آسیبپذیریهای حیاتی هفته چهارم فروردینماه
این هفته آسیبپذیریهای «حیاتی» و «پرخطر» بسیاری در محصولات مهم Microsoft گزارش و وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شد. همچنین در محصولات شرکتهای Google، Adobe، Netgear، SUSE، McAfee، Joomla!، Apache، افزونههای WordPress وکرنل لینوکس چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت.
لیست این آسیبپذیریها بههمراه سطح خطر آنها در جدول زیر آمده است.
|
شناسه آسیبپذیری |
امتیاز مبنا |
نوع آسیبپذیری |
ارزش روز صفر |
رفع آسیبپذیری |
|
CVE-2021-21092 |
۷.۸ |
Adobe Bridge buffer overflow |
$۰-$۵k |
Official Fix |
|
CVE-2021-21096 |
۶.۱ |
Adobe Bridge Genuine Software Service improper authorization |
$۰-$۵k |
Official Fix |
|
CVE-2021-21093 |
۷.۸ |
Adobe Bridge memory corruption |
$۰-$۵k |
Official Fix |
|
CVE-2021-21091 |
۳.۳ |
Adobe Bridge out-of-bounds read |
$۰-$۵k |
Official Fix |
|
CVE-2021-21095 |
۷.۸ |
Adobe Bridge out-of-bounds write |
$۰-$۵k |
Official Fix |
|
CVE-2021-21094 |
۷.۸ |
Adobe Bridge out-of-bounds write |
$۰-$۵k |
Official Fix |
|
CVE-2021-21087 |
۴.۶ |
Adobe ColdFusion cross site scripting |
$۰-$۵k |
Official Fix |
|
CVE-2021-21100 |
۷.۸ |
Adobe Digital Editions access control |
$۲k-$5k |
Official Fix |
|
CVE-2020-9668 |
۸.۲ |
Adobe Genuine Service Symlink access control |
$۵k-$25k |
Official Fix |
|
CVE-2020-9681 |
۶.۴ |
Adobe Genuine Service uncontrolled search path |
$۵k-$25k |
Official Fix |
|
CVE-2020-9667 |
۶.۴ |
Adobe Genuine Service uncontrolled search path |
$۵k-$25k |
Official Fix |
|
CVE-2021-28549 |
۷.۸ |
Adobe Photoshop JSX File Parser buffer overflow |
$۵k-$25k |
Official Fix |
|
CVE-2021-28548 |
۷.۸ |
Adobe Photoshop JSX File Parser buffer overflow |
$۵k-$25k |
Official Fix |
|
CVE-2021-24225 |
۳.۵ |
Advanced Booking Calendar Plugin GET Parameter cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-27181 |
۳.۵ |
Alt-N MDaemon cross-site request forgery |
$۲k-$5k |
Official Fix |
|
CVE-2021-27183 |
۶.۳ |
Alt-N MDaemon Remote Privilege Escalation |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27180 |
۳.۵ |
Alt-N MDaemon Worldclient cross site scripting |
$۲k-$5k |
Official Fix |
|
CVE-2021-27182 |
۴.۹ |
Alt-N MDaemon Worldclient injection |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29425 |
۵.۵ |
Apache Commons IO FileNameUtils.normalize path traversal |
$۵k-$10k |
Official Fix |
|
CVE-2021-30245 |
۶.۳ |
Apache OpenOffice Hyperlink Remote Code Execution |
$۵k-$25k |
Official Fix |
|
CVE-2021-29943 |
۶.۳ |
Apache Solr ConfigurableInternodeAuthHadoopPlugin authorization |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27905 |
۵.۵ |
Apache Solr replication server-side request forgery |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-29262 |
۳.۵ |
Apache Solr VMParamsAllAndReadonlyDigestZkACLProvider insufficiently protected credentials |
$۲k-$5k |
Official Fix |
|
CVE-2021-27850 |
۵.۳ |
Apache Tapestry AppModule.class deserialization |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27990 |
۶.۳ |
Appspace mail.aspx improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2021-27989 |
۳.۵ |
Appspace sgcontentset.aspx cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-3128 |
۴.۳ |
ASUS RT-AX3000/ZenWiFi AX/RT-AX88U IPv6 Router Advertisement infinite loop |
$۰-$۱k |
Official Fix |
|
CVE-2021-26073 |
۶.۳ |
Atlassian Connect Express Lifecycle Endpoint improper authentication |
$۰-$۵k |
Official Fix |
|
CVE-2021-26074 |
۶.۳ |
Atlassian Connect Spring Boot Lifecycle Endpoint improper authentication |
$۰-$۵k |
Official Fix |
|
CVE-2021-26076 |
۳.۷ |
Atlassian JIRA Server/Data Center Cookie missing secure attribute |
$۱k-$2k |
Official Fix |
|
CVE-2020-36288 |
۳.۵ |
Atlassian JIRA Server/Data Center Issue Navigation/Search View cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-26075 |
۴.۳ |
Atlassian JIRA Server/Data Center Jira Importers Plugin information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2021-20288 |
۷.۳ |
Ceph CEPHX_GET_AUTH_SESSION_KEY Request improper authentication |
$۰-$۵k |
Official Fix |
|
CVE-2021-23371 |
۵.۳ |
chrono-node Date String denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-24215 |
۶.۳ |
Controlled Admin Access Plugin customization.php access control |
$۲k-$5k |
Official Fix |
|
CVE-2020-28593 |
۶.۳ |
Cosori Smart Air Fryer CS158-AF JSON Object backdoor |
$۰-$۵k |
Not Defined |
|
CVE-2020-28592 |
۶.۳ |
Cosori Smart Air Fryer CS158-AF JSON Object heap-based overflow |
$۰-$۵k |
Not Defined |
|
CVE-2021-28855 |
۳.۵ |
Deark deark-dbuf.c dbuf_write null pointer dereference |
$۰-$۱k |
Official Fix |
|
CVE-2021-28856 |
۳.۵ |
Deark fmtutil.c divide by zero |
$۰-$۱k |
Official Fix |
|
CVE-2021-28157 |
۴.۷ |
Devolutions Server/Server LTS delete sql injection |
$۱k-$2k |
Official Fix |
|
CVE-2021-28048 |
۶.۳ |
Devolutions Server/Server LTS HTML Page unknown vulnerability |
$۲k-$5k |
Official Fix |
|
CVE-2021-27250 |
۶.۵ |
D-Link DAP-2020 CGI Script file inclusion |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27249 |
۸.۸ |
D-Link DAP-2020 CGI Script os command injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-27248 |
۸.۸ |
D-Link DAP-2020 CGI Script stack-based overflow |
$۲۵k-$50k |
Not Defined |
|
CVE-2021-29379 |
۵.۵ |
D-Link DIR-802 A1 UPnP command injection |
$۱۰k-$25k |
Workaround |
|
CVE-2021-27114 |
