲k-$5k

Official Fix

CVE-2018-20316

۶.۳

Foxit Reader/PhantomPDF Opcode proxyDoAction out-of-bounds read

$۱k-$2k

Official Fix

CVE-2018-20312

۶.۳

Foxit Reader/PhantomPDF Opcode proxyDoAction out-of-bounds read

$۱k-$2k

Official Fix

CVE-2018-20315

۶.۳

Foxit Reader/PhantomPDF out-of-bounds read

$۱k-$2k

Official Fix

CVE-2018-20314

۶.۳

Foxit Reader/PhantomPDF proxyCheckLicence out-of-bounds read

$۱k-$2k

Official Fix

CVE-2018-20311

۶.۳

Foxit Reader/PhantomPDF proxyCPDFAction out-of-bounds read

$۱k-$2k

Official Fix

CVE-2018-20310

۶.۳

Foxit Reader/PhantomPDF proxyDoAction out-of-bounds read

$۱k-$2k

Official Fix

CVE-2018-20309

۶.۳

Foxit Reader/PhantomPDF proxyGetAppEdition out-of-bounds read

$۱k-$2k

Official Fix

CVE-2018-20313

۶.۳

Foxit Reader/PhantomPDF proxyPreviewAction out-of-bounds read

$۱k-$2k

Official Fix

CVE-2020-26046

۳.۵

Fuel CMS cross site scripting

$۰-$۱k

Not Defined

CVE-2020-26045

۶.۳

Fuel CMS sql injection

$۱k-$2k

Official Fix

CVE-2020-23249

۲.۲

Gigamon GigaVUE-OS cleartext storage

$۰-$۱k

Official Fix

CVE-2020-23250

۱.۹

Gigamon GigaVUE-OS inadequate encryption

$۰-$۱k

Official Fix

CVE-2020-36066

۵.۳

GJSON denial of service

$۰-$۱k

Not Defined

CVE-2020-36067

۵.۳

GJSON GET Call denial of service

$۰-$۱k

Not Defined

CVE-2020-35495

۴.۳

GNU Binutils objdump pef.c null pointer dereference

$۰-$۱k

Official Fix

CVE-2020-35493

۶.۳

GNU Binutils PEF File Parser pef.c out-of-bounds read

$۱k-$2k

Official Fix

CVE-2020-35507

۴.۳

GNU Binutils pef.c bfd_pef_parse_function_stubs null pointer dereference

$۰-$۱k

Official Fix

CVE-2020-35496

۴.۳

GNU Binutils pef.c bfd_pef_scan_start_address null pointer dereference

$۰-$۱k

Official Fix

CVE-2020-35494

۶.۳

GNU Binutils tic4x-dis.c uninitialized resource

$۲k-$5k

Official Fix

CVE-2019-25013

۵.۵

GNU C Library iconv encoding error

$۲k-$5k

Official Fix

CVE-2021-21116

۶.۳

Google Chrome Audio buffer overflow

$۵۰k-$100k

Official Fix

CVE-2021-21114

۶.۳

Google Chrome Audio use after free

$۵۰k-$100k

Official Fix

CVE-2021-21106

۶.۳

Google Chrome Autofill use after free

$۵۰k-$100k

Official Fix

CVE-2020-16030

۴.۳

Google Chrome Blink cross site scripting

$۱۰k-$25k

Official Fix

CVE-2021-21112

۶.۳

Google Chrome Blink use after free

$۵۰k-$100k

Official Fix

CVE-2020-16025

۶.۳

Google Chrome Clipboard heap-based overflow

$۵۰k-$100k

Official Fix

CVE-2020-16020

۵.۰

Google Chrome cryptohome access control

$۵۰k-$100k

Official Fix

CVE-2020-16027

۴.۳

Google Chrome Developer Tools information disclosure

$۲۵k-$50k

Official Fix

CVE-2020-16019

۵.۰

Google Chrome Filesystem protection mechanism

$۵۰k-$100k

Official Fix

CVE-2020-16022

۶.۳

Google Chrome Firewall Controls protection mechanism

$۵۰k-$100k

Official Fix

CVE-2020-16015

۶.۳

Google Chrome HTML Page heap-based overflow

$۵۰k-$100k

Official Fix

CVE-2020-16036

۶.۳

Google Chrome HTML Page Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2020-16016

