info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته چهارم دی‌ماه

 

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Microsoft و Cisco گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد.  همچنین در  محصولات شرکت‌های Adobe، Apache، Google، Siemens، Dell، IBM ، Jenkins وکرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه لینک رفع و سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری

امتیاز مبنا

عنوان آسیب‌پذیری

ارزش روز صفر

رفع آسیب‌پذیری

CVE-2021-20617

۶.۳

acmailer/acmailer DB access control

$۲k-$5k

Not Defined

CVE-2021-20618

۵.۳

acmailer/acmailer DB improper authentication

$۱k-$2k

Not Defined

CVE-2021-21008

۷.۰

Adobe Animate uncontrolled search path

$۲k-$5k

Official Fix

CVE-2021-21013

۷.۸

Adobe Bridge TTF File out-of-bounds write

$۵k-$10k

Official Fix

CVE-2021-21012

۷.۸

Adobe Bridge TTF File out-of-bounds write

$۵k-$10k

Official Fix

CVE-2021-21009

۸.۶

Adobe Campaign Classic server-side request forgery

$۵k-$10k

Official Fix

CVE-2021-21011

۷.۰

Adobe Captivate 2019 uncontrolled search path

$۲k-$5k

Official Fix

CVE-2021-21007

۷.۰

Adobe Illustrator uncontrolled search path

$۲k-$5k

Official Fix

CVE-2021-21010

۷.۰

Adobe InCopy uncontrolled search path

$۲k-$5k

Official Fix

CVE-2021-21006

۸.۶

Adobe Photoshop Font File heap-based overflow

$۵k-$10k

Official Fix

CVE-2020-35483

۵.۳

AnyDesk Portable Mode gcapi.dll uncontrolled search path

$۱k-$2k

Official Fix

CVE-2020-13922

۶.۵

Apache DolphinScheduler API Interface access control

$۱۰k-$25k

Official Fix

CVE-2020-11995

۹.۸

Apache Dubbo hashCode deserialization

$۱۰k-$25k

Official Fix

CVE-2020-17534

۵.۵

Apache NetBeans HTML-Java API access control

$۱۰k-$25k

Official Fix

CVE-2021-1146

۷.۲

Apache Operating System Web-based Management Interface command injection

$۱۰k-$25k

Official Fix

CVE-2021-1205

۷.۲

Apache Operating System Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1172

۷.۲

Apache Operating System Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1159

۷.۲

Apache Operating System Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-24122

۴.۳

Apache Tomcat NTFS File System File.getCanonicalPath information disclosure

$۵k-$10k

Not Defined

CVE-2020-17509

۷.۳

Apache Traffic Server Cache Option request smuggling

$۱۰k-$25k

Not Defined

CVE-2020-17508

۷.۵

Apache Traffic Server ESI Plugin information disclosure

$۲k-$5k

Official Fix

CVE-2020-24640

۵.۵

Aruba Airwave Glass Environment input validation

$۰-$۵k

Official Fix

CVE-2020-24638

۷.۲

Aruba Airwave Glass glassadmin CLI Remote Privilege Escalation

$۰-$۵k

Official Fix

CVE-2020-24639

۵.۵

Aruba Airwave Glass Java deserialization

$۰-$۵k

Official Fix

CVE-2020-24641

۶.۳

Aruba AirWave Glass server-side request forgery

$۰-$۵k

Official Fix

CVE-2020-6777

۲.۴

Bosch PRAESIDEO/PRAESENSA Web-based Management Interface cross site scripting

$۰-$۱k

Not Defined

CVE-2020-6776

۴.۳

Bosch PRAESIDEO/PRAESENSA Web-based Management Interface cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-1258

۵.۵

Cisco AnyConnect Secure Mobility Client access control

$۵k-$10k

Official Fix

CVE-2021-1237

۷.۸

Cisco AnyConnect Secure Mobility Client Network Access Manager/Web Security Agent uncontrolled search path

$۵k-$10k

Official Fix

CVE-2021-1143

۴.۳

Cisco Connected Mobile Experiences API GET Request authorization

$۱۰k-$25k

Official Fix

CVE-2021-1144

۸.۸

Cisco Connected Mobile Experiences Password authorization

$۱۰k-$25k

Official Fix

CVE-2021-1130

۴.۸

Cisco DNA Center Web-based Management Interface cross site scripting

$۲k-$5k

Official Fix

CVE-2021-1127

۵.۴

Cisco Enterprise NFV Infrastructure Software Web-based Management Interface cross site scripting

$۲k-$5k

Official Fix

CVE-2021-1246

۶.۵

Cisco Finesse Web-based Management Interface cross site scripting

$۵k-$10k

Official Fix

CVE-2021-1245

۶.۵

Cisco Finesse Web-based Management Interface cross site scripting

$۵k-$10k

Official Fix

CVE-2021-1126

۵.۵

Cisco FirePOWER Management Center credentials storage

$۵k-$10k

Official Fix

CVE-2021-1267

۴.۳

Cisco FirePOWER Management Center Dashboard Widget xml entity expansion

$۱۰k-$25k

Official Fix

CVE-2021-1239

۴.۸

Cisco FirePOWER Management Center Web-based Management Interface cross site scripting

$۲k-$5k

Official Fix

CVE-2021-1238

۴.۸

Cisco FirePOWER Management Center Web-based Management Interface cross site scripting