۵.۵ |
D-Link DIR-816 A2 addassignment stack-based overflow |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-27113 |
۵.۵ |
D-Link DIR-816 A2 HTTP Request addRouting os command injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2020-13533 |
۷.۸ |
Dreamreport Dream Report Binary backdoor |
$۱k-$2k |
Not Defined |
|
CVE-2020-13534 |
۷.۸ |
Dreamreport Dream Report CLSID access control |
$۱k-$2k |
Not Defined |
|
CVE-2020-13532 |
۸.۰ |
Dreamreport Dream Report Syncfusion Dashboard Service access control |
$۲k-$5k |
Not Defined |
|
CVE-2021-23277 |
۷.۵ |
Eaton Intelligent Power Manager Code Syntax utils.js loadUserFile code injection |
$۲k-$5k |
Official Fix |
|
CVE-2021-23280 |
۸.۰ |
Eaton Intelligent Power Manager File Upload maps_srv.js uploadBackgroud unrestricted upload |
$۲k-$5k |
Official Fix |
|
CVE-2021-23279 |
۴.۲ |
Eaton Intelligent Power Manager meta_driver_srv.js saveDriverData input validation |
$۲k-$5k |
Official Fix |
|
CVE-2021-23278 |
۴.۶ |
Eaton Intelligent Power Manager Packet maps_srv.js removeBackground input validation |
$۱k-$2k |
Official Fix |
|
CVE-2021-23281 |
۱۰.۰ |
Eaton Intelligent Power Manager Packet meta_driver_srv.js coverterCheckList code injection |
$۲k-$5k |
Official Fix |
|
CVE-2021-23276 |
۶.۳ |
Eaton Intelligent Power Manager Packet sql injection |
$۱k-$2k |
Official Fix |
|
CVE-2021-31229 |
۵.۵ |
ezXML XML File Parser libezxml.a ezxml_internal_dtd out-of-bounds write |
$۰-$۵k |
Not Defined |
|
CVE-2021-31347 |
۵.۵ |
ezXML XML File Parser libezxml.a ezxml_parse_str memory corruption |
$۰-$۵k |
Not Defined |
|
CVE-2021-31348 |
۳.۵ |
ezXML XML File Parser libezxml.a ezxml_parse_str out-of-bounds read |
$۰-$۵k |
Not Defined |
|
CVE-2021-24218 |
۳.۵ |
Facebook for WordPress Plugin AJAX Action wp_ajax_delete_fbe_settings cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2021-24217 |
۶.۳ |
Facebook for WordPress Plugin Function run_action deserialization |
$۲k-$5k |
Official Fix |
|
CVE-2021-24028 |
۵.۵ |
Facebook Thrift release of reference |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-24024 |
۶.۵ |
Fortinet FortiADCManager/FortiADC log file |
$۱k-$2k |
Official Fix |
|
CVE-2019-17656 |
۵.۴ |
Fortinet FortiOS/FortiProxy HTTP Daemon stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2020-15942 |
۴.۳ |
Fortinet FortiWeb Web Vulnerability Scan Profile information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2021-22190 |
۵.۰ |
GitLab JWT Token path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-3487 |
۳.۵ |
GNU Binutils BFD Library memory allocation |
$۰-$۵k |
Official Fix |
|
CVE-2021-0429 |
۷.۸ |
Google Android ALooper.cpp pollOnce memory corruption |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0431 |
۷.۵ |
Google Android avrc_api.cc avrc_msg_cback out-of-bounds read |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0435 |
۷.۵ |
Google Android avrc_api.cc avrc_proc_vendor_command information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0433 |
۸.۰ |
Google Android Bluetooth DeviceChooserActivity.java onCreate improper restriction of rendered ui layers |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0439 |
۷.۸ |
Google Android com_android_server_power_PowerManagerService.cpp setPowerModeWithHandle out-of-bounds write |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0444 |
۲.۸ |
Google Android Contacts QuickContactActivity.java onActivityResult information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-0436 |
۵.۵ |
Google Android CryptoPlugin.cpp decrypt out-of-bounds read |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0471 |
۳.۳ |
Google Android CryptoPlugin.cpp decrypt_1_2 out-of-bounds read |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0437 |
۷.۸ |
Google Android DrmPlugin.cpp setPlayPolicy double free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0400 |
۵.۵ |
Google Android GnssLocationProvider.java handleUpdateLocation input validation |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0446 |
۴.۸ |
Google Android ImportVCardActivity improper restriction of rendered ui layers |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0442 |
۷.۸ |
Google Android InputApplicationHandle.cpp updateInfo use after free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0438 |
۷.۸ |
Google Android InputDispatcher.cpp improper restriction of rendered ui layers |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0468 |
۴.۱ |
Google Android LK Local Privilege Escalation |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0427 |
۷.۸ |
Google Android LogEvent.cpp parseExclusiveStateAnnotation out-of-bounds write |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0426 |
۷.۸ |
Google Android LogEvent.cpp parsePrimaryFieldFirstUidAnnotation out-of-bounds write |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-0430 |
۹.۸ |
Google Android NFC rw_mfc.cc rw_mfc_handle_read_op out-of-bounds write |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-0488 |
۵.۳ |
Google Android pb_encode.c pb_write out-of-bounds write |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0443 |
۴.۷ |
Google Android Screenshot ScreenshotHelper.java information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0432 |
۷.۰ |