۶.۳

Google Chrome HTML Page sandbox

$۵۰k-$100k

Official Fix

CVE-2021-21110

۶.۳

Google Chrome HTML Page use after free

$۵۰k-$100k

Official Fix

CVE-2020-16018

۶.۳

Google Chrome HTML Page use after free

$۵۰k-$100k

Official Fix

CVE-2020-16021

۵.۰

Google Chrome Image Burner access control

$۵۰k-$100k

Official Fix

CVE-2020-16012

۴.۳

Google Chrome information disclosure

$۲۵k-$50k

Official Fix

CVE-2020-16043

۶.۳

Google Chrome Network Traffic access control

$۵۰k-$100k

Official Fix

CVE-2020-16032

۴.۳

Google Chrome Omnibox clickjacking

$۵۰k-$100k

Official Fix

CVE-2020-16031

۴.۳

Google Chrome Omnibox clickjacking

$۵۰k-$100k

Official Fix

CVE-2021-21109

۵.۰

Google Chrome Payments use after free

$۵۰k-$100k

Official Fix

CVE-2020-16029

۶.۳

Google Chrome PDFium Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2021-21111

۵.۰

Google Chrome Policy Enforcement sandbox

$۵۰k-$100k

Official Fix

CVE-2020-16014

۵.۵

Google Chrome PPAPI use after free

$۵۰k-$100k

Official Fix

CVE-2020-16035

۵.۰

Google Chrome Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2021-21108

۵.۰

Google Chrome Renderer Process use after free

$۵۰k-$100k

Official Fix

CVE-2021-21107

۵.۰

Google Chrome Renderer Process use after free

$۵۰k-$100k

Official Fix

CVE-2021-21115

۵.۰

Google Chrome Safe Browsing use after free

$۵۰k-$100k

Official Fix

CVE-2021-21113

۶.۳

Google Chrome Skia buffer overflow

$۵۰k-$100k

Official Fix

CVE-2020-16024

۶.۳

Google Chrome UI buffer overflow

$۵۰k-$100k

Official Fix

CVE-2020-16033

۴.۳

Google Chrome UI unknown vulnerability

$۵۰k-$100k

Official Fix

CVE-2020-16023

۶.۳

Google Chrome WebCodecs use after free

$۵۰k-$100k

Official Fix

CVE-2020-16028

۶.۳

Google Chrome WebRTC heap-based overflow

$۵۰k-$100k

Official Fix

CVE-2020-16034

۵.۳

Google Chrome WebRTC Local Privilege Escalation

$۲۵k-$50k

Official Fix

CVE-2020-16026

۶.۳

Google Chrome WebRTC use after free

$۵۰k-$100k

Official Fix

CVE-2020-13450

۵.۵

Gotenberg File Upload pathname traversal

$۱k-$2k

Not Defined

CVE-2020-13449

۳.۵

Gotenberg Markdown Engine pathname traversal

$۱k-$2k

Not Defined

CVE-2020-13451

۵.۵

Gotenberg Office Rendering Engine unknown vulnerability

$۲k-$5k

Not Defined

CVE-2020-13452

۵.۵

Gotenberg tini permission

$۱k-$2k

Not Defined

CVE-2020-7202

۵.۳

HPE Integrated Lights-Out 4/Integrated Lights-Out 5 information disclosure

$۵k-$10k

Not Defined

CVE-2020-4899

۹.۱

IBM API Connect cleartext transmission

$۵k-$10k

Not Defined

CVE-2020-4917