$۲k-$5k

Official Fix

CVE-2021-1236

۴.۰

Cisco Integrated Services Router Snort Application Detection Engine control flow

$۲۵k-$50k

Official Fix

CVE-2021-1223

۵.۸

Cisco Integrated Services Router Snort protection mechanism

$۲۵k-$50k

Official Fix

CVE-2021-1224

۵.۸

Cisco Integrated Services Router TCP Fast Open protection mechanism

$۲۵k-$50k

Official Fix

CVE-2021-1240

۴.۸

Cisco Proximity Desktop DLL Loader uncontrolled search path

$۵k-$10k

Official Fix

CVE-2021-1150

۷.۲

Cisco Small Business Web-based Management Interface command injection

$۱۰k-$25k

Workaround

CVE-2021-1149

۷.۲

Cisco Small Business Web-based Management Interface command injection

$۱۰k-$25k

Workaround

CVE-2021-1148

۷.۲

Cisco Small Business Web-based Management Interface command injection

$۱۰k-$25k

Workaround

CVE-2021-1147

۷.۲

Cisco Small Business Web-based Management Interface command injection

$۱۰k-$25k

Workaround

CVE-2021-1158

۲.۴

Cisco Small Business Web-based Management Interface cross site scripting

$۲k-$5k

Workaround

CVE-2021-1157

۲.۴

Cisco Small Business Web-based Management Interface cross site scripting

$۲k-$5k

Workaround

CVE-2021-1156

۲.۴

Cisco Small Business Web-based Management Interface cross site scripting

$۲k-$5k

Workaround

CVE-2021-1155

۲.۴

Cisco Small Business Web-based Management Interface cross site scripting

$۲k-$5k

Workaround

CVE-2021-1154

۲.۴

Cisco Small Business Web-based Management Interface cross site scripting

$۲k-$5k

Workaround

CVE-2021-1153

۲.۴

Cisco Small Business Web-based Management Interface cross site scripting

$۲k-$5k

Workaround

CVE-2021-1152

۲.۴

Cisco Small Business Web-based Management Interface cross site scripting

$۲k-$5k

Workaround

CVE-2021-1151

۲.۴

Cisco Small Business Web-based Management Interface cross site scripting

$۲k-$5k

Workaround

CVE-2021-1360

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1307

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1217

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1216

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1215

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1214

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1213

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1212

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1211

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1210

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1209

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1208

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1207

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1206

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1204

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1203

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1202

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1201

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1200

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1199

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1198

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1197

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1196

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1195

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1194

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1193

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1192

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1191

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1190

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1189

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1188

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1187

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1186

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1185

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1184

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1183

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1182

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1181

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1180

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1179

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1178

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1177

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1176

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1175

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1174

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1173

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1171

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1170

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1169

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1168

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1167

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1166

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1165

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1164

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1163

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1162

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1161

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1160

۷.۲

Cisco Small Business Web-based Management Interface stack-based overflow

$۱۰k-$25k

Workaround

CVE-2021-1145

۶.۵

Cisco StarOS SFTP symlink

$۱۰k-$25k

Official Fix

CVE-2021-1226

۴.۳

Cisco Unified Communications Manager Audit Logging log file

$۵k-$10k

Official Fix

CVE-2021-1131

۶.۵

Cisco Video Surveillance 8000 Discovery Protocol Packet memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1310

۴.۷

Cisco Webex Meetings Web-based Management Interface redirect

$۱۰k-$25k

Official Fix

CVE-2021-1311

۵.۴

Cisco WebEx Meetings/WebEx Meetings Server Host Key excessive authentication

$۵k-$10k

Official Fix

CVE-2021-1242

۴.۳

Cisco WebEx Teams Messaging Interface clickjacking

$۱۰k-$25k

Official Fix

CVE-2020-29495

۱۰.۰

Dell EMC Avamar Server Fitness Analyzer os command injection

$۵k-$25k

Official Fix

CVE-2020-29493

۱۰.۰

Dell EMC Avamar Server Fitness Analyzer sql injection

$۵k-$25k

Official Fix

CVE-2020-29494

۸.۷

Dell EMC Avamar Server PDM path traversal

$۵k-$25k

Not Defined

CVE-2020-27281

۶.۳

Delta Industrial Automation CNCSoft ScreenEditor Project File stack-based overflow

