آسیبپذیریهای حیاتی هفته اول فروردینماه
این هفته آسیبپذیریهای «حیاتی» و «پرخطر» بسیاری در محصولات مهم Google گزارش و وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شد. همچنین در محصولات شرکتهای Sophos، McAfee، Rockwell ، IBM، Netgear، Facebook و کرنل لینوکس چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت.
لیست این آسیبپذیریها بههمراه سطح خطر آنها در جدول زیر آمده است.
|
شناسه آسیبپذیری |
امتیاز مبنا |
عنوان آسیبپذیری |
ارزش روز صفر |
رفع آسیبپذیری |
|
CVE-2022-0627 |
3.5 |
Amelia Plugin Admin Page cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2022-0834 |
4.9 |
Amelia Plugin Booking Calendar AddCustomerController.php cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-0616 |
4.3 |
Amelia Plugin cross-site request forgery |
$0-$1k |
Official Fix |
|
CVE-2022-0687 |
5.5 |
Amelia Plugin Image Blob code injection |
$1k-$2k |
Official Fix |
|
CVE-2022-26526 |
6.3 |
Anaconda/Miniconda3 Environment Variable uncontrolled search path |
$2k-$5k |
Not Defined |
|
CVE-2022-25576 |
4.3 |
Anchor CMS Post posts.php cross-site request forgery |
$0-$1k |
Not Defined |
|
CVE-2021-44040 |
5.5 |
Apache Traffic Server Request Line Parser input validation |
$10k-$25k |
Official Fix |
|
CVE-2021-44759 |
7.3 |
Apache Traffic Server TLS Origin improper authentication |
$10k-$25k |
Official Fix |
|
CVE-2020-20095 |
6.3 |
Apple iOS iMessage clickjacking |
$50k-$100k |
Not Defined |
|
CVE-2022-24768 |
8.1 |
Argo CD access control |
$2k-$5k |
Official Fix |
|
CVE-2022-24731 |
4.7 |
Argo CD path traversal |
$1k-$2k |
Official Fix |
|
CVE-2022-24730 |
6.0 |
Argo CD path traversal |
$1k-$2k |
Official Fix |
|
CVE-2021-45757 |
5.7 |
Asus RT-AC68U blocking.cgi denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-45756 |
5.5 |
Asus RT-AC68U/RT-AC5300 blocking_request.cgi buffer overflow |
$2k-$5k |
Not Defined |
|
CVE-2022-25248 |
5.3 |
Axeda Agent/Desktop Server information disclosure |
$1k-$2k |
Not Defined |
|
CVE-2022-25252 |
7.4 |
Axeda Agent/Desktop Server Service missing authentication |
$1k-$2k |
Not Defined |
|
CVE-2022-25250 |
7.4 |
Axeda Agent/Desktop Server Service missing authentication |
$1k-$2k |
Not Defined |
|
CVE-2022-25249 |
6.4 |
Axeda Agent/Desktop Server Web Server path traversal |
$1k-$2k |
Not Defined |
|
CVE-2022-25251 |
8.5 |
Axeda Agent/Desktop Server XML Message missing authentication |
$1k-$2k |
Not Defined |
|
CVE-2022-23346 |
5.5 |
Bigantsoft BigAnt Server access control |
$1k-$2k |
Not Defined |
|
CVE-2022-23345 |
5.5 |
Bigantsoft BigAnt Server access control |
$1k-$2k |
Not Defined |
|
CVE-2022-23350 |
3.5 |
Bigantsoft BigAnt Server cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-23349 |
4.3 |
Bigantsoft BigAnt Server cross-site request forgery |
$0-$1k |
Not Defined |
|
CVE-2022-23352 |
3.5 |
Bigantsoft BigAnt Server denial of service |
$0-$1k |
Not Defined |
|
CVE-2022-23347 |
5.5 |
Bigantsoft BigAnt Server pathname traversal |
$1k-$2k |
Not Defined |
|
CVE-2022-23348 |
2.6 |
Bigantsoft BigAnt Server unknown vulnerability |
$0-$1k |
Not Defined |
|
CVE-2021-38745 |
5.5 |
Chamilo LMS Plugin code injection |
$1k-$2k |
Not Defined |
|
CVE-2021-40662 |
4.3 |
Chamilo LMS URL cross-site request forgery |
$0-$1k |
Not Defined |
|
CVE-2021-40905 |
6.3 |
CheckMK Enterprise Edition Web Management Console unrestricted upload |
$2k-$5k |
Not Defined |
|
CVE-2021-40904 |
6.3 |
CheckMK Raw Edition Web Management Console Privilege Escalation |
$2k-$5k |
Not Defined |
|
CVE-2021-40906 |
4.3 |
CheckMK Raw Edition Web Service cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2021-43736 |
6.3 |
CmsWing Privilege Escalation |
$2k-$5k |
Not Defined |
|
CVE-2021-43735 |
6.3 |
CmsWing sql injection |
$1k-$2k |
Not Defined |
|
CVE-2022-0514 |
5.9 |
crater-invoice behavioral workflow |
$2k-$5k |
Official Fix |
|
CVE-2022-0515 |
4.3 |
crater-invoice cross-site request forgery |
$0-$1k |
Official Fix |
