آسیبپذیریهای حیاتی هفته چهارم دیماه
این هفته آسیبپذیریهای «حیاتی» و «پرخطر» بسیاری در محصولات مهم Microsoft گزارش و وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شد. همچنین در محصولات شرکتهای Qualcomm، Apache، Siemens ، IBM، Palo Alto، Samba و کرنل لینوکس چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت.
لیست این آسیبپذیریها بههمراه سطح خطر آنها در جدول زیر آمده است.
|
شناسه آسیبپذیری |
امتیاز مبنا |
عنوان آسیبپذیری |
ارزش روز صفر |
رفع آسیبپذیری |
|
CVE-2021-44702 |
3.7 |
Adobe Acrobat Reader ActiveX Control information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2021-44739 |
3.1 |
Adobe Acrobat Reader ActiveX Control information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2021-44712 |
5.9 |
Adobe Acrobat Reader buffer overflow |
$25k-$50k |
Official Fix |
|
CVE-2021-45067 |
4.9 |
Adobe Acrobat Reader buffer overflow |
$25k-$50k |
Official Fix |
|
CVE-2021-44713 |
4.9 |
Adobe Acrobat Reader Format Event Action use after free |
$25k-$50k |
Official Fix |
|
CVE-2021-45064 |
7.8 |
Adobe Acrobat Reader Format Event Action use after free |
$25k-$50k |
Official Fix |
|
CVE-2021-45062 |
7.8 |
Adobe Acrobat Reader Format Event Action use after free |
$25k-$50k |
Official Fix |
|
CVE-2021-44710 |
7.8 |
Adobe Acrobat Reader Format Event Action use after free |
$25k-$50k |
Official Fix |
|
CVE-2021-44706 |
7.8 |
Adobe Acrobat Reader Format Event Action use after free |
$25k-$50k |
Official Fix |
|
CVE-2021-44705 |
7.8 |
Adobe Acrobat Reader Format Event Action use after free |
$25k-$50k |
Official Fix |
|
CVE-2021-44704 |
7.8 |
Adobe Acrobat Reader Format Event Action use after free |
$25k-$50k |
Official Fix |
|
CVE-2021-44701 |
7.8 |
Adobe Acrobat Reader Format Event Action use after free |
$25k-$50k |
Official Fix |
|
CVE-2021-45063 |
3.8 |
Adobe Acrobat Reader Format Event Action use after free |
$25k-$50k |
Official Fix |
|
CVE-2021-44709 |
7.8 |
Adobe Acrobat Reader heap-based overflow |
$25k-$50k |
Official Fix |
|
CVE-2021-44708 |
7.8 |
Adobe Acrobat Reader heap-based overflow |
$25k-$50k |
Official Fix |
|
CVE-2021-44711 |
7.8 |
Adobe Acrobat Reader integer overflow |
$25k-$50k |
Official Fix |
|
CVE-2021-44741 |
3.8 |
Adobe Acrobat Reader null pointer dereference |
$10k-$25k |
Official Fix |
|
CVE-2021-44740 |
3.8 |
Adobe Acrobat Reader null pointer dereference |
$10k-$25k |
Official Fix |
|
CVE-2021-45060 |
7.8 |
Adobe Acrobat Reader out-of-bounds read |
$10k-$25k |
Official Fix |
|
CVE-2021-44742 |
3.8 |
Adobe Acrobat Reader out-of-bounds read |
$10k-$25k |
Official Fix |
|
CVE-2021-44715 |
3.8 |
Adobe Acrobat Reader out-of-bounds read |
$10k-$25k |
Official Fix |
|
CVE-2021-45068 |
7.8 |
Adobe Acrobat Reader out-of-bounds write |
$25k-$50k |
Official Fix |
|
CVE-2021-45061 |
7.8 |
Adobe Acrobat Reader out-of-bounds write |
$25k-$50k |
Official Fix |
|
CVE-2021-44707 |
7.8 |
Adobe Acrobat Reader out-of-bounds write |
$25k-$50k |
Official Fix |
|
CVE-2021-44703 |
7.8 |
Adobe Acrobat Reader stack-based overflow |
$25k-$50k |
Official Fix |
|
CVE-2021-44714 |
2.8 |
Adobe Acrobat Reader Warning Message injection |
$25k-$50k |
Official Fix |
|
CVE-2021-43762 |
6.5 |
Adobe AEM Dispatcher input validation |
$5k-$10k |
Official Fix |
|
CVE-2021-44177 |
6.2 |
Adobe AEM Form Field cross site scripting |
$2k-$5k |
Official Fix |
|
CVE-2021-44176 |
6.2 |
Adobe AEM Form Field cross site scripting |
$2k-$5k |
Official Fix |
|
CVE-2021-43765 |
6.2 |
Adobe AEM Form Field cross site scripting |
$2k-$5k |
Official Fix |
|
CVE-2021-43764 |
5.7 |
Adobe AEM Form Field cross site scripting |
$1k-$2k |
Official Fix |
|
CVE-2021-43761 |
5.7 |
Adobe AEM Form Field cross site scripting |
$1k-$2k |
Official Fix |
|
CVE-2021-40722 |
9.8 |
Adobe AEM Forms Cloud Service xml external entity reference |
$2k-$5k |
Not Defined |
|
CVE-2021-44178 |
4.8 |
Adobe AEM URL cross site scripting |
$2k-$5k |
Official Fix |
|
CVE-2021-45051 |
3.8 |
Adobe Bridge Format Event Action use after free |
$5k-$10k |
Official Fix |
|
CVE-2021-45052 |
3.8 |
Adobe Bridge out-of-bounds read |
$2k-$5k |
Official Fix |
|
CVE-2021-44743 |
7.0 |
Adobe Bridge out-of-bounds write |
$5k-$10k |
Official Fix |
|
CVE-2021-44700 |
3.8 |
Adobe Illustrator out-of-bounds read |
$2k-$5k |
Official Fix |
|
CVE-2021-43752 |
3.8 |
Adobe Illustrator out-of-bounds read |
$2k-$5k |
Official Fix |
|
CVE-2021-45055 |
6.0 |
Adobe InCopy out-of-bounds read |
$2k-$5k |
Official Fix |
|
CVE-2021-34921 |
7.0 |
Adobe View JT File Parser out-of-bounds write |
$5k-$10k |
Official Fix |
|
CVE-2021-43297 |
6.3 |
Apache Dubbo Hessian2 Protocol deserialization |
$10k-$25k |
Official Fix |
|
CVE-2021-41767 |
6.5 |
Apache Guacamole REST Response access control |
$10k-$25k |
Not Defined |
|
CVE-2021-43999 |
8.8 |
Apache Guacamole SAML improper authentication |
$5k-$10k |
Not Defined |
|
CVE-2022-22588 |
3.5 |
Apple iOS/iPadOS HomeKit resource consumption |
$10k-$25k |
Official Fix |
|
CVE-2021-28501 |
7.2 |
Arista EOS AAA API improper authorization |
$1k-$2k |
Not Defined |
|
CVE-2021-28500 |
7.2 |
Arista EOS AAA API improper authorization |
$1k-$2k |
Not Defined |
|
CVE-2021-28506 |
8.6 |
Arista EOS gNOI API improper authorization |
$2k-$5k |
Not Defined |
|
CVE-2021-28507 |
5.1 |
Arista EOS OpenConfig gNOI/OpenConfig RESTCONF access control |
$1k-$2k |
Not Defined |
|
CVE-2021-44828 |
8.0 |
ARM Midgard/Bifrost/Valhall Mali GPU Driver memory corruption |
$2k-$5k |
Official Fix |
|
CVE-2021-40327 |
5.5 |
ARM Trusted Firmware-M NSPE access control |
$1k-$2k |
Not Defined |
|
CVE-2022-22054 |
6.4 |
Asus RT-AX56U URL Parameter path traversal |
$1k-$2k |
Not Defined |
|
CVE-2021-43949 |
4.3 |
Atlassian Jira Service Management Server/Data Center Custom Fields access control |
$2k-$5k |
Official Fix |
|
CVE-2021-43951 |
4.3 |
Atlassian Jira Service Management Server/Data Center Object Import Configuration information disclosure |
$1k-$2k |
Official Fix |
|
CVE-2021-42748 |
5.5 |
Beaver Builder REST API protection mechanism |
$1k-$2k |
Not Defined |
|
CVE-2021-42749 |
5.5 |
Beaver Themer Post Archive Privilege Escalation |
$2k-$5k |
Not Defined |
|
CVE-2021-34985 |
3.8 |
Bentley ContextCapture OBJ File Parser out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34984 |
3.8 |
Bentley ContextCapture OBJ File Parser out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34874 |
7.3 |
Bentley View 3DS File memory corruption |
$2k-$5k |
Official Fix |
|
CVE-2021-34889 |
3.6 |
Bentley View 3DS File out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34875 |
7.3 |
Bentley View 3DS File out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34880 |
7.0 |
Bentley View 3DS File Parser out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34901 |
3.6 |
Bentley View 3DS File Parser out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34911 |
7.3 |
Bentley View 3DS File Parser use after free |
$2k-$5k |
Official Fix |
|
CVE-2021-34895 |
7.3 |
Bentley View 3DS File Parser use after free |
$2k-$5k |
Official Fix |
|
CVE-2021-34894 |
7.3 |
Bentley View 3DS File Parser use after free |
$2k-$5k |
Official Fix |
|
CVE-2021-34893 |
7.0 |
Bentley View BMP File heap-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-34907 |
7.0 |
Bentley View BMP File Parser heap-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-34896 |
7.0 |
Bentley View BMP File Parser heap-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-34871 |
7.3 |
Bentley View BMP File Parser heap-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-34903 |
7.0 |
Bentley View BMP File Parser out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34905 |
7.0 |
Bentley View DGN File Parser heap-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-34904 |
7.0 |
Bentley View DGN File Parser heap-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-34914 |
7.0 |
Bentley View DGN File Parser out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34897 |
7.0 |