$۲k-$5k

Not Defined

CVE-2020-27289

۶.۳

Delta Industrial Automation CNCSoft-B null pointer dereference

$۰-$۱k

Not Defined

CVE-2020-27291

۶.۳

Delta Industrial Automation CNCSoft-B Project File out-of-bounds read

$۱k-$2k

Not Defined

CVE-2020-27287

۶.۳

Delta Industrial Automation CNCSoft-B Project File out-of-bounds write

$۲k-$5k

Not Defined

CVE-2020-27293

۶.۳

Delta Industrial Automation CNCSoft-B Project File type confusion

$۲k-$5k

Not Defined

CVE-2020-27277

۶.۳

Delta Industrial Automation DOPSoft Project File null pointer dereference

$۰-$۱k

Not Defined

CVE-2020-27275

۶.۳

Delta Industrial Automation DOPSoft Project File out-of-bounds write

$۲k-$5k

Not Defined

CVE-2020-27219

۴.۳

Eclipse Hawkbit JSON Response cross site scripting

$۰-$۵k

Official Fix

CVE-2020-27220

۴.۶

Eclipse Hono AMQP/MQTT authorization

$۰-$۵k

Not Defined

CVE-2021-23838

۳.۵

flatCore ACP Interface cross site scripting

$۰-$۵k

Official Fix

CVE-2021-23836

۳.۵

flatCore ACP Interface cross site scripting

$۰-$۵k

Official Fix

CVE-2021-23837

۶.۳

flatCore ACP Interface sql injection

$۰-$۵k

Official Fix

CVE-2021-23835

۲.۷

flatCore HTTP Request information disclosure

$۰-$۵k

Official Fix

CVE-2020-29017

۶.۳

Fortinet FortiDeceptor Customization Page os command injection

$۲k-$5k

Not Defined

CVE-2020-29015

۵.۶

Fortinet FortiWeb Authorization Header sql injection

$۲k-$5k

Official Fix

CVE-2020-29018

۶.۳

Fortinet FortiWeb format string

$۲k-$5k

Not Defined

CVE-2020-29019

۷.۳

Fortinet FortiWeb httpd stack-based overflow

$۲k-$5k

Official Fix

CVE-2020-29016

۷.۳

Fortinet FortiWeb Request stack-based overflow

$۲k-$5k

Official Fix

CVE-2021-22166

۵.۳

GitLab Community Edition/Enterprise Edition HTTP Request denial of service

$۰-$۵k

Official Fix

CVE-2021-22168

۴.۳

GitLab Community Edition/Enterprise Edition NuGet API denial of service

$۰-$۵k

Official Fix

CVE-2020-26414

۴.۳

GitLab Community Edition/Enterprise Edition Package Name denial of service

$۰-$۵k

Official Fix

CVE-2021-22171

۴.۳

GitLab Community Edition/Enterprise Edition Pages information disclosure

$۰-$۵k

Official Fix

CVE-2021-22167

۵.۰

GitLab Community Edition/Enterprise Edition Repository access control

$۰-$۵k

Official Fix

CVE-2021-0321

۵.۵

Google Android ActivityManagerService.java enforceDumpPermissionForPackage information disclosure

$۵k-$10k

Official Fix

CVE-2021-0308

۷.۸

Google Android basicmbr.cc ReadLogicalParts out-of-bounds write

$۲۵k-$50k

Official Fix

CVE-2021-0316

۹.۸

Google Android Bluetooth avrc_pars_tg.cc avrc_pars_vendor_cmd out-of-bounds write

$۵۰k-$100k

Official Fix

CVE-2021-0319

۷.۳

Google Android Bluetooth CompanionDeviceManagerService.java checkCallerIsSystemOr permission

$۲۵k-$50k

Official Fix

CVE-2020-0471

۹.۸

Google Android Bluetooth packet_fragmenter.cc reassemble_and_dispatch injection

$۵۰k-$100k

Official Fix

CVE-2021-0311

۶.۵

Google Android ESQueue.cpp dequeueAccessUnitH264 out-of-bounds write

$۵۰k-$100k

Official Fix

CVE-2020-27059

۷.۸

Google Android Fingerprint AuthenticationClient.java onAuthenticated clickjacking

$۲۵k-$50k

Official Fix

CVE-2021-0301

۶.۷

Google Android ged out-of-bounds write

$۵۰k-$100k

Official Fix

CVE-2021-0304

۵.۵

Google Android GlobalScreenshot.java information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-0309

۵.۵

Google Android grantCredentialsPermissionActivity information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-0315

۷.۳

Google Android GrantCredentialsPermissionActivity.java onCreate permission

$۲۵k-$50k

Official Fix

CVE-2021-0310

۷.۸

Google Android LazyServiceRegistrar.cpp LazyServiceRegistrar use after free

$۲۵k-$50k

Official Fix

CVE-2021-0320

۴.۷

Google Android Lockscreen keystore_keymaster_enforcement.h is_device_locked information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-0317

۷.۸

Google Android Permission.java createOrUpdate permission

$۲۵k-$50k

Official Fix

CVE-2021-0306

۷.۸

Google Android PermissionManagerService.java addAllPermissions permission

$۲۵k-$50k

Official Fix

CVE-2021-0307

۷.۸

Google Android PermissionManagerService.java updatePermissionSourcePackage permission

$۲۵k-$50k

Official Fix

CVE-2021-0318

۷.۸

Google Android SensorEventConnection.cpp appendEventsToCacheLocked out-of-bounds write

$۲۵k-$50k

Official Fix

CVE-2021-0322

۵.۰

Google Android SlicePermissionActivity.java onCreate information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-0303

۷.۰

Google Android StreamSetObserver.cpp dispatchGraphTerminationMessage use after free