Google Android StatsPullerManager.cpp ForceClearPullerCache use after free |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-0428 |
۵.۵ |
Google Android TelephonyManager.java getSimSerialNumber information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-0445 |
۵.۳ |
Google Android WelcomeActivity.java start Local Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-21199 |
۸.۸ |
Google Chrome Aura use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-21198 |
۷.۴ |
Google Chrome IPC out-of-bounds read |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-21194 |
۸.۸ |
Google Chrome Screen Sharing use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-21197 |
۸.۸ |
Google Chrome TabStrip heap-based overflow |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-21196 |
۸.۸ |
Google Chrome TabStrip heap-based overflow |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-21195 |
۸.۸ |
Google Chrome v8 use after free |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-29429 |
۴.۳ |
Gradle Download temp file |
$۲k-$5k |
Official Fix |
|
CVE-2021-29428 |
۵.۳ |
Gradle temp file |
$۱k-$2k |
Official Fix |
|
CVE-2021-29427 |
۴.۱ |
Gradle unknown vulnerability |
$۱k-$2k |
Official Fix |
|
CVE-2021-29439 |
۴.۷ |
Grav Admin Plugin admin authorization |
$۱k-$2k |
Official Fix |
|
CVE-2021-29440 |
۴.۷ |
Grav Twig Processing code injection |
$۱k-$2k |
Official Fix |
|
CVE-2020-35418 |
۳.۵ |
Group Office Contact Page cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-35419 |
۳.۵ |
Group Office Parameter cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-28060 |
۶.۳ |
Group Office URL Parameter upload.php server-side request forgery |
$۲k-$5k |
Not Defined |
|
CVE-2021-26582 |
۴.۳ |
HPE IceWall SSO Domain Gateway Option Module cross site scripting |
$۵k-$25k |
Official Fix |
|
CVE-2021-20491 |
۴.۴ |
IBM Spectrum Protect Command Parser stack-based overflow |
$۵k-$25k |
Not Defined |
|
CVE-2020-24285 |
۳.۵ |
Intelbras Tip 200 cgiServer.exx information disclosure |
$۰-$۱k |
Not Defined |
|
CVE-2021-3017 |
۴.۳ |
Intelbras WIN 300/WRN 342 source code |
$۱k-$2k |
Not Defined |
|
CVE-2021-26030 |
۳.۵ |
Joomla! Error Page cross site scripting |
$۲k-$5k |
Not Defined |
|
CVE-2021-26031 |
۵.۵ |
Joomla! Module Layout Settings unknown vulnerability |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-29443 |
۳.۷ |
jose information exposure |
$۰-$۵k |
Official Fix |
|
CVE-2021-29444 |
۳.۷ |
jose-browser-runtime information exposure |
$۰-$۵k |
Official Fix |
|
CVE-2021-29446 |
۳.۷ |
jose-node-cjs-runtime information exposure |
$۰-$۵k |
Official Fix |
|
CVE-2021-29445 |
۳.۷ |
jose-node-esm-runtime information exposure |
$۰-$۵k |
Official Fix |
|
CVE-2021-3462 |
۵.۳ |
Lenovo Power Management Driver Device Object default permission |
$۱k-$2k |
Official Fix |
|
CVE-2021-3463 |
۵.۵ |
Lenovo Power Management Driver null pointer dereference |
$۰-$۱k |
Official Fix |
|
CVE-2021-3473 |
۲.۴ |
Lenovo XClarity Controller XCC Configuration Backup restore cleartext transmission |
$۰-$۱k |
Not Defined |
|
CVE-2020-36322 |
۵.۷ |
Linux Kernel Filesystem fuse_do_getattr denial of service |
$۲k-$5k |
Official Fix |
|
CVE-2021-29432 |
۴.۶ |
Matrix Sydent Email input validation |
$۰-$۵k |
Official Fix |
|
CVE-2021-29431 |
۴.۳ |
Matrix Sydent HTTP GET Request server-side request forgery |
$۰-$۵k |
Official Fix |
|
CVE-2021-29430 |
۵.۳ |
Matrix Sydent HTTP Request resource consumption |
$۰-$۵k |
Official Fix |
|
CVE-2021-29433 |
۴.۳ |
Matrix Sydent resource consumption |
$۰-$۵k |
Official Fix |
|
CVE-2020-7270 |
۴.۹ |
McAfee Advanced Threat Defense HTTP Request Parameter information disclosure |
$۲k-$5k |
Official Fix |
|
CVE-2020-7269 |
۴.۹ |
McAfee Advanced Threat Defense HTTP Request Parameter information disclosure |
$۲k-$5k |
Official Fix |
|
CVE-2021-23884 |
۴.۳ |
McAfee Content Security Reporter ePO Extension cleartext transmission |
$۲k-$5k |
Official Fix |
|
CVE-2021-23886 |
۵.۵ |
McAfee Data Loss Prevention hdlphook Driver denial of service |
$۲k-$5k |
Official Fix |
|
CVE-2021-23887 |
۷.۸ |
McAfee Data Loss Prevention hdlphook Driver privileges management |
$۱۰k-$25k |
Official Fix |
|
CVE-2020-7308 |
۴.۸ |
McAfee Endpoint Security/Global Threat Intelligence DNS cleartext transmission |
$۵k-$10k |
Official Fix |
|
CVE-2021-22505 |
۵.۵ |
Micro Focus Operations Agent access control |
$۱k-$2k |
Not Defined |
|
CVE-2021-28458 |
۷.۸ |
Microsoft @azure-ms-rest-nodeauth Local Privilege Escalation |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28459 |
۶.۱ |
Microsoft Azure DevOps Server unknown vulnerability |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27067 |
۵.۸ |
Microsoft Azure DevOps Server/Team Foundation Server information disclosure |
$۵k-$10k |
Official Fix |
|
CVE-2021-28460 |
۷.۹ |
Microsoft Azure Sphere Local Privilege Escalation |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28480 |
۹.۸ |
Microsoft Exchange Server Remote Code Execution |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28481 |
۹.۸ |
Microsoft Exchange Server Remote Code Execution |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28482 |
۸.۸ |
Microsoft Exchange Server Remote Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28483 |
۹.۰ |
Microsoft Exchange Server unknown vulnerability |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-28470 |