Bentley View DGN File Parser out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34916 |
3.6 |
Bentley View DWG File Parser out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34902 |
3.6 |
Bentley View DWG File Parser out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34886 |
3.6 |
Bentley View FBX File use after free |
$2k-$5k |
Official Fix |
|
CVE-2021-34883 |
3.6 |
Bentley View J2K File out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34900 |
7.0 |
Bentley View J2K File Parser heap-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-34915 |
7.0 |
Bentley View J2K File Parser out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34917 |
7.3 |
Bentley View J2K File Parser use after free |
$2k-$5k |
Official Fix |
|
CVE-2021-34908 |
7.3 |
Bentley View J2K File Parser use after free |
$2k-$5k |
Official Fix |
|
CVE-2021-34906 |
7.3 |
Bentley View J2K File use after free |
$2k-$5k |
Official Fix |
|
CVE-2021-34879 |
7.3 |
Bentley View J2K File use after free |
$2k-$5k |
Official Fix |
|
CVE-2021-34882 |
3.6 |
Bentley View JP2 File out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34918 |
7.0 |
Bentley View JP2 File Parser out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34884 |
3.8 |
Bentley View JP2 File Parser use after free |
$2k-$5k |
Official Fix |
|
CVE-2021-34919 |
7.3 |
Bentley View JP2 File use after free |
$2k-$5k |
Official Fix |
|
CVE-2021-34890 |
3.6 |
Bentley View JT File out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34888 |
3.6 |
Bentley View JT File out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34945 |
7.0 |
Bentley View JT File Parser heap-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-34938 |
7.0 |
Bentley View JT File Parser heap-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-34934 |
7.0 |
Bentley View JT File Parser memory corruption |
$2k-$5k |
Official Fix |
|
CVE-2021-34946 |
7.0 |
Bentley View JT File Parser out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34942 |
7.0 |
Bentley View JT File Parser out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34930 |
7.0 |
Bentley View JT File Parser out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34927 |
7.0 |
Bentley View JT File Parser out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34913 |
7.0 |
Bentley View JT File Parser out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34912 |
7.0 |
Bentley View JT File Parser out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34885 |
7.0 |
Bentley View JT File Parser out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34944 |
3.6 |
Bentley View JT File Parser out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34943 |
3.6 |
Bentley View JT File Parser out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34873 |
7.0 |
Bentley View JT File Parser out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34940 |
7.0 |
Bentley View JT File Parser out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34935 |
7.0 |
Bentley View JT File Parser out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34932 |
7.0 |
Bentley View JT File Parser out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34929 |
7.0 |
Bentley View JT File Parser out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34928 |
7.0 |
Bentley View JT File Parser out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34926 |
7.0 |
Bentley View JT File Parser out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34924 |
7.0 |
Bentley View JT File Parser out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34923 |
7.0 |
Bentley View JT File Parser out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34920 |
7.0 |
Bentley View JT File Parser out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34899 |
7.0 |
Bentley View JT File Parser out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34898 |
7.0 |
Bentley View JT File Parser out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34878 |
7.3 |
Bentley View JT File Parser out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34877 |
7.3 |
Bentley View JT File Parser out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34876 |
7.3 |
Bentley View JT File Parser out-of-bounds write |
$2k-$5k |
Official Fix |
|
CVE-2021-34941 |
7.0 |
Bentley View JT File Parser stack-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-34925 |
7.0 |
Bentley View JT File Parser stack-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-34892 |
7.0 |
Bentley View JT File Parser stack-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-34922 |
7.0 |
Bentley View JT File Parser use after free |
$2k-$5k |
Official Fix |
|
CVE-2021-34939 |
7.3 |
Bentley View JT File Parser use after free |
$2k-$5k |
Official Fix |
|
CVE-2021-34937 |
7.3 |
Bentley View JT File Parser use after free |
$2k-$5k |
Official Fix |
|
CVE-2021-34936 |
7.3 |
Bentley View JT File Parser use after free |
$2k-$5k |
Official Fix |
|
CVE-2021-34933 |
7.3 |
Bentley View JT File Parser use after free |
$2k-$5k |
Official Fix |
|
CVE-2021-34931 |
7.3 |
Bentley View JT File Parser use after free |
$2k-$5k |
Official Fix |
|
CVE-2021-34909 |
7.3 |
Bentley View JT File Parser use after free |
$2k-$5k |
Official Fix |
|
CVE-2021-34891 |
7.3 |
Bentley View JT File Parser use after free |
$2k-$5k |
Official Fix |
|
CVE-2021-34881 |
3.6 |
Bentley View OBJ File out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34887 |
3.6 |
Bentley View PDF File out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2021-34872 |
7.3 |
Bentley View SKP File use after free |
$2k-$5k |
Official Fix |
|
CVE-2021-34910 |
3.6 |
Bentley Voew DGN File Parser out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2022-20618 |
4.3 |
Bitbucket Branch Source Plugin authorization |
$2k-$5k |
Not Defined |
|
CVE-2022-20619 |
4.3 |
Bitbucket Branch Source Plugin cross-site request forgery |
$0-$1k |
Not Defined |
|
CVE-2021-30360 |
7.3 |
Check Point Enterprise Endpoint Security Client Installer uncontrolled search path |
$2k-$5k |
Not Defined |
|
CVE-2021-33963 |
6.3 |
China Mobile An Lianbao WF-1 Web Interface mac_addr_clone command injection |
$2k-$5k |
Not Defined |
|
CVE-2021-33962 |
5.5 |
China Mobile An Lianbao WF-1 Web Interface pop_usb_device os command injection |
$1k-$2k |
Not Defined |
|
CVE-2021-28376 |
3.5 |
ChronoForms pathname traversal |
$1k-$2k |
Not Defined |
|
CVE-2021-28377 |
3.5 |
ChronoForums pathname traversal |
$1k-$2k |
Not Defined |
|
CVE-2021-34704 |
8.6 |
Cisco ASA/Firepower Threat Defense Web Services Interface out-of-bounds write |
$25k-$50k |
Official Fix |
|
CVE-2021-1573 |
8.6 |
Cisco ASA/Firepower Threat Defense Web Services Interface out-of-bounds write |
$25k-$50k |
Official Fix |
|
CVE-2022-20660 |
4.6 |
Cisco IP Phone Information Storage Architecture cleartext storage |
$1k-$2k |
Official Fix |
|
CVE-2022-20647 |
6.1 |
Cisco Security Manager Web-based Management Interface cross site scripting |
$5k-$10k |
Official Fix |
|
CVE-2022-20646 |
6.1 |
Cisco Security Manager Web-based Management Interface cross site scripting |
$5k-$10k |
Official Fix |
|
CVE-2022-20645 |
6.1 |
Cisco Security Manager Web-based Management Interface cross site scripting |
$5k-$10k |
Official Fix |
|
CVE-2022-20644 |
6.1 |
Cisco Security Manager Web-based Management Interface cross site scripting |
$5k-$10k |
Official Fix |
|
CVE-2022-20643 |
6.1 |
Cisco Security Manager Web-based Management Interface cross site scripting |
$5k-$10k |
Official Fix |
|
CVE-2021-34997 |
8.8 |
Commvault CommCell AppStudioUploadHandler unrestricted upload |
$2k-$5k |
Not Defined |
|
CVE-2021-34993 |
9.8 |
Commvault CommCell CVSearchService Service improper authentication |
$2k-$5k |
Not Defined |
|
CVE-2021-34996 |
8.8 |
Commvault CommCell Demo_ExecuteProcessOnGroup routine |
$2k-$5k |
Not Defined |
|
CVE-2021-34995 |
8.8 |
Commvault CommCell DownloadCenterUploadHandler unrestricted upload |
$2k-$5k |
Not Defined |
|
CVE-2021-34994 |
8.8 |