$۲۵k-$50k

Official Fix

CVE-2021-0313

۷.۵

Google Android TextView LayoutUtils.cpp isWordBreakAfter denial of service

$۱۰k-$25k

Official Fix

CVE-2021-0342

۶.۷

Google Android tun.c tun_get_user memory corruption

$۲۵k-$50k

Official Fix

CVE-2021-0312

۶.۵

Google Android WAVExtractor.cpp read out-of-bounds write

$۵۰k-$100k

Official Fix

CVE-2020-16046

۴.۳

Google Chrome HTML Page cross site scripting

$۵k-$25k

Official Fix

CVE-2020-6572

۶.۳

Google Chrome HTML Page use after free

$۲۵k-$100k

Official Fix

CVE-2020-16045

۶.۳

Google Chrome HTML Page use after free

$۲۵k-$100k

Official Fix

CVE-2020-14274

۴.۳

HCL Commerce information disclosure

$۱k-$2k

Not Defined

CVE-2020-14275

۶.۳

HCL Commerce Remote Privilege Escalation

$۲k-$5k

Not Defined

CVE-2020-9203

۵.۳

Huawei P30 Broadcast Message Local Privilege Escalation

$۵k-$10k

Not Defined

CVE-2020-9144

۵.۵

Huawei Smartphone heap-based overflow

$۱۰k-$25k

Not Defined

CVE-2020-9143

۴.۳

Huawei Smartphone improper authentication

$۵k-$10k

Not Defined

CVE-2020-9141

۳.۵

Huawei Smartphone information disclosure

$۲k-$5k

Not Defined

CVE-2020-9145

۴.۱

Huawei Smartphone out-of-bounds write

$۰-$۱k

Not Defined

CVE-2020-9142

۵.۵

Huawei Smartphone Update heap-based overflow

$۱۰k-$25k

Not Defined

CVE-2020-9209

۵.۵

Huawei SMC Module access control

$۱۰k-$25k

Not Defined

CVE-2020-4838

۳.۵

IBM API Connect Web UI cross site scripting

$۲k-$5k

Not Defined

CVE-2020-4869

۵.۰

IBM MQ Appliance SNMP Query buffer overflow

$۱۰k-$25k

Not Defined

CVE-2020-4673

۴.۳

IBM Workload Automation HTML Comment information disclosure

$۵k-$10k

Not Defined

CVE-2020-4674

۴.۳

IBM Workload Automation Path information disclosure

$۵k-$10k

Not Defined

CVE-2021-21605

۵.۵

Jenkins Agent config.xml permission

$۱k-$2k

Not Defined

CVE-2021-21608

۳.۵

Jenkins cross site scripting

$۰-$۱k

Not Defined

CVE-2021-21611

۳.۵

Jenkins Display Name cross site scripting

$۰-$۱k

Not Defined

CVE-2021-21602

۵.۵

Jenkins File Browser link following

$۱k-$2k

Not Defined

CVE-2021-21610

۳.۵

Jenkins Markup cross site scripting

$۰-$۱k

Not Defined

CVE-2021-21603

۳.۵

Jenkins Notification Bar cross site scripting

$۰-$۱k

Not Defined

CVE-2021-21604

۵.۵

Jenkins Old Data Monitor deserialization

$۱k-$2k

Not Defined

CVE-2021-21609

۵.۵

Jenkins URL handler authorization

$۱k-$2k

Not Defined

CVE-2021-21607

۳.۵

Jenkins URL memory allocation

$۰-$۱k

Not Defined

CVE-2021-21606

۳.۵

Jenkins XML File information disclosure

$۰-$۱k

Not Defined

CVE-2021-23123

۳.۵

Joomla!‎ ACL or information disclosure

$۲k-$5k

Not Defined

CVE-2021-23124

۳.۵

Joomla!‎ Attribute cross site scripting

$۲k-$5k

Not Defined

CVE-2021-23125

۳.۵

Joomla!‎ Image cross site scripting

$۲k-$5k

Not Defined

CVE-2021-21252

۵.۳

jQuery Validation Plugin resource consumption

$۰-$۱k

Official Fix

CVE-2021-0203

۸.۶

Juniper EX/QFX5K RTG denial of service

$۵k-$25k

Official Fix

CVE-2021-0202

۷.۵

Juniper EX9200 IRB Interface memory leak

$۵k-$25k

Official Fix

CVE-2021-0215

۶.۵

Juniper Junos 802.‎1X Authenticator Port Interface resource consumption

$۰-$۵k

Official Fix

CVE-2021-0209

۶.۵

Juniper Junos BGP UPDATE uninitialized pointer

$۰-$۵k

Official Fix

CVE-2021-0207

۷.۵

Juniper Junos denial of service

$۵k-$25k

Official Fix

CVE-2021-0204

۷.۸

Juniper Junos dexp information disclosure

$۰-$۵k

Official Fix

CVE-2021-0217

۷.۴

Juniper Junos DHCP Packet memory corruption

$۵k-$25k

Official Fix

CVE-2021-0221

۶.۵

Juniper Junos IRB Interface denial of service

$۰-$۵k

Official Fix

CVE-2021-0210

۶.۸

Juniper Junos J-Web information disclosure

$۵k-$25k

Official Fix

CVE-2021-0218

۷.۸

Juniper Junos License-Check Daemon command injection

$۵k-$25k

Official Fix

CVE-2021-0219

۶.۷

Juniper Junos Package Validation Subsystem command injection

$۵k-$25k

Official Fix

CVE-2021-0206

۷.۵

Juniper Junos Packet Forwarding Engine denial of service

$۵k-$25k

Official Fix

CVE-2021-0222

۷.۵

Juniper Junos Protocol Packet denial of service

$۰-$۵k

Official Fix

CVE-2021-0208

۸.۸

Juniper Junos Routing Protocol denial of service

$۰-$۵k

Official Fix

CVE-2021-0211

۱۰.۰

Juniper Junos Routing Protocol denial of service

$۵k-$25k

Official Fix

CVE-2021-0220

۶.۸

Juniper Junos Space Network Management Platform credentials storage

$۵k-$25k

Official Fix

CVE-2021-0223

۷.۸

Juniper Junos telnetd.real unnecessary privileges

$۵k-$25k

Official Fix

CVE-2021-0205

۵.۸

Juniper MX IDS 32 access control

$۵k-$25k

Official Fix

CVE-2021-0212

۵.۰

Juniper Networks Contrail information disclosure

$۰-$۵k

Official Fix

CVE-2018-9332

۷.۸

K7computing K7AntiVirus Premium access control

$۱k-$2k

Official Fix

CVE-2018-11008

۵.۵

K7computing K7AntiVirus Premium access control

$۱k-$2k

Official Fix

CVE-2018-11010

۵.۵

K7computing K7AntiVirus Premium buffer overflow

$۲k-$5k

Official Fix

CVE-2018-11009

۵.۵

K7computing K7AntiVirus Premium buffer overflow

$۲k-$5k

Official Fix

CVE-2018-8044

۵.۳

K7computing K7AntiVirus Premium K7Sentry.sys access control

$۱k-$2k

Official Fix

CVE-2018-8724

۵.۳

K7computing K7AntiVirus Premium K7TSMngr.exe access control

$۱k-$2k

Official Fix

CVE-2018-9333

۵.۳

K7computing K7AntiVirus Premium K7TSMngr.exe buffer overflow

$۱k-$2k

Official Fix

CVE-2018-8726

۵.۳

K7computing K7AntiVirus Premium K7TSMngr.exe buffer overflow

$۱k-$2k

Official Fix

CVE-2018-8725

۵.۳

K7computing K7AntiVirus Premium K7TSMngr.exe buffer overflow

$۱k-$2k

Official Fix

CVE-2018-11246

۳.۵

K7computing K7AntiVirus Premium K7TSMngr.exe memory leak

$۰-$۱k

Official Fix

CVE-2020-28374

۶.۳

Linux Kernel LIO SCSI target_core_xcopy.c pathname traversal

$۱۰k-$25k

Official Fix

CVE-2021-1723

۷.۵

Microsoft ASP.NET Core/Visual Studio denial of service

$۱۰k-$25k

Official Fix

CVE-2021-1677

۵.۵

Microsoft Azure Kubernetes Service Pod Identity information disclosure

$۲k-$5k

Official Fix

CVE-2021-1725

۵.۵

Microsoft Bot Framework SDK information disclosure

$۲k-$5k

Official Fix

CVE-2021-1647

۷.۸

Microsoft Defender Remote Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-1705