۷.۰ |
Microsoft GitHub Pull Requests and Issues Extension Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28448 |
۷.۰ |
Microsoft Kubernetes Tools Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28472 |
۷.۰ |
Microsoft Maven for Java Extension Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28456 |
۴.۴ |
Microsoft Office Excel information disclosure |
$۲k-$5k |
Official Fix |
|
CVE-2021-28449 |
۷.۰ |
Microsoft Office Excel Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28451 |
۷.۰ |
Microsoft Office Excel Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28454 |
۷.۰ |
Microsoft Office Excel Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28452 |
۷.۱ |
Microsoft Outlook memory corruption |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28466 |
۸.۳ |
Microsoft Raw Image Extension Remote Code Execution |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-28468 |
۸.۳ |
Microsoft Raw Image Extension Remote Code Execution |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-28450 |
۵.۰ |
Microsoft SharePoint Update denial of service |
$۲k-$5k |
Official Fix |
|
CVE-2021-28457 |
۶.۴ |
Microsoft Visual Studio Code Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28469 |
۶.۴ |
Microsoft Visual Studio Code Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28475 |
۶.۴ |
Microsoft Visual Studio Code Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28477 |
۶.۰ |
Microsoft Visual Studio Code Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28473 |
۶.۴ |
Microsoft Visual Studio Code Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28471 |
۶.۴ |
Microsoft Visual Studio Code Remote Development Extension Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27064 |
۷.۸ |
Microsoft Visual Studio Installer Local Privilege Escalation |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28464 |
۸.۳ |
Microsoft VP9 Video Extensions Remote Code Execution |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-28311 |
۶.۵ |
Microsoft Windows Application Compatibility Cache denial of service |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28326 |
۵.۸ |
Microsoft Windows AppX Deployment Server denial of service |
$۵k-$10k |
Official Fix |
|
CVE-2021-27092 |
۶.۸ |
Microsoft Windows Azure AD Web Sign-in Local Privilege Escalation |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-28317 |
۴.۸ |
Microsoft Windows Codecs Library information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28438 |
۵.۲ |
Microsoft Windows Console Driver denial of service |
$۵k-$10k |
Official Fix |
|
CVE-2021-28443 |
۵.۵ |
Microsoft Windows Console Driver denial of service |
$۵k-$10k |
Official Fix |
|
CVE-2021-28313 |
۷.۸ |
Microsoft Windows Diagnostics Hub Standard Collector Service Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28321 |
۷.۸ |
Microsoft Windows Diagnostics Hub Standard Collector Service privileges management |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28322 |
۷.۸ |
Microsoft Windows Diagnostics Hub Standard Collector Service privileges management |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28323 |
۵.۸ |
Microsoft Windows DNS information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-28328 |
۵.۴ |
Microsoft Windows DNS information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-27094 |
۴.۴ |
Microsoft Windows Early Launch Antimalware Driver unknown vulnerability |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-28446 |
۷.۱ |
Microsoft Windows Early Launch Antimalware Driver unknown vulnerability |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-28447 |
۴.۴ |
Microsoft Windows Early Launch Antimalware Driver unknown vulnerability |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-28320 |
۷.۸ |
Microsoft Windows esource Manager PSM Service Extension privileges management |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28435 |
۴.۴ |
Microsoft Windows Event Tracing information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27088 |
۷.۸ |
Microsoft Windows Event Tracing privileges management |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28318 |
۴.۸ |
Microsoft Windows GDI+ information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28348 |
۷.۰ |
Microsoft Windows GDI+ Remote Code Execution |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28349 |
۷.۰ |
Microsoft Windows GDI+ Remote Code Execution |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28350 |
۷.۰ |
Microsoft Windows GDI+ Remote Code Execution |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26416 |
۷.۷ |
Microsoft Windows Hyper-V denial of service |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28441 |
۵.۱ |
Microsoft Windows Hyper-V information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28314 |
۷.۸ |
Microsoft Windows Hyper-V Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28444 |
۵.۷ |
Microsoft Windows Hyper-V unknown vulnerability |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28437 |
۴.۴ |
Microsoft Windows Installer information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-26415 |
۷.۸ |
Microsoft Windows Installer Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28440 |
۷.۰ |
Microsoft Windows Installer Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26413 |
