آسیبپذیریهای حیاتی هفته چهارم دیماه
این هفته آسیبپذیریهای «حیاتی» و «پرخطر» بسیاری در محصولات مهم Microsoft گزارش و وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شد. همچنین در محصولات شرکتهای Qualcomm، Apache، Siemens ، IBM، Palo Alto، Samba و کرنل لینوکس چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت.
لیست این آسیبپذیریها بههمراه سطح خطر آنها در جدول زیر آمده است.
|
شناسه آسیبپذیری |
امتیاز مبنا |
عنوان آسیبپذیری |
ارزش روز صفر |
رفع آسیبپذیری |
|
CVE-2021-44702 |
۳.۷ |
Adobe Acrobat Reader ActiveX Control information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-44739 |
۳.۱ |
Adobe Acrobat Reader ActiveX Control information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-44712 |
۵.۹ |
Adobe Acrobat Reader buffer overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-45067 |
۴.۹ |
Adobe Acrobat Reader buffer overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-44713 |
۴.۹ |
Adobe Acrobat Reader Format Event Action use after free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-45064 |
۷.۸ |
Adobe Acrobat Reader Format Event Action use after free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-45062 |
۷.۸ |
Adobe Acrobat Reader Format Event Action use after free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-44710 |
۷.۸ |
Adobe Acrobat Reader Format Event Action use after free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-44706 |
۷.۸ |
Adobe Acrobat Reader Format Event Action use after free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-44705 |
۷.۸ |
Adobe Acrobat Reader Format Event Action use after free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-44704 |
۷.۸ |
Adobe Acrobat Reader Format Event Action use after free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-44701 |
۷.۸ |
Adobe Acrobat Reader Format Event Action use after free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-45063 |
۳.۸ |
Adobe Acrobat Reader Format Event Action use after free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-44709 |
۷.۸ |
Adobe Acrobat Reader heap-based overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-44708 |
۷.۸ |
Adobe Acrobat Reader heap-based overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-44711 |
۷.۸ |
Adobe Acrobat Reader integer overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-44741 |
۳.۸ |
Adobe Acrobat Reader null pointer dereference |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-44740 |
۳.۸ |
Adobe Acrobat Reader null pointer dereference |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-45060 |
۷.۸ |
Adobe Acrobat Reader out-of-bounds read |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-44742 |
۳.۸ |
Adobe Acrobat Reader out-of-bounds read |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-44715 |
۳.۸ |
Adobe Acrobat Reader out-of-bounds read |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-45068 |
۷.۸ |
Adobe Acrobat Reader out-of-bounds write |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-45061 |
۷.۸ |
Adobe Acrobat Reader out-of-bounds write |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-44707 |
۷.۸ |
Adobe Acrobat Reader out-of-bounds write |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-44703 |
۷.۸ |
Adobe Acrobat Reader stack-based overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-44714 |
۲.۸ |
Adobe Acrobat Reader Warning Message injection |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-43762 |
۶.۵ |
Adobe AEM Dispatcher input validation |
$۵k-$10k |
Official Fix |
|
CVE-2021-44177 |
۶.۲ |
Adobe AEM Form Field cross site scripting |
$۲k-$5k |
Official Fix |
|
CVE-2021-44176 |
۶.۲ |
Adobe AEM Form Field cross site scripting |
$۲k-$5k |
Official Fix |
|
CVE-2021-43765 |
۶.۲ |
Adobe AEM Form Field cross site scripting |
$۲k-$5k |
Official Fix |
|
CVE-2021-43764 |
۵.۷ |
Adobe AEM Form Field cross site scripting |
$۱k-$2k |
Official Fix |
|
CVE-2021-43761 |
۵.۷ |
Adobe AEM Form Field cross site scripting |
$۱k-$2k |
Official Fix |
|
CVE-2021-40722 |
۹.۸ |
Adobe AEM Forms Cloud Service xml external entity reference |
$۲k-$5k |
Not Defined |
|
CVE-2021-44178 |
۴.۸ |
Adobe AEM URL cross site scripting |
$۲k-$5k |
Official Fix |
|
CVE-2021-45051 |
۳.۸ |
Adobe Bridge Format Event Action use after free |
$۵k-$10k |
Official Fix |
|
CVE-2021-45052 |
۳.۸ |
Adobe Bridge out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-44743 |
۷.۰ |
Adobe Bridge out-of-bounds write |
$۵k-$10k |
Official Fix |
|
CVE-2021-44700 |
۳.۸ |
Adobe Illustrator out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-43752 |
۳.۸ |
Adobe Illustrator out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-45055 |
۶.۰ |
Adobe InCopy out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-34921 |
۷.۰ |
Adobe View JT File Parser out-of-bounds write |
$۵k-$10k |
Official Fix |
|
CVE-2021-43297 |
۶.۳ |
Apache Dubbo Hessian2 Protocol deserialization |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-41767 |
۶.۵ |
Apache Guacamole REST Response access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-43999 |
۸.۸ |
Apache Guacamole SAML improper authentication |
$۵k-$10k |
Not Defined |
|
CVE-2022-22588 |
۳.۵ |
Apple iOS/iPadOS HomeKit resource consumption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28501 |
۷.۲ |
Arista EOS AAA API improper authorization |
$۱k-$2k |
Not Defined |
|
CVE-2021-28500 |
۷.۲ |
Arista EOS AAA API improper authorization |
$۱k-$2k |
Not Defined |
|
CVE-2021-28506 |
۸.۶ |
Arista EOS gNOI API improper authorization |
$۲k-$5k |
Not Defined |
|
CVE-2021-28507 |
۵.۱ |
Arista EOS OpenConfig gNOI/OpenConfig RESTCONF access control |
$۱k-$2k |
Not Defined |
|
CVE-2021-44828 |
۸.۰ |
ARM Midgard/Bifrost/Valhall Mali GPU Driver memory corruption |
$۲k-$5k |
Official Fix |
|
CVE-2021-40327 |
۵.۵ |
ARM Trusted Firmware-M NSPE access control |
$۱k-$2k |
Not Defined |
|
CVE-2022-22054 |
۶.۴ |
Asus RT-AX56U URL Parameter path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-43949 |
۴.۳ |
Atlassian Jira Service Management Server/Data Center Custom Fields access control |
$۲k-$5k |
Official Fix |
|
CVE-2021-43951 |
۴.۳ |
Atlassian Jira Service Management Server/Data Center Object Import Configuration information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2021-42748 |
۵.۵ |
Beaver Builder REST API protection mechanism |
$۱k-$2k |
Not Defined |
|
CVE-2021-42749 |
۵.۵ |
Beaver Themer Post Archive Privilege Escalation |
$۲k-$5k |
Not Defined |
|
CVE-2021-34985 |
۳.۸ |
Bentley ContextCapture OBJ File Parser out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34984 |
۳.۸ |
Bentley ContextCapture OBJ File Parser out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34874 |
۷.۳ |
Bentley View 3DS File memory corruption |
$۲k-$5k |
Official Fix |
|
CVE-2021-34889 |
۳.۶ |
Bentley View 3DS File out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34875 |
۷.۳ |
Bentley View 3DS File out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34880 |
۷.۰ |
Bentley View 3DS File Parser out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34901 |
۳.۶ |
Bentley View 3DS File Parser out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34911 |
۷.۳ |
Bentley View 3DS File Parser use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-34895 |
۷.۳ |
Bentley View 3DS File Parser use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-34894 |
۷.۳ |
Bentley View 3DS File Parser use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-34893 |
۷.۰ |
Bentley View BMP File heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-34907 |
۷.۰ |
Bentley View BMP File Parser heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-34896 |
۷.۰ |
Bentley View BMP File Parser heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-34871 |
۷.۳ |
Bentley View BMP File Parser heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-34903 |
۷.۰ |
Bentley View BMP File Parser out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34905 |
۷.۰ |
Bentley View DGN File Parser heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-34904 |
۷.۰ |