۵.۳

Microsoft Edge memory corruption

$۵۰k-$100k

Official Fix

CVE-2021-1713

۷.۸

Microsoft Excel Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-1714

۷.۸

Microsoft Excel Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2021-1643

۷.۸

Microsoft HEVC Video Extensions Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2021-1644

۷.۸

Microsoft HEVC Video Extensions Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2021-1711

۷.۸

Microsoft Office Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2021-1718

۸.۰

Microsoft SharePoint Foundation Remote Privilege Escalation

$۱۰k-$25k

Official Fix

CVE-2021-1719

۸.۰

Microsoft SharePoint Server Remote Privilege Escalation

$۱۰k-$25k

Official Fix

CVE-2021-1712

۸.۰

Microsoft SharePoint Server Remote Privilege Escalation

$۱۰k-$25k

Official Fix

CVE-2021-1707

۸.۸

Microsoft SharePoint Server Remote Privilege Escalation

$۲۵k-$50k

Official Fix

CVE-2021-1717

۵.۴

Microsoft SharePoint Server unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2021-1641

۵.۴

Microsoft SharePoint Server unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-24003

۳.۳

Microsoft Skype Library Validation Entitlement access control

$۵k-$10k

Not Defined

CVE-2021-1636

۸.۸

Microsoft SQL Server Remote Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2020-26870

۶.۰

Microsoft Visual Studio Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-1649

۷.۸

Microsoft Windows Active Template Library Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1685

۷.۳

Microsoft Windows AppX Deployment Extensions Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1642

۷.۸

Microsoft Windows AppX Deployment Extensions Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1684

۳.۹

Microsoft Windows Bluetooth information disclosure

$۵k-$10k

Official Fix

CVE-2021-1683

۵.۰

Microsoft Windows Bluetooth information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-1638

۵.۵

Microsoft Windows Bluetooth Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1679

۶.۵

Microsoft Windows CryptoAPI denial of service

$۱۰k-$25k

Official Fix

CVE-2021-1693

۷.۸

Microsoft Windows CSC Service Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1688

۷.۸

Microsoft Windows CSC Service Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1659

۷.۸

Microsoft Windows CSC Service Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1655

۷.۸

Microsoft Windows CSC Service Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1654

۷.۸

Microsoft Windows CSC Service Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1653

۷.۸

Microsoft Windows CSC Service Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1652

۷.۸

Microsoft Windows CSC Service Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1680

۷.۸

Microsoft Windows Diagnostics Hub Standard Collector Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1651

۷.۸

Microsoft Windows Diagnostics Hub Standard Collector Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1637

۵.۵

Microsoft Windows DNS Query information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-1645

۵.۵

Microsoft Windows Docker information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-1668

۸.۳

Microsoft Windows DTV-DVD Video Decoder Remote Code Execution

$۱۰۰k and more

Official Fix

CVE-2021-1703

۷.۸

Microsoft Windows Event Logging Service Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1662

۷.۸

Microsoft Windows Event Tracing Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1657

۷.۸

Microsoft Windows Fax Compose Form Remote Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1670

۵.۵

Microsoft Windows File System FS Filter Driver information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-1708

۴.۶

Microsoft Windows GDI+ information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-1665

۸.۳

Microsoft Windows GDI+ Remote Code Execution

$۱۰۰k and more

Official Fix

CVE-2021-1696

۴.۹

Microsoft Windows Graphics information disclosure

$۲۵k-$50k

Official Fix

CVE-2021-1692

۷.۷

Microsoft Windows Hyper-V denial of service

$۱۰k-$25k

Official Fix

CVE-2021-1691

۷.۷

Microsoft Windows Hyper-V denial of service

$۱۰k-$25k

Official Fix

CVE-2021-1704

۷.۳

Microsoft Windows Hyper-V Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1661

۷.۸

Microsoft Windows Installer Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1697

۷.۸

Microsoft Windows InstallService Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1682

۷.۰

Microsoft Windows Kernel Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1706

۷.۳

Microsoft Windows LUAFV Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1710

۷.۰

Microsoft Windows Media Foundation Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2021-1699

۴.۴

Microsoft Windows modem.sys information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-1689

۷.۸

Microsoft Windows Multipoint Management Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1676

۴.۴

Microsoft Windows NT Lan Manager Datagram Receiver Driver information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-1678

۴.۳

Microsoft Windows NTLM information disclosure

$۲۵k-$50k

Official Fix

CVE-2021-1695

۷.۸

Microsoft Windows Print Spooler Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1672

۵.۵

Microsoft Windows Projected File System FS Filter Driver information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-1663

۵.۵

Microsoft Windows Projected File System FS Filter Driver information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-1674

۸.۸

Microsoft Windows RDP Core Remote Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-1669

۸.۸

Microsoft Windows RDP Remote Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-1702

۷.۸

Microsoft Windows RPC Runtime Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1701

۸.۸

Microsoft Windows RPC Runtime Remote Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-1700

۸.۸

Microsoft Windows RPC Runtime Remote Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-1673

۸.۸

Microsoft Windows RPC Runtime Remote Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-1671