۵.۸ |
Microsoft Windows Installer unknown vulnerability |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-27089 |
۷.۳ |
Microsoft Windows Internet Messaging API Remote Code Execution |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-27093 |
۴.۴ |
Microsoft Windows Kernel information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28309 |
۴.۸ |
Microsoft Windows Kernel information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27079 |
۵.۲ |
Microsoft Windows Media Photo Codec information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-27095 |
۷.۰ |
Microsoft Windows Media Video Decoder Remote Code Execution |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28315 |
۷.۳ |
Microsoft Windows Media Video Decoder Remote Code Execution |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28445 |
۸.۱ |
Microsoft Windows Network File System unknown vulnerability |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28312 |
۳.۰ |
Microsoft Windows NTFS denial of service |
$۵k-$10k |
Official Fix |
|
CVE-2021-27096 |
۷.۸ |
Microsoft Windows NTFS Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-26417 |
۴.۸ |
Microsoft Windows Overlay Filter information disclosure |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28332 |
۸.۸ |
Microsoft Windows Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28339 |
۸.۸ |
Microsoft Windows Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28327 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28329 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28330 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28331 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28333 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28334 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28335 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28336 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28337 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28338 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28340 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28341 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28342 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28343 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28344 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28346 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28352 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28353 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28354 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28355 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28356 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28357 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28358 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28434 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-28345 |
۸.۸ |
Microsoft Windows Remote Procedure Call Runtime Remote Remote Privilege Escalation |
$۱۰۰k and more |
Official Fix |
|
CVE-2021-27091 |
۷.۸ |
Microsoft Windows RPC Endpoint Mapper Service privileges management |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-27090 |
۷.۸ |
Microsoft Windows Secure Kernel Mode privileges management |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-27086 |
۷.۸ |
Microsoft Windows Services/Controller App Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28324 |
۶.۸ |
Microsoft Windows SMB information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-28325 |
۵.۴ |
Microsoft Windows SMB information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-28347 |
۷.۸ |
Microsoft Windows Speech Runtime Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28351 |
۷.۸ |
Microsoft Windows Speech Runtime Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28436 |
۷.۸ |
Microsoft Windows Speech Runtime Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28319 |
۷.۵ |
Microsoft Windows TCP/IP Driver denial of service |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28439 |
۷.۵ |
Microsoft Windows TCP/IP Driver denial of service |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-28442 |
۵.۴ |
Microsoft Windows TCP/IP information disclosure |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-28310 |
۷.۸ |
Microsoft Windows Win32k Local Privilege Escalation |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-27072 |
۷.۳ |
Microsoft Windows Win32k privileges management |
$۵۰k-$100k |
Official Fix |
|
CVE-2021-28316 |
۳.۶ |
Microsoft Windows WLAN AutoConfig Service information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-28453 |
۷.۰ |
Microsoft Word/Office/SharePoint Remote Code Execution |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27253 |
۸.۸ |
Netgear Nighthawk R7800 apply_bind.cgi heap-based overflow |
$۲۵k-$50k |
Official Fix |
|
CVE-2021-27251 |
۸.۸ |
Netgear Nighthawk R7800 Update cleartext transmission |
$۵k-$10k |
Not Defined |
|
CVE-2021-27252 |
۸.۸ |
Netgear R7800 DHCP os command injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-22879 |
۵.۵ |
Nextcloud Desktop Client URL Validation resource injection |
$۲k-$5k |
Official Fix |
|
CVE-2021-29438 |
۴.۶ |
Nextcloud Dialogs Library Toast cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2020-27239 |
۷.۳ |