Bentley View DGN File Parser heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-34914 |
۷.۰ |
Bentley View DGN File Parser out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34897 |
۷.۰ |
Bentley View DGN File Parser out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34916 |
۳.۶ |
Bentley View DWG File Parser out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34902 |
۳.۶ |
Bentley View DWG File Parser out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34886 |
۳.۶ |
Bentley View FBX File use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-34883 |
۳.۶ |
Bentley View J2K File out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34900 |
۷.۰ |
Bentley View J2K File Parser heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-34915 |
۷.۰ |
Bentley View J2K File Parser out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34917 |
۷.۳ |
Bentley View J2K File Parser use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-34908 |
۷.۳ |
Bentley View J2K File Parser use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-34906 |
۷.۳ |
Bentley View J2K File use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-34879 |
۷.۳ |
Bentley View J2K File use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-34882 |
۳.۶ |
Bentley View JP2 File out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34918 |
۷.۰ |
Bentley View JP2 File Parser out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34884 |
۳.۸ |
Bentley View JP2 File Parser use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-34919 |
۷.۳ |
Bentley View JP2 File use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-34890 |
۳.۶ |
Bentley View JT File out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34888 |
۳.۶ |
Bentley View JT File out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34945 |
۷.۰ |
Bentley View JT File Parser heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-34938 |
۷.۰ |
Bentley View JT File Parser heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-34934 |
۷.۰ |
Bentley View JT File Parser memory corruption |
$۲k-$5k |
Official Fix |
|
CVE-2021-34946 |
۷.۰ |
Bentley View JT File Parser out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34942 |
۷.۰ |
Bentley View JT File Parser out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34930 |
۷.۰ |
Bentley View JT File Parser out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34927 |
۷.۰ |
Bentley View JT File Parser out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34913 |
۷.۰ |
Bentley View JT File Parser out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34912 |
۷.۰ |
Bentley View JT File Parser out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34885 |
۷.۰ |
Bentley View JT File Parser out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34944 |
۳.۶ |
Bentley View JT File Parser out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34943 |
۳.۶ |
Bentley View JT File Parser out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34873 |
۷.۰ |
Bentley View JT File Parser out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34940 |
۷.۰ |
Bentley View JT File Parser out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34935 |
۷.۰ |
Bentley View JT File Parser out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34932 |
۷.۰ |
Bentley View JT File Parser out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34929 |
۷.۰ |
Bentley View JT File Parser out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34928 |
۷.۰ |
Bentley View JT File Parser out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34926 |
۷.۰ |
Bentley View JT File Parser out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34924 |
۷.۰ |
Bentley View JT File Parser out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34923 |
۷.۰ |
Bentley View JT File Parser out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34920 |
۷.۰ |
Bentley View JT File Parser out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34899 |
۷.۰ |
Bentley View JT File Parser out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34898 |
۷.۰ |
Bentley View JT File Parser out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34878 |
۷.۳ |
Bentley View JT File Parser out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34877 |
۷.۳ |
Bentley View JT File Parser out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34876 |
۷.۳ |
Bentley View JT File Parser out-of-bounds write |
$۲k-$5k |
Official Fix |
|
CVE-2021-34941 |
۷.۰ |
Bentley View JT File Parser stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-34925 |
۷.۰ |
Bentley View JT File Parser stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-34892 |
۷.۰ |
Bentley View JT File Parser stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-34922 |
۷.۰ |
Bentley View JT File Parser use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-34939 |
۷.۳ |
Bentley View JT File Parser use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-34937 |
۷.۳ |
Bentley View JT File Parser use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-34936 |
۷.۳ |
Bentley View JT File Parser use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-34933 |
۷.۳ |
Bentley View JT File Parser use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-34931 |
۷.۳ |
Bentley View JT File Parser use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-34909 |
۷.۳ |
Bentley View JT File Parser use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-34891 |
۷.۳ |
Bentley View JT File Parser use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-34881 |
۳.۶ |
Bentley View OBJ File out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34887 |
۳.۶ |
Bentley View PDF File out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2021-34872 |
۷.۳ |
Bentley View SKP File use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-34910 |
۳.۶ |
Bentley Voew DGN File Parser out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2022-20618 |
۴.۳ |
Bitbucket Branch Source Plugin authorization |
$۲k-$5k |
Not Defined |
|
CVE-2022-20619 |
۴.۳ |
Bitbucket Branch Source Plugin cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2021-30360 |
۷.۳ |
Check Point Enterprise Endpoint Security Client Installer uncontrolled search path |
$۲k-$5k |
Not Defined |
|
CVE-2021-33963 |
۶.۳ |
China Mobile An Lianbao WF-1 Web Interface mac_addr_clone command injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-33962 |
۵.۵ |
China Mobile An Lianbao WF-1 Web Interface pop_usb_device os command injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-28376 |
۳.۵ |
ChronoForms pathname traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-28377 |
۳.۵ |
ChronoForums pathname traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-34704 |
۸.۶ |
Cisco ASA/Firepower Threat Defense Web Services Interface out-of-bounds write |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1573 |
۸.۶ |
Cisco ASA/Firepower Threat Defense Web Services Interface out-of-bounds write |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-20660 |
۴.۶ |
Cisco IP Phone Information Storage Architecture cleartext storage |
$۱k-$2k |
Official Fix |
|
CVE-2022-20647 |
۶.۱ |
Cisco Security Manager Web-based Management Interface cross site scripting |
$۵k-$10k |
Official Fix |
|
CVE-2022-20646 |
۶.۱ |
Cisco Security Manager Web-based Management Interface cross site scripting |
$۵k-$10k |
Official Fix |
|
CVE-2022-20645 |
۶.۱ |
Cisco Security Manager Web-based Management Interface cross site scripting |
$۵k-$10k |
Official Fix |
|
CVE-2022-20644 |
۶.۱ |
Cisco Security Manager Web-based Management Interface cross site scripting |
$۵k-$10k |
Official Fix |
|
CVE-2022-20643 |
۶.۱ |
Cisco Security Manager Web-based Management Interface cross site scripting |
$۵k-$10k |
Official Fix |
|
CVE-2021-34997 |
۸.۸ |
Commvault CommCell AppStudioUploadHandler unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2021-34993 |
۹.۸ |
Commvault CommCell CVSearchService Service improper authentication |
$۲k-$5k |
Not Defined |
|
CVE-2021-34996 |
۸.۸ |
Commvault CommCell Demo_ExecuteProcessOnGroup routine |