۸.۸

Microsoft Windows RPC Runtime Remote Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-1667

۸.۸

Microsoft Windows RPC Runtime Remote Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-1666

۸.۸

Microsoft Windows RPC Runtime Remote Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-1664

۸.۸

Microsoft Windows RPC Runtime Remote Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-1660

۸.۸

Microsoft Windows RPC Runtime Remote Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-1658

۸.۸

Microsoft Windows RPC Runtime Remote Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-1650

۷.۸

Microsoft Windows Runtime C++ Template Library Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1648

۷.۸

Microsoft Windows splwow64 Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1656

۵.۵

Microsoft Windows TPM Device Driver information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-1694

۷.۵

Microsoft Windows Update Stack unknown vulnerability

$۵۰k-$100k

Official Fix

CVE-2021-1690

۷.۸

Microsoft Windows WalletService Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1687

۷.۸

Microsoft Windows WalletService Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1686

۷.۸

Microsoft Windows WalletService Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1681

۷.۸

Microsoft Windows WalletService Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1709

۷.۰

Microsoft Windows Win32k Local Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-1646

۷.۸

Microsoft Windows WLAN Service Local Privilege Escalation

$۲۵k-$50k

Official Fix

CVE-2021-1716

۷.۸

Microsoft Word Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-1715

۷.۸

Microsoft Word Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2020-16044

۷.۳

Mozilla Thunderbird SCTP Packet use after free

$۲۵k-$50k

Official Fix

CVE-2020-5633

۷.۳

NEC Express5800-T110j improper authentication

$۱k-$2k

Not Defined

CVE-2020-5686

۷.۳

NEC UNIVERGE SV8500/UNIVERGE SV9500 System Maintenance improper authentication

$۱k-$2k

Not Defined

CVE-2020-5685

۳.۵

NEC UNIVERGE SV8500/UNIVERGE SV9500 URL denial of service

$۰-$۱k

Not Defined

CVE-2020-24025

۶.۳

OneDev AJAX Event Listener improper authentication

$۱k-$2k

Not Defined

CVE-2021-21247

۹.۶

OneDev AttachmentUploadServlet deserialization

$۰-$۵k

Official Fix

CVE-2021-21242

۱۰.۰

OneDev AttachmentUploadServlet request.getInputStream unrestricted upload

$۰-$۵k

Official Fix

CVE-2021-21245

۱۰.۰

OneDev Bean Message injection

$۰-$۵k

Official Fix

CVE-2021-21244

۱۰.۰

OneDev injection

$۰-$۵k

Official Fix

CVE-2021-21248

۹.۶

OneDev Kubernetes REST Endpoint improper authentication

$۰-$۵k

Official Fix

CVE-2021-21243

۱۰.۰

OneDev KubernetesResource REST Endpoint path traversal

$۰-$۵k

Official Fix

CVE-2021-21251

۷.۷

OneDev REST UserResource Endpoint {id} authorization

$۰-$۵k

Official Fix

CVE-2021-21246

۸.۶

OneDev XML Document XmlBuildSpecMigrator.migrate information disclosure

$۰-$۵k

Official Fix

CVE-2021-21250

۷.۷

OneDev YAML Parser deserialization

$۰-$۵k

Official Fix

CVE-2021-23253

۴.۳

OWASP json-sanitizer JSON denial of service

$۲k-$5k

Official Fix

CVE-2021-23900

۳.۵

OWASP json-sanitizer Script Tag cross site scripting

$۰-$۱k

Official Fix

CVE-2020-16255

۳.۵

OX Software OX App Suite App Loading appsuite cross site scripting

$۰-$۵k

Official Fix

CVE-2020-24701

۳.۵

OX Software OX App Suite Appointment cross site scripting

$۰-$۱k

Not Defined

CVE-2021-23935

۳.۵

OX Software OX App Suite Binary File cross site scripting

$۰-$۱k

Not Defined

CVE-2021-23931

۳.۵

OX Software OX App Suite Contact cross site scripting

$۰-$۱k

Not Defined

CVE-2021-23934

۳.۵

OX Software OX App Suite Conversion API cross site scripting

$۰-$۱k

Not Defined

CVE-2021-23930

۳.۵

OX Software OX App Suite GET Request server-side request forgery

$۰-$۱k

Not Defined

CVE-2020-24700

۵.۵

OX Software OX App Suite HTML Document cross site scripting

$۱k-$2k

Not Defined

CVE-2021-23929

۴.۳

OX Software OX App Suite Inline Image cross site scripting

$۰-$۱k

Not Defined

CVE-2021-23932

۳.۵

OX Software OX App Suite Note cross site scripting

$۰-$۱k

Not Defined

CVE-2021-23933

۳.۵

OX Software OX App Suite PUT Request server-side request forgery

$۰-$۱k

Not Defined

CVE-2021-23927

۵.۵

OX Software OX App Suite Query String cross site scripting

$۱k-$2k

Not Defined

CVE-2021-23928

۳.۵

OX Software OX App Suite Subject cross site scripting

$۰-$۱k

Not Defined

CVE-2021-23936

۳.۵

Palo-Alto PAN OS Ethernet Packet information disclosure

$۰-$۱k

Not Defined

CVE-2021-3031

۴.۳

Palo-Alto PAN-OS log file

$۱k-$2k

Official Fix

CVE-2021-3032

۴.۴

Pillow PCX File PcxDecode buffer overflow

$۰-$۱k

Official Fix

CVE-2020-35653

۷.۱

Pillow SGI RLE Image SGIRleDecode buffer overflow

$۲k-$5k

Official Fix

CVE-2020-35655

۵.۵

Pillow YCbCr File TiffDecode heap-based overflow

$۲k-$5k

Official Fix

CVE-2020-25659

۳.۱

QEMU megasas-gen2 SCSI Host Bus Adapter Emulation megasas.c megasas_command_cancelled denial of service