OpenClinic GA getAssets.jsp sql injection |
$۰-$۵k |
Not Defined |
|
CVE-2020-27237 |
۷.۳ |
OpenClinic GA getAssets.jsp sql injection |
$۰-$۵k |
Not Defined |
|
CVE-2020-27236 |
۸.۰ |
OpenClinic GA getAssets.jsp sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-27235 |
۸.۰ |
OpenClinic GA getAssets.jsp sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-27234 |
۸.۰ |
OpenClinic GA getAssets.jsp sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-27233 |
۸.۰ |
OpenClinic GA getAssets.jsp sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-27228 |
۵.۵ |
OpenClinic GA Installation permission |
$۱k-$2k |
Not Defined |
|
CVE-2020-27227 |
۶.۳ |
OpenClinic GA Web Request command injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-29338 |
۴.۳ |
OpenJPEG Command Line Option integer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2020-29593 |
۳.۵ |
Orchard File Type cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2020-29592 |
۵.۵ |
Orchard TinyMCE HTML Editor File Upload unrestricted upload |
$۱k-$2k |
Official Fix |
|
CVE-2021-29357 |
۵.۵ |
OutSystems Platform Server ECT Provider server-side request forgery |
$۱k-$2k |
Official Fix |
|
CVE-2021-3493 |
۸.۸ |
overlayfs privileges management |
$۵k-$25k |
Official Fix |
|
CVE-2021-27259 |
۷.۸ |
Parallels Desktop Toolgate integer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-27260 |
۲.۳ |
Parallels Desktop Toolgate out-of-bounds read |
$۰-$۱k |
Not Defined |
|
CVE-2021-24229 |
۶.۵ |
Patreon Plugin AJAX Action patreon_save_attachment_patreon_level cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-24231 |
۵.۰ |
Patreon Plugin cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2021-24230 |
۵.۸ |
Patreon Plugin cross-site request forgery |
$۰-$۱k |
Official Fix |
|
CVE-2021-24228 |
۶.۵ |
Patreon Plugin Login Form wp-login.php cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-24227 |
۵.۹ |
Patreon Plugin wp-config.php information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2020-13568 |
۷.۵ |
phpGACL POST Parameter edit_group.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-13566 |
۷.۵ |
phpGACL POST Parameter edit_group.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-27544 |
۳.۵ |
PHPGurukul Beauty Parlour Management Syste add-services.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-27545 |
۶.۳ |
PHPGurukul Beauty Parlour Management System add-services.php sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-29448 |
۴.۳ |
Pi-hole Admin Portal cross site scripting |
$۰-$۵k |
Official Fix |
|
CVE-2021-29449 |
۵.۳ |
Pi-hole privileges management |
$۱k-$2k |
Not Defined |
|
CVE-2021-28797 |
۹.۸ |
QNAP NAS Surveillance Station stack-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2020-36195 |
۷.۳ |
QNAP QTS Multimedia Console/Media Streaming Add-on sql injection |
$۰-$۵k |
Official Fix |
|
CVE-2020-2509 |
۵.۵ |
QNAP QTS/QuTS Hero command injection |
$۰-$۵k |
Official Fix |
|
CVE-2021-24221 |
۷.۳ |
Quiz And Survey Master Plugin sql injection |
$۲k-$5k |
Official Fix |
|
CVE-2021-30494 |
۵.۵ |
Razer Synapse File Name unknown vulnerability |
$۲k-$5k |
Not Defined |
|
CVE-2021-30493 |
۵.۵ |
Razer Synapse File Name unknown vulnerability |
$۲k-$5k |
Not Defined |
|
CVE-2021-30044 |
۴.۴ |
Remote Clinic register.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-30042 |
۴.۴ |
Remote Clinic register.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-30030 |
۴.۴ |
Remote Clinic register-patient.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-30039 |
۴.۴ |
Remote Clinic register-report.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2021-30034 |
۴.۴ |
Remote Clinic register-report.php cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-13592 |
۷.۱ |
Rukovoditel Project Management App choices sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2020-13587 |
۶.۱ |
Rukovoditel Project Management App rules cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2020-13591 |
۷.۱ |
Rukovoditel Project Management App rules_form sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-25381 |
۳.۳ |
Samsung Account Pendingetent improper authorization |
$۰-$۱k |
Official Fix |
|
CVE-2021-25363 |
۵.۳ |
Samsung ActivityManagerService privileges management |
$۱k-$2k |
Official Fix |
|
CVE-2021-25380 |
۵.۸ |
Samsung Bixby Exception Remote Code Execution |
$۲k-$5k |
Official Fix |
|
CVE-2021-25362 |
۴.۴ |
Samsung CertInstaller privileges management |
$۱k-$2k |
Official Fix |
|
CVE-2021-25357 |
۲.۵ |
Samsung Create Movie Contact Information information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-25373 |
۳.۳ |
Samsung Customization Service Pendingetent improper authorization |
$۰-$۱k |
Official Fix |
|
CVE-2021-25375 |
۴.۳ |
Samsung Email Attachment information disclosure |
$۱k-$2k |
Official Fix |
|
CVE-2021-25376 |
۳.۱ |
Samsung Email Synchronization information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-25377 |
۳.۳ |
Samsung Experience Service Intent improper authentication |
$۰-$۱k |
Official Fix |
|
CVE-2021-25379 |
۳.۳ |
Samsung Gallery Intents information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-25360 |
۹.۸ |
Samsung libswmfextractor heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-25356 |
۷.۸ |
Samsung Managed Provisioning permission |