$۲k-$5k |
Not Defined |
|
CVE-2021-34995 |
۸.۸ |
Commvault CommCell DownloadCenterUploadHandler unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2021-34994 |
۸.۸ |
Commvault CommCell input validation |
$۲k-$5k |
Not Defined |
|
CVE-2022-23117 |
۳.۵ |
Conjur Secrets Plugin Credentials protection mechanism |
$۱k-$2k |
Not Defined |
|
CVE-2022-23116 |
۳.۵ |
Conjur Secrets Plugin protection mechanism |
$۱k-$2k |
Not Defined |
|
CVE-2021-23824 |
۵.۴ |
Crow Attribute cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-23514 |
۵.۰ |
Crow path traversal |
$۱k-$2k |
Official Fix |
|
CVE-2020-28102 |
۶.۳ |
cscms js_del sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-28103 |
۶.۳ |
cscms page_del sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-22113 |
۷.۱ |
Daybyday CRM session expiration |
$۱k-$2k |
Not Defined |
|
CVE-2022-22112 |
۴.۴ |
Daybyday CRM Template cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-23118 |
۵.۵ |
Debian Package Builder Plugin os command injection |
$۱k-$2k |
Not Defined |
|
CVE-2022-22117 |
۴.۴ |
Directus Media Upload cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2022-22116 |
۴.۴ |
Directus SVG File Upload cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2022-21678 |
۴.۳ |
Discourse Bio information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2022-21677 |
۴.۳ |
Discourse Group Member information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2022-21684 |
۴.۳ |
Discourse Invite improper authentication |
$۱k-$2k |
Official Fix |
|
CVE-2021-44649 |
۳.۵ |
Django CMS Error Message cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2022-20617 |
۵.۵ |
Docker Commons Plugin Name os command injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-45449 |
۲.۱ |
Docker Desktop Login log file |
$۰-$۱k |
Not Defined |
|
CVE-2022-0174 |
۴.۹ |
Dolibarr CRM control flow |
$۲k-$5k |
Official Fix |
|
CVE-2022-0224 |
۷.۳ |
Dolibarr ERP SQL Command sql injection |
$۱k-$2k |
Official Fix |
|
CVE-2021-36920 |
۳.۶ |
Download Monitor Plugin cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-24044 |
۶.۳ |
Facebook Hermes type confusion |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-32998 |
۶.۳ |
FANUC R-30iA/R-30iB Backup out-of-bounds write |
$۲k-$5k |
Workaround |
|
CVE-2021-32996 |
۵.۷ |
FANUC R-30iA/R-30iB integer coercion |
$۰-$۱k |
Not Defined |
|
CVE-2021-33827 |
۵.۵ |
files_antivirus Administrative Setting os command injection |
$۰-$۵k |
Official Fix |
|
CVE-2021-33828 |
۵.۵ |
files_antivirus protection mechanism |
$۰-$۵k |
Official Fix |
|
CVE-2021-43860 |
۸.۵ |
Flatpak Metadata File privileges management |
$۲k-$5k |
Official Fix |
|
CVE-2022-21682 |
۶.۵ |
Flatpak path traversal |
$۱k-$2k |
Official Fix |
|
CVE-2021-44648 |
۵.۵ |
GNOME gdk-pixbuf GIF File heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2022-23219 |
۵.۶ |
GNU C Library sunrpc Module clnt_create buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2022-23218 |
۵.۶ |
GNU C Library sunrpc Module svcunix_create buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-46195 |
۳.۵ |
GNU gcc rust-demangle.c resource consumption |
$۰-$۱k |
Not Defined |
|
CVE-2021-45778 |
۳.۵ |
GNU InetUtils cmds.c setnmap null pointer dereference |
$۰-$۱k |
Not Defined |
|
CVE-2021-45774 |
۳.۵ |
GNU InetUtils commands.c help null pointer dereference |
$۰-$۱k |
Not Defined |
|
CVE-2021-46060 |
۳.۵ |
GNU InetUtils commands.c setcmd null pointer dereference |
$۰-$۱k |
Not Defined |
|
CVE-2021-45779 |
۳.۵ |
GNU InetUtils commands.c unsetcmd null pointer dereference |
$۰-$۱k |
Not Defined |
|
CVE-2021-45775 |
۳.۵ |
GNU InetUtils domacro.c domacro infinite loop |
$۰-$۱k |
Not Defined |
|
CVE-2021-45780 |
۳.۵ |
GNU InetUtils ifconfig memory leak |
$۰-$۱k |
Not Defined |
|
CVE-2021-45781 |
۵.۵ |
GNU InetUtils Logger logger.c heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-45782 |
۳.۵ |
GNU InetUtils tftp.c getcmd null pointer dereference |
$۰-$۱k |
Not Defined |
|
CVE-2021-46019 |
۳.۵ |
GNU Recutils rec-db.c rec_db_destroy null pointer dereference |
$۰-$۱k |
Not Defined |
|
CVE-2021-46022 |
۵.۵ |
GNU Recutils rec-mset.c rec_mset_elem_destroy use after free |
$۲k-$5k |
Not Defined |
|
CVE-2021-46021 |
۵.۵ |
GNU Recutils rec-record.c rec_record_destroy use after free |
$۲k-$5k |
Not Defined |
|
CVE-2021-39630 |
۵.۳ |
Google Android adb Shell OverlayManagerService.java executeRequest permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1036 |
۵.۳ |
Google Android AndroidManifest.xml LocationSettingsActivity improper restriction of rendered ui layers |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1037 |
۳.۳ |
Google Android Bluetooth DevicePickerFragment permission |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39626 |
۵.۳ |
Google Android Bluetooth Setting ConnectedDeviceDashboardFragment.java onAttach permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1035 |
۷.۸ |
Google Android BluetoothDevicePickerPreferenceController.java setLaunchtent external reference |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-39659 |
۳.۳ |
Google Android Emergency Calling CreateConnectionProcessor.java sortSimPhoneAccountsForEmergency denial of service |
$۵k-$10k |
Official Fix |
|
CVE-2021-39618 |
۶.۳ |
Google Android EuiccNotificationManager.java privileges management |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39625 |
۶.۰ |
Google Android EuiccNotificationManager.java showCarrierAppInstallationNotification privileges management |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39634 |
۵.۳ |
Google Android eventpoll.c use after free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39632 |
۵.۳ |
Google Android events.cpp inotify_cb out-of-bounds write |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39678 |
۷.۸ |
Google Android Factory Reset Protection Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-39622 |
۷.۸ |
Google Android GBoard permissions |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-39633 |
۳.۳ |
Google Android ip_gre.c gre_handle_offloads information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0959 |
۶.۵ |
Google Android jit_memory_region.cc privileges management |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39627 |
۵.۳ |
Google Android LegacyModeSmsHandler.java sendLegacyVoicemailNotification permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39621 |
۵.۳ |
Google Android LegacyModeSmsHandler.java sendLegacyVoicemailNotification permission |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39628 |
۳.۷ |
Google Android Lockscreen StatusBar.java exposure of resource |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39681 |
۵.۳ |
Google Android main.c delete_protocol use after free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39682 |
۵.۳ |
Google Android memory_group_manager.c mgm_alloc_page out-of-bounds write |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39620 |
۶.۵ |
Google Android Parcel.cpp ipcSetDataReference use after free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-39629 |
۵.۳ |
Google Android phTmlNfc.cc phTmlNfc_CleanUp use after free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-1049 |
۵.۵ |
Google Android Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-39680 |
۲.۳ |
Google Android sha256_core.c sec_SHA256_Transform information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-39623 |
۹.۸ |
Google Android SimpleDecodingSource.cpp doRead privileges management |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-39683 |
۴.۲ |
Google Android sss_ice_util.c copy_from_mbox out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39684 |
۷.۸ |
Google Android target.c target_init allocation of resources |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39679 |
۵.۳ |
Google Android vendor_graphicbuffer_meta.cpp init use after free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-22569 |
۶.۴ |
Google protobuf-java denial of service |
$۵k-$10k |
Official Fix |
|
CVE-2021-40570 |
۶.۶ |
GPAC av_parsers.c avc_compute_poc double free |
$۲k-$5k |