۸.۸

IBM Cloud Pak System cross-site request forgery

$۵k-$10k

Official Fix

CVE-2020-4928

۶.۷

IBM Cloud Pak System File Extension unrestricted upload

$۲k-$5k

Official Fix

CVE-2020-4913

۴.۴

IBM Cloud Pak System HTTP Response information disclosure

$۵k-$10k

Official Fix

CVE-2020-4919

۳.۸

IBM Cloud Pak System Logout user session

$۱۰k-$25k

Official Fix

CVE-2020-4912

۷.۲

IBM Cloud Pak System Self Service Console access control

$۱۰k-$25k

Official Fix

CVE-2020-4918

۴.۴

IBM Cloud Pak System Sell Service Console resource injection

$۲k-$5k

Official Fix

CVE-2020-4916

۴.۸

IBM Cloud Pak System Web UI cross site scripting

$۲k-$5k

Official Fix

CVE-2020-4910

۴.۸

IBM Cloud Pak System Web UI cross site scripting

$۲k-$5k

Official Fix

CVE-2020-4909

۴.۸

IBM Cloud Pak System Web UI cross site scripting

$۲k-$5k

Official Fix

CVE-2020-4942

۸.۸

IBM Curam Social Program Management cross-site request forgery

$۵k-$10k

Not Defined

CVE-2020-4897

۵.۳

IBM Emptoris Contract Management information exposure

$۵k-$10k

Not Defined

CVE-2020-4892

۵.۴

IBM Emptoris Contract Management Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2020-4896

۶.۵

IBM Emptoris Sourcing HTTP Request injection

$۱۰k-$25k

Not Defined

CVE-2020-4893

۵.۹

IBM Emptoris Strategic Supply Management HTTP GET Request information disclosure

$۵k-$10k

Not Defined

CVE-2020-4898

۷.۵

IBM Emptoris Strategic Supply Management inadequate encryption

$۵k-$10k

Not Defined

CVE-2020-4895

۵.۴

IBM Emptoris Strategic Supply Management Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2020-4667

۶.۳

IBM Engineering Requirements Quality Assistant On-Premises input validation

$۱۰k-$25k

Not Defined

CVE-2020-4666

۵.۴

IBM Engineering Requirements Quality Assistant On-Premises Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2020-4664

۵.۴

IBM Engineering Requirements Quality Assistant On-Premises Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2020-4663

۵.۴

IBM Engineering Requirements Quality Assistant On-Premises Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2020-4544

۴.۳

IBM Jazz Foundation information exposure

$۵k-$10k

Not Defined

CVE-2020-4487

۴.۳

IBM Jazz Foundation information exposure

$۵k-$10k

Not Defined

CVE-2020-4733

۳.۵

IBM Jazz Foundation Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2020-4697

۳.۵

IBM Jazz Foundation Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2020-4691

۳.۵

IBM Jazz Foundation Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2020-4606