|
CVE-2022-1033 |
6.7 |
crater-invoice unrestricted upload |
$2k-$5k |
Official Fix |
|
CVE-2021-44127 |
5.5 |
D-Link DAP-1360 F1 webupg os command injection |
$10k-$25k |
Not Defined |
|
CVE-2021-31326 |
5.4 |
D-Link DIR-816 A2 form2Reboot.cgi denial of service |
$2k-$5k |
Not Defined |
|
CVE-2022-26258 |
6.3 |
D-Link DIR-820L lan.asp Privilege Escalation |
$10k-$25k |
Not Defined |
|
CVE-2022-26659 |
6.3 |
Docker Desktop Log File symlink |
$2k-$5k |
Official Fix |
|
CVE-2021-39383 |
6.3 |
DWSurvey SysPropertyAction.java Privilege Escalation |
$2k-$5k |
Not Defined |
|
CVE-2021-39384 |
5.5 |
DWSurvey ToHtmlServlet.java access control |
$1k-$2k |
Not Defined |
|
CVE-2021-42194 |
5.5 |
EyouCMS Index.php wechat_return xml external entity reference |
$1k-$2k |
Not Defined |
|
CVE-2022-26273 |
5.5 |
EyouCMS Payment shop.php behavioral workflow |
$1k-$2k |
Not Defined |
|
CVE-2022-26279 |
5.5 |
EyouCMS sqldata access control |
$1k-$2k |
Not Defined |
|
CVE-2020-20094 |
4.3 |
Facebook Instagram URL clickjacking |
$10k-$25k |
Not Defined |
|
CVE-2020-20093 |
6.3 |
Facebook Messenger URL clickjacking |
$10k-$25k |
Not Defined |
|
CVE-2020-20096 |
6.3 |
Facebook WhatsApp URL clickjacking |
$10k-$25k |
Not Defined |
|
CVE-2022-0145 |
4.6 |
ForkCMS cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2022-1064 |
7.6 |
ForkCMS Marking Blog Comment sql injection |
$1k-$2k |
Official Fix |
|
CVE-2022-0153 |
7.9 |
ForkCMS sql injection |
$1k-$2k |
Official Fix |
|
CVE-2021-44751 |
5.3 |
F-Secure Safe Browser USSD Code access control |
$2k-$5k |
Official Fix |
|
CVE-2021-27430 |
7.6 |
GE UR IED Boot Sequence hard-coded credentials |
$0-$1k |
Not Defined |
|
CVE-2021-27428 |
9.8 |
GE UR IED Enervista UR Setup unrestricted upload |
$2k-$5k |
Official Fix |
|
CVE-2021-27426 |
9.8 |
GE UR IED Factory Mode config |
$2k-$5k |
Official Fix |
|
CVE-2021-27420 |
5.3 |
GE UR IED HTTP Verb denial of service |
$0-$1k |
Official Fix |
|
CVE-2021-27424 |
5.3 |
GE UR IED Modbus information disclosure |
$1k-$2k |
Official Fix |
|
CVE-2021-27418 |
4.8 |
GE UR IED Web Interface cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2021-27422 |
6.4 |
GE UR IED Web Server Interface information disclosure |
$1k-$2k |
Official Fix |
|
CVE-2022-27811 |
5.5 |
GNOME OCRFeeder Filename os command injection |
$1k-$2k |
Official Fix |
|
CVE-2022-27943 |
3.5 |
GNU gcc rust-demangle.c demangle_const resource consumption |
$0-$1k |
Official Fix |
|
CVE-2021-39698 |
5.3 |
Google Android aio.c aio_poll_complete_work memory corruption |
$25k-$50k |
Official Fix |
|
CVE-2021-39693 |
5.3 |
Google Android AppOpsService.java onUidStateChanged state issue |
$25k-$50k |
Official Fix |
|
CVE-2021-39707 |
5.3 |
Google Android AppRestrictionsFragment.java onReceive permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39733 |
4.2 |
Google Android audiometrics.c amcs_cdev_unlocked_ioctl out-of-bounds write |
$10k-$25k |
Official Fix |
|
CVE-2021-39695 |
5.3 |
Google Android BasePermission.java createOrUpdate permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39701 |
5.3 |
Google Android ControlsProviderLifecycleManager.kt serviceConnection permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39706 |
5.3 |
Google Android CredentialStorage.java onResume permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39697 |
5.3 |
Google Android DownloadProvider.java checkFileUriDestination permission |
$25k-$50k |
Official Fix |
|
CVE-2021-0957 |
5.3 |
Google Android Factory Reset NotificationStackScrollLayout.java NotificationStackScrollLayout stack-based overflow |
$25k-$50k |
Official Fix |
|
CVE-2021-39735 |
4.2 |
Google Android gasket_page_table.c gasket_alloc_coherent_memory memory corruption |
$10k-$25k |
Official Fix |
|
CVE-2021-39725 |
4.2 |
Google Android gasket_page_table.c gasket_free_coherent_memory_all memory corruption |
$10k-$25k |
Official Fix |
|
CVE-2021-39714 |
5.3 |
Google Android ion.c ion_buffer_kmap_get integer overflow |
$25k-$50k |
Official Fix |
|
CVE-2021-39705 |
3.3 |
Google Android LegacyVoicemailNotifier.java getNotificationTag information disclosure |
$10k-$25k |
Official Fix |
|
CVE-2021-39719 |
4.2 |
Google Android lwis_device_top.c lwis_top_register_io out-of-bounds write |
$10k-$25k |
Official Fix |
|
CVE-2021-39732 |
5.3 |
Google Android lwis_ioctl.c copy_io_entries out-of-bounds write |
$25k-$50k |
Official Fix |
|
CVE-2021-39736 |
4.2 |
Google Android lwis_ioctl.c prepare_response out-of-bounds write |
$10k-$25k |
Official Fix |
|
CVE-2021-39793 |
5.3 |
Google Android mali_kbase_mem.c kbase_jd_user_buf_pin_pages out-of-bounds write |
$25k-$50k |
Official Fix |
|
CVE-2021-39704 |
5.3 |
Google Android NotificationManagerService.java deleteNotificationChannelGroup permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39689 |
4.2 |
Google Android odsign_main.cpp Local Privilege Escalation |
$10k-$25k |
Official Fix |
|
CVE-2021-39721 |
4.2 |
Google Android out-of-bounds write |
$10k-$25k |
Official Fix |
|
CVE-2021-39624 |
5.5 |
Google Android Package Manger resource consumption |
$5k-$10k |
Official Fix |
|
CVE-2021-39731 |
4.2 |
Google Android protocolstkadapter.cpp Init out-of-bounds write |
$10k-$25k |
Official Fix |
|
CVE-2021-39718 |
5.3 |
Google Android protocolstkadapter.cpp Init out-of-bounds write |
$25k-$50k |
Official Fix |
|
CVE-2021-39734 |
5.3 |
Google Android RCS Message OneToOneChatImpl.java sendMessage permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39702 |
4.8 |
Google Android RequestManageCredentials.java onCreate improper restriction of rendered ui layers |
$25k-$50k |
Official Fix |
|
CVE-2021-39694 |
5.3 |
Google Android RoleParser.java parse permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39709 |
5.3 |
Google Android SipAccountRegistry.java sendSipAccountsRemovedNotification permission |
$25k-$50k |
Official Fix |
|
CVE-2021-39729 |
4.2 |
Google Android TitanM Chip out-of-bounds write |
$10k-$25k |
Official Fix |
|
CVE-2021-39685 |
5.3 |
Google Android USB Gadget Subsystem out-of-bounds write |
$25k-$50k |
Official Fix |
|
CVE-2021-39703 |
5.3 |
Google Android UsbDeviceManager.java updateState improper authorization |
$25k-$50k |
Official Fix |
|
CVE-2021-39712 |
2.3 |
Google Android use after free |
$10k-$25k |
Official Fix |
|
CVE-2021-39690 |
3.3 |
Google Android WallpaperManagerService.java setDisplayPadding denial of service |
$5k-$10k |
Official Fix |
|
CVE-2021-39692 |
4.8 |
Google Android Work Profile SetupLayoutActivity.java onCreate improper restriction of rendered ui layers |
$25k-$50k |
Official Fix |
|
CVE-2022-0978 |
6.3 |
Google Chrome ANGLE use after free |
$50k-$100k |
Official Fix |
|
CVE-2022-0975 |
6.3 |
Google Chrome ANGLE use after free |
$50k-$100k |
Official Fix |
|
CVE-2022-0971 |
6.3 |
Google Chrome Blink Layout use after free |
$50k-$100k |
Official Fix |
|
CVE-2022-0977 |
6.3 |
Google Chrome Browser UI use after free |
$50k-$100k |
Official Fix |
|
CVE-2022-0972 |
6.3 |
Google Chrome Extensions use after free |
$50k-$100k |
Official Fix |
|
CVE-2022-0976 |
6.3 |
Google Chrome GPU heap-based overflow |
$50k-$100k |
Official Fix |
|
CVE-2022-0980 |
6.3 |
Google Chrome New Tab Page use after free |
$50k-$100k |
Official Fix |
|
CVE-2022-0979 |
6.3 |
Google Chrome Safe Browsing use after free |
$50k-$100k |
Official Fix |
|
CVE-2022-0973 |
6.3 |
Google Chrome Safe Browsing use after free |
$50k-$100k |
Official Fix |
|
CVE-2022-0974 |
6.3 |
Google Chrome Splitscreen use after free |
$50k-$100k |
Official Fix |
|
CVE-2022-27191 |
3.5 |
Google Go ssh Library denial of service |
$2k-$5k |
Official Fix |
|
CVE-2021-22571 |
4.4 |
Google SA360 tmp permission |
$5k-$10k |
Official Fix |
|
CVE-2022-24291 |
7.5 |
HP Color LaserJet Pro denial of service |
$5k-$10k |
Official Fix |
|
CVE-2022-24293 |
9.8 |
HP Color LaserJet Pro Remote Code Execution |
$25k-$50k |
Official Fix |
|
CVE-2022-24292 |
9.8 |
HP Color LaserJet Pro Remote Code Execution |
$25k-$50k |
Official Fix |
|
CVE-2021-23158 |
4.3 |
htmldoc ps-pdf.cxx pspdf_export double free |
$2k-$5k |
Official Fix |
|
CVE-2021-23165 |
6.3 |
htmldoc ps-pdf.cxx pspdf_prepare_outpages heap-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2022-22316 |
5.3 |
IBM MQ Appliance denial of service |
$2k-$5k |
Official Fix |
|
CVE-2022-22374 |
6.0 |
IBM Power 9 OP940 downgrade |
$5k-$10k |
Official Fix |
|
CVE-2022-22394 |
6.9 |
IBM Spectrum Protect access control |
$10k-$25k |
Official Fix |
|
CVE-2021-26600 |
4.6 |
ImpressCMS autologin.php type confusion |
$1k-$2k |
Official Fix |
|
CVE-2021-26598 |
6.3 |
ImpressCMS findusers.php access control |
$2k-$5k |
Official Fix |
|
CVE-2021-26599 |
6.3 |
ImpressCMS findusers.php sql injection |
$1k-$2k |
Official Fix |
|
CVE-2021-26601 |
5.5 |
ImpressCMS image-edit.php pathname traversal |
$1k-$2k |
Official Fix |
|
CVE-2022-0635 |
7.5 |
ISC BIND DNSSEC query.c query_dname assertion |
$5k-$10k |
Official Fix |
|
CVE-2022-0667 |
7.5 |
ISC BIND DS Record resume_dslookup assertion |
$5k-$10k |
Official Fix |
|
CVE-2021-25220 |
3.8 |
ISC BIND Forwarder dns rebinding |
$10k-$25k |
Official Fix |
|
CVE-2022-0396 |
5.3 |
ISC BIND TCP Packet denial of service |
$5k-$10k |
Official Fix |
|
CVE-2021-28275 |
3.5 |
jhead exif.c Get16u denial of service |
$0-$1k |
Not Defined |
|
CVE-2021-28278 |
5.5 |
jhead jpgfile.c RemoveSectionType heap-based overflow |
$2k-$5k |
Not Defined |
|
CVE-2021-28277 |
5.5 |
jhead jpgfile.c RemoveUnknownSections heap-based overflow |
$2k-$5k |
Not Defined |
|
CVE-2021-28276 |
3.5 |
jhead makernote.c ProcessCanonMakerNoteDir denial of service |
$0-$1k |
Not Defined |
|
CVE-2022-24757 |
7.5 |
Jupyter Server log file |
$1k-$2k |
Official Fix |
|
CVE-2022-25949 |
6.3 |
Kingsoft Internet Security 9 Plus Kernel Mode Driver stack-based overflow |
$10k-$25k |
Not Defined |
|
CVE-2022-26081 |
6.3 |
Kingsoft WPS Office Installer shcore.dll uncontrolled search path |
$2k-$5k |
Not Defined |
|
CVE-2022-25969 |
6.3 |
Kingsoft WPS Office Installer VERSION.DLL uncontrolled search path |
$2k-$5k |
Not Defined |
|
CVE-2022-24934 |
5.5 |
Kingsoft WPS Office Registry wpsupdater.exe access control |
$1k-$2k |
Not Defined |
|
CVE-2022-26511 |
6.3 |
Kingsoft WPS Presentation PPS File d3dx9_41.dll uncontrolled search path |
$2k-$5k |
Not Defined |
|
CVE-2022-0500 |
6.3 |
Linux Kernel BPF Subsystem memory corruption |
$10k-$25k |
Official Fix |
|
CVE-2021-4149 |
6.5 |
Linux Kernel btrfs extent-tree.c btrfs_alloc_tree_b locking |
$2k-$5k |
Official Fix |
|
CVE-2022-0854 |
3.3 |
Linux Kernel DMA Subsystem swiotlb.c DMA_FROM_DEVICE memory leak |
$1k-$2k |
Official Fix |
|
CVE-2022-27666 |
5.5 |
Linux Kernel ESP Transformation esp4.c buffer overflow |
$10k-$25k |
Official Fix |
|
CVE-2021-4148 |
6.5 |
Linux Kernel Filesystem buffer.c block_invalidatepage improper validation of integrity check value |
$2k-$5k |
Official Fix |
|
CVE-2022-1011 |
6.3 |
Linux Kernel FUSE Filesystem dev.c write cleanup |
$10k-$25k |
Official Fix |
|
CVE-2022-0330 |
6.3 |
Linux Kernel GPU i915 Kernel Driver memory corruption |
$10k-$25k |
Official Fix |
|
CVE-2022-27950 |
3.5 |
Linux Kernel hid-elo.c hid_parse memory leak |
$2k-$5k |
Official Fix |
|
CVE-2022-0742 |
9.1 |
Linux Kernel ICMPv6 Packet igmp6_event_report resource consumption |
$5k-$10k |
Official Fix |
|
CVE-2021-4197 |
7.6 |
Linux Kernel Namespace Subsystem improper authentication |
$5k-$10k |
Official Fix |
|
CVE-2021-4202 |
5.0 |
Linux Kernel NFC Controller Interface core.c nci_request use after free |
$10k-$25k |
Official Fix |
|
CVE-2021-4157 |
7.6 |
Linux Kernel NFS Subsystem decode_nfs_fh memory corruption |
$10k-$25k |
Official Fix |
|
CVE-2021-4150 |
6.5 |
Linux Kernel Partition core.c add_partition use after free |
$10k-$25k |
Official Fix |
|
CVE-2021-45868 |
5.5 |
Linux Kernel Quota Tree quota_tree.c use after free |
$10k-$25k |
Official Fix |
|
CVE-2022-0494 |
4.3 |
Linux Kernel scsi_ioctl.c scsi_ioctl information disclosure |
$5k-$10k |
Official Fix |
|
CVE-2022-0322 |
4.3 |
Linux Kernel SCTP Network Protocol sm_make_chunk.c sctp_make_strreset_req numeric conversion |
$2k-$5k |
Official Fix |
|
CVE-2021-4203 |
7.6 |
Linux Kernel sock.c sock_getsockopt use after free |
$10k-$25k |
Official Fix |
|
CVE-2022-0435 |
7.6 |
Linux Kernel TIPC Protocol Subsystem stack-based overflow |
$10k-$25k |
Official Fix |
|
CVE-2022-0995 |
7.6 |
Linux Kernel watch_queue Subsystem out-of-bounds write |
$10k-$25k |
Official Fix |
|
CVE-2022-27887 |
3.5 |
Maccms data.html cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-27885 |
3.5 |
Maccms data.html cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-26573 |
3.5 |
Maccms data.html cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-27886 |
3.5 |
Maccms index.html cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-27884 |
3.5 |
Maccms index.html cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-0862 |
3.7 |
McAfee being API password recovery |
$10k-$25k |
Official Fix |
|
CVE-2022-0861 |
4.1 |
McAfee ePolicy Orchestrator Extension Import xml external entity reference |
$5k-$10k |
Official Fix |
|
CVE-2022-0859 |
6.5 |
McAfee ePolicy Orchestrator insufficiently protected credentials |
$2k-$5k |
Official Fix |
|
CVE-2022-0857 |
4.8 |
McAfee ePolicy Orchestrator Link cross site scripting |
$5k-$10k |
Official Fix |
|
CVE-2022-0858 |
4.3 |
McAfee ePolicy Orchestrator Link cross site scripting |
$5k-$10k |
Official Fix |
|
CVE-2022-0842 |
4.0 |
McAfee ePolicy Orchestrator sql injection |
$5k-$10k |
Official Fix |
|
CVE-2022-25221 |
3.5 |
Money Transfer Management System cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-25222 |
6.3 |
Money Transfer Management System manage_branch.php injection |
$2k-$5k |
Not Defined |
|
CVE-2022-25223 |
5.5 |
Money Transfer Management System sql injection |
$1k-$2k |
Not Defined |
|
CVE-2022-24655 |
6.3 |
Netgear EX6100v1/CAX80/DC112A UPnP Service stack-based overflow |
$10k-$25k |
Not Defined |
|
CVE-2022-27946 |
6.3 |
Netgear R8500 admin_account.cgi os command injection |
$10k-$25k |
Not Defined |
|
CVE-2022-27947 |
6.3 |
Netgear R8500 ipv6_fix.cgi os command injection |
$10k-$25k |
Not Defined |
|
CVE-2022-27945 |
6.3 |
Netgear R8500 password.cgi os command injection |
$10k-$25k |
Not Defined |
|
CVE-2021-44261 |
7.3 |
Netgear W104 BRS_top.html improper authentication |
$10k-$25k |
Not Defined |
|
CVE-2021-44262 |
7.3 |
Netgear W104 MNU_top.htm improper authentication |
$10k-$25k |
Not Defined |
|
CVE-2022-0889 |
5.2 |
Ninja Forms File Uploads Extension Plugin uploads.php cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-0888 |
8.5 |
Ninja Forms File Uploads Extension Plugin uploads.php unrestricted upload |
$2k-$5k |
Not Defined |
|
CVE-2022-21820 |
6.3 |
NVIDIA DCGM input validation |
$2k-$5k |
Not Defined |
|
CVE-2022-21822 |
7.5 |
Nvidia Flare Admin Interface allocation of resources |
$0-$1k |
Not Defined |
|
CVE-2022-27882 |
4.6 |
OpenBSD IPv6 Route heap-based overflow |
$10k-$25k |
Official Fix |
|
CVE-2022-27881 |
4.6 |
OpenBSD slaacd engine.c buffer overflow |
$10k-$25k |
Official Fix |
|
CVE-2022-25041 |
5.5 |
OpenEMR access control |
$1k-$2k |
Not Defined |
|
CVE-2022-24643 |
3.5 |
OpenEMR Hospital Information Management System cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2021-3941 |
4.3 |
OpenEXR ImfChromaticities.cpp RGBtoXYZ divide by zero |
$0-$1k |
Official Fix |
|
CVE-2021-20299 |
3.5 |
OpenEXR Multipart Input File null pointer dereference |
$0-$1k |
Official Fix |
|
CVE-2021-3933 |
5.5 |
OpenEXR size_t integer overflow |
$2k-$5k |
Not Defined |
|
CVE-2021-43085 |
5.5 |
OpenSSL CMAC_Final permission |
$10k-$25k |
Not Defined |
|
CVE-2022-0475 |
2.9 |
OTRS Package Manager cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2021-36100 |
6.4 |
OTRS String Privilege Escalation |
$2k-$5k |
Not Defined |
|
CVE-2022-1004 |
4.3 |
OTRS Ticket Detail View TicketDetailView information disclosure |
$1k-$2k |
Not Defined |
|
CVE-2022-27820 |
5.0 |
OWASP ZAP Certificate Chain certificate validation |
$1k-$2k |
Not Defined |
|
CVE-2021-44208 |
3.5 |
OX Software OX App Suite Chat cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2021-44211 |
3.5 |
OX Software OX App Suite HTML Email Signature cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2021-44209 |
3.5 |
OX Software OX App Suite HTML5 cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2021-44213 |
3.5 |
OX Software OX App Suite Multipart Message cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2021-44210 |
3.5 |
OX Software OX App Suite NIFF cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2021-44212 |
3.5 |
OX Software OX App Suite Trailing Control Character cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2021-45968 |
5.5 |
Pascom Cloud Phone System Jive platform server-side request forgery |
$1k-$2k |
Official Fix |
|
CVE-2021-45966 |
6.3 |
Pascom Cloud Phone System Management REST API apply os command injection |
$2k-$5k |
Official Fix |
|
CVE-2021-45967 |
5.5 |
Pascom Cloud Phone System Tomcat config |
$2k-$5k |
Official Fix |
|
CVE-2022-25269 |
3.5 |
Passwork On-Premise Edition cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2022-25266 |
3.5 |
Passwork On-Premise Edition downloadExportFile pathname traversal |
$1k-$2k |
Official Fix |
|
CVE-2022-25268 |
4.3 |
Passwork On-Premise Edition Subsystem cross-site request forgery |
$0-$1k |
Official Fix |
|
CVE-2022-25267 |
5.5 |
Passwork On-Premise Edition Upload File uploadExportFile pathname traversal |
$1k-$2k |
Official Fix |
|
CVE-2022-26354 |
3.5 |
QEMU vhost-vsock Device release of resource |
$2k-$5k |
Official Fix |
|
CVE-2022-26353 |
3.5 |
QEMU virtio-net Device release of resource |
$2k-$5k |
Not Defined |
|
CVE-2021-3748 |
5.7 |
QEMU virtio-net Device use after free |
$10k-$25k |
Official Fix |
|
CVE-2021-3582 |
5.7 |
QEMU Vmware Paravirtual RDMA Device memory corruption |
$10k-$25k |
Not Defined |
|
CVE-2022-1052 |
6.4 |
radare2 iterate_chained_fixups heap-based overflow |
$2k-$5k |
Official Fix |
|
CVE-2022-1031 |
6.3 |
radare2 op_is_set_bp use after free |
$1k-$2k |
Official Fix |
|
CVE-2022-1061 |
6.3 |
radare2 parseDragons heap-based overflow |
$1k-$2k |
Official Fix |
|
CVE-2022-0237 |
3.6 |
Rapid7 Insight Agent runas.exe access control |
$0-$1k |
Official Fix |
|
CVE-2022-0757 |
5.4 |
Rapid7 Nexpose Search Criteria sql injection |
$0-$1k |
Official Fix |
|
CVE-2022-0758 |
3.0 |
Rapid7 Nexpose Shared Scan Configuration cross site scripting |
$0-$1k |
Official Fix |
|
CVE-2021-27473 |
6.7 |
Rockwell Automation Automation Connected Components Workbench ccwarc Archive File path traversal |
$1k-$2k |
Not Defined |
|
CVE-2021-27475 |
8.7 |
Rockwell Automation Connected Components Workbench deserialization |
$2k-$5k |
Not Defined |
|
CVE-2021-27471 |
8.3 |
Rockwell Automation Connected Components Workbench File Parser path traversal |
$2k-$5k |
Not Defined |
|
CVE-2021-27460 |
9.9 |
Rockwell Automation FactoryTalk AssetCentre .NET Remoting Endpoint deserialization |
$2k-$5k |
Not Defined |
|
CVE-2021-27462 |
9.9 |
Rockwell Automation FactoryTalk AssetCentre AosService.rem deserialization |
$2k-$5k |
Not Defined |
|
CVE-2021-27468 |
8.6 |
Rockwell Automation FactoryTalk AssetCentre AosService.rem sql injection |
$2k-$5k |
Not Defined |
|
CVE-2021-27466 |
9.9 |
Rockwell Automation FactoryTalk AssetCentre ArchiveService.rem deserialization |
$2k-$5k |
Not Defined |
|
CVE-2021-27464 |
9.9 |
Rockwell Automation FactoryTalk AssetCentre ArchiveService.rem sql injection |
$2k-$5k |
Not Defined |
|
CVE-2021-27474 |
9.9 |
Rockwell Automation FactoryTalk AssetCentre IIS Remoting Services access control |
$2k-$5k |
Not Defined |
|
CVE-2021-27470 |
9.9 |
Rockwell Automation FactoryTalk AssetCentre LogService.rem deserialization |
$2k-$5k |
Not Defined |
|
CVE-2021-27476 |
9.9 |
Rockwell Automation FactoryTalk AssetCentre RACompare SaveConfigFile os command injection |
$2k-$5k |
Not Defined |
|
CVE-2021-27472 |
8.6 |
Rockwell Automation FactoryTalk AssetCentre SearchService RunSearch sql injection |
$2k-$5k |
Not Defined |
|
CVE-2022-25610 |
3.2 |
Simple Ajax Chat cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-25611 |
3.8 |
Simple Event Planner Plugin cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-25612 |
3.8 |
Simple Event Planner Plugin cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-0760 |
7.3 |
Simple Link Directory Plugin SQL Statement qcopd_upvote_action sql injection |
$2k-$5k |
Official Fix |
|
CVE-2022-0681 |
4.3 |
Simple Membership Plugin Transaction cross-site request forgery |
$0-$1k |
Official Fix |
|
CVE-2022-26260 |
5.5 |
Simple-Plist parse code injection |
$1k-$2k |
Not Defined |
|
CVE-2021-45791 |
6.3 |
Slims8 Akasia index.php sql injection |
$1k-$2k |
Not Defined |
|
CVE-2021-45794 |
6.3 |
Slims9 Bulian backup.php sql injection |
$1k-$2k |
Not Defined |
|
CVE-2021-45793 |
6.3 |
Slims9 Bulian comment.inc.php sql injection |
$1k-$2k |
Not Defined |
|
CVE-2021-45792 |
3.5 |
Slims9 Bulian custom_field.php cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-24235 |
4.3 |
Snapt Aria cross-site request forgery |
$0-$1k |
Not Defined |
|
CVE-2022-24236 |
6.3 |
Snapt Aria Email permission |
$2k-$5k |
Not Defined |
|
CVE-2022-24237 |
5.5 |
Snapt Aria snaptPowered2 command injection |
$1k-$2k |
Not Defined |
|
CVE-2021-35254 |
8.2 |
SolarWinds WebHelpDesk input validation |
$2k-$5k |
Official Fix |
|
CVE-2022-22273 |
6.3 |
SonicWALL SMA 100 os command injection |
$2k-$5k |
Unavailable |
|
CVE-2022-22274 |
7.3 |
SonicWALL SonicOS HTTP Request stack-based overflow |
$2k-$5k |
Not Defined |
|
CVE-2022-1040 |
9.8 |
Sophos Firewall User Portal/Webadmin improper authentication |
$1k-$2k |
Not Defined |
|
CVE-2022-0652 |
3.2 |
Sophos UTM Confd Log File unknown vulnerability |
$0-$1k |
Official Fix |
|
CVE-2022-0386 |
7.5 |
Sophos UTM Mail Manager sql injection |
$1k-$2k |
Official Fix |
|
CVE-2021-44088 |
7.3 |
SourceCodester Attendance and Payroll System Login improper authentication |
$1k-$2k |
Not Defined |
|
CVE-2021-44087 |
7.3 |
SourceCodester Attendance and Payroll System Photo unrestricted upload |
$2k-$5k |
Not Defined |
|
CVE-2022-1081 |
4.3 |
SourceCodester Microfinance Management System addcustomerHandler.php cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-1082 |
7.3 |
SourceCodester Microfinance Management System Login Page login.php sql injection |
$2k-$5k |
Not Defined |
|
CVE-2022-1080 |
7.3 |
SourceCodester One Church Management System attendancy.php sql injection |
$2k-$5k |
Not Defined |
|
CVE-2022-1079 |
4.3 |
SourceCodester One Church Management System cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-1084 |
7.3 |
SourceCodester One Church Management System Session userregister.php improper authentication |
$1k-$2k |
Not Defined |
|
CVE-2022-26295 |
3.5 |
Sourcecodester Online Project Time Management System cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-26293 |
6.3 |
Sourcecodester Online Project Time Management System Users.php save_employee sql injection |
$1k-$2k |
Not Defined |
|
CVE-2022-1102 |
4.3 |
SourceCodester Royale Event Management System companyprofile.php cross site scripting |
$0-$1k |
Not Defined |
|
CVE-2022-1101 |
7.3 |
SourceCodester Royale Event Management System userregister.php improper authentication |
$1k-$2k |
Not Defined |
|
CVE-2022-26284 |
6.3 |
Sourcecodester Simple Client Management System manage_client endpoint sql injection |
$1k-$2k |
Not Defined |
|
CVE-2022-26285 |
6.3 |
Sourcecodester Simple Subscription Website Apply Endpoint sql injection |
$1k-$2k |
Not Defined |
|
CVE-2022-26283 |
5.5 |
Sourcecodester Simple Subscription Website view_plan endpoint sql injection |
$1k-$2k |
Not Defined |
|
CVE-2022-22687 |
9.8 |
Synology DiskStation Manager Authentication buffer overflow |
$2k-$5k |
Official Fix |
|
CVE-2022-22688 |
8.8 |
Synology DiskStation Manager File Service command injection |
$2k-$5k |
Official Fix |
|
CVE-2022-25505 |
6.3 |
Taocms Category.php sql injection |
$1k-$2k |
Not Defined |
|
CVE-2022-23880 |
5.5 |
taocms File Management Module unrestricted upload |
$1k-$2k |
Not Defined |
|
CVE-2022-23242 |
5.1 |
TeamViewer Connection Password access control |
$1k-$2k |
Official Fix |
|
CVE-2021-38772 |
5.5 |
Tenda AC10-1200 fromSetIpMacBind buffer overflow |
$2k-$5k |
Not Defined |
|
CVE-2021-38278 |
5.5 |
Tenda AC10-1200 saveParentControlInfo buffer overflow |
$2k-$5k |
Not Defined |
|
CVE-2022-26243 |
5.5 |
Tenda AC10-1200 setSmartPowerManagement buffer overflow |
$2k-$5k |
Not Defined |
|
CVE-2022-27076 |
5.5 |
Tenda M3 delAd command injection |
$1k-$2k |
Not Defined |
|
CVE-2022-26289 |
5.5 |
Tenda M3 exeCommand command injection |
$1k-$2k |
Not Defined |
|
CVE-2022-27078 |
5.5 |
Tenda M3 setAdInfoDetail command injection |
$1k-$2k |
Not Defined |
|
CVE-2022-26536 |
5.5 |
Tenda M3 setFixTools command injection |
$1k-$2k |
Not Defined |
|
CVE-2022-27082 |
6.3 |
Tenda M3 SetInternetLanInfo command injection |
$2k-$5k |
Not Defined |
|
CVE-2022-27081 |
5.5 |
Tenda M3 SetLanInfo command injection |
$1k-$2k |
Not Defined |
|
CVE-2022-27079 |
5.5 |
Tenda M3 setPicListItem command injection |
$1k-$2k |
Not Defined |
|
CVE-2022-27080 |
5.5 |
Tenda M3 setWorkmode command injection |
$1k-$2k |
Not Defined |
|
CVE-2022-27083 |
5.5 |
Tenda M3 uploadAccessCodePic command injection |
$1k-$2k |
Not Defined |
|
CVE-2022-27077 |
5.5 |
Tenda M3 uploadWeiXinPic command injection |
$1k-$2k |
Not Defined |
|
CVE-2022-26290 |
5.5 |
Tenda M3 WriteFacMac command injection |
$1k-$2k |
Not Defined |
|
CVE-2022-26186 |
5.5 |
TOTOLINK N600R exportOvpn Interface cstecgi.cgi command injection |
$1k-$2k |
Not Defined |
|
CVE-2022-26189 |
5.5 |
TOTOLINK N600R Login Interface command injection |
$1k-$2k |
Not Defined |
|
CVE-2022-26188 |
5.5 |
TOTOLINK N600R NTPSyncWithHost command injection |
$1k-$2k |
Not Defined |
|
CVE-2022-26187 |
5.5 |
TOTOLINK N600R pingCheck command injection |
$1k-$2k |
Not Defined |
|
CVE-2021-43636 |
5.5 |
TOTOLINK T10 HTTP Request http_request_parse buffer overflow |
$2k-$5k |
Not Defined |
|
CVE-2022-26503 |
5.3 |
Veeam Agent deserialization |
$1k-$2k |
Not Defined |
|
CVE-2022-26501 |
5.5 |
Veeam Backup and Replication access control |
$1k-$2k |
Not Defined |
|
CVE-2022-26500 |
6.3 |
Veeam Backup and Replication API unrestricted upload |
$2k-$5k |
Not Defined |
|
CVE-2022-26504 |
6.3 |
Veeam Backup and Replication Veeam.Backup.PSManager.exe improper authentication |
$1k-$2k |
Not Defined |
|
CVE-2022-22951 |
4.7 |
Vmware Carbon Black App Control Administration Interface os command injection |
$10k-$25k |
Official Fix |
|
CVE-2022-22952 |
4.3 |
Vmware Carbon Black App Control Administration Interface unrestricted upload |
$5k-$10k |
Official Fix |
|
CVE-2021-44260 |
7.3 |
WAVLINK AC1200 live_mfg.html improper authentication |
$1k-$2k |
Not Defined |
|
CVE-2021-44259 |
7.3 |
WAVLINK AC1200 wx.html improper authentication |
$1k-$2k |
Not Defined |
|
CVE-2022-26268 |
6.3 |
xiaohuanxiong Books.php sql injection |
$1k-$2k |
Not Defined |
|
CVE-2021-43738 |
4.3 |
xiaohuanxiong cross-site request forgery |
$0-$1k |
Not Defined |
|
CVE-2021-43737 |
4.3 |
xiaohuanxiong cross-site request forgery |
$0-$1k |
Not Defined |