$۲k-$5k |
Official Fix |
|
CVE-2021-25374 |
۵.۳ |
Samsung Members samsungrewards Scheme for Deeplink improper authorization |
$۲k-$5k |
Official Fix |
|
CVE-2021-25364 |
۳.۳ |
Samsung Secure Folder Contact Information information disclosure |
$۰-$۱k |
Official Fix |
|
CVE-2021-25359 |
۳.۳ |
Samsung SELinux Policy AP Information permission |
$۰-$۱k |
Official Fix |
|
CVE-2021-25358 |
۳.۳ |
Samsung Smart Phone IMSI Value permission |
$۰-$۱k |
Official Fix |
|
CVE-2021-25378 |
۳.۳ |
Samsung SmartThings Port denial of service |
$۰-$۱k |
Official Fix |
|
CVE-2021-25365 |
۵.۳ |
Samsung softsimd API privileges management |
$۱k-$2k |
Official Fix |
|
CVE-2021-25361 |
۵.۳ |
Samsung StickerCenter access control |
$۱k-$2k |
Official Fix |
|
CVE-2021-27602 |
۸.۸ |
SAP Commerce Backoffice Application injection |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-27609 |
۵.۵ |
SAP Focused RUN oData Service improper authorization |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-27605 |
۴.۳ |
SAP HCM Travel Management Fiori Apps information disclosure |
$۵k-$10k |
Not Defined |
|
CVE-2021-27600 |
۳.۵ |
SAP Manufacturing Execution HTTP Parameter cross site scripting |
$۲k-$5k |
Not Defined |
|
CVE-2021-27599 |
۴.۳ |
SAP NetWeaver ABAP Server/ABAP Platform Process Integration access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-27604 |
۴.۳ |
SAP NetWeaver ABAP Server/ABAP Platform Process Integration xml external entity reference |
$۵k-$10k |
Not Defined |
|
CVE-2021-21485 |
۴.۳ |
SAP NetWeaver Application Server for Java NTLM Hash information disclosure |
$۵k-$10k |
Not Defined |
|
CVE-2021-21492 |
۵.۳ |
SAP NetWeaver Application Server Java authentication spoofing |
$۵k-$10k |
Not Defined |
|
CVE-2021-27603 |
۴.۳ |
SAP NetWeaver AS ABAP SPI_WAIT_MILLIS denial of service |
$۲k-$5k |
Not Defined |
|
CVE-2021-27601 |
۳.۵ |
SAP NetWeaver AS JAVA File cross site scripting |
$۲k-$5k |
Not Defined |
|
CVE-2021-27598 |
۵.۳ |
SAP NetWeaver AS JAVA Servlet access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-21482 |
۳.۱ |
SAP NetWeaver Master Data Management information disclosure |
$۵k-$10k |
Not Defined |
|
CVE-2021-27608 |
۶.۴ |
SAP Setup Installation unquoted search path |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-21483 |
۲.۷ |
SAP Solution Manager information disclosure |
$۵k-$10k |
Not Defined |
|
CVE-2021-22717 |
۶.۳ |
Schneider Electric C-Bus Toolkit Config File path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-22719 |
۶.۳ |
Schneider Electric C-Bus Toolkit File Upload path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-22716 |
۶.۳ |
Schneider Electric C-Bus Toolkit privileges management |
$۲k-$5k |
Not Defined |
|
CVE-2021-22718 |
۶.۳ |
Schneider Electric C-Bus Toolkit Project File Restore path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-22720 |
۶.۳ |
Schneider Electric C-Bus Toolkit Project Restore path traversal |
$۱k-$2k |
Not Defined |
|
CVE-2021-25925 |
۳.۵ |
SiCKRAGE cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-25926 |
۳.۵ |
SiCKRAGE Quicksearch cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-27394 |
۵.۵ |
Siemens Mendix User Role privileges management |
$۵k-$25k |
Official Fix |
|
CVE-2021-27258 |
۷.۳ |
SolarWinds Orion Platform SaveUserSetting Endpoint access control |
$۲k-$5k |
Not Defined |
|
CVE-2021-20021 |
۶.۳ |
SonicWALL Email Security HTTP Request privileges management |
$۲k-$5k |
Not Defined |
|
CVE-2021-20022 |
۶.۳ |
SonicWALL Email Security unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2021-20020 |
۷.۸ |
SonicWall GMS improper authentication |
$۱k-$2k |
Not Defined |
|
CVE-2021-28878 |
۵.۵ |
Standard Library __iterator_get_unchecked memory corruption |
$۲k-$5k |
Official Fix |
|
CVE-2021-28877 |
۵.۵ |
Standard Library __iterator_get_unchecked memory corruption |
$۲k-$5k |
Official Fix |
|
CVE-2021-28876 |
۵.۵ |
Standard Library __iterator_get_unchecked memory corruption |
$۲k-$5k |
Official Fix |
|
CVE-2015-20001 |
۵.۵ |
Standard Library Comparison sift_down_range memory corruption |
$۲k-$5k |
Official Fix |
|
CVE-2021-31162 |
۳.۵ |
Standard Library from_iter double free |
$۱k-$2k |
Official Fix |
|
CVE-2018-25008 |
۴.۶ |
Standard Library get_mut race condition |
$۰-$۱k |
Official Fix |
|
CVE-2020-36318 |
۵.۵ |
Standard Library make_contiguous use after free |
$۲k-$5k |
Official Fix |
|
CVE-2017-20004 |
۴.۶ |
Standard Library MutexGuard Object race condition |
$۰-$۱k |
Official Fix |
|
CVE-2021-28875 |
۵.۵ |
Standard Library read_to_end buffer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2020-36323 |
۵.۵ |
Standard Library String Join uninitialized pointer |
$۲k-$5k |
Official Fix |
|
CVE-2020-36317 |
۵.۵ |
Standard Library UTF-8 Encoding retain memory corruption |
$۲k-$5k |
Official Fix |
|
CVE-2021-28879 |
۵.۵ |
Standard Library ZIP integer overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-25314 |
۷.۸ |
SUSE Linux Enterprise hawk2 temp file |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-25316 |
۴.۰ |
SUSE Linux Enterprise Server s390-tools temp file |
$۱۰k-$25k |
Official Fix |
|
CVE-2021-27691 |
۶.۳ |
Tenda G0/G1/G3 setDebugCfg formSetDebugCfg os command injection |
$۰-$۵k |
Not Defined |
|
CVE-2021-27707 |
۶.۳ |
Tenda G1/G3 formDelPortMapping buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-27706 |
۶.۳ |
Tenda G1/G3 formIPMacBindDel buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-27705 |
۶.۳ |
Tenda G1/G3 formQOSRuleDel buffer overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-27692 |
۶.۳ |
Tenda G1/G3 umountUSBPartition formSetUSBPartitionUmount os command injection |
$۰-$۵k |
Not Defined |
|
CVE-2021-24220 |
۶.۳ |
Thrive Legacy Rise Theme REST API Endpoint unrestricted upload |
$۲k-$5k |
Official Fix |
|
CVE-2021-24219 |
۵.۵ |
Thrive Optimize Plugin REST API access control |
$۲k-$5k |
Official Fix |
|
CVE-2021-28826 |
۷.۸ |
TIBCO Messaging Eclipse Mosquitto Distribution Installation access control |
$۲k-$5k |
Official Fix |
|
CVE-2021-28825 |
۵.۵ |
TIBCO Messaging Eclipse Mosquitto Distribution Installation access control |
$۱k-$2k |
Official Fix |
|
CVE-2021-27710 |
۶.۳ |
TOTOLINK X5000R/A720R HTTP Request os command injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-27708 |
۶.۳ |
TOTOLINK X5000R/A720R HTTP Request os command injection |
$۲k-$5k |
Not Defined |
|
CVE-2021-27246 |
۸.۰ |
TP-LINK Archer A7 AC1750 tdpServer Endpoint stack-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-3125 |
۴.۳ |
TP-Link TL-XDR5430 Router Advertisement infinite loop |
$۰-$۱k |
Official Fix |
|
CVE-2021-26827 |
۴.۳ |
TP-LINK WR2041 v1/TL-WR2041+ HTTP Request popupSiteSurveyRpm.html buffer overflow |
$۲k-$5k |
Workaround |
|
CVE-2021-25253 |
۷.۰ |
Trend Micro Apex One/Apex One as a Service/OfficeScan XG SP1 access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-25250 |
۷.۰ |
Trend Micro Apex One/Apex One as a Service/OfficeScan XG SP1 access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-28646 |
۵.۹ |
Trend Micro Apex One/Apex One as a Service/OfficeScan XG SP1 Log File permission |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-28645 |
۷.۰ |
Trend Micro OfficeScan XG SP1 access control |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-28647 |
۷.۰ |
Trend Micro Password Manager DLL uncontrolled search path |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-27673 |
۳.۵ |
Tribal Systems Zenario CMS admin_boxes.ajax.php cross site scripting |
$۰-$۵k |
Not Defined |
|
CVE-2021-27672 |
۳.۱ |
Tribal Systems Zenario CMS admin_boxes.ajax.php sql injection |
$۰-$۵k |
Not Defined |
|
CVE-2021-26830 |
۶.۳ |
Tribal Systems Zenario CMS Pugin Library Delete Module ajax.php sql injection |
$۰-$۵k |
Official Fix |
|
CVE-2021-22539 |
۵.۳ |
vscode-bazel JSON Config File file inclusion |
$۰-$۵k |
Official Fix |
|
CVE-2021-31414 |
۵.۰ |
vscode-rpm-spec Extension Workspace Configuration Remote Code Execution |
$۰-$۵k |
Official Fix |
|
CVE-2021-29998 |
۵.۵ |
Wind River VxWorks dhcp Client heap-based overflow |
$۲k-$5k |
Official Fix |
|
CVE-2021-29999 |
۵.۵ |
Wind River VxWorks dhcp Server stack-based overflow |
$۲k-$5k |
Not Defined |
|
CVE-2021-29997 |
۶.۳ |
Wind river Helix ALM Administration Console xml external entity reference |
$۱k-$2k |
Not Defined |
|
CVE-2021-29450 |
۶.۵ |
WordPress Editor information disclosure |
$۵k-$25k |
Official Fix |
|
CVE-2021-29447 |
۷.۱ |
WordPress Media Library Parser xml external entity reference |
$۵k-$25k |
Official Fix |
|
CVE-2021-24222 |
۷.۳ |
WP-Curriculo Vitae Free Plugin Profile Picture unrestricted upload |
$۲k-$5k |
Not Defined |
|
CVE-2021-24198 |
۸.۱ |
WordPress wpDataTables access control |
$۱k-$2k |
Official Fix |
|
CVE-2021-24197 |
۸.۱ |
WordPress wpDataTables access control |
$۱k-$2k |
Official Fix |
|
CVE-2021-24200 |
۶.۵ |
WordPress wpDataTables sql injection |
$۱k-$2k |
Official Fix |
|
CVE-2021-24199 |
۶.۵ |
WordPress wpDataTables sql injection |
$۱k-$2k |
Official Fix |
|
CVE-2021-27288 |
۳.۵ |
X2Engine X2CRM activity cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-21088 |
۳.۵ |
X2engine X2CRM create cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2020-21087 |
۳.۵ |
X2Engine X2CRM Rename a Module Tool cross site scripting |
$۰-$۱k |
Not Defined |
|
CVE-2019-10881 |
۷.۳ |
Xerox AltaLink C8070 hard-coded password |
$۱k-$2k |
Official Fix |
|
CVE-2021-30176 |
۸.۰ |
ZEROF Expert Pro Authorization Header add sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-30175 |
۸.۰ |
ZEROF Web Server Login Page HandleEvent sql injection |
$۱k-$2k |
Not Defined |
|
CVE-2021-20080 |
۴.۳ |
Zoho ManageEngine ServiceDesk Plus/AssetExplorer XML Asset File cross site scripting |
$۰-$۱k |
Official Fix |
|
CVE-2021-30480 |
۵.۰ |
Zoom Chat Remote Privilege Escalation |
$۱۰k-$25k |
Not Defined |
|
CVE-2021-21728 |
۴.۳ |
ZTE ZXA10 C300M Configuration Error resource consumption |
$۰-$۱k |
Workaround |
|
CVE-2021-21731 |
۳.۵ |
ZTE ZXCLOUD iRAI Management Page cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2021-21730 |
۵.۰ |
ZTE ZXHN H168N CLI access control |
$۲k-$5k |
Not Defined |
|
CVE-2021-21729 |
۳.۵ |
ZTE ZXHN H168N/ZXHN H108N cross-site request forgery |
$۰-$۱k |
Not Defined |
|
CVE-2021-30479 |
۵.۵ |
Zulip Server all_public_streams API access control |
$۱k-$2k |
Official Fix |
|
CVE-2021-30478 |
۵.۵ |
Zulip Server permission |
$۱k-$2k |
Official Fix |
|
CVE-2021-30487 |
۳.۵ |
Zulip Server Topic Moving API unknown vulnerability |
$۱k-$2k |
Official Fix |
|
CVE-2021-30477 |
۵.۵ |
Zulip Server Webhook access control |
$۱k-$2k |
Official Fix |