Official Fix |
|
CVE-2021-40564 |
۳.۵ |
GPAC av_parsers.c avc_parse_slice null pointer dereference |
$۰-$۱k |
Official Fix |
|
CVE-2021-40565 |
۳.۵ |
GPAC av_parsers.c gf_avc_parse_nalu null pointer dereference |
$۰-$۱k |
Official Fix |
|
CVE-2021-40571 |
۶.۶ |
GPAC box_code_apple.c ilst_box_read double free |
$۲k-$5k |
Official Fix |
|
CVE-2021-40569 |
۴.۵ |
GPAC box_code_meta.c iloc_entry_del double free |
$۱k-$2k |
Official Fix |
|
CVE-2021-46045 |
۳.۵ |
GPAC denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-40567 |
۴.۵ |
GPAC desc_private.c gf_odf_size_descriptor denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-40562 |
۳.۵ |
GPAC Exception reframe_nalu.c naludmx_enqueue_or_dispatch denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-46049 |
۳.۵ |
GPAC gf_fileio_check denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-46047 |
۳.۵ |
GPAC gf_hinter_finalize null pointer dereference |
$۰-$۱k |
Not Defined |
|
CVE-2021-46046 |
۳.۵ |
GPAC gf_isom_box_size denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-36417 |
۵.۵ |
GPAC gf_isom_dovi_config_get heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2020-25427 |
۳.۵ |
GPAC gf_isom_get_track_id null pointer dereference |
$۰-$۱k |
Official Fix |
|
CVE-2021-45760 |
۳.۵ |
GPAC gf_list_last denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-45763 |
۳.۵ |
GPAC gf_node_changed denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-45762 |
۳.۵ |
GPAC gf_sg_vrml_mf_reset denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-45767 |
۳.۵ |
GPAC lsr_read_id denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-36414 |
۳.۵ |
GPAC media.c denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-46051 |
۳.۵ |
GPAC Media_IsSelfContained denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-40568 |
۶.۶ |
GPAC MP4 File av_parsers.c svc_parse_slice buffer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-36412 |
۵.۵ |
GPAC MP4Box Command gp_rtp_builder_do_mpeg12_video heap-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-40576 |
۳.۵ |
GPAC MP4Box hint_track.c gf_isom_get_payt_count null pointer dereference |
$۰-$۱k |
Official Fix |
|
CVE-2021-40573 |
۳.۵ |
GPAC MP4Box list.c gf_list_del denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-40574 |
۵.۶ |
GPAC MP4Box load_text.c gf_text_get_utf8_line double free |
$۱k-$2k |
Official Fix |
|
CVE-2021-40572 |
۳.۵ |
GPAC MP4Box reframe_av1.c av1dmx_finalize denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-40575 |
۳.۵ |
GPAC MP4Box reframe_mpgvid.c mpgviddmx_process null pointer dereference |
$۰-$۱k |
Official Fix |
|
CVE-2021-40559 |
۳.۵ |
GPAC naludmx_parse_nal_avc null pointer dereference |
$۰-$۱k |
Not Defined |
|
CVE-2021-40566 |
۳.۵ |
GPAC reframe_mpgvid.c mpgviddmx_process denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-40563 |
۳.۵ |
GPAC reframe_nalu.c naludmx_create_avc_decoder_config null pointer dereference |
$۰-$۱k |
Official Fix |
|
CVE-2021-45764 |
۳.۵ |
GPAC shift_chunk_offsets.isra null pointer dereference |
$۰-$۱k |
Not Defined |
|
CVE-2022-22125 |
۳.۶ |
Halo Article Tag cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-22123 |
۴.۴ |
Halo Article Title cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-22124 |
۴.۴ |
Halo Profile Image cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-3965 |
۴.۳ |
HP DesignJet Print Job Preview information disclosure |
$۵k-$10k |
Not Defined |
|
CVE-2021-40037 |
۶.۳ |
Huawei Harmony MPTCP Subsystem type confusion |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-40038 |
۴.۶ |
Huawei HarmonyOS AOD double free |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-40026 |
۴.۶ |
Huawei HarmonyOS AOD heap-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-40009 |
۵.۵ |
Huawei HarmonyOS AOD out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39998 |
۵.۷ |
Huawei HarmonyOS API HwConnectivityExService denial of service |
$۲k-$5k |
Official Fix |
|
CVE-2021-40002 |
۶.۳ |
Huawei HarmonyOS Bluetooth Module out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-40000 |
۶.۳ |
Huawei HarmonyOS Bluetooth Module out-of-bounds write |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-40027 |
۳.۵ |
Huawei HarmonyOS Bone Voice ID Trusted Application buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-40014 |
۵.۵ |
Huawei HarmonyOS Bone Voice ID Trusted Application heap-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-40010 |
۵.۵ |
Huawei HarmonyOS Bone Voice ID Trusted Application heap-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-40032 |
۳.۵ |
Huawei HarmonyOS Bone Voice ID Trusted Application information management |
$۲k-$5k |
Official Fix |
|
CVE-2021-40001 |
۵.۵ |
Huawei HarmonyOS CaasKit Module path traversal |
$۵k-$10k |
Official Fix |
|
CVE-2021-40039 |
۴.۶ |
Huawei HarmonyOS Camera Module null pointer dereference |
$۲k-$5k |
Official Fix |
|
CVE-2021-40004 |
۳.۵ |
Huawei HarmonyOS Cellular Module permission |
$۵k-$10k |
Official Fix |
|
CVE-2021-40005 |
۳.۵ |
Huawei HarmonyOS Distributed Data Service access control |
$۵k-$10k |
Official Fix |
|
CVE-2021-40025 |
۳.۵ |
Huawei HarmonyOS eID Module initialization |
$۲k-$5k |
Official Fix |
|
CVE-2021-40018 |
۳.۵ |
Huawei HarmonyOS eID Module null pointer dereference |
$۲k-$5k |
Official Fix |
|
CVE-2021-40028 |
۲.۱ |
Huawei HarmonyOS eID Module out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-40021 |
۳.۵ |
Huawei HarmonyOS eID Module out-of-bounds read |
$۲k-$5k |
Official Fix |
|
CVE-2021-40035 |
۳.۵ |
Huawei HarmonyOS File Management Module buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-40029 |
۳.۵ |
Huawei HarmonyOS File Management Module buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-40006 |
۲.۰ |
Huawei HarmonyOS Fingerprint Module excessive authentication |
$۰-$۱k |
Official Fix |
|
CVE-2021-40003 |
۳.۵ |
Huawei HarmonyOS HwPCAssistant path traversal |
$۵k-$10k |
Official Fix |
|
CVE-2021-39996 |
۵.۵ |
Huawei HarmonyOS NFC Module heap-based overflow |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-40022 |
۳.۵ |
Huawei HarmonyOS Weaver Module information disclosure |
$۲k-$5k |
Official Fix |
|
CVE-2021-40031 |
۳.۵ |
Huawei Smartphone Camera Module null pointer dereference |
$۲k-$5k |
Official Fix |
|
CVE-2021-40011 |
۴.۳ |
Huawei Smartphone Display Module resource consumption |
$۲k-$5k |
Not Defined |
|
CVE-2021-39993 |
۵.۵ |
Huawei Smartphone integer overflow |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-40020 |
۳.۵ |
Huawei Smartphone Storage Module out-of-bounds read |
$۲k-$5k |
Not Defined |
|
CVE-2021-40041 |
۳.۵ |
Huawei WS318n Network Setting cross site scripting |
$۲k-$5k |
Not Defined |
|
CVE-2021-38991 |
۸.۶ |
IBM AIX/VIOS lscore Command Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-29701 |
۴.۳ |
IBM Engineering Workflow Management Build Definition information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-39056 |
۵.۴ |
IBM i EDRSQL denial of service |
$۲k-$5k |
Official Fix |
|
CVE-2021-38892 |
۸.۶ |
IBM Planning Analytics/Planning Analytics Workspace DQM API access control |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-39032 |
۴.۲ |
IBM Sterling Gentran:Server log file |
$۵k-$10k |
Official Fix |
|
CVE-2021-45468 |
۷.۳ |
Imperva Web Application Firewall HTTP POST Request encoding error |
$۲k-$5k |
Official Fix |
|
CVE-2022-20612 |
۴.۳ |
Jenkins Parameter cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2021-45806 |
۵.۵ |
jpress Admin Panel injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-45807 |
۵.۵ |
jpress doUploadAndInstall Privilege Escalation |
$۲k-$5k |
Not Defined |
|
CVE-2022-22162 |
۴.۳ |
Juniper Junos OS CLI information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2022-22161 |
۷.۵ |
Juniper Junos OS Kernel resource consumption |
$۵k-$10k |
Official Fix |
|
CVE-2021-23154 |
۵.۱ |
Lens Helm Chart Configuration code injection |
$۰-$۱k |
Official Fix |
|
CVE-2021-44458 |
۷.۳ |
Lens Websocket improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2022-22056 |
۹.۸ |
Le-yan Dental Management System hard-coded credentials |