Commvault CommCell input validation |
$2k-$5k |
Not Defined |
|
CVE-2022-23117 |
3.5 |
Conjur Secrets Plugin Credentials protection mechanism |
$1k-$2k |
Not Defined |
|
CVE-2022-23116 |
3.5 |
Conjur Secrets Plugin protection mechanism |
$1k-$2k |
Not Defined |
|
CVE-2021-23824 |
5.4 |
Crow Attribute cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2021-23514 |
5.0 |
Crow path traversal |
$1k-$2k |
Official Fix |
|
CVE-2020-28102 |
6.3 |
cscms js_del sql injection |
$1k-$2k |
Not Defined |
|
CVE-2020-28103 |
6.3 |
cscms page_del sql injection |
$1k-$2k |
Not Defined |
|
CVE-2022-22113 |
7.1 |
Daybyday CRM session expiration |
$1k-$2k |
Not Defined |
|
CVE-2022-22112 |
4.4 |
Daybyday CRM Template cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-23118 |
5.5 |
Debian Package Builder Plugin os command injection |
$1k-$2k |
Not Defined |
|
CVE-2022-22117 |
4.4 |
Directus Media Upload cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2022-22116 |
4.4 |
Directus SVG File Upload cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2022-21678 |
4.3 |
Discourse Bio information disclosure |
$1k-$2k |
Official Fix |
|
CVE-2022-21677 |
4.3 |
Discourse Group Member information disclosure |
$1k-$2k |
Official Fix |
|
CVE-2022-21684 |
4.3 |
Discourse Invite improper authentication |
$1k-$2k |
Official Fix |
|
CVE-2021-44649 |
3.5 |
Django CMS Error Message cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2022-20617 |
5.5 |
Docker Commons Plugin Name os command injection |
$1k-$2k |
Not Defined |
|
CVE-2021-45449 |
2.1 |
Docker Desktop Login log file |
$0-$1k |
Not Defined |
|
CVE-2022-0174 |
4.9 |
Dolibarr CRM control flow |
$2k-$5k |
Official Fix |
|
CVE-2022-0224 |
7.3 |
Dolibarr ERP SQL Command sql injection |
$1k-$2k |
Official Fix |
|
CVE-2021-36920 |
3.6 |
Download Monitor Plugin cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2021-24044 |
6.3 |
Facebook Hermes type confusion |
$10k-$25k |
Official Fix |
|
CVE-2021-32998 |
6.3 |
FANUC R-30iA/R-30iB Backup out-of-bounds write |
$2k-$5k |
Workaround |
|
CVE-2021-32996 |
5.7 |
FANUC R-30iA/R-30iB integer coercion |
$0-$1k |
Not Defined |
|
CVE-2021-33827 |
5.5 |
files_antivirus Administrative Setting os command injection |
$0-$5k |
Official Fix |
|
CVE-2021-33828 |
5.5 |
files_antivirus protection mechanism |
$0-$5k |
Official Fix |
|
CVE-2021-43860 |
8.5 |
Flatpak Metadata File privileges management |
$2k-$5k |
Official Fix |
|
CVE-2022-21682 |
6.5 |
Flatpak path traversal |
$1k-$2k |
Official Fix |
|
CVE-2021-44648 |
5.5 |
GNOME gdk-pixbuf GIF File heap-based overflow |
$2k-$5k |
Not Defined |
|
CVE-2022-23219 |
5.6 |
GNU C Library sunrpc Module clnt_create buffer overflow |
$2k-$5k |
Not Defined |
|
CVE-2022-23218 |
5.6 |
GNU C Library sunrpc Module svcunix_create buffer overflow |
$2k-$5k |
Not Defined |
|
CVE-2021-46195 |
3.5 |
GNU gcc rust-demangle.c resource consumption |
$0-$1k |
Not Defined |
|
CVE-2021-45778 |
3.5 |
GNU InetUtils cmds.c setnmap null pointer dereference |
$0-$1k |
Not Defined |
|
CVE-2021-45774 |
3.5 |
GNU InetUtils commands.c help null pointer dereference |
$0-$1k |
Not Defined |
|
CVE-2021-46060 |
3.5 |
GNU InetUtils commands.c setcmd null pointer dereference |
$0-$1k |
Not Defined |
|
CVE-2021-45779 |
3.5 |
GNU InetUtils commands.c unsetcmd null pointer dereference |
$0-$1k |
Not Defined |
|
CVE-2021-45775 |
3.5 |
GNU InetUtils domacro.c domacro infinite loop |
$0-$1k |
Not Defined |
|
CVE-2021-45780 |
3.5 |
GNU InetUtils ifconfig memory leak |
$0-$1k |
Not Defined |
|
CVE-2021-45781 |
5.5 |
GNU InetUtils Logger logger.c heap-based overflow |
$2k-$5k |
Not Defined |
|
CVE-2021-45782 |
3.5 |
GNU InetUtils tftp.c getcmd null pointer dereference |
$0-$1k |
Not Defined |
|
CVE-2021-46019 |
3.5 |
GNU Recutils rec-db.c rec_db_destroy null pointer dereference |
$0-$1k |
Not Defined |
|
CVE-2021-46022 |
5.5 |
GNU Recutils rec-mset.c rec_mset_elem_destroy use after free |
$2k-$5k |
Not Defined |
|
CVE-2021-46021 |
5.5 |
GNU Recutils rec-record.c rec_record_destroy use after free |
$2k-$5k |
Not Defined |
|
CVE-2021-39630 |
5.3 |
Google Android adb Shell OverlayManagerService.java executeRequest permission |
$25k-$50k |
Official Fix |
|
CVE-2021-1036 |
5.3 |
Google Android AndroidManifest.xml LocationSettingsActivity improper restriction of rendered ui layers |
$25k-$50k |
Official Fix |
|
CVE-2021-1037 |
3.3 |
Google Android Bluetooth DevicePickerFragment permission |
$10k-$25k |
Official Fix |
|
CVE-2021-39626 |
5.3 |
Google Android Bluetooth Setting ConnectedDeviceDashboardFragment.java onAttach permission |
$25k-$50k |
Official Fix |
|
CVE-2021-1035 |
7.8 |
Google Android BluetoothDevicePickerPreferenceController.java setLaunchtent external reference |
$50k-$100k |
Official Fix |
|
CVE-2021-39659 |
3.3 |
Google Android Emergency Calling CreateConnectionProcessor.java sortSimPhoneAccountsForEmergency denial of service |
$5k-$10k |
Official Fix |
|
CVE-2021-39618 |
6.3 |
Google Android EuiccNotificationManager.java privileges management |
$25k-$50k |
Official Fix |
|
CVE-2021-39625 |
6.0 |
Google Android EuiccNotificationManager.java showCarrierAppInstallationNotification privileges management |
$25k-$50k |
Official Fix |
|
CVE-2021-39634 |
5.3 |
Google Android eventpoll.c use after free |
$25k-$50k |
Official Fix |
|
CVE-2021-39632 |
5.3 |
Google Android events.cpp inotify_cb out-of-bounds write |
$25k-$50k |
Official Fix |
|
CVE-2021-39678 |
7.8 |
Google Android Factory Reset Protection Local Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2021-39622 |
7.8 |
Google Android GBoard permissions |
$50k-$100k |
Official Fix |
|
CVE-2021-39633 |
3.3 |
Google Android ip_gre.c gre_handle_offloads information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2021-0959 |
6.5 |
Google Android jit_memory_region.cc privileges management |
$25k-$50k |
Official Fix |
|
CVE-2021-39627 |
5.3 |
Google Android LegacyModeSmsHandler.java sendLegacyVoicemailNotification permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39621 |
5.3 |
Google Android LegacyModeSmsHandler.java sendLegacyVoicemailNotification permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39628 |
3.7 |
Google Android Lockscreen StatusBar.java exposure of resource |
$10k-$25k |
Official Fix |
|
CVE-2021-39681 |
5.3 |
Google Android main.c delete_protocol use after free |
$25k-$50k |
Official Fix |
|
CVE-2021-39682 |
5.3 |
Google Android memory_group_manager.c mgm_alloc_page out-of-bounds write |
$25k-$50k |
Official Fix |
|
CVE-2021-39620 |
6.5 |
Google Android Parcel.cpp ipcSetDataReference use after free |
$25k-$50k |
Official Fix |
|
CVE-2021-39629 |
5.3 |
Google Android phTmlNfc.cc phTmlNfc_CleanUp use after free |
$25k-$50k |
Official Fix |
|
CVE-2021-1049 |
5.5 |
Google Android Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2021-39680 |
2.3 |
Google Android sha256_core.c sec_SHA256_Transform information disclosure |
$5k-$10k |
Official Fix |
|
CVE-2021-39623 |
9.8 |
Google Android SimpleDecodingSource.cpp doRead privileges management |
$50k-$100k |
Official Fix |
|
CVE-2021-39683 |
4.2 |
Google Android sss_ice_util.c copy_from_mbox out-of-bounds write |
$10k-$25k |
Official Fix |
|
CVE-2021-39684 |
7.8 |
Google Android target.c target_init allocation of resources |
$10k-$25k |
Official Fix |
|
CVE-2021-39679 |
5.3 |
Google Android vendor_graphicbuffer_meta.cpp init use after free |
$25k-$50k |
Official Fix |
|
CVE-2021-22569 |
6.4 |
Google protobuf-java denial of service |
$5k-$10k |
Official Fix |
|
CVE-2021-40570 |
6.6 |
GPAC av_parsers.c avc_compute_poc double free |
$2k-$5k |
Official Fix |
|
CVE-2021-40564 |
3.5 |
GPAC av_parsers.c avc_parse_slice null pointer dereference |
$0-$1k |
Official Fix |
|
CVE-2021-40565 |
3.5 |
GPAC av_parsers.c gf_avc_parse_nalu null pointer dereference |
$0-$1k |
Official Fix |
|
CVE-2021-40571 |
6.6 |
GPAC box_code_apple.c ilst_box_read double free |
$2k-$5k |
Official Fix |
|
CVE-2021-40569 |