۶.۳

IBM Security Verify Privilege Manager xml external entity reference

$۵k-$10k

Not Defined

CVE-2020-5020

۶.۱

IBM Spectrum Protect Plus clickjacking

$۱۰k-$25k

Not Defined

CVE-2020-5019

۶.۵

IBM Spectrum Protect Plus HTTP Host Header cross site scripting

$۵k-$10k

Not Defined

CVE-2020-5017

۲.۷

IBM Spectrum Protect Plus permission

$۱۰k-$25k

Not Defined

CVE-2020-5021

۵.۶

IBM Spectrum Protect Plus Session password recovery

$۱۰k-$25k

Not Defined

CVE-2020-5018

۳.۱

IBM Spectrum Protect Plus URL information disclosure

$۵k-$10k

Not Defined

CVE-2020-5022

۵.۳

IBM Spectrum Protect Plus VDAP Proxy information disclosure

$۵k-$10k

Not Defined

CVE-2020-4762

۸.۸

IBM Sterling B2B Integrator Standard Edition access control

$۱۰k-$25k

Not Defined

CVE-2019-4728

۸.۸

IBM Sterling B2B Integrator Standard Edition deserialization

$۱۰k-$25k

Official Fix

CVE-2020-4761

۵.۳

IBM Sterling B2B Integrator Standard Edition information exposure

$۵k-$10k

Not Defined

CVE-2020-4336

۳.۷

IBM WebSphere eXtreme Scale URL Parameter information disclosure

$۱۰k-$25k

Not Defined

CVE-2020-27262

۳.۵

Innokas Yhtymä Oy Vital Signs Monitor VC150 cross site scripting

$۰-$۱k

Official Fix

CVE-2020-27260

۲.۲

Innokas Yhtymä Oy Vital Signs Monitor VC150 HL7 Segment injection

$۰-$۱k

Official Fix

CVE-2021-3026

۳.۵

Invision Power Services Community Suite Comments cross site scripting

$۰-$۱k

Official Fix

CVE-2021-3025

۶.۳

Invision Power Services Community Suite Download REST API files.php GETindex sql injection

$۱k-$2k

Official Fix

CVE-2020-24901

۳.۵

Krpano Panorama Viewer JS Load krpano.html cross site scripting

$۰-$۱k

Not Defined

CVE-2020-24900

۳.۵

Krpano Panorama Viewer XML Load krpano.html cross site scripting

$۰-$۱k

Not Defined

CVE-2021-3022

۵.۵

LG Mobile Device unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-27835

۵.۵

Linux Kernel infiniband hfi1 Driver use after free

$۵k-$10k

Official Fix

CVE-2020-36158

۸.۸

Linux Kernel SSID join.c mwifiex_cmd_802_11_ad_hoc_start memory corruption

$۱۰۰k and more

Official Fix

CVE-2020-5804

۷.۱

Marvell QConvergeConsole GUI deleteEventLogFile path traversal

$۱k-$2k

Not Defined

CVE-2020-5805

۴.۳

Marvell QConvergeConsole GUI QCC tomcat-users.xml cleartext storage

$۰-$۱k

Not Defined

CVE-2020-7336

۴.۳

McAfee Network Security Management HTTP Request cross-site request forgery

$۵k-$10k

Official Fix

CVE-2020-36051

۴.۳

miniCMS page_edit.php pathname traversal

$۱k-$2k

Not Defined

CVE-2020-36052

۶.۳

miniCMS post-edit.php pathname traversal

$۱k-$2k

Not Defined

CVE-2020-26979

۴.۳

Mozilla Firefox Address Bar clickjacking

$۲۵k-$50k

Official Fix

CVE-2020-26972

۶.۳

Mozilla Firefox IPC Actor use after free

$۲۵k-$50k

Official Fix

CVE-2020-35114

۶.۳

Mozilla Firefox memory corruption

$۲۵k-$50k

Official Fix

CVE-2020-26976

۶.۳

Mozilla Firefox Service Worker Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2020-26975