$۲k-$5k |
Not Defined |
|
CVE-2022-22055 |
۸.۵ |
Le-yan Dental Management System Login Page sql injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-36411 |
۴.۳ |
libde265 deblock.cc derive_boundaryStrength denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-36410 |
۵.۵ |
libde265 dec265 fallback-motion.cc put_epel_hv_fallback stack-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-36408 |
۵.۵ |
libde265 Decoding intrapred.h dec265 use after free |
$۲k-$5k |
Not Defined |
|
CVE-2021-36409 |
۳.۵ |
libde265 File Decoding sps.cc denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-35452 |
۵.۵ |
libde265 slice.cc access control |
$۱k-$2k |
Not Defined |
|
CVE-2022-22822 |
۵.۵ |
libexpat xmlparse.c addBinding integer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2022-22823 |
۵.۵ |
libexpat xmlparse.c build_model integer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2022-22824 |
۵.۵ |
libexpat xmlparse.c defineAttribute integer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2022-22825 |
۵.۵ |
libexpat xmlparse.c lookup integer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2022-22826 |
۵.۵ |
libexpat xmlparse.c nextScaffoldPart integer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2022-22827 |
۵.۵ |
libexpat xmlparse.c storeAtts integer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-45769 |
۳.۵ |
libIEC61850 acse.c AcseConnection_parseMessage null pointer dereference |
$۰-$۱k |
Not Defined |
|
CVE-2021-46225 |
۳.۵ |
libMeshb MESH File GmfOpenMesh buffer overflow |
$۱k-$2k |
Official Fix |
|
CVE-2022-23094 |
۴.۳ |
Libreswan IKEv1 Packet ikev1.c null pointer dereference |
$۰-$۱k |
Official Fix |
|
CVE-2022-22844 |
۳.۵ |
LibTIFF tif_unix.c _TIFFmemcpy out-of-bounds read |
$۰-$۱k |
Not Defined |
|
CVE-2021-46283 |
۴.۳ |
Linux Kernel nf_tables_api.c nf_tables_newset null pointer dereference |
$۲k-$5k |
Official Fix |
|
CVE-2022-23222 |
۶.۳ |
Linux Kernel verifier.c null pointer dereference |
$۵k-$10k |
Workaround |
|
CVE-2022-0226 |
۴.۳ |
livehelperchat cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2022-0231 |
۴.۶ |
livehelperchat cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2022-20614 |
۴.۶ |
Mailer Plugin DNS authorization |
$۱k-$2k |
Not Defined |
|
CVE-2022-20613 |
۴.۳ |
Mailer Plugin Hostname cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2022-21681 |
۶.۴ |
Marked Regular Expression resource consumption |
$۰-$۱k |
Official Fix |
|
CVE-2022-21680 |
۶.۴ |
marked Regular Expression resource consumption |
$۰-$۱k |
Official Fix |
|
CVE-2022-0129 |
۷.۴ |
McAfee TechCheck DLL uncontrolled search path |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-46149 |
۴.۳ |
MediaWiki Language Name Search resource consumption |
$۰-$۱k |
Official Fix |
|
CVE-2021-46147 |
۴.۳ |
MediaWiki MassEditRegex cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2021-46150 |
۳.۵ |
MediaWiki Special:CheckUserLog CheckUser cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-46148 |
۳.۵ |
MediaWiki Testwiki SecurePoll information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-46146 |
۳.۵ |
MediaWiki WikibaseMediaInfo cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-38127 |
۳.۵ |
Micro Focus ArcSight Enterprise Security Manager cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-38126 |
۳.۵ |
Micro Focus ArcSight Enterprise Security Manager cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-21911 |
۶.۸ |
Microsoft .NET Framework denial of service |
$۵k-$10k |
Official Fix |
|
CVE-2022-21932 |
۶.۲ |
Microsoft Dynamics 365 cross site scripting |
$۲k-$5k |
Official Fix |
|
CVE-2022-21891 |
۷.۲ |
Microsoft Dynamics Privilege Escalation |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-21969 |
۹.۰ |
Microsoft Exchange Server Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21855 |
۹.۰ |
Microsoft Exchange Server Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21846 |
۹.۰ |
Microsoft Exchange Server Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21917 |
۷.۹ |
Microsoft HEVC Video Extensions Privilege Escalation |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-21841 |
۷.۳ |
Microsoft Office Excel Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-21840 |
۸.۰ |
Microsoft Office Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-21837 |
۷.۶ |
Microsoft SharePoint Privilege Escalation |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-21852 |
۸.۱ |
Microsoft Windows 10 DWM Core Library Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21859 |
۷.۲ |
Microsoft Windows Accounts Control Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21857 |
۸.۸ |
Microsoft Windows Active Directory Domain Services Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21860 |
۷.۲ |
Microsoft Windows AppContracts API Server Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21862 |
۷.۲ |
Microsoft Windows Application Model Core API Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21925 |
۴.۶ |
Microsoft Windows BackupKey Remote Protocol information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21858 |
۸.۱ |
Microsoft Windows Bind Filter Driver Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21836 |
۷.۳ |
Microsoft Windows Certificate Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21838 |
۵.۵ |
Microsoft Windows Cleanup Manager unknown vulnerability |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21869 |
۷.۲ |
Microsoft Windows Clipboard User Service Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21910 |
۸.۱ |
Microsoft Windows Cluster Port Driver Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21916 |
۸.۱ |
Microsoft Windows Common Log File System Driver Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21897 |
۸.۱ |
Microsoft Windows Common Log File System Driver Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21865 |
۷.۲ |
Microsoft Windows Connected Devices Platform Service Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21835 |
۸.۱ |
Microsoft Windows Cryptographic Services Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21906 |
۵.۲ |
Microsoft Windows Defender Application Control unknown vulnerability |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21921 |
۳.۸ |
Microsoft Windows Defender Credential Guard information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-21868 |
۷.۲ |
Microsoft Windows Devices Human Interface Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21871 |
۷.۲ |
Microsoft Windows Diagnostics Hub Standard Collector Runtime Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21918 |
۶.۹ |
Microsoft Windows DirectX Graphics denial of service |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-21912 |
۸.۰ |
Microsoft Windows DirectX Graphics Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21898 |
۸.۰ |
Microsoft Windows DirectX Graphics Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21902 |
۸.۱ |
Microsoft Windows DWM Core Library Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21896 |
۷.۲ |
Microsoft Windows DWM Core Library Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21839 |
۶.۲ |
Microsoft Windows Event Tracing Discretionary Access Control List denial of service |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-21872 |
۷.۲ |
Microsoft Windows Event Tracing Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21899 |
۵.۸ |
Microsoft Windows Extensible Firmware Interface Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21904 |
۶.۸ |
Microsoft Windows GDI information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21903 |
۷.۲ |
Microsoft Windows GDI Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21915 |
۵.۸ |
Microsoft Windows GDI+ information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21880 |
۶.۸ |
Microsoft Windows GDI+ information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21878 |
۷.۹ |
Microsoft Windows Geolocation Service Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21907 |
۹.۸ |
Microsoft Windows HTTP Protocol Stack Remote Code Execution |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21905 |