4.5 |
GPAC box_code_meta.c iloc_entry_del double free |
$1k-$2k |
Official Fix |
|
CVE-2021-46045 |
3.5 |
GPAC denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-40567 |
4.5 |
GPAC desc_private.c gf_odf_size_descriptor denial of service |
$0-$1k |
Official Fix |
|
CVE-2021-40562 |
3.5 |
GPAC Exception reframe_nalu.c naludmx_enqueue_or_dispatch denial of service |
$0-$1k |
Official Fix |
|
CVE-2021-46049 |
3.5 |
GPAC gf_fileio_check denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-46047 |
3.5 |
GPAC gf_hinter_finalize null pointer dereference |
$0-$1k |
Not Defined |
|
CVE-2021-46046 |
3.5 |
GPAC gf_isom_box_size denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-36417 |
5.5 |
GPAC gf_isom_dovi_config_get heap-based overflow |
$2k-$5k |
Not Defined |
|
CVE-2020-25427 |
3.5 |
GPAC gf_isom_get_track_id null pointer dereference |
$0-$1k |
Official Fix |
|
CVE-2021-45760 |
3.5 |
GPAC gf_list_last denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-45763 |
3.5 |
GPAC gf_node_changed denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-45762 |
3.5 |
GPAC gf_sg_vrml_mf_reset denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-45767 |
3.5 |
GPAC lsr_read_id denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-36414 |
3.5 |
GPAC media.c denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-46051 |
3.5 |
GPAC Media_IsSelfContained denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-40568 |
6.6 |
GPAC MP4 File av_parsers.c svc_parse_slice buffer overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-36412 |
5.5 |
GPAC MP4Box Command gp_rtp_builder_do_mpeg12_video heap-based overflow |
$2k-$5k |
Not Defined |
|
CVE-2021-40576 |
3.5 |
GPAC MP4Box hint_track.c gf_isom_get_payt_count null pointer dereference |
$0-$1k |
Official Fix |
|
CVE-2021-40573 |
3.5 |
GPAC MP4Box list.c gf_list_del denial of service |
$0-$1k |
Official Fix |
|
CVE-2021-40574 |
5.6 |
GPAC MP4Box load_text.c gf_text_get_utf8_line double free |
$1k-$2k |
Official Fix |
|
CVE-2021-40572 |
3.5 |
GPAC MP4Box reframe_av1.c av1dmx_finalize denial of service |
$0-$1k |
Official Fix |
|
CVE-2021-40575 |
3.5 |
GPAC MP4Box reframe_mpgvid.c mpgviddmx_process null pointer dereference |
$0-$1k |
Official Fix |
|
CVE-2021-40559 |
3.5 |
GPAC naludmx_parse_nal_avc null pointer dereference |
$0-$1k |
Not Defined |
|
CVE-2021-40566 |
3.5 |
GPAC reframe_mpgvid.c mpgviddmx_process denial of service |
$0-$1k |
Official Fix |
|
CVE-2021-40563 |
3.5 |
GPAC reframe_nalu.c naludmx_create_avc_decoder_config null pointer dereference |
$0-$1k |
Official Fix |
|
CVE-2021-45764 |
3.5 |
GPAC shift_chunk_offsets.isra null pointer dereference |
$0-$1k |
Not Defined |
|
CVE-2022-22125 |
3.6 |
Halo Article Tag cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-22123 |
4.4 |
Halo Article Title cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-22124 |
4.4 |
Halo Profile Image cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2021-3965 |
4.3 |
HP DesignJet Print Job Preview information disclosure |
$5k-$10k |
Not Defined |
|
CVE-2021-40037 |
6.3 |
Huawei Harmony MPTCP Subsystem type confusion |
$10k-$25k |
Official Fix |
|
CVE-2021-40038 |
4.6 |
Huawei HarmonyOS AOD double free |
$10k-$25k |
Official Fix |
|
CVE-2021-40026 |
4.6 |
Huawei HarmonyOS AOD heap-based overflow |
$10k-$25k |
Official Fix |
|
CVE-2021-40009 |
5.5 |
Huawei HarmonyOS AOD out-of-bounds write |
$10k-$25k |
Official Fix |
|
CVE-2021-39998 |
5.7 |
Huawei HarmonyOS API HwConnectivityExService denial of service |
$2k-$5k |
Official Fix |
|
CVE-2021-40002 |
6.3 |
Huawei HarmonyOS Bluetooth Module out-of-bounds write |
$10k-$25k |
Official Fix |
|
CVE-2021-40000 |
6.3 |
Huawei HarmonyOS Bluetooth Module out-of-bounds write |
$10k-$25k |
Official Fix |
|
CVE-2021-40027 |
3.5 |
Huawei HarmonyOS Bone Voice ID Trusted Application buffer overflow |
$10k-$25k |
Official Fix |
|
CVE-2021-40014 |
5.5 |
Huawei HarmonyOS Bone Voice ID Trusted Application heap-based overflow |
$10k-$25k |
Official Fix |
|
CVE-2021-40010 |
5.5 |
Huawei HarmonyOS Bone Voice ID Trusted Application heap-based overflow |
$10k-$25k |
Official Fix |
|
CVE-2021-40032 |
3.5 |
Huawei HarmonyOS Bone Voice ID Trusted Application information management |
$2k-$5k |
Official Fix |
|
CVE-2021-40001 |
5.5 |
Huawei HarmonyOS CaasKit Module path traversal |
$5k-$10k |
Official Fix |
|
CVE-2021-40039 |
4.6 |
Huawei HarmonyOS Camera Module null pointer dereference |
$2k-$5k |
Official Fix |
|
CVE-2021-40004 |
3.5 |
Huawei HarmonyOS Cellular Module permission |
$5k-$10k |
Official Fix |
|
CVE-2021-40005 |
3.5 |
Huawei HarmonyOS Distributed Data Service access control |
$5k-$10k |
Official Fix |
|
CVE-2021-40025 |
3.5 |
Huawei HarmonyOS eID Module initialization |
$2k-$5k |
Official Fix |
|
CVE-2021-40018 |
3.5 |
Huawei HarmonyOS eID Module null pointer dereference |
$2k-$5k |
Official Fix |
|
CVE-2021-40028 |
2.1 |
Huawei HarmonyOS eID Module out-of-bounds read |
$2k-$5k |
Official Fix |
|
CVE-2021-40021 |
3.5 |
Huawei HarmonyOS eID Module out-of-bounds read |
$2k-$5k |
Official Fix |
|
CVE-2021-40035 |
3.5 |
Huawei HarmonyOS File Management Module buffer overflow |
$10k-$25k |
Official Fix |
|
CVE-2021-40029 |
3.5 |
Huawei HarmonyOS File Management Module buffer overflow |
$10k-$25k |
Official Fix |
|
CVE-2021-40006 |
2.0 |
Huawei HarmonyOS Fingerprint Module excessive authentication |
$0-$1k |
Official Fix |
|
CVE-2021-40003 |
3.5 |
Huawei HarmonyOS HwPCAssistant path traversal |
$5k-$10k |
Official Fix |
|
CVE-2021-39996 |
5.5 |
Huawei HarmonyOS NFC Module heap-based overflow |
$10k-$25k |
Not Defined |
|
CVE-2021-40022 |
3.5 |
Huawei HarmonyOS Weaver Module information disclosure |
$2k-$5k |
Official Fix |
|
CVE-2021-40031 |
3.5 |
Huawei Smartphone Camera Module null pointer dereference |
$2k-$5k |
Official Fix |
|
CVE-2021-40011 |
4.3 |
Huawei Smartphone Display Module resource consumption |
$2k-$5k |
Not Defined |
|
CVE-2021-39993 |
5.5 |
Huawei Smartphone integer overflow |
$10k-$25k |
Not Defined |
|
CVE-2021-40020 |
3.5 |
Huawei Smartphone Storage Module out-of-bounds read |
$2k-$5k |
Not Defined |
|
CVE-2021-40041 |
3.5 |
Huawei WS318n Network Setting cross site scripting |
$2k-$5k |
Not Defined |
|
CVE-2021-38991 |
8.6 |
IBM AIX/VIOS lscore Command Privilege Escalation |
$25k-$50k |
Official Fix |
|
CVE-2021-29701 |
4.3 |
IBM Engineering Workflow Management Build Definition information disclosure |
$5k-$10k |
Official Fix |
|
CVE-2021-39056 |
5.4 |
IBM i EDRSQL denial of service |
$2k-$5k |
Official Fix |
|
CVE-2021-38892 |
8.6 |
IBM Planning Analytics/Planning Analytics Workspace DQM API access control |
$10k-$25k |
Official Fix |
|
CVE-2021-39032 |
4.2 |
IBM Sterling Gentran:Server log file |
$5k-$10k |
Official Fix |
|
CVE-2021-45468 |
7.3 |
Imperva Web Application Firewall HTTP POST Request encoding error |
$2k-$5k |
Official Fix |
|
CVE-2022-20612 |
4.3 |
Jenkins Parameter cross-site request forgery |
$0-$1k |
Not Defined |
|
CVE-2021-45806 |
5.5 |
jpress Admin Panel injection |
$1k-$2k |
Not Defined |
|
CVE-2021-45807 |
5.5 |
jpress doUploadAndInstall Privilege Escalation |
$2k-$5k |
Not Defined |
|
CVE-2022-22162 |
4.3 |
Juniper Junos OS CLI information disclosure |
$5k-$10k |
Official Fix |
|
CVE-2022-22161 |
7.5 |
Juniper Junos OS Kernel resource consumption |
$5k-$10k |
Official Fix |
|
CVE-2021-23154 |
5.1 |
Lens Helm Chart Configuration code injection |
$0-$1k |
Official Fix |
|
CVE-2021-44458 |
7.3 |
Lens Websocket improper authentication |
$1k-$2k |
Not Defined |
|
CVE-2022-22056 |
9.8 |
Le-yan Dental Management System hard-coded credentials |
$2k-$5k |
Not Defined |
|
CVE-2022-22055 |
8.5 |
Le-yan Dental Management System Login Page sql injection |
$2k-$5k |
Not Defined |
|
CVE-2021-36411 |
4.3 |
libde265 deblock.cc derive_boundaryStrength denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-36410 |
5.5 |
libde265 dec265 fallback-motion.cc put_epel_hv_fallback stack-based overflow |
$2k-$5k |
Not Defined |
|
CVE-2021-36408 |
5.5 |
libde265 Decoding intrapred.h dec265 use after free |
$2k-$5k |
Not Defined |
|
CVE-2021-36409 |
3.5 |
libde265 File Decoding sps.cc denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-35452 |
5.5 |
libde265 slice.cc access control |
$1k-$2k |
Not Defined |
|
CVE-2022-22822 |
5.5 |
libexpat xmlparse.c addBinding integer overflow |
$2k-$5k |
Official Fix |
|
CVE-2022-22823 |
5.5 |
libexpat xmlparse.c build_model integer overflow |
$2k-$5k |
Official Fix |
|
CVE-2022-22824 |
5.5 |
libexpat xmlparse.c defineAttribute integer overflow |
$2k-$5k |
Official Fix |
|
CVE-2022-22825 |
5.5 |
libexpat xmlparse.c lookup integer overflow |
$2k-$5k |
Official Fix |
|
CVE-2022-22826 |
5.5 |
libexpat xmlparse.c nextScaffoldPart integer overflow |
$2k-$5k |
Official Fix |
|
CVE-2022-22827 |
5.5 |
libexpat xmlparse.c storeAtts integer overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-45769 |
3.5 |
libIEC61850 acse.c AcseConnection_parseMessage null pointer dereference |
$0-$1k |
Not Defined |
|
CVE-2021-46225 |
3.5 |
libMeshb MESH File GmfOpenMesh buffer overflow |
$1k-$2k |
Official Fix |
|
CVE-2022-23094 |
4.3 |
Libreswan IKEv1 Packet ikev1.c null pointer dereference |
$0-$1k |
Official Fix |
|
CVE-2022-22844 |
3.5 |
LibTIFF tif_unix.c _TIFFmemcpy out-of-bounds read |
$0-$1k |
Not Defined |
|
CVE-2021-46283 |
4.3 |
Linux Kernel nf_tables_api.c nf_tables_newset null pointer dereference |
$2k-$5k |
Official Fix |
|
CVE-2022-23222 |
6.3 |
Linux Kernel verifier.c null pointer dereference |
$5k-$10k |
Workaround |
|
CVE-2022-0226 |
4.3 |
livehelperchat cross-site request forgery |
$0-$1k |
Official Fix |
|
CVE-2022-0231 |
4.6 |
livehelperchat cross-site request forgery |
$0-$1k |
Official Fix |
|
CVE-2022-20614 |
4.6 |
Mailer Plugin DNS authorization |
$1k-$2k |
Not Defined |
|
CVE-2022-20613 |
4.3 |
Mailer Plugin Hostname cross-site request forgery |
$0-$1k |
Not Defined |
|
CVE-2022-21681 |
6.4 |
Marked Regular Expression resource consumption |
$0-$1k |
Official Fix |
|
CVE-2022-21680 |
6.4 |
marked Regular Expression resource consumption |
$0-$1k |
Official Fix |
|
CVE-2022-0129 |
7.4 |
McAfee TechCheck DLL uncontrolled search path |
$10k-$25k |
Official Fix |
|
CVE-2021-46149 |
4.3 |
MediaWiki Language Name Search resource consumption |
$0-$1k |
Official Fix |
|
CVE-2021-46147 |
4.3 |
MediaWiki MassEditRegex cross-site request forgery |
$0-$1k |
Official Fix |
|
CVE-2021-46150 |
3.5 |
MediaWiki Special:CheckUserLog CheckUser cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2021-46148 |
3.5 |
MediaWiki Testwiki SecurePoll information disclosure |
$0-$1k |
Official Fix |
|
CVE-2021-46146 |
3.5 |
MediaWiki WikibaseMediaInfo cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2021-38127 |
3.5 |
Micro Focus ArcSight Enterprise Security Manager cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2021-38126 |
3.5 |
Micro Focus ArcSight Enterprise Security Manager cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-21911 |
6.8 |
Microsoft .NET Framework denial of service |
$5k-$10k |
Official Fix |
|
CVE-2022-21932 |
6.2 |
Microsoft Dynamics 365 cross site scripting |
$2k-$5k |
Official Fix |
|
CVE-2022-21891 |
7.2 |
Microsoft Dynamics Privilege Escalation |
$10k-$25k |
Official Fix |
|
CVE-2022-21969 |
9.0 |
Microsoft Exchange Server Privilege Escalation |
$25k-$50k |
Official Fix |
|
CVE-2022-21855 |
9.0 |
Microsoft Exchange Server Privilege Escalation |
$25k-$50k |
Official Fix |
|
CVE-2022-21846 |
9.0 |
Microsoft Exchange Server Privilege Escalation |
$25k-$50k |
Official Fix |
|
CVE-2022-21917 |
7.9 |
Microsoft HEVC Video Extensions Privilege Escalation |
$10k-$25k |
Official Fix |
|
CVE-2022-21841 |
7.3 |
Microsoft Office Excel Remote Code Execution |
$10k-$25k |
Official Fix |
|
CVE-2022-21840 |
8.0 |
Microsoft Office Remote Code Execution |
$10k-$25k |
Official Fix |
|
CVE-2022-21837 |
7.6 |
Microsoft SharePoint Privilege Escalation |
$10k-$25k |
Official Fix |
|
CVE-2022-21852 |
8.1 |
Microsoft Windows 10 DWM Core Library Privilege Escalation |
$100k and more |
Official Fix |
|
CVE-2022-21859 |
7.2 |
Microsoft Windows Accounts Control Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21857 |
8.8 |
Microsoft Windows Active Directory Domain Services Privilege Escalation |
$100k and more |
Official Fix |
|
CVE-2022-21860 |
7.2 |
Microsoft Windows AppContracts API Server Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21862 |
7.2 |
Microsoft Windows Application Model Core API Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21925 |
4.6 |
Microsoft Windows BackupKey Remote Protocol information disclosure |
$25k-$50k |
Official Fix |
|
CVE-2022-21858 |
8.1 |
Microsoft Windows Bind Filter Driver Privilege Escalation |
$100k and more |
Official Fix |
|
CVE-2022-21836 |
7.3 |
Microsoft Windows Certificate Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21838 |
5.5 |
Microsoft Windows Cleanup Manager unknown vulnerability |
$50k-$100k |
Official Fix |
|
CVE-2022-21869 |
7.2 |
Microsoft Windows Clipboard User Service Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21910 |
8.1 |
Microsoft Windows Cluster Port Driver Privilege Escalation |
$100k and more |
Official Fix |
|
CVE-2022-21916 |
8.1 |
Microsoft Windows Common Log File System Driver Privilege Escalation |
$100k and more |
Official Fix |
|
CVE-2022-21897 |
8.1 |
Microsoft Windows Common Log File System Driver Privilege Escalation |
$100k and more |
Official Fix |
|
CVE-2022-21865 |
7.2 |
Microsoft Windows Connected Devices Platform Service Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21835 |
8.1 |
Microsoft Windows Cryptographic Services Privilege Escalation |
$100k and more |
Official Fix |
|
CVE-2022-21906 |
5.2 |
Microsoft Windows Defender Application Control unknown vulnerability |
$50k-$100k |
Official Fix |
|
CVE-2022-21921 |
3.8 |
Microsoft Windows Defender Credential Guard information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2022-21868 |
7.2 |
Microsoft Windows Devices Human Interface Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21871 |
7.2 |
Microsoft Windows Diagnostics Hub Standard Collector Runtime Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21918 |
6.9 |
Microsoft Windows DirectX Graphics denial of service |
$10k-$25k |
Official Fix |
|
CVE-2022-21912 |
8.0 |
Microsoft Windows DirectX Graphics Privilege Escalation |
$100k and more |
Official Fix |
|
CVE-2022-21898 |
8.0 |
Microsoft Windows DirectX Graphics Privilege Escalation |
$100k and more |
Official Fix |
|
CVE-2022-21902 |
8.1 |
Microsoft Windows DWM Core Library Privilege Escalation |
$100k and more |
Official Fix |
|
CVE-2022-21896 |
7.2 |
Microsoft Windows DWM Core Library Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21839 |
6.2 |
Microsoft Windows Event Tracing Discretionary Access Control List denial of service |
$10k-$25k |
Official Fix |
|
CVE-2022-21872 |
7.2 |
Microsoft Windows Event Tracing Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21899 |
5.8 |
Microsoft Windows Extensible Firmware Interface Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21904 |
6.8 |
Microsoft Windows GDI information disclosure |
$25k-$50k |
Official Fix |
|
CVE-2022-21903 |
7.2 |
Microsoft Windows GDI Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21915 |
5.8 |
Microsoft Windows GDI+ information disclosure |
$25k-$50k |
Official Fix |
|
CVE-2022-21880 |
6.8 |
Microsoft Windows GDI+ information disclosure |
$25k-$50k |
Official Fix |
|
CVE-2022-21878 |
7.9 |
Microsoft Windows Geolocation Service Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21907 |
9.8 |
Microsoft Windows HTTP Protocol Stack Remote Code Execution |
$100k and more |
Official Fix |
|
CVE-2022-21905 |
4.6 |
Microsoft Windows Hyper-V denial of service |
$10k-$25k |
Official Fix |
|
CVE-2022-21847 |
6.9 |
Microsoft Windows Hyper-V denial of service |