۵.۳

Mozilla Firefox session fixiation

$۵k-$10k

Official Fix

CVE-2020-26977

۴.۳

Mozilla Firefox URL Bar clickjacking

$۲۵k-$50k

Official Fix

CVE-2020-26973

۵.۵

Mozilla Firefox/Firefox ESR/Thunderbird CSS unknown vulnerability

$۲۵k-$50k

Official Fix

CVE-2020-35112

۵.۰

Mozilla Firefox/Firefox ESR/Thunderbird Extension uncontrolled search path

$۲۵k-$50k

Official Fix

CVE-2020-26978

۴.۳

Mozilla Firefox/Firefox ESR/Thunderbird information disclosure

$۱۰k-$25k

Official Fix

CVE-2020-35113

۶.۳

Mozilla Firefox/Firefox ESR/Thunderbird memory corruption

$۲۵k-$50k

Official Fix

CVE-2020-35111

۴.۳

Mozilla Firefox/Firefox ESR/Thunderbird Proxy information disclosure

$۱۰k-$25k

Official Fix

CVE-2020-26974

۶.۳

Mozilla Firefox/Firefox ESR/Thunderbird Table Wrapper heap-based overflow

$۲۵k-$50k

Official Fix

CVE-2020-26971

۶.۳

Mozilla Firefox/Firefox ESR/Thunderbird Video Driver heap-based overflow

$۲۵k-$50k

Official Fix

CVE-2020-8584

۷.۳

NetApp Element OS Remote Code Execution

$۲k-$5k

Official Fix

CVE-2020-8280

۳.۵

Nextcloud Contacts SVG cross site scripting

$۰-$۱k

Not Defined

CVE-2020-8281

۳.۵

Nextcloud Contacts SVG File cross site scripting

$۰-$۱k

Not Defined

CVE-2020-36175

۵.۵

Ninja Forms Plugin Email Validation unknown vulnerability

$۲k-$5k

Official Fix

CVE-2020-36174

۳.۵

Ninja Forms Plugin Services Integration cross-site request forgery

$۰-$۱k

Official Fix

CVE-2020-36173

۳.۵

Ninja Forms Plugin submissions-table Field cross site scripting

$۰-$۱k

Official Fix

CVE-2020-8265

۵.۵

Node.js TLS Socket Write use after free

$۲k-$5k

Official Fix

CVE-2020-8287

۷.۳

Node.js Transfer-Encoding request smuggling

$۲k-$5k

Official Fix

CVE-2021-1056

۵.۳

NVIDIA GPU Display Driver Kernel Mode Layer access control

$۱k-$2k

Official Fix

CVE-2021-1055

۵.۳

NVIDIA GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape access control

$۱k-$2k

Official Fix

CVE-2021-1052

۷.۸

NVIDIA GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape access control

$۲k-$5k

Official Fix

CVE-2021-1054

۳.۳

NVIDIA GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape improper authorization

$۰-$۱k

Official Fix

CVE-2021-1053

۷.۸

NVIDIA GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape memory corruption

$۲k-$5k

Official Fix

CVE-2021-1051

۷.۸

NVIDIA GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape memory corruption