$۰-$۱k

Not Defined

CVE-2020-35503

۳.۵

QEMU USB xHCI Controller Emulation hcd-xhci.c xhci_ring_chain_length denial of service

$۲k-$5k

Not Defined

CVE-2020-2508

۷.۲

Quest Policy Authority BrowseAssets.do cross site scripting

$۲k-$5k

Official Fix

CVE-2020-35721

۳.۵

Quest Policy Authority BrowseDirs.do cross site scripting

$۰-$۱k

Workaround

CVE-2020-35727

۳.۵

Quest Policy Authority Error.jsp cross site scripting

$۰-$۱k

Workaround

CVE-2020-35724

۳.۵

Quest Policy Authority FolderControl.jsp cross site scripting

$۰-$۱k

Workaround

CVE-2020-35204

۳.۵

Quest Policy Authority index.jsp cross site scripting

$۰-$۱k

Workaround

CVE-2020-35726

۳.۵

Quest Policy Authority index.jsp cross site scripting

$۰-$۱k

Workaround

CVE-2020-35725

۳.۵

Quest Policy Authority index.jsp cross site scripting

$۰-$۱k

Workaround

CVE-2020-35719

۳.۵

Quest Policy Authority ReportPreview.do cross site scripting

$۰-$۱k

Workaround

CVE-2020-35723

۳.۵

Quest Policy Authority submitUser.jsp cross site scripting

$۰-$۱k

Workaround

CVE-2020-35720

۳.۵

Quest Policy Authority Web Compliance Manager cConn.jsp cross site scripting

$۰-$۱k

Workaround

CVE-2020-35206

۳.۵

Quest Policy Authority Web Compliance Manager initFile.jsp cross site scripting

$۰-$۱k

Workaround

CVE-2020-35203

۳.۵

Quest Policy Authority Web Compliance Manager initFile.jsp server-side request forgery

$۰-$۱k

Workaround

CVE-2020-35205

۳.۵

Quest Policy Authority Web Compliance Manager submitUser.jsp cross-site request forgery

$۱k-$2k

Workaround

CVE-2020-35722

۳.۵

R Programming Language CRAN install.packages path traversal

$۰-$۱k

Workaround

CVE-2020-27637

۵.۵

RailsAdmin Nested Form cross site scripting

$۱k-$2k

Official Fix

CVE-2020-36190

۶.۱

Red Hat Single Sign On Application Console information disclosure

$۰-$۱k

Official Fix

CVE-2020-14341

۳.۵

REDCap ToDoList cross site scripting

$۲k-$5k

Not Defined

CVE-2020-26713

۳.۵

REDCap ToDoList sql injection

$۰-$۱k

Not Defined

CVE-2020-26298

۵.۴

SaferVPN OpenSSL Configuration File access control

$۰-$۱k

Official Fix

CVE-2020-26050

۷.۸

SAP 3D Visual Enterprise Viewer BMP File out-of-bounds write

$۲k-$5k

Not Defined

CVE-2021-21461

۴.۳

SAP 3D Visual Enterprise Viewer dib File out-of-bounds write

$۱۰k-$25k

Not Defined

CVE-2021-21460

۴.۳

SAP 3D Visual Enterprise Viewer dib File out-of-bounds write

$۱۰k-$25k

Not Defined

CVE-2021-21456

۴.۳

SAP 3D Visual Enterprise Viewer dib File out-of-bounds write

$۱۰k-$25k

Not Defined

CVE-2021-21455

۴.۳

SAP 3D Visual Enterprise Viewer GIF File denial of service

$۱۰k-$25k

Not Defined

CVE-2021-21452

۴.۳

SAP 3D Visual Enterprise Viewer IFF File denial of service

$۵k-$10k

Not Defined

CVE-2021-21449

۴.۳

SAP 3D Visual Enterprise Viewer IFF File memory corruption

$۵k-$10k

Not Defined

CVE-2021-21458

۶.۳

SAP 3D Visual Enterprise Viewer IFF File memory corruption

$۱۰k-$25k

Not Defined

CVE-2021-21457

۶.۳

SAP 3D Visual Enterprise Viewer IFF File out-of-bounds write

$۱۰k-$25k

Not Defined

CVE-2021-21459

۴.۳

SAP 3D Visual Enterprise Viewer PCX File denial of service

$۱۰k-$25k

Not Defined

CVE-2021-21464

۴.۳

SAP 3D Visual Enterprise Viewer PCX File out-of-bounds read

$۵k-$10k

Not Defined

CVE-2021-21463

۴.۳

SAP 3D Visual Enterprise Viewer PCX File out-of-bounds write

$۵k-$10k

Not Defined

CVE-2021-21462

۴.۳

SAP 3D Visual Enterprise Viewer PSD File denial of service

$۱۰k-$25k

Not Defined

CVE-2021-21450

۴.۳

SAP 3D Visual Enterprise Viewer RLE File denial of service

$۵k-$10k

Not Defined

CVE-2021-21453

۴.۳

SAP 3D Visual Enterprise Viewer RLE File out-of-bounds write

$۵k-$10k

Not Defined

CVE-2021-21454

۴.۳

SAP 3D Visual Enterprise Viewer SGI File denial of service

$۱۰k-$25k

Not Defined

CVE-2021-21451

۴.۳

SAP Banking Services Generic Market Data improper authorization

$۵k-$10k

Not Defined

CVE-2021-21467

۴.۳

SAP Business Warehouse Database Interface improper authorization

$۱۰k-$25k

Not Defined

CVE-2021-21468

۴.۳

SAP Business Warehouse Database Interface sql injection

$۱۰k-$25k

Not Defined

CVE-2021-21465

۶.۳

SAP Business Warehouse/BW4HANA ABAP Report injection

$۱۰k-$25k

Not Defined

CVE-2021-21466

۷.۴

SAP BusinessObjects Business Intelligence Platform Input Control cross site scripting