۴.۶ |
Microsoft Windows Hyper-V denial of service |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-21847 |
۶.۹ |
Microsoft Windows Hyper-V denial of service |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-21901 |
۹.۳ |
Microsoft Windows Hyper-V Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21900 |
۴.۶ |
Microsoft Windows Hyper-V unknown vulnerability |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21890 |
۷.۵ |
Microsoft Windows IKE Extension denial of service |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-21889 |
۷.۵ |
Microsoft Windows IKE Extension denial of service |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-21883 |
۷.۵ |
Microsoft Windows IKE Extension denial of service |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-21848 |
۷.۵ |
Microsoft Windows IKE Extension denial of service |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-21843 |
۷.۵ |
Microsoft Windows IKE Extension denial of service |
$۱۰k-$25k |
Official Fix |
|
CVE-2022-21849 |
۹.۸ |
Microsoft Windows IKE Extension Remote Code Execution |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21908 |
۸.۱ |
Microsoft Windows Installer Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21920 |
۸.۸ |
Microsoft Windows Kerberos Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21881 |
۷.۲ |
Microsoft Windows Kernel Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21879 |
۵.۸ |
Microsoft Windows Kernel Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-36976 |
۶.۴ |
Microsoft Windows Libarchive use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21913 |
۴.۶ |
Microsoft Windows Local Security Authority information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21884 |
۸.۱ |
Microsoft Windows Local Security Authority Subsystem Service Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21888 |
۷.۹ |
Microsoft Windows Modern Execution Server Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-22947 |
۶.۱ |
Microsoft Windows Open Source Curl insufficient verification of data authenticity |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21867 |
۷.۲ |
Microsoft Windows Push Notifications Apps Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21914 |
۸.۱ |
Microsoft Windows Remote Access Connection Manager Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21885 |
۸.۱ |
Microsoft Windows Remote Access Connection Manager Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21851 |
۸.۸ |
Microsoft Windows Remote Desktop Client Remote Code Execution |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21850 |
۸.۸ |
Microsoft Windows Remote Desktop Client Remote Code Execution |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21964 |
۵.۱ |
Microsoft Windows Remote Desktop Licensing Diagnoser information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21893 |
۸.۸ |
Microsoft Windows Remote Desktop Protocol Remote Code Execution |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21922 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21963 |
۶.۴ |
Microsoft Windows Resilient File System Local Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21962 |
۶.۸ |
Microsoft Windows Resilient File System Local Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21961 |
۶.۸ |
Microsoft Windows Resilient File System Local Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21960 |
۶.۸ |
Microsoft Windows Resilient File System Local Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21959 |
۶.۸ |
Microsoft Windows Resilient File System Local Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21958 |
۶.۸ |
Microsoft Windows Resilient File System Local Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21928 |
۶.۳ |
Microsoft Windows Resilient File System Local Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21892 |
۶.۸ |
Microsoft Windows Resilient File System Local Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21894 |
۴.۴ |
Microsoft Windows Secure Boot unknown vulnerability |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21874 |
۸.۱ |
Microsoft Windows Security Center API Remote Code Execution |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21863 |
۷.۲ |
Microsoft Windows StateRepository API Server Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21875 |
۷.۲ |
Microsoft Windows Storage Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21877 |
۵.۱ |
Microsoft Windows Storage Spaces Controller information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21866 |
۷.۲ |
Microsoft Windows System Launcher Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21870 |
۷.۲ |
Microsoft Windows Tablet Windows User Interface Application Core Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21861 |
۷.۲ |
Microsoft Windows Task Flow Data Engine Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21873 |
۷.۲ |
Microsoft Windows Tile Data Repository Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21864 |
۷.۲ |
Microsoft Windows UI Immersive Server API Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21919 |
۷.۲ |
Microsoft Windows User Profile Service Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21895 |
۸.۱ |
Microsoft Windows User Profile Service Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21834 |
۷.۲ |
Microsoft Windows User-mode Driver Framework Reflector Driver Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21833 |
۸.۰ |
Microsoft Windows Virtual Machine IDE Drive Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2022-21876 |
۵.۱ |
Microsoft Windows Win32k information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21887 |
۷.۲ |
Microsoft Windows Win32k Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21882 |
۷.۲ |
Microsoft Windows Win32k Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2022-21924 |
۴.۶ |
Microsoft Windows Workstation Service information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2022-21842 |
۷.۳ |
Microsoft Word Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-42558 |
۴.۳ |
MITRE CALDERA cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-42560 |
۵.۵ |
MITRE CALDERA Debrief Plugin xml external entity reference |
$۱k-$2k |
Not Defined |
|
CVE-2021-42561 |
۵.۵ |
MITRE CALDERA Human Plugin os.system os command injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-42562 |
۴.۳ |
MITRE CALDERA privileges management |
$۱k-$2k |
Not Defined |
|
CVE-2021-42559 |
۵.۵ |
MITRE CALDERA REST API command injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-20612 |
۷.۵ |
Mitsubishi Electric MELSEC-F denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-20613 |
۷.۵ |
Mitsubishi Electric MELSEC-F Packet denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-46169 |
۵.۵ |
Modex tcache use after free |
$۲k-$5k |
Not Defined |
|
CVE-2021-46171 |
۳.۵ |
Modex xtract.c set_create_id null pointer dereference |
$۰-$۱k |
Not Defined |
|
CVE-2021-34979 |
۸.۸ |
Netgear R6260 SOAP Request buffer overflow |
$۲۵k-$50k |
Not Defined |
|
CVE-2021-34978 |
۸.۸ |
Netgear R6260 SOAP Request setupwizard.cgi stack-based overflow |
$۲۵k-$50k |
Not Defined |
|
CVE-2021-34977 |
۷.۵ |
Netgear R7000 SOAP Request authentication bypass |
$۵k-$10k |
Not Defined |
|
CVE-2021-34980 |
۸.۸ |
Netgear XR500 Environment Variable setupwizard.cgi stack-based overflow |
$۲۵k-$50k |
Not Defined |
|
CVE-2022-22121 |
۷.۱ |
NocoDB csv injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-22120 |
۵.۳ |
NocoDB Password Reset information exposure |
$۱k-$2k |
Official Fix |
|
CVE-2022-22821 |
۲.۶ |
NVIDIA NeMo ASR WebApp path traversal |
$۰-$۱k |
Official Fix |
|
CVE-2021-32650 |
۸.۰ |
October CMS Theme Import injection |
$۲k-$5k |
Official Fix |
|
CVE-2021-32649 |
۸.۰ |
October CMS Twig Code injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-0012 |
۵.۷ |
Palo Alto Cortex XDR Agent link following |
$۲k-$5k |
Official Fix |
|
CVE-2022-0013 |
۴.۲ |
Palo Alto Cortex XDR Agent Support File file information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2022-0015 |
۸.۳ |
Palo Alto Cortex XDR Agent uncontrolled search path |