$10k-$25k |
Official Fix |
|
CVE-2022-21901 |
9.3 |
Microsoft Windows Hyper-V Privilege Escalation |
$100k and more |
Official Fix |
|
CVE-2022-21900 |
4.6 |
Microsoft Windows Hyper-V unknown vulnerability |
$25k-$50k |
Official Fix |
|
CVE-2022-21890 |
7.5 |
Microsoft Windows IKE Extension denial of service |
$10k-$25k |
Official Fix |
|
CVE-2022-21889 |
7.5 |
Microsoft Windows IKE Extension denial of service |
$10k-$25k |
Official Fix |
|
CVE-2022-21883 |
7.5 |
Microsoft Windows IKE Extension denial of service |
$10k-$25k |
Official Fix |
|
CVE-2022-21848 |
7.5 |
Microsoft Windows IKE Extension denial of service |
$10k-$25k |
Official Fix |
|
CVE-2022-21843 |
7.5 |
Microsoft Windows IKE Extension denial of service |
$10k-$25k |
Official Fix |
|
CVE-2022-21849 |
9.8 |
Microsoft Windows IKE Extension Remote Code Execution |
$100k and more |
Official Fix |
|
CVE-2022-21908 |
8.1 |
Microsoft Windows Installer Privilege Escalation |
$100k and more |
Official Fix |
|
CVE-2022-21920 |
8.8 |
Microsoft Windows Kerberos Privilege Escalation |
$100k and more |
Official Fix |
|
CVE-2022-21881 |
7.2 |
Microsoft Windows Kernel Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21879 |
5.8 |
Microsoft Windows Kernel Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2021-36976 |
6.4 |
Microsoft Windows Libarchive use after free |
$50k-$100k |
Official Fix |
|
CVE-2022-21913 |
4.6 |
Microsoft Windows Local Security Authority information disclosure |
$25k-$50k |
Official Fix |
|
CVE-2022-21884 |
8.1 |
Microsoft Windows Local Security Authority Subsystem Service Privilege Escalation |
$100k and more |
Official Fix |
|
CVE-2022-21888 |
7.9 |
Microsoft Windows Modern Execution Server Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2021-22947 |
6.1 |
Microsoft Windows Open Source Curl insufficient verification of data authenticity |
$25k-$50k |
Official Fix |
|
CVE-2022-21867 |
7.2 |
Microsoft Windows Push Notifications Apps Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21914 |
8.1 |
Microsoft Windows Remote Access Connection Manager Privilege Escalation |
$100k and more |
Official Fix |
|
CVE-2022-21885 |
8.1 |
Microsoft Windows Remote Access Connection Manager Privilege Escalation |
$100k and more |
Official Fix |
|
CVE-2022-21851 |
8.8 |
Microsoft Windows Remote Desktop Client Remote Code Execution |
$100k and more |
Official Fix |
|
CVE-2022-21850 |
8.8 |
Microsoft Windows Remote Desktop Client Remote Code Execution |
$100k and more |
Official Fix |
|
CVE-2022-21964 |
5.1 |
Microsoft Windows Remote Desktop Licensing Diagnoser information disclosure |
$25k-$50k |
Official Fix |
|
CVE-2022-21893 |
8.8 |
Microsoft Windows Remote Desktop Protocol Remote Code Execution |
$100k and more |
Official Fix |
|
CVE-2022-21922 |
8.8 |
Microsoft Windows Remote Procedure Call Runtime Privilege Escalation |
$100k and more |
Official Fix |
|
CVE-2022-21963 |
6.4 |
Microsoft Windows Resilient File System Local Privilege Escalation |
$25k-$50k |
Official Fix |
|
CVE-2022-21962 |
6.8 |
Microsoft Windows Resilient File System Local Privilege Escalation |
$25k-$50k |
Official Fix |
|
CVE-2022-21961 |
6.8 |
Microsoft Windows Resilient File System Local Privilege Escalation |
$25k-$50k |
Official Fix |
|
CVE-2022-21960 |
6.8 |
Microsoft Windows Resilient File System Local Privilege Escalation |
$25k-$50k |
Official Fix |
|
CVE-2022-21959 |
6.8 |
Microsoft Windows Resilient File System Local Privilege Escalation |
$25k-$50k |
Official Fix |
|
CVE-2022-21958 |
6.8 |
Microsoft Windows Resilient File System Local Privilege Escalation |
$25k-$50k |
Official Fix |
|
CVE-2022-21928 |
6.3 |
Microsoft Windows Resilient File System Local Privilege Escalation |
$25k-$50k |
Official Fix |
|
CVE-2022-21892 |
6.8 |
Microsoft Windows Resilient File System Local Privilege Escalation |
$25k-$50k |
Official Fix |
|
CVE-2022-21894 |
4.4 |
Microsoft Windows Secure Boot unknown vulnerability |
$25k-$50k |
Official Fix |
|
CVE-2022-21874 |
8.1 |
Microsoft Windows Security Center API Remote Code Execution |
$100k and more |
Official Fix |
|
CVE-2022-21863 |
7.2 |
Microsoft Windows StateRepository API Server Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21875 |
7.2 |
Microsoft Windows Storage Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21877 |
5.1 |
Microsoft Windows Storage Spaces Controller information disclosure |
$25k-$50k |
Official Fix |
|
CVE-2022-21866 |
7.2 |
Microsoft Windows System Launcher Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21870 |
7.2 |
Microsoft Windows Tablet Windows User Interface Application Core Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21861 |
7.2 |
Microsoft Windows Task Flow Data Engine Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21873 |
7.2 |
Microsoft Windows Tile Data Repository Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21864 |
7.2 |
Microsoft Windows UI Immersive Server API Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21919 |
7.2 |
Microsoft Windows User Profile Service Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21895 |
8.1 |
Microsoft Windows User Profile Service Privilege Escalation |
$100k and more |
Official Fix |
|
CVE-2022-21834 |
7.2 |
Microsoft Windows User-mode Driver Framework Reflector Driver Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21833 |
8.0 |
Microsoft Windows Virtual Machine IDE Drive Privilege Escalation |
$100k and more |
Official Fix |
|
CVE-2022-21876 |
5.1 |
Microsoft Windows Win32k information disclosure |
$25k-$50k |
Official Fix |
|
CVE-2022-21887 |
7.2 |
Microsoft Windows Win32k Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21882 |
7.2 |
Microsoft Windows Win32k Privilege Escalation |
$50k-$100k |
Official Fix |
|
CVE-2022-21924 |
4.6 |
Microsoft Windows Workstation Service information disclosure |
$25k-$50k |
Official Fix |
|
CVE-2022-21842 |
7.3 |
Microsoft Word Remote Code Execution |
$10k-$25k |
Official Fix |
|
CVE-2021-42558 |
4.3 |
MITRE CALDERA cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2021-42560 |
5.5 |
MITRE CALDERA Debrief Plugin xml external entity reference |
$1k-$2k |
Not Defined |
|
CVE-2021-42561 |
5.5 |
MITRE CALDERA Human Plugin os.system os command injection |
$1k-$2k |
Not Defined |
|
CVE-2021-42562 |
4.3 |
MITRE CALDERA privileges management |
$1k-$2k |
Not Defined |
|
CVE-2021-42559 |
5.5 |
MITRE CALDERA REST API command injection |
$1k-$2k |
Not Defined |
|
CVE-2021-20612 |
7.5 |
Mitsubishi Electric MELSEC-F denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-20613 |
7.5 |
Mitsubishi Electric MELSEC-F Packet denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-46169 |
5.5 |
Modex tcache use after free |
$2k-$5k |
Not Defined |
|
CVE-2021-46171 |
3.5 |
Modex xtract.c set_create_id null pointer dereference |
$0-$1k |
Not Defined |
|
CVE-2021-34979 |
8.8 |
Netgear R6260 SOAP Request buffer overflow |
$25k-$50k |
Not Defined |
|
CVE-2021-34978 |
8.8 |
Netgear R6260 SOAP Request setupwizard.cgi stack-based overflow |
$25k-$50k |
Not Defined |
|
CVE-2021-34977 |
7.5 |
Netgear R7000 SOAP Request authentication bypass |
$5k-$10k |
Not Defined |
|
CVE-2021-34980 |
8.8 |
Netgear XR500 Environment Variable setupwizard.cgi stack-based overflow |
$25k-$50k |
Not Defined |
|
CVE-2022-22121 |
7.1 |
NocoDB csv injection |
$2k-$5k |
Official Fix |
|
CVE-2022-22120 |
5.3 |
NocoDB Password Reset information exposure |
$1k-$2k |
Official Fix |
|
CVE-2022-22821 |
2.6 |
NVIDIA NeMo ASR WebApp path traversal |
$0-$1k |
Official Fix |
|
CVE-2021-32650 |
8.0 |
October CMS Theme Import injection |
$2k-$5k |
Official Fix |
|
CVE-2021-32649 |
8.0 |
October CMS Twig Code injection |
$2k-$5k |
Official Fix |
|
CVE-2022-0012 |
5.7 |
Palo Alto Cortex XDR Agent link following |
$2k-$5k |
Official Fix |
|
CVE-2022-0013 |
4.2 |
Palo Alto Cortex XDR Agent Support File file information disclosure |
$0-$1k |
Official Fix |
|
CVE-2022-0015 |
8.3 |
Palo Alto Cortex XDR Agent uncontrolled search path |