$۱۰k-$25k

Not Defined

CVE-2021-21447

۳.۵

SAP Commerce Cloud HTTP Response cross site scripting

$۲k-$5k

Not Defined

CVE-2021-21445

۳.۵

SAP EPM Add-in for Microsoft Office xml external entity reference

$۲k-$5k

Not Defined

CVE-2021-21470

۴.۵

SAP GUI improper authorization

$۲k-$5k

Not Defined

CVE-2021-21448

۳.۳

SAP NetWeaver AS ABAP denial of service

$۵k-$10k

Not Defined

CVE-2021-21446

۴.۳

SAP NetWeaver Master Data Management information disclosure

$۲k-$5k

Not Defined

CVE-2020-28470

۷.۳

Siemens JT2Go//Solid Edge/Teamcenter Visualization PAR File Parser out-of-bounds write

$۲k-$5k

Official Fix

CVE-2020-28383

۷.۸

Siemens JT2Go//Solid Edge/Teamcenter Visualization PAR File stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2020-26989

۷.۸

Siemens JT2Go/Teamcenter Visualization ASM File null pointer dereference

$۱۰k-$25k

Official Fix

CVE-2020-26991

۷.۸

Siemens JT2Go/Teamcenter Visualization ASM File type confusion

$۵k-$10k

Official Fix

CVE-2020-26990

۷.۸

Siemens JT2Go/Teamcenter Visualization CG4 File out-of-bounds read

$۱۰k-$25k

Official Fix

CVE-2020-26996

۷.۸

Siemens JT2Go/Teamcenter Visualization CG4 File out-of-bounds write

$۲k-$5k

Official Fix

CVE-2020-26982

۷.۸

Siemens JT2Go/Teamcenter Visualization CGM File stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2020-26993

۷.۸

Siemens JT2Go/Teamcenter Visualization CGM File stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2020-26992

۷.۸

Siemens JT2Go/Teamcenter Visualization JT File heap-based overflow

$۱۰k-$25k

Official Fix

CVE-2020-26986

۷.۸

Siemens JT2Go/Teamcenter Visualization JT File out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2020-26984

۷.۸

Siemens JT2Go/Teamcenter Visualization JT File Parser type confusion

$۱۰k-$25k

Official Fix

CVE-2020-26980

۷.۸

Siemens JT2Go/Teamcenter Visualization PAR File out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2020-26988

۷.۸

Siemens JT2Go/Teamcenter Visualization PCX File heap-based overflow

$۱۰k-$25k

Official Fix

CVE-2020-26994

۷.۸

Siemens JT2Go/Teamcenter Visualization PDF File out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2020-26983

۷.۸

Siemens JT2Go/Teamcenter Visualization RGB File heap-based overflow

$۱۰k-$25k

Official Fix

CVE-2020-26985

۷.۸

Siemens JT2Go/Teamcenter Visualization SGI File out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2020-26995

۷.۸

Siemens JT2Go/Teamcenter Visualization TGA File heap-based overflow

$۱۰k-$25k

Official Fix

CVE-2020-26987

۷.۸

Siemens JT2Go/Teamcenter Visualization XML File xml external entity reference

$۱۰k-$25k

Official Fix

CVE-2020-26981

۵.۵

Siemens Opcenter Execution Core insufficiently protected credentials

$۵k-$10k

Official Fix

CVE-2020-28390

۳.۳

Siemens SCALANCE X-200/SCALANCE X-200IRT C-PLUG hard-coded key

$۲k-$5k

Not Defined

CVE-2020-28391

۳.۱

Siemens SCALANCE X-200/SCALANCE X-200IRT Integrated Web Server denial of service

$۲k-$5k

Not Defined

CVE-2020-15799

۴.۳

Siemens SCALANCE X-200/SCALANCE X-200IRT Web Server heap-based overflow

$۲k-$5k

Not Defined

CVE-2020-25226

۵.۵

Siemens SCALANCE X-200/SCALANCE X-200IRT/SCALANCE X-300 Web Server heap-based overflow

$۱۰k-$25k

Not Defined

CVE-2020-15800

۵.۵

Siemens SCALANCE X-300/SCALANCE X-408/SIPLUS NET Factory Reset hard-coded key

$۱۰k-$25k

Official Fix

CVE-2020-28395

۳.۱

Siemens Solid Edge DFT File Parser out-of-bounds write

$۲k-$5k

Official Fix

CVE-2020-28386

۷.۸

Siemens Solid Edge PAR File Parser out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2020-28382

۷.۸

Siemens Solid Edge PAR File Parser out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2020-28381

۵.۵

Siemens Solid Edge PAR File Parser stack-based overflow

$۱۰k-$25k

Not Defined

CVE-2021-20616

۵.۵

Skyworth GN542VF Boa Session Cookie missing secure attribute

$۱k-$2k

Not Defined

CVE-2020-26732

۳.۷

Skyworth GN542VF Configuration Page cross site scripting

$۱k-$2k

Not Defined

CVE-2020-26118

۸.۸

Solarwinds Web Help Desk Schedule Name cross site scripting

$۲k-$5k

Official Fix

CVE-2021-23926

۵.۵

ZTE ZXV10 B860A Log information disclosure

$۱k-$2k

Not Defined

 

سطح خطر حدود ۴۷% آسیب‌پذیری‌های هفته، «پرخطر» و «حیاتی» برآورد شده است که بسیار قابل‌توجه است.

 

برای ۵۷% آسیب‌پذیری‌‌های هفته، به‌روزرسانی‌ها و یا وصله‌هایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده ازآسیب‌پذیری‌ها بهتر است سریعاً اعمال شوند.