$۲k-$5k |
Official Fix |
|
CVE-2022-0014 |
۷.۱ |
Palo Alto Cortex XDR Agent untrusted search path |
$۲k-$5k |
Official Fix |
|
CVE-2021-34998 |
۷.۹ |
Panda Free Antivirus Named Pipe unnecessary privileges |
$۱۰k-$25k |
Not Defined |
|
CVE-2022-22701 |
۳.۵ |
PartKeepr Attachment information disclosure |
$۰-$۱k |
Not Defined |
|
CVE-2022-22702 |
۵.۵ |
PartKeepr Attachment Upload server-side request forgery |
$۱k-$2k |
Not Defined |
|
CVE-2022-0170 |
۶.۳ |
peertube access control |
$۲k-$5k |
Official Fix |
|
CVE-2022-0133 |
۵.۳ |
peertube access control |
$۲k-$5k |
Official Fix |
|
CVE-2022-0132 |
۵.۲ |
peertube server-side request forgery |
$۲k-$5k |
Official Fix |
|
CVE-2021-42555 |
۴.۳ |
Pexip Infinity Call-Setup denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-35969 |
۴.۳ |
Pexip Infinity Call-Setup denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-33499 |
۴.۳ |
Pexip Infinity H.264 denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-33498 |
۴.۳ |
Pexip Infinity H.264 denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-32545 |
۴.۳ |
Pexip Infinity RMTP denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2022-0238 |
۴.۴ |
phoronix-test-suite cross-site request forgery |
$۰-$۵k |
Official Fix |
|
CVE-2022-0197 |
۵.۴ |
phoronix-test-suite cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2022-0196 |
۴.۸ |
phoronix-test-suite cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2022-0157 |
۳.۸ |
phoronix-test-suite Web Page Generation cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2022-22816 |
۵.۵ |
Pillow path.c path_getbbox buffer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2022-22815 |
۵.۵ |
Pillow path.c path_getbbox initialization |
$۲k-$5k |
Official Fix |
|
CVE-2022-22817 |
۳.۵ |
Pillow PIL.ImageMath.eval information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2022-23114 |
۴.۳ |
Publish Over SSH Plugin Configuration File credentials storage |
$۲k-$5k |
Not Defined |
|
CVE-2022-23113 |
۳.۵ |
Publish Over SSH Plugin Controller File path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2022-23111 |
۴.۳ |
Publish Over SSH Plugin cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2022-23112 |
۵.۵ |
Publish Over SSH Plugin SSH Server authorization |
$۱k-$2k |
Not Defined |
|
CVE-2022-23110 |
۳.۵ |
Publish Over SSH Plugin SSH Server Name cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-38677 |
۴.۲ |
QNAP QcalAgent cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-38678 |
۵.۷ |
QNAP QcalAgent redirect |
$۱k-$2k |
Official Fix |
|
CVE-2021-38689 |
۸.۱ |
QNAP QVR Elite/QVR Pro/QVR Guard buffer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-38682 |
۸.۱ |
QNAP QVR Elite/QVR Pro/QVR Guard buffer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-38692 |
۸.۱ |
QNAP QVR Elite/QVR Pro/QVR Guard stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-38691 |
۸.۱ |
QNAP QVR Elite/QVR Pro/QVR Guard stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-38690 |
۸.۱ |
QNAP QVR Elite/QVR Pro/QVR Guard stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-30330 |
۷.۵ |
Qualcomm Snapdragon Auto Ape Clip null pointer dereference |
$۵k-$10k |
Official Fix |
|
CVE-2021-30353 |
۷.۵ |
Qualcomm Snapdragon Auto assertion |
$۵k-$10k |
Official Fix |
|
CVE-2021-30307 |
۷.۵ |
Qualcomm Snapdragon Auto DNS Response denial of service |
$۵k-$10k |
Official Fix |
|
CVE-2021-30313 |
۶.۷ |
Qualcomm Snapdragon Auto Folder use after free |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-30308 |
۷.۸ |
Qualcomm Snapdragon Auto HARQ Memory Partition Detail buffer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-30311 |
۷.۸ |
Qualcomm Snapdragon Auto heap-based overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-30285 |
۸.۶ |
Qualcomm Snapdragon Auto Hypervisor memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-30301 |
۷.۵ |
Qualcomm Snapdragon Auto Messages resource consumption |
$۵k-$10k |
Official Fix |
|
CVE-2021-30287 |
۷.۵ |
Qualcomm Snapdragon Auto PDCCH Monitoring assertion |
$۵k-$10k |
Official Fix |
|
CVE-2021-30300 |
۷.۵ |
Qualcomm Snapdragon Auto SIB2 OTA Message denial of service |
$۵k-$10k |
Official Fix |
|
CVE-2021-30314 |
۴.۷ |
Qualcomm Snapdragon Auto Third Party information disclosure |
$۲k-$5k |
Official Fix |
|
CVE-2021-30319 |
۷.۸ |
Qualcomm Snapdragon Auto WMI Command integer overflow |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-23594 |
۸.۵ |
realms-shim Prototype code injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-23543 |
۸.۵ |
realms-shim Prototype sandbox |
$۲k-$5k |
Not Defined |
|
CVE-2021-43566 |
۵.۰ |
Samba SMB1/NFS access control |
$۲k-$5k |
Official Fix |
|
CVE-2022-22267 |
۳.۶ |
Samsung ActivityMetricsLogger improper authorization |
$۰-$۱k |
Official Fix |
|
CVE-2022-22286 |
۴.۶ |
Samsung Bixby Routines Pendingetent code injection |
$۱k-$2k |
Official Fix |
|
CVE-2022-22269 |
۳.۶ |
Samsung BluetoothSettingsProvider Bluetooth MAC Address improper authorization |
$۰-$۱k |
Official Fix |
|
CVE-2022-22270 |
۴.۶ |
Samsung Dialer Contact Information code injection |
$۱k-$2k |
Official Fix |
|
CVE-2022-22264 |
۶.۵ |
Samsung Dressroom Incoming Intent input validation |
$۱k-$2k |
Official Fix |
|
CVE-2022-22287 |
۳.۱ |
Samsung Email File Access sandbox |
$۰-$۱k |
Official Fix |
|
CVE-2022-22283 |
۳.۱ |
Samsung Health improper authentication |
$۰-$۱k |
Official Fix |
|
CVE-2022-22290 |
۶.۹ |
Samsung Internet Download improper restriction of rendered ui layers |
$۲k-$5k |
Official Fix |
|
CVE-2022-22284 |
۵.۵ |
Samsung Internet Secret Mode improper authentication |
$۰-$۱k |
Official Fix |
|
CVE-2022-22268 |
۵.۲ |
Samsung Knox Guard DeX Mode improper authorization |
$۰-$۱k |
Official Fix |
|
CVE-2022-22265 |
۴.۶ |
Samsung NPU Driver Local Privilege Escalation |
$۱k-$2k |
Official Fix |
|
CVE-2022-22285 |
۴.۶ |
Samsung Reminder Pendingetent code injection |
$۱k-$2k |
Official Fix |
|
CVE-2022-22289 |
۵.۳ |
Samsung S Assistant improper authentication |
$۱k-$2k |
Official Fix |
|
CVE-2022-22263 |
۴.۷ |
Samsung SecSettings privileges management |
$۱k-$2k |
Official Fix |
|
CVE-2022-22288 |
۷.۴ |
Samsung Store improper authorization |
$۲k-$5k |
Official Fix |
|
CVE-2022-22272 |
۳.۶ |
Samsung TelephonyManager IMSI improper authorization |
$۰-$۱k |
Official Fix |
|
CVE-2022-22266 |
۳.۶ |
Samsung TencentWifiSecurity WifiEvaluationService privileges management |
$۰-$۱k |
Official Fix |
|
CVE-2022-22271 |
۴.۴ |
Samsung TIMA Trustlet Memory Copy out-of-bounds read |
$۰-$۱k |
Official Fix |
|
CVE-2021-44234 |
۳.۵ |
SAP Business One log file |
$۲k-$5k |
Official Fix |
|
CVE-2022-22529 |
۲.۶ |
SAP Enterprise Threat Detection cross site scripting |
$۲k-$5k |
Official Fix |
|
CVE-2021-42067 |
۳.۵ |
SAP NetWeaver AS ABAP/ABAP Platform Hana Dashboard information disclosure |
$۲k-$5k |
Official Fix |
|
CVE-2022-22530 |
۵.۵ |
SAP S4HANA F0743 Create Single Payment Application unrestricted upload |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-30065 |
۷.۳ |
Schneider Electric ConneXium Tofino Firewall ModBus Packet access control |
$۲k-$5k |
Official Fix |
|
CVE-2021-30064 |
۸.۱ |
Schneider Electric ConneXium Tofino Firewall SSH hard-coded credentials |
$۲k-$5k |
Official Fix |
|
CVE-2021-30061 |
۶.۴ |
Schneider Electric ConneXium Tofino Firewall USB Local Privilege Escalation |
$۱k-$2k |
Official Fix |
|
CVE-2021-30066 |
۶.۸ |
Schneider Electric ConneXium Tofino Firewall USB Stick signature verification |
$۰-$۱k |
Official Fix |
|
CVE-2021-30063 |
۵.۹ |
Schneider Electric ConneXium Tofino OPCLSM OPC Enforcer denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-30062 |
۵.۰ |
Schneider Electric ConneXium Tofino OPCLSM OPC Enforcer Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2022-22725 |
۸.۸ |
Schneider Electric Easergy P3 GOOSE buffer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2022-22723 |
۸.۸ |
Schneider Electric Easergy P5 GOOSE buffer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2022-22722 |
۷.۵ |
Schneider Electric Easergy P5 SSH hard-coded credentials |
$۱k-$2k |