$۲k-$5k

Official Fix

CVE-2021-1063

۶.۳

NVIDIA vGPU Manager vGPU Plugin buffer overflow

$۲k-$5k

Official Fix

CVE-2021-1062

۶.۳

NVIDIA vGPU Manager vGPU Plugin denial of service

$۰-$۱k

Official Fix

CVE-2021-1065

۶.۳

NVIDIA vGPU Manager vGPU Plugin input validation

$۲k-$5k

Official Fix

CVE-2021-1059

۶.۳

NVIDIA vGPU Manager vGPU Plugin integer overflow

$۲k-$5k

Official Fix

CVE-2021-1064

۶.۳

NVIDIA vGPU Manager vGPU Plugin null pointer dereference

$۰-$۱k

Official Fix

CVE-2021-1066

۴.۳

NVIDIA vGPU Manager vGPU Plugin resource consumption

$۰-$۱k

Official Fix

CVE-2021-1061

۶.۳

NVIDIA vGPU Manager vGPU Plugin use after free

$۲k-$5k

Official Fix

CVE-2021-1058

۴.۳

NVIDIA vGPU Software vGPU Plugin denial of service

$۰-$۱k

Official Fix

CVE-2021-1060

۶.۳

NVIDIA vGPU Software vGPU Plugin memory corruption

$۲k-$5k

Official Fix

CVE-2021-1057

۶.۳

NVIDIA Virtual GPU Manager vGPU Plugin Remote Privilege Escalation

$۲k-$5k

Official Fix

CVE-2020-27843

۶.۳

OpenJPEG Conversion Encoding out-of-bounds read

$۱k-$2k

Official Fix

CVE-2020-27845

۶.۳

OpenJPEG Encoding pi.c out-of-bounds read

$۱k-$2k

Official Fix

CVE-2020-27844

۶.۳

OpenJPEG Encoding t2.c out-of-bounds write

$۲k-$5k

Official Fix

CVE-2020-27841

۶.۳

OpenJPEG pi.c out-of-bounds read

$۱k-$2k

Official Fix

CVE-2020-27842

۴.۳

OpenJPEG t2 Encoder null pointer dereference

$۰-$۱k

Official Fix

CVE-2020-35745

۵.۵

PHPGurukul Hospital Management System dashboard.php access control

$۱k-$2k

Not Defined

CVE-2018-18689

۴.۳

Portable Document Format Signature signature verification

$۱k-$2k

Official Fix

CVE-2018-18688

۴.۳

Portable Document Format Signature signature verification

$۱k-$2k

Official Fix

CVE-2020-10657

۷.۲

Proofpoint Insider Threat Management Server ImportAlertRules deserialization

$۲k-$5k

Official Fix

CVE-2020-10658

۸.۸

Proofpoint Insider Threat Management Server WriteImage API deserialization

$۲k-$5k

Official Fix

CVE-2020-10655

۸.۸

Proofpoint Insider Threat Management Server WriteWindowMouse API deserialization

$۲k-$5k

Official Fix

CVE-2020-10656

۸.۸

Proofpoint Insider Threat Management Server WriteWindowMouseWithChunksV2 API deserialization

$۲k-$5k

Official Fix

CVE-2020-8884

۸.۸

Proofpoint Insider Threat Management Windows Agent rcdsvc deserialization

$۲k-$5k

Official Fix

CVE-2020-35721

۳.۵

Quest Policy Authority BrowseAssets.do cross site scripting

$۰-$۱k

Workaround

CVE-2020-35727

۳.۵

Quest Policy Authority BrowseDirs.do cross site scripting

$۰-$۱k

Workaround

CVE-2020-35724

۳.۵

Quest Policy Authority Error.jsp cross site scripting

$۰-$۱k

Workaround

CVE-2020-35204

۳.۵

Quest Policy Authority FolderControl.jsp cross site scripting

$۰-$۱k

Workaround

CVE-2020-35726

۳.۵

Quest Policy Authority index.jsp cross site scripting

$۰-$۱k

Workaround

CVE-2020-35725

۳.۵

Quest Policy Authority index.jsp cross site scripting

$۰-$۱k

Workaround

CVE-2020-35719

۳.۵

Quest Policy Authority index.jsp cross site scripting

$۰-$۱k

Workaround

CVE-2020-35723

۳.۵

Quest Policy Authority ReportPreview.do cross site scripting

$۰-$۱k

Workaround

CVE-2020-35720

۳.۵

Quest Policy Authority submitUser.jsp cross site scripting

$۰-$۱k

Workaround

CVE-2020-35206

۳.۵

Quest Policy Authority Web Compliance Manager cConn.jsp cross site scripting

$۰-$۱k

Workaround

CVE-2020-35203

۳.۵

Quest Policy Authority Web Compliance Manager initFile.jsp cross site scripting

$۰-$۱k

Workaround

CVE-2020-35205

۳.۵

Quest Policy Authority Web Compliance Manager initFile.jsp server-side request forgery

$۱k-$2k

Workaround

CVE-2020-35722

۳.۵

Quest Policy Authority Web Compliance Manager submitUser.jsp cross-site request forgery