$2k-$5k |
Official Fix |
|
CVE-2022-0014 |
7.1 |
Palo Alto Cortex XDR Agent untrusted search path |
$2k-$5k |
Official Fix |
|
CVE-2021-34998 |
7.9 |
Panda Free Antivirus Named Pipe unnecessary privileges |
$10k-$25k |
Not Defined |
|
CVE-2022-22701 |
3.5 |
PartKeepr Attachment information disclosure |
$0-$1k |
Not Defined |
|
CVE-2022-22702 |
5.5 |
PartKeepr Attachment Upload server-side request forgery |
$1k-$2k |
Not Defined |
|
CVE-2022-0170 |
6.3 |
peertube access control |
$2k-$5k |
Official Fix |
|
CVE-2022-0133 |
5.3 |
peertube access control |
$2k-$5k |
Official Fix |
|
CVE-2022-0132 |
5.2 |
peertube server-side request forgery |
$2k-$5k |
Official Fix |
|
CVE-2021-42555 |
4.3 |
Pexip Infinity Call-Setup denial of service |
$0-$1k |
Official Fix |
|
CVE-2021-35969 |
4.3 |
Pexip Infinity Call-Setup denial of service |
$0-$1k |
Official Fix |
|
CVE-2021-33499 |
4.3 |
Pexip Infinity H.264 denial of service |
$0-$1k |
Official Fix |
|
CVE-2021-33498 |
4.3 |
Pexip Infinity H.264 denial of service |
$0-$1k |
Official Fix |
|
CVE-2021-32545 |
4.3 |
Pexip Infinity RMTP denial of service |
$0-$1k |
Official Fix |
|
CVE-2022-0238 |
4.4 |
phoronix-test-suite cross-site request forgery |
$0-$5k |
Official Fix |
|
CVE-2022-0197 |
5.4 |
phoronix-test-suite cross-site request forgery |
$0-$1k |
Official Fix |
|
CVE-2022-0196 |
4.8 |
phoronix-test-suite cross-site request forgery |
$0-$1k |
Official Fix |
|
CVE-2022-0157 |
3.8 |
phoronix-test-suite Web Page Generation cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2022-22816 |
5.5 |
Pillow path.c path_getbbox buffer overflow |
$2k-$5k |
Official Fix |
|
CVE-2022-22815 |
5.5 |
Pillow path.c path_getbbox initialization |
$2k-$5k |
Official Fix |
|
CVE-2022-22817 |
3.5 |
Pillow PIL.ImageMath.eval information disclosure |
$0-$1k |
Official Fix |
|
CVE-2022-23114 |
4.3 |
Publish Over SSH Plugin Configuration File credentials storage |
$2k-$5k |
Not Defined |
|
CVE-2022-23113 |
3.5 |
Publish Over SSH Plugin Controller File path traversal |
$1k-$2k |
Not Defined |
|
CVE-2022-23111 |
4.3 |
Publish Over SSH Plugin cross-site request forgery |
$0-$1k |
Not Defined |
|
CVE-2022-23112 |
5.5 |
Publish Over SSH Plugin SSH Server authorization |
$1k-$2k |
Not Defined |
|
CVE-2022-23110 |
3.5 |
Publish Over SSH Plugin SSH Server Name cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2021-38677 |
4.2 |
QNAP QcalAgent cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2021-38678 |
5.7 |
QNAP QcalAgent redirect |
$1k-$2k |
Official Fix |
|
CVE-2021-38689 |
8.1 |
QNAP QVR Elite/QVR Pro/QVR Guard buffer overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-38682 |
8.1 |
QNAP QVR Elite/QVR Pro/QVR Guard buffer overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-38692 |
8.1 |
QNAP QVR Elite/QVR Pro/QVR Guard stack-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-38691 |
8.1 |
QNAP QVR Elite/QVR Pro/QVR Guard stack-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-38690 |
8.1 |
QNAP QVR Elite/QVR Pro/QVR Guard stack-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-30330 |
7.5 |
Qualcomm Snapdragon Auto Ape Clip null pointer dereference |
$5k-$10k |
Official Fix |
|
CVE-2021-30353 |
7.5 |
Qualcomm Snapdragon Auto assertion |
$5k-$10k |
Official Fix |
|
CVE-2021-30307 |
7.5 |
Qualcomm Snapdragon Auto DNS Response denial of service |
$5k-$10k |
Official Fix |
|
CVE-2021-30313 |
6.7 |
Qualcomm Snapdragon Auto Folder use after free |
$10k-$25k |
Official Fix |
|
CVE-2021-30308 |
7.8 |
Qualcomm Snapdragon Auto HARQ Memory Partition Detail buffer overflow |
$10k-$25k |
Official Fix |
|
CVE-2021-30311 |
7.8 |
Qualcomm Snapdragon Auto heap-based overflow |
$10k-$25k |
Official Fix |
|
CVE-2021-30285 |
8.6 |
Qualcomm Snapdragon Auto Hypervisor memory corruption |
$10k-$25k |
Official Fix |
|
CVE-2021-30301 |
7.5 |
Qualcomm Snapdragon Auto Messages resource consumption |
$5k-$10k |
Official Fix |
|
CVE-2021-30287 |
7.5 |
Qualcomm Snapdragon Auto PDCCH Monitoring assertion |
$5k-$10k |
Official Fix |
|
CVE-2021-30300 |
7.5 |
Qualcomm Snapdragon Auto SIB2 OTA Message denial of service |
$5k-$10k |
Official Fix |
|
CVE-2021-30314 |
4.7 |
Qualcomm Snapdragon Auto Third Party information disclosure |
$2k-$5k |
Official Fix |
|
CVE-2021-30319 |
7.8 |
Qualcomm Snapdragon Auto WMI Command integer overflow |
$10k-$25k |
Official Fix |
|
CVE-2021-23594 |
8.5 |
realms-shim Prototype code injection |
$2k-$5k |
Not Defined |
|
CVE-2021-23543 |
8.5 |
realms-shim Prototype sandbox |
$2k-$5k |
Not Defined |
|
CVE-2021-43566 |
5.0 |
Samba SMB1/NFS access control |
$2k-$5k |
Official Fix |
|
CVE-2022-22267 |
3.6 |
Samsung ActivityMetricsLogger improper authorization |
$0-$1k |
Official Fix |
|
CVE-2022-22286 |
4.6 |
Samsung Bixby Routines Pendingetent code injection |
$1k-$2k |
Official Fix |
|
CVE-2022-22269 |
3.6 |
Samsung BluetoothSettingsProvider Bluetooth MAC Address improper authorization |
$0-$1k |
Official Fix |
|
CVE-2022-22270 |
4.6 |
Samsung Dialer Contact Information code injection |
$1k-$2k |
Official Fix |
|
CVE-2022-22264 |
6.5 |
Samsung Dressroom Incoming Intent input validation |
$1k-$2k |
Official Fix |
|
CVE-2022-22287 |
3.1 |
Samsung Email File Access sandbox |
$0-$1k |
Official Fix |
|
CVE-2022-22283 |
3.1 |
Samsung Health improper authentication |
$0-$1k |
Official Fix |
|
CVE-2022-22290 |
6.9 |
Samsung Internet Download improper restriction of rendered ui layers |
$2k-$5k |
Official Fix |
|
CVE-2022-22284 |
5.5 |
Samsung Internet Secret Mode improper authentication |
$0-$1k |
Official Fix |
|
CVE-2022-22268 |
5.2 |
Samsung Knox Guard DeX Mode improper authorization |
$0-$1k |
Official Fix |
|
CVE-2022-22265 |
4.6 |
Samsung NPU Driver Local Privilege Escalation |
$1k-$2k |
Official Fix |
|
CVE-2022-22285 |
4.6 |
Samsung Reminder Pendingetent code injection |
$1k-$2k |
Official Fix |
|
CVE-2022-22289 |
5.3 |
Samsung S Assistant improper authentication |
$1k-$2k |
Official Fix |
|
CVE-2022-22263 |
4.7 |
Samsung SecSettings privileges management |
$1k-$2k |
Official Fix |
|
CVE-2022-22288 |
7.4 |
Samsung Store improper authorization |
$2k-$5k |
Official Fix |
|
CVE-2022-22272 |
3.6 |
Samsung TelephonyManager IMSI improper authorization |
$0-$1k |
Official Fix |
|
CVE-2022-22266 |
3.6 |
Samsung TencentWifiSecurity WifiEvaluationService privileges management |
$0-$1k |
Official Fix |
|
CVE-2022-22271 |
4.4 |
Samsung TIMA Trustlet Memory Copy out-of-bounds read |
$0-$1k |
Official Fix |
|
CVE-2021-44234 |
3.5 |
SAP Business One log file |
$2k-$5k |
Official Fix |
|
CVE-2022-22529 |
2.6 |
SAP Enterprise Threat Detection cross site scripting |
$2k-$5k |
Official Fix |
|
CVE-2021-42067 |
3.5 |
SAP NetWeaver AS ABAP/ABAP Platform Hana Dashboard information disclosure |
$2k-$5k |
Official Fix |
|
CVE-2022-22530 |
5.5 |
SAP S4HANA F0743 Create Single Payment Application unrestricted upload |
$10k-$25k |
Official Fix |
|
CVE-2021-30065 |
7.3 |
Schneider Electric ConneXium Tofino Firewall ModBus Packet access control |
$2k-$5k |
Official Fix |
|
CVE-2021-30064 |
8.1 |
Schneider Electric ConneXium Tofino Firewall SSH hard-coded credentials |
$2k-$5k |
Official Fix |
|
CVE-2021-30061 |
6.4 |
Schneider Electric ConneXium Tofino Firewall USB Local Privilege Escalation |
$1k-$2k |
Official Fix |
|
CVE-2021-30066 |
6.8 |
Schneider Electric ConneXium Tofino Firewall USB Stick signature verification |
$0-$1k |
Official Fix |
|
CVE-2021-30063 |
5.9 |
Schneider Electric ConneXium Tofino OPCLSM OPC Enforcer denial of service |
$0-$1k |
Official Fix |
|
CVE-2021-30062 |
5.0 |
Schneider Electric ConneXium Tofino OPCLSM OPC Enforcer Privilege Escalation |
$2k-$5k |
Official Fix |
|
CVE-2022-22725 |
8.8 |
Schneider Electric Easergy P3 GOOSE buffer overflow |
$2k-$5k |
Official Fix |
|
CVE-2022-22723 |
8.8 |
Schneider Electric Easergy P5 GOOSE buffer overflow |
$2k-$5k |
Official Fix |
|
CVE-2022-22722 |
7.5 |
Schneider Electric Easergy P5 SSH hard-coded credentials |
$1k-$2k |
Official Fix |
|
CVE-2020-8597 |
8.6 |
Schneider Electric Easergy T300 RTU pppd buffer overflow |
$2k-$5k |
Official Fix |
|
CVE-2022-22726 |
4.3 |
Schneider Electric EcoStruxure Power Monitoring Expert information disclosure |
$1k-$2k |
Official Fix |
|
CVE-2022-22727 |
5.0 |
Schneider Electric EcoStruxure Power Monitoring Expert input validation |
$2k-$5k |
Official Fix |
|
CVE-2019-8963 |
5.3 |
Schneider Electric EcoStruxure Power Monitoring Expert lmadmin Tool denial of service |
$0-$1k |
Official Fix |
|
CVE-2022-22804 |
2.6 |
Schneider Electric EcoStruxure Power Monitoring Expert Web Page Generation cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2022-22724 |
7.5 |
Schneider Electric Modicon M340 TCP resource consumption |
$0-$1k |
Official Fix |
|
CVE-2020-7534 |
4.3 |
Schneider Electric Modicon M340/Modicon Quantum/Modicon Premium Web Server cross-site request forgery |
$0-$1k |
Official Fix |
|
CVE-2021-37195 |
3.5 |
Siemens COMOS Web cross site scriting |
$2k-$5k |
Official Fix |
|
CVE-2021-37198 |
4.3 |
Siemens COMOS Web cross-site request forgery |
$5k-$10k |
Official Fix |
|
CVE-2021-37196 |
4.6 |
Siemens COMOS Web path traversal |
$5k-$10k |
Official Fix |
|
CVE-2021-37197 |
6.3 |
Siemens COMOS Web sql injection |
$10k-$25k |
Official Fix |
|
CVE-2021-45033 |
6.3 |
Siemens CP-8000/CP-8021/CP-8022 Debug Port hard-coded credentials |
$5k-$10k |
Official Fix |
|
CVE-2021-45034 |
6.3 |
Siemens CP-8000/CP-8021/CP-8022 Web Server access control |
$10k-$25k |
Official Fix |
|
CVE-2021-45460 |
3.5 |
Siemens SICAM PQ Analyzer Registry unquoted search path |
$5k-$10k |
Official Fix |
|
CVE-2021-41769 |
4.3 |
Siemens SIPROTEC 5 Web Server information disclosure |
$5k-$10k |
Official Fix |
|
CVE-2020-9058 |
5.0 |
Silicon Labs Z-Wave CRC-16 Encapsulation missing encryption |
$0-$1k |
Not Defined |
|
CVE-2020-10137 |
3.7 |
Silicon Labs Z-Wave FIND_NODE_IN_RANGE Frame insufficient verification of data authenticity |
$1k-$2k |
Not Defined |
|
CVE-2020-9060 |
4.3 |
Silicon Labs Z-Wave Message resource consumption |
$0-$1k |
Not Defined |
|
CVE-2020-9057 |
1.8 |
Silicon Labs Z-Wave missing encryption |
$0-$1k |
Not Defined |
|
CVE-2020-9061 |
4.6 |
Silicon Labs Z-Wave Routing Message improper authorization |
$1k-$2k |
Not Defined |
|
CVE-2020-9059 |
6.5 |
Silicon Labs Z-Wave S0 Authentication resource consumption |
$0-$1k |
Not Defined |
|
CVE-2021-29454 |
7.2 |
Smarty Template code injection |
$2k-$5k |
Official Fix |
|
CVE-2021-21408 |
7.5 |
Smarty Template code injection |
$2k-$5k |
Official Fix |
|
CVE-2022-0178 |
6.3 |
Snipe-IT access control |
$2k-$5k |
Official Fix |
|
CVE-2022-0179 |
6.3 |
Snipe-IT access control |
$2k-$5k |
Official Fix |
|
CVE-2021-35247 |
9.8 |
SolarWinds Serv-U Login Screen input validation |
$2k-$5k |
Not Defined |
|
CVE-2021-20046 |
6.5 |
SonicWALL SonicOS HTTP Content-Length stack-based overflow |
$2k-$5k |
Not Defined |
|
CVE-2021-20048 |
6.5 |
SonicWALL SonicOS HTTP Response Header stack-based overflow |
$2k-$5k |
Not Defined |
|
CVE-2021-45334 |
7.3 |
Sourcecodester Online Thesis Archiving System Admin Panel sql injection |
$2k-$5k |
Not Defined |
|
CVE-2021-45411 |
6.3 |
Sourcecodetester Printable Staff ID Card Creator System sql injection |
$1k-$2k |
Not Defined |
|
CVE-2021-43974 |
6.3 |
SysAid ITIL enduserreg improper authentication |
$1k-$2k |
Not Defined |
|
CVE-2021-43972 |
6.3 |
SysAid ITIL Filesystem UserSelfServiceSettings.jsp access control |
$2k-$5k |
Not Defined |
|
CVE-2021-43971 |
6.3 |
SysAid ITIL Parameter SelectUsers.jsp sql injection |
$1k-$2k |
Not Defined |
|
CVE-2021-43973 |
6.3 |
SysAid ITIL UploadPsIcon.jsp unrestricted upload |
$2k-$5k |
Not Defined |
|
CVE-2021-34858 |
7.0 |
TeamViewer TVS File Parser out-of-bounds read |
$1k-$2k |
Official Fix |
|
CVE-2022-22114 |
6.9 |
Teedy Search Term cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2022-22115 |
6.2 |
Teedy Tag Name cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2021-35500 |
5.3 |
TIBCO Data Virtualization Server permission |
$2k-$5k |
Not Defined |
|
CVE-2021-43054 |
6.7 |
TIBCO eFTL API Token permission |
$2k-$5k |
Not Defined |
|
CVE-2021-43055 |
5.4 |
TIBCO eFTL Server permission |
$2k-$5k |
Not Defined |
|
CVE-2021-43052 |
8.3 |
TIBCO FTL Realm Server hard-coded credentials |
$1k-$2k |
Not Defined |
|
CVE-2021-43053 |
6.9 |
TIBCO FTL Realm Server information disclosure |
$1k-$2k |
Not Defined |
|
CVE-2021-45441 |
6.3 |
Trend Micro Apex One Privilege Escalation |
$10k-$25k |
Not Defined |
|
CVE-2021-45231 |
6.3 |
Trend Micro Apex One/Worry-Free Business Security link following |
$10k-$25k |
Not Defined |
|
CVE-2021-44024 |
8.8 |
Trend Micro Apex One/Worry-Free Business Security link following |
$10k-$25k |
Not Defined |
|
CVE-2021-45440 |
6.3 |
Trend Micro Apex One/Worry-Free Business Security privileges assignment |
$10k-$25k |
Not Defined |
|
CVE-2021-45442 |
8.8 |
Trend Micro Worry-Free Business Security link following |
$10k-$25k |
Not Defined |
|
CVE-2022-0213 |
6.5 |
vim heap-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2022-0158 |
6.5 |
vim heap-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2021-46059 |
4.3 |
vim regexp.c vim_regexec_multi denial of service |
$0-$1k |
Not Defined |
|
CVE-2022-0156 |
6.5 |
vim use after free |
$2k-$5k |
Official Fix |
|
CVE-2021-22060 |
4.6 |
VMware Spring Framework Log injection |
$10k-$25k |
Not Defined |
|
CVE-2021-46053 |
3.5 |
WebAssembly Binaryen denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-46050 |
5.5 |
WebAssembly Binaryen printf_common stack-based overflow |
$2k-$5k |
Not Defined |
|
CVE-2021-46048 |
3.5 |
WebAssembly Binaryen readFunctions denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-46055 |
3.5 |
WebAssembly Binaryen Rethrow*) denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-46054 |
3.5 |
WebAssembly Binaryen Rethrow*) denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-46052 |
3.5 |
WebAssembly Binaryen validate denial of service |
$0-$1k |
Not Defined |
|
CVE-2022-22988 |
8.9 |
Western Digital EdgeRover Desktop App permission |
$2k-$5k |
Official Fix |
|
CVE-2022-22991 |
7.0 |
Western Digital My Cloud OS DNS os command injection |
$2k-$5k |
Official Fix |
|
CVE-2022-22989 |
7.1 |
Western Digital My Cloud OS FTP Service issues.c stack-based overflow |
$1k-$2k |
Official Fix |
|
CVE-2021-25053 |
4.3 |
WP Coder Plugin Wow-Company Admin Menu Page include cross-site request forgery |
$0-$1k |
Official Fix |
|
CVE-2022-23304 |
2.6 |
wpa_supplicant/hostapd EAP-pwd information exposure |
$0-$5k |
Official Fix |
|
CVE-2022-23303 |
2.6 |
wpa_supplicant/hostapd SAE information exposure |
$0-$5k |
Official Fix |
|
CVE-2022-23134 |
5.5 |
Zabbix Configuration setup.php access control |
$2k-$5k |
Not Defined |
|
CVE-2022-23133 |
4.9 |
Zabbix Host Group cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-23132 |
4.3 |
Zabbix Installation zabbix access control |
$1k-$2k |
Not Defined |
|
CVE-2022-23131 |
8.2 |
Zabbix SAML authentication spoofing |
$1k-$2k |
Not Defined |
|
CVE-2020-28679 |
6.3 |
Zoho ManageEngine Applications Manager showReports Module sql injection |
$1k-$2k |
Official Fix |
|
CVE-2021-44651 |
6.3 |
Zoho ManageEngine CloudSecurityPlus updatePersonalizeSettings Privilege Escalation |
$2k-$5k |
Official Fix |
|
CVE-2021-46165 |
6.3 |
Zoho ManageEngine Desktop Central Batch File Privilege Escalation |
$2k-$5k |
Official Fix |
|
CVE-2021-46164 |
6.3 |
Zoho ManageEngine Desktop Central Reports Module Privilege Escalation |
$2k-$5k |
Official Fix |
|
CVE-2021-46166 |
3.5 |
Zoho ManageEngine Desktop Central Reports Page information disclosure |
$0-$1k |
Official Fix |
|
CVE-2021-44650 |
6.3 |
Zoho ManageEngine M365 Manager Plus Proxy Settings Privilege Escalation |
$2k-$5k |
Official Fix |
|
CVE-2021-44652 |
6.3 |
Zoho ManageEngine O365 Manager Plus ChangeDBAPI Privilege Escalation |
$2k-$5k |
Official Fix |