Official Fix |
|
CVE-2020-8597 |
۸.۶ |
Schneider Electric Easergy T300 RTU pppd buffer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2022-22726 |
۴.۳ |
Schneider Electric EcoStruxure Power Monitoring Expert information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2022-22727 |
۵.۰ |
Schneider Electric EcoStruxure Power Monitoring Expert input validation |
$۲k-$5k |
Official Fix |
|
CVE-2019-8963 |
۵.۳ |
Schneider Electric EcoStruxure Power Monitoring Expert lmadmin Tool denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2022-22804 |
۲.۶ |
Schneider Electric EcoStruxure Power Monitoring Expert Web Page Generation cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2022-22724 |
۷.۵ |
Schneider Electric Modicon M340 TCP resource consumption |
$۰-$۱k |
Official Fix |
|
CVE-2020-7534 |
۴.۳ |
Schneider Electric Modicon M340/Modicon Quantum/Modicon Premium Web Server cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2021-37195 |
۳.۵ |
Siemens COMOS Web cross site scriting |
$۲k-$5k |
Official Fix |
|
CVE-2021-37198 |
۴.۳ |
Siemens COMOS Web cross-site request forgery |
$۵k-$10k |
Official Fix |
|
CVE-2021-37196 |
۴.۶ |
Siemens COMOS Web path traversal |
$۵k-$10k |
Official Fix |
|
CVE-2021-37197 |
۶.۳ |
Siemens COMOS Web sql injection |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-45033 |
۶.۳ |
Siemens CP-8000/CP-8021/CP-8022 Debug Port hard-coded credentials |
$۵k-$10k |
Official Fix |
|
CVE-2021-45034 |
۶.۳ |
Siemens CP-8000/CP-8021/CP-8022 Web Server access control |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-45460 |
۳.۵ |
Siemens SICAM PQ Analyzer Registry unquoted search path |
$۵k-$10k |
Official Fix |
|
CVE-2021-41769 |
۴.۳ |
Siemens SIPROTEC 5 Web Server information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2020-9058 |
۵.۰ |
Silicon Labs Z-Wave CRC-16 Encapsulation missing encryption |
$۰-$۱k |
Not Defined |
|
CVE-2020-10137 |
۳.۷ |
Silicon Labs Z-Wave FIND_NODE_IN_RANGE Frame insufficient verification of data authenticity |
$۱k-$2k |
Not Defined |
|
CVE-2020-9060 |
۴.۳ |
Silicon Labs Z-Wave Message resource consumption |
$۰-$۱k |
Not Defined |
|
CVE-2020-9057 |
۱.۸ |
Silicon Labs Z-Wave missing encryption |
$۰-$۱k |
Not Defined |
|
CVE-2020-9061 |
۴.۶ |
Silicon Labs Z-Wave Routing Message improper authorization |
$۱k-$2k |
Not Defined |
|
CVE-2020-9059 |
۶.۵ |
Silicon Labs Z-Wave S0 Authentication resource consumption |
$۰-$۱k |
Not Defined |
|
CVE-2021-29454 |
۷.۲ |
Smarty Template code injection |
$۲k-$5k |
Official Fix |
|
CVE-2021-21408 |
۷.۵ |
Smarty Template code injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-0178 |
۶.۳ |
Snipe-IT access control |
$۲k-$5k |
Official Fix |
|
CVE-2022-0179 |
۶.۳ |
Snipe-IT access control |
$۲k-$5k |
Official Fix |
|
CVE-2021-35247 |
۹.۸ |
SolarWinds Serv-U Login Screen input validation |
$۲k-$5k |
Not Defined |
|
CVE-2021-20046 |
۶.۵ |
SonicWALL SonicOS HTTP Content-Length stack-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-20048 |
۶.۵ |
SonicWALL SonicOS HTTP Response Header stack-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-45334 |
۷.۳ |
Sourcecodester Online Thesis Archiving System Admin Panel sql injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-45411 |
۶.۳ |
Sourcecodetester Printable Staff ID Card Creator System sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-43974 |
۶.۳ |
SysAid ITIL enduserreg improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2021-43972 |
۶.۳ |
SysAid ITIL Filesystem UserSelfServiceSettings.jsp access control |
$۲k-$5k |
Not Defined |
|
CVE-2021-43971 |
۶.۳ |
SysAid ITIL Parameter SelectUsers.jsp sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-43973 |
۶.۳ |
SysAid ITIL UploadPsIcon.jsp unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2021-34858 |
۷.۰ |
TeamViewer TVS File Parser out-of-bounds read |
$۱k-$2k |
Official Fix |
|
CVE-2022-22114 |
۶.۹ |
Teedy Search Term cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2022-22115 |
۶.۲ |
Teedy Tag Name cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-35500 |
۵.۳ |
TIBCO Data Virtualization Server permission |
$۲k-$5k |
Not Defined |
|
CVE-2021-43054 |
۶.۷ |
TIBCO eFTL API Token permission |
$۲k-$5k |
Not Defined |
|
CVE-2021-43055 |
۵.۴ |
TIBCO eFTL Server permission |
$۲k-$5k |
Not Defined |
|
CVE-2021-43052 |
۸.۳ |
TIBCO FTL Realm Server hard-coded credentials |
$۱k-$2k |
Not Defined |
|
CVE-2021-43053 |
۶.۹ |
TIBCO FTL Realm Server information disclosure |
$۱k-$2k |
Not Defined |
|
CVE-2021-45441 |
۶.۳ |
Trend Micro Apex One Privilege Escalation |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-45231 |
۶.۳ |
Trend Micro Apex One/Worry-Free Business Security link following |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-44024 |
۸.۸ |
Trend Micro Apex One/Worry-Free Business Security link following |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-45440 |
۶.۳ |
Trend Micro Apex One/Worry-Free Business Security privileges assignment |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-45442 |
۸.۸ |
Trend Micro Worry-Free Business Security link following |
$۱۰k-$25k |
Not Defined |
|
CVE-2022-0213 |
۶.۵ |
vim heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2022-0158 |
۶.۵ |
vim heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-46059 |
۴.۳ |
vim regexp.c vim_regexec_multi denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2022-0156 |
۶.۵ |
vim use after free |
$۲k-$5k |
Official Fix |
|
CVE-2021-22060 |
۴.۶ |
VMware Spring Framework Log injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-46053 |
۳.۵ |
WebAssembly Binaryen denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-46050 |
۵.۵ |
WebAssembly Binaryen printf_common stack-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-46048 |
۳.۵ |
WebAssembly Binaryen readFunctions denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-46055 |
۳.۵ |
WebAssembly Binaryen Rethrow*) denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-46054 |
۳.۵ |
WebAssembly Binaryen Rethrow*) denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2021-46052 |
۳.۵ |
WebAssembly Binaryen validate denial of service |
$۰-$۱k |
Not Defined |
|
CVE-2022-22988 |
۸.۹ |
Western Digital EdgeRover Desktop App permission |
$۲k-$5k |
Official Fix |
|
CVE-2022-22991 |
۷.۰ |
Western Digital My Cloud OS DNS os command injection |
$۲k-$5k |
Official Fix |
|
CVE-2022-22989 |
۷.۱ |
Western Digital My Cloud OS FTP Service issues.c stack-based overflow |
$۱k-$2k |
Official Fix |
|
CVE-2021-25053 |
۴.۳ |
WP Coder Plugin Wow-Company Admin Menu Page include cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2022-23304 |
۲.۶ |
wpa_supplicant/hostapd EAP-pwd information exposure |
$۰-$۵k |
Official Fix |
|
CVE-2022-23303 |
۲.۶ |
wpa_supplicant/hostapd SAE information exposure |
$۰-$۵k |
Official Fix |
|
CVE-2022-23134 |
۵.۵ |
Zabbix Configuration setup.php access control |
$۲k-$5k |
Not Defined |
|
CVE-2022-23133 |
۴.۹ |
Zabbix Host Group cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2022-23132 |
۴.۳ |
Zabbix Installation zabbix access control |
$۱k-$2k |
Not Defined |
|
CVE-2022-23131 |
۸.۲ |
Zabbix SAML authentication spoofing |
$۱k-$2k |
Not Defined |
|
CVE-2020-28679 |
۶.۳ |
Zoho ManageEngine Applications Manager showReports Module sql injection |
$۱k-$2k |
Official Fix |
|
CVE-2021-44651 |
۶.۳ |
Zoho ManageEngine CloudSecurityPlus updatePersonalizeSettings Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2021-46165 |
۶.۳ |
Zoho ManageEngine Desktop Central Batch File Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2021-46164 |
۶.۳ |
Zoho ManageEngine Desktop Central Reports Module Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2021-46166 |
۳.۵ |
Zoho ManageEngine Desktop Central Reports Page information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-44650 |
۶.۳ |
Zoho ManageEngine M365 Manager Plus Proxy Settings Privilege Escalation |
$۲k-$5k |
Official Fix |
|
CVE-2021-44652 |
۶.۳ |
Zoho ManageEngine O365 Manager Plus ChangeDBAPI Privilege Escalation |
$۲k-$5k |
Official Fix |