$۰-$۱k

Workaround

CVE-2020-25680

۵.۰

Red Hat JBoss Core Services httpd SSL Certificate certificate validation

$۵k-$10k

Official Fix

CVE-2020-27283

۴.۳

Red Lion Crimson Messages information disclosure

$۱k-$2k

Official Fix

CVE-2020-27285

۷.۳

Red Lion Crimson missing authentication

$۱k-$2k

Official Fix

CVE-2020-27279

۵.۳

Red Lion Crimson Packet null pointer dereference

$۰-$۱k

Official Fix

CVE-2019-18642

۵.۵

Rock RMS Profile Update resource injection

$۱k-$2k

Official Fix

CVE-2019-18643

۶.۳

Rock RMS unrestricted upload

$۲k-$5k

Official Fix

CVE-2021-22492

۵.۵

Samsung Mobile Device Bluetooth UART Driver buffer overflow

$۲k-$5k

Official Fix

CVE-2021-22495

۳.۵

Samsung Mobile Device Mali GPU Driver out-of-bounds read

$۰-$۱k

Official Fix

CVE-2021-22493

۵.۵

Samsung Mobile Device quram Library memory corruption

$۲k-$5k

Official Fix

CVE-2021-22494

۵.۵

Samsung Note 20 Fingerprint Scanner unknown vulnerability

$۲k-$5k

Official Fix

CVE-2020-13545

۶.۳

SoftMaker Office TextMaker heap-based overflow

$۲k-$5k

Not Defined

CVE-2020-13544

۶.۳

SoftMaker Office TextMaker heap-based overflow

$۲k-$5k

Not Defined

CVE-2019-16954

۶.۳

Solarwinds Web Help Desk Comments injection

$۲k-$5k

Not Defined

CVE-2020-5147

۵.۳

SonicWALL NetExtender Client unquoted search path

$۱k-$2k

Not Defined

CVE-2020-5146

۵.۵

SonicWall SMA100 HTTP POST os command injection

$۱k-$2k

Not Defined

CVE-2020-36178

۴.۷

TP-LINK TL-WR840N Web Interface oal_ipt_addBridgeIsolationRules os command injection

$۱k-$2k

Not Defined

CVE-2020-36156

۶.۳

Ultimate Member Plugin Profile Update profile.php access control

$۲k-$5k

Official Fix

CVE-2020-36157

۷.۳

Ultimate Member Plugin Registration access control

$۲k-$5k

Official Fix

CVE-2020-36170

۵.۵

Ultimate Member Plugin Timestamp Field unknown vulnerability

$۲k-$5k

Official Fix

CVE-2020-36155

۷.۳

Ultimate Member Plugin wp_capabilities access control

$۲k-$5k

Official Fix

CVE-2020-36161

۸.۸

Veritas APTARE OpenSSL Engine permission

$۲k-$5k

Official Fix

CVE-2020-36167

۸.۸

Veritas Backup Exec OpenSSL Library openssl.cnf permission

$۲k-$5k

Official Fix

CVE-2020-36162

۶.۳

Veritas CloudPoint Windows Agent openssl.cnf permission

$۲k-$5k

Official Fix

CVE-2020-36159

۵.۳

Veritas Desktop and Laptop Option Backup information disclosure

$۱k-$2k

Official Fix

CVE-2020-36165

۸.۸

Veritas Desktop and Laptop Option OpenSSL Library openssl.cnf permission

$۲k-$5k

Official Fix

CVE-2020-36164

۸.۸

Veritas Enterprise Vault OpenSSL Library openssl.cnf permission

$۲k-$5k

Not Defined

CVE-2020-36166

۸.۸

Veritas InfoScale OpenSSL Library openssl.cnf permission

$۲k-$5k

Not Defined

CVE-2020-36169

۸.۸

Veritas NetBackup/OpsCenter OpenSSL Library permission

$۲k-$5k

Official Fix

CVE-2020-36163

۶.۳

Veritas NetBackup/OpsCenter permission

$۲k-$5k

Official Fix

CVE-2020-36168

۸.۸

Veritas Resiliency Platform OpenSSL Library openssl.cnf permission

$۲k-$5k

Not Defined

CVE-2020-36160

۶.۳

Veritas System Recovery openssl.cnf access control

$۲k-$5k

Official Fix

CVE-2020-13540

۵.۳

Win-911 Enterprise Account Change Utility permission

$۱k-$2k

Not Defined

CVE-2020-13539

۵.۳

Win-911 Enterprise permission

$۱k-$2k

Not Defined

CVE-2019-16962

۵.۵

Zoho ManageEngine Desktop Central New Custom Report injection

$۱k-$2k

Not Defined