info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته اول فروردین‌ماه

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Google  گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد.  همچنین در  محصولات شرکت‌های Sophos، McAfee، Rockwell ، IBM، Netgear،  Facebook و کرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری

امتیاز مبنا

عنوان آسیب‌پذیری

ارزش روز صفر

رفع آسیب‌پذیری

CVE-2022-0627

۳.۵

Amelia Plugin Admin Page cross site scripting

$۰-$۱k

Official Fix

CVE-2022-0834

۴.۹

Amelia Plugin Booking Calendar AddCustomerController.php cross site scripting

$۰-$۱k

Not Defined

CVE-2022-0616

۴.۳

Amelia Plugin cross-site request forgery

$۰-$۱k

Official Fix

CVE-2022-0687

۵.۵

Amelia Plugin Image Blob code injection

$۱k-$2k

Official Fix

CVE-2022-26526

۶.۳

Anaconda/Miniconda3 Environment Variable uncontrolled search path

$۲k-$5k

Not Defined

CVE-2022-25576

۴.۳

Anchor CMS Post posts.php cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-44040

۵.۵

Apache Traffic Server Request Line Parser input validation

$۱۰k-$25k

Official Fix

CVE-2021-44759

۷.۳

Apache Traffic Server TLS Origin improper authentication

$۱۰k-$25k

Official Fix

CVE-2020-20095

۶.۳

Apple iOS iMessage clickjacking

$۵۰k-$100k

Not Defined

CVE-2022-24768

۸.۱

Argo CD access control

$۲k-$5k

Official Fix

CVE-2022-24731

۴.۷

Argo CD path traversal

$۱k-$2k

Official Fix

CVE-2022-24730

۶.۰

Argo CD path traversal

$۱k-$2k

Official Fix

CVE-2021-45757

۵.۷

Asus RT-AC68U blocking.cgi denial of service

$۰-$۱k

Not Defined

CVE-2021-45756

۵.۵

Asus RT-AC68U/RT-AC5300 blocking_request.cgi buffer overflow

$۲k-$5k

Not Defined

CVE-2022-25248

۵.۳

Axeda Agent/Desktop Server information disclosure

$۱k-$2k

Not Defined

CVE-2022-25252

۷.۴

Axeda Agent/Desktop Server Service missing authentication

$۱k-$2k

Not Defined

CVE-2022-25250

۷.۴

Axeda Agent/Desktop Server Service missing authentication

$۱k-$2k

Not Defined

CVE-2022-25249

۶.۴

Axeda Agent/Desktop Server Web Server path traversal

$۱k-$2k

Not Defined

CVE-2022-25251

۸.۵

Axeda Agent/Desktop Server XML Message missing authentication

$۱k-$2k

Not Defined

CVE-2022-23346

۵.۵

Bigantsoft BigAnt Server access control

$۱k-$2k

Not Defined

CVE-2022-23345

۵.۵

Bigantsoft BigAnt Server access control

$۱k-$2k

Not Defined

CVE-2022-23350

۳.۵

Bigantsoft BigAnt Server cross site scripting

$۰-$۱k

Not Defined

CVE-2022-23349

۴.۳

Bigantsoft BigAnt Server cross-site request forgery

$۰-$۱k

Not Defined

CVE-2022-23352

۳.۵

Bigantsoft BigAnt Server denial of service

$۰-$۱k

Not Defined

CVE-2022-23347

۵.۵

Bigantsoft BigAnt Server pathname traversal

$۱k-$2k

Not Defined

CVE-2022-23348

۲.۶

Bigantsoft BigAnt Server unknown vulnerability

$۰-$۱k

Not Defined

CVE-2021-38745

۵.۵

Chamilo LMS Plugin code injection

$۱k-$2k

Not Defined

CVE-2021-40662

۴.۳

Chamilo LMS URL cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-40905

۶.۳

CheckMK Enterprise Edition Web Management Console unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-40904

۶.۳

CheckMK Raw Edition Web Management Console Privilege Escalation

$۲k-$5k

Not Defined

CVE-2021-40906

۴.۳

CheckMK Raw Edition Web Service cross site scripting

$۰-$۱k

Not Defined

CVE-2021-43736

۶.۳

CmsWing Privilege Escalation

$۲k-$5k

Not Defined

CVE-2021-43735

۶.۳

CmsWing sql injection

$۱k-$2k

Not Defined

CVE-2022-0514

۵.۹

crater-invoice behavioral workflow

$۲k-$5k

Official Fix

CVE-2022-0515

۴.۳

crater-invoice cross-site request forgery

$۰-$۱k

Official Fix

CVE-2022-1033

۶.۷

crater-invoice unrestricted upload

$۲k-$5k

Official Fix

CVE-2021-44127

۵.۵

D-Link DAP-1360 F1 webupg os command injection

$۱۰k-$25k

Not Defined

CVE-2021-31326

۵.۴

D-Link DIR-816 A2 form2Reboot.cgi denial of service

$۲k-$5k

Not Defined

CVE-2022-26258

۶.۳

D-Link DIR-820L lan.asp Privilege Escalation

$۱۰k-$25k

Not Defined

CVE-2022-26659

۶.۳

Docker Desktop Log File symlink

$۲k-$5k

Official Fix

CVE-2021-39383

۶.۳

DWSurvey SysPropertyAction.java Privilege Escalation

$۲k-$5k

Not Defined

CVE-2021-39384

۵.۵

DWSurvey ToHtmlServlet.java access control

$۱k-$2k

Not Defined

CVE-2021-42194

۵.۵

EyouCMS Index.php wechat_return xml external entity reference

$۱k-$2k

Not Defined

CVE-2022-26273

۵.۵

EyouCMS Payment shop.php behavioral workflow

$۱k-$2k

Not Defined

CVE-2022-26279

۵.۵

EyouCMS sqldata access control

$۱k-$2k

Not Defined

CVE-2020-20094

۴.۳

Facebook Instagram URL clickjacking

$۱۰k-$25k

Not Defined

CVE-2020-20093

۶.۳

Facebook Messenger URL clickjacking

$۱۰k-$25k

Not Defined

CVE-2020-20096

۶.۳

Facebook WhatsApp URL clickjacking

$۱۰k-$25k

Not Defined

CVE-2022-0145

۴.۶

ForkCMS cross site scripting

$۰-$۱k

Official Fix

CVE-2022-1064

۷.۶

ForkCMS Marking Blog Comment sql injection

$۱k-$2k

Official Fix

CVE-2022-0153

۷.۹

ForkCMS sql injection

$۱k-$2k

Official Fix

CVE-2021-44751

۵.۳

F-Secure Safe Browser USSD Code access control

$۲k-$5k

Official Fix

CVE-2021-27430

۷.۶

GE UR IED Boot Sequence hard-coded credentials

$۰-$۱k

Not Defined

CVE-2021-27428

۹.۸

GE UR IED Enervista UR Setup unrestricted upload

$۲k-$5k

Official Fix

CVE-2021-27426

۹.۸

GE UR IED Factory Mode config

$۲k-$5k

Official Fix

CVE-2021-27420

۵.۳

GE UR IED HTTP Verb denial of service

$۰-$۱k

Official Fix

CVE-2021-27424

۵.۳

GE UR IED Modbus information disclosure

$۱k-$2k

Official Fix

CVE-2021-27418

۴.۸

GE UR IED Web Interface cross site scripting

$۰-$۱k

Official Fix

CVE-2021-27422

۶.۴

GE UR IED Web Server Interface information disclosure

$۱k-$2k

Official Fix

CVE-2022-27811

۵.۵

GNOME OCRFeeder Filename os command injection

$۱k-$2k

Official Fix

CVE-2022-27943

۳.۵

GNU gcc rust-demangle.c demangle_const resource consumption

$۰-$۱k

Official Fix

CVE-2021-39698

۵.۳

Google Android aio.c aio_poll_complete_work memory corruption

$۲۵k-$50k

Official Fix

CVE-2021-39693

۵.۳

Google Android AppOpsService.java onUidStateChanged state issue

$۲۵k-$50k

Official Fix

CVE-2021-39707

۵.۳

Google Android AppRestrictionsFragment.java onReceive permission

$۲۵k-$50k

Official Fix

CVE-2021-39733

۴.۲

Google Android audiometrics.c amcs_cdev_unlocked_ioctl out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-39695

۵.۳

Google Android BasePermission.java createOrUpdate permission

$۲۵k-$50k

Official Fix

CVE-2021-39701

۵.۳

Google Android ControlsProviderLifecycleManager.kt serviceConnection permission

$۲۵k-$50k

Official Fix

CVE-2021-39706

۵.۳

Google Android CredentialStorage.java onResume permission

$۲۵k-$50k

Official Fix

CVE-2021-39697

۵.۳

Google Android DownloadProvider.java checkFileUriDestination permission

$۲۵k-$50k

Official Fix

CVE-2021-0957

۵.۳

Google Android Factory Reset NotificationStackScrollLayout.java NotificationStackScrollLayout stack-based overflow

$۲۵k-$50k

Official Fix

CVE-2021-39735

۴.۲

Google Android gasket_page_table.c gasket_alloc_coherent_memory memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-39725

۴.۲

Google Android gasket_page_table.c gasket_free_coherent_memory_all memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-39714

۵.۳

Google Android ion.c ion_buffer_kmap_get integer overflow

$۲۵k-$50k

Official Fix

CVE-2021-39705

۳.۳

Google Android LegacyVoicemailNotifier.java getNotificationTag information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-39719

۴.۲

Google Android lwis_device_top.c lwis_top_register_io out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-39732

۵.۳

Google Android lwis_ioctl.c copy_io_entries out-of-bounds write

$۲۵k-$50k

Official Fix

CVE-2021-39736

۴.۲

Google Android lwis_ioctl.c prepare_response out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-39793

۵.۳

Google Android mali_kbase_mem.c kbase_jd_user_buf_pin_pages out-of-bounds write

$۲۵k-$50k

Official Fix

CVE-2021-39704

۵.۳

Google Android NotificationManagerService.java deleteNotificationChannelGroup permission

$۲۵k-$50k

Official Fix

CVE-2021-39689

۴.۲

Google Android odsign_main.cpp Local Privilege Escalation

$۱۰k-$25k

Official Fix

CVE-2021-39721

۴.۲

Google Android out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-39624

۵.۵

Google Android Package Manger resource consumption

$۵k-$10k

Official Fix

CVE-2021-39731

۴.۲

Google Android protocolstkadapter.cpp Init out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-39718

۵.۳

Google Android protocolstkadapter.cpp Init out-of-bounds write

$۲۵k-$50k

Official Fix

CVE-2021-39734

۵.۳

Google Android RCS Message OneToOneChatImpl.java sendMessage permission

$۲۵k-$50k

Official Fix

CVE-2021-39702

۴.۸

Google Android RequestManageCredentials.java onCreate improper restriction of rendered ui layers

$۲۵k-$50k

Official Fix

CVE-2021-39694

۵.۳

Google Android RoleParser.java parse permission

$۲۵k-$50k

Official Fix

CVE-2021-39709

۵.۳

Google Android SipAccountRegistry.java sendSipAccountsRemovedNotification permission

$۲۵k-$50k

Official Fix

CVE-2021-39729

۴.۲

Google Android TitanM Chip out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-39685

۵.۳

Google Android USB Gadget Subsystem out-of-bounds write

$۲۵k-$50k

Official Fix

CVE-2021-39703

۵.۳

Google Android UsbDeviceManager.java updateState improper authorization

$۲۵k-$50k

Official Fix

CVE-2021-39712

۲.۳

Google Android use after free

$۱۰k-$25k

Official Fix

CVE-2021-39690

۳.۳

Google Android WallpaperManagerService.java setDisplayPadding denial of service

$۵k-$10k

Official Fix

CVE-2021-39692

۴.۸

Google Android Work Profile SetupLayoutActivity.java onCreate improper restriction of rendered ui layers

$۲۵k-$50k

Official Fix

CVE-2022-0978

۶.۳

Google Chrome ANGLE use after free

$۵۰k-$100k

Official Fix

CVE-2022-0975

۶.۳

Google Chrome ANGLE use after free

$۵۰k-$100k

Official Fix

CVE-2022-0971

۶.۳

Google Chrome Blink Layout use after free

$۵۰k-$100k

Official Fix

CVE-2022-0977

۶.۳

Google Chrome Browser UI use after free

$۵۰k-$100k

Official Fix

CVE-2022-0972

۶.۳

Google Chrome Extensions use after free

$۵۰k-$100k

Official Fix

CVE-2022-0976

۶.۳

Google Chrome GPU heap-based overflow

$۵۰k-$100k

Official Fix

CVE-2022-0980

۶.۳

Google Chrome New Tab Page use after free

$۵۰k-$100k

Official Fix

CVE-2022-0979

۶.۳

Google Chrome Safe Browsing use after free

$۵۰k-$100k

Official Fix

CVE-2022-0973

۶.۳

Google Chrome Safe Browsing use after free

$۵۰k-$100k

Official Fix

CVE-2022-0974

۶.۳

Google Chrome Splitscreen use after free

$۵۰k-$100k

Official Fix

CVE-2022-27191

۳.۵

Google Go ssh Library denial of service

$۲k-$5k

Official Fix

CVE-2021-22571

۴.۴

Google SA360 tmp permission

$۵k-$10k

Official Fix

CVE-2022-24291

۷.۵

HP Color LaserJet Pro denial of service

$۵k-$10k

Official Fix

CVE-2022-24293

۹.۸

HP Color LaserJet Pro Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2022-24292

۹.۸

HP Color LaserJet Pro Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2021-23158

۴.۳

htmldoc ps-pdf.cxx pspdf_export double free

$۲k-$5k

Official Fix

CVE-2021-23165

۶.۳

htmldoc ps-pdf.cxx pspdf_prepare_outpages heap-based overflow

$۲k-$5k

Official Fix

CVE-2022-22316

۵.۳

IBM MQ Appliance denial of service

$۲k-$5k

Official Fix

CVE-2022-22374

۶.۰

IBM Power 9 OP940 downgrade

$۵k-$10k

Official Fix

CVE-2022-22394

۶.۹

IBM Spectrum Protect access control

$۱۰k-$25k

Official Fix

CVE-2021-26600

۴.۶

ImpressCMS autologin.php type confusion

$۱k-$2k

Official Fix

CVE-2021-26598

۶.۳

ImpressCMS findusers.php access control

$۲k-$5k

Official Fix

CVE-2021-26599

۶.۳

ImpressCMS findusers.php sql injection

$۱k-$2k

Official Fix

CVE-2021-26601

۵.۵

ImpressCMS image-edit.php pathname traversal

$۱k-$2k

Official Fix

CVE-2022-0635

۷.۵

ISC BIND DNSSEC query.c query_dname assertion

$۵k-$10k

Official Fix

CVE-2022-0667

۷.۵

ISC BIND DS Record resume_dslookup assertion

$۵k-$10k

Official Fix

CVE-2021-25220

۳.۸

ISC BIND Forwarder dns rebinding

$۱۰k-$25k

Official Fix

CVE-2022-0396

۵.۳

ISC BIND TCP Packet denial of service

$۵k-$10k

Official Fix

CVE-2021-28275

۳.۵

jhead exif.c Get16u denial of service

$۰-$۱k

Not Defined

CVE-2021-28278

۵.۵

jhead jpgfile.c RemoveSectionType heap-based overflow

$۲k-$5k

Not Defined

CVE-2021-28277

۵.۵

jhead jpgfile.c RemoveUnknownSections heap-based overflow

$۲k-$5k

Not Defined

CVE-2021-28276

۳.۵

jhead makernote.c ProcessCanonMakerNoteDir denial of service

$۰-$۱k

Not Defined

CVE-2022-24757

۷.۵

Jupyter Server log file

$۱k-$2k

Official Fix

CVE-2022-25949

۶.۳

Kingsoft Internet Security 9 Plus Kernel Mode Driver stack-based overflow

$۱۰k-$25k

Not Defined

CVE-2022-26081

۶.۳

Kingsoft WPS Office Installer shcore.dll uncontrolled search path

$۲k-$5k

Not Defined

CVE-2022-25969

۶.۳

Kingsoft WPS Office Installer VERSION.DLL uncontrolled search path

$۲k-$5k

Not Defined

CVE-2022-24934

۵.۵

Kingsoft WPS Office Registry wpsupdater.exe access control

$۱k-$2k

Not Defined

CVE-2022-26511

۶.۳

Kingsoft WPS Presentation PPS File d3dx9_41.dll uncontrolled search path

$۲k-$5k

Not Defined

CVE-2022-0500

۶.۳

Linux Kernel BPF Subsystem memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-4149

۶.۵

Linux Kernel btrfs extent-tree.c btrfs_alloc_tree_b locking

$۲k-$5k

Official Fix

CVE-2022-0854

۳.۳

Linux Kernel DMA Subsystem swiotlb.c DMA_FROM_DEVICE memory leak

$۱k-$2k

Official Fix

CVE-2022-27666

۵.۵

Linux Kernel ESP Transformation esp4.c buffer overflow

$۱۰k-$25k

Official Fix

CVE-2021-4148

۶.۵

Linux Kernel Filesystem buffer.c block_invalidatepage improper validation of integrity check value

$۲k-$5k

Official Fix

CVE-2022-1011

۶.۳

Linux Kernel FUSE Filesystem dev.c write cleanup

$۱۰k-$25k

Official Fix

CVE-2022-0330

۶.۳

Linux Kernel GPU i915 Kernel Driver memory corruption

$۱۰k-$25k

Official Fix

CVE-2022-27950

۳.۵

Linux Kernel hid-elo.c hid_parse memory leak

$۲k-$5k

Official Fix

CVE-2022-0742

۹.۱

Linux Kernel ICMPv6 Packet igmp6_event_report resource consumption

$۵k-$10k

Official Fix

CVE-2021-4197

۷.۶

Linux Kernel Namespace Subsystem improper authentication

$۵k-$10k

Official Fix

CVE-2021-4202

۵.۰

Linux Kernel NFC Controller Interface core.c nci_request use after free

$۱۰k-$25k

Official Fix

CVE-2021-4157

۷.۶

Linux Kernel NFS Subsystem decode_nfs_fh memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-4150

۶.۵

Linux Kernel Partition core.c add_partition use after free

$۱۰k-$25k

Official Fix

CVE-2021-45868

۵.۵

Linux Kernel Quota Tree quota_tree.c use after free

$۱۰k-$25k

Official Fix

CVE-2022-0494

۴.۳

Linux Kernel scsi_ioctl.c scsi_ioctl information disclosure

$۵k-$10k

Official Fix

CVE-2022-0322

۴.۳

Linux Kernel SCTP Network Protocol sm_make_chunk.c sctp_make_strreset_req numeric conversion

$۲k-$5k

Official Fix

CVE-2021-4203

۷.۶

Linux Kernel sock.c sock_getsockopt use after free

$۱۰k-$25k

Official Fix

CVE-2022-0435

۷.۶

Linux Kernel TIPC Protocol Subsystem stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2022-0995

۷.۶

Linux Kernel watch_queue Subsystem out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2022-27887

۳.۵

Maccms data.html cross site scripting

$۰-$۱k

Not Defined

CVE-2022-27885

۳.۵

Maccms data.html cross site scripting

$۰-$۱k

Not Defined

CVE-2022-26573

۳.۵

Maccms data.html cross site scripting

$۰-$۱k

Not Defined

CVE-2022-27886

۳.۵

Maccms index.html cross site scripting

$۰-$۱k

Not Defined

CVE-2022-27884

۳.۵

Maccms index.html cross site scripting

$۰-$۱k

Not Defined

CVE-2022-0862

۳.۷

McAfee being API password recovery

$۱۰k-$25k

Official Fix

CVE-2022-0861

۴.۱

McAfee ePolicy Orchestrator Extension Import xml external entity reference

$۵k-$10k

Official Fix

CVE-2022-0859

۶.۵

McAfee ePolicy Orchestrator insufficiently protected credentials

$۲k-$5k

Official Fix

CVE-2022-0857

۴.۸

McAfee ePolicy Orchestrator Link cross site scripting

$۵k-$10k

Official Fix

CVE-2022-0858

۴.۳

McAfee ePolicy Orchestrator Link cross site scripting

$۵k-$10k

Official Fix

CVE-2022-0842

۴.۰

McAfee ePolicy Orchestrator sql injection

$۵k-$10k

Official Fix

CVE-2022-25221

۳.۵

Money Transfer Management System cross site scripting

$۰-$۱k

Not Defined

CVE-2022-25222

۶.۳

Money Transfer Management System manage_branch.php injection

$۲k-$5k

Not Defined

CVE-2022-25223

۵.۵

Money Transfer Management System sql injection

$۱k-$2k

Not Defined

CVE-2022-24655

۶.۳

Netgear EX6100v1/CAX80/DC112A UPnP Service stack-based overflow

$۱۰k-$25k

Not Defined

CVE-2022-27946

۶.۳

Netgear R8500 admin_account.cgi os command injection

$۱۰k-$25k

Not Defined

CVE-2022-27947

۶.۳

Netgear R8500 ipv6_fix.cgi os command injection

$۱۰k-$25k

Not Defined

CVE-2022-27945

۶.۳

Netgear R8500 password.cgi os command injection

$۱۰k-$25k

Not Defined

CVE-2021-44261

۷.۳

Netgear W104 BRS_top.html improper authentication

$۱۰k-$25k

Not Defined

CVE-2021-44262

۷.۳

Netgear W104 MNU_top.htm improper authentication

$۱۰k-$25k

Not Defined

CVE-2022-0889

۵.۲

Ninja Forms File Uploads Extension Plugin uploads.php cross site scripting

$۰-$۱k

Not Defined

CVE-2022-0888

۸.۵

Ninja Forms File Uploads Extension Plugin uploads.php unrestricted upload

$۲k-$5k

Not Defined

CVE-2022-21820

۶.۳

NVIDIA DCGM input validation

$۲k-$5k

Not Defined

CVE-2022-21822

۷.۵

Nvidia Flare Admin Interface allocation of resources

$۰-$۱k

Not Defined

CVE-2022-27882

۴.۶

OpenBSD IPv6 Route heap-based overflow

$۱۰k-$25k

Official Fix

CVE-2022-27881

۴.۶

OpenBSD slaacd engine.c buffer overflow

$۱۰k-$25k

Official Fix

CVE-2022-25041

۵.۵

OpenEMR access control

$۱k-$2k

Not Defined

CVE-2022-24643

۳.۵

OpenEMR Hospital Information Management System cross site scripting

$۰-$۱k

Not Defined

CVE-2021-3941

۴.۳

OpenEXR ImfChromaticities.cpp RGBtoXYZ divide by zero

$۰-$۱k

Official Fix

CVE-2021-20299

۳.۵

OpenEXR Multipart Input File null pointer dereference

$۰-$۱k

Official Fix

CVE-2021-3933

۵.۵

OpenEXR size_t integer overflow

$۲k-$5k

Not Defined

CVE-2021-43085

۵.۵

OpenSSL CMAC_Final permission

$۱۰k-$25k

Not Defined

CVE-2022-0475

۲.۹

OTRS Package Manager cross site scripting

$۰-$۱k

Not Defined

CVE-2021-36100

۶.۴

OTRS String Privilege Escalation

$۲k-$5k

Not Defined

CVE-2022-1004

۴.۳

OTRS Ticket Detail View TicketDetailView information disclosure

$۱k-$2k

Not Defined

CVE-2022-27820

۵.۰

OWASP ZAP Certificate Chain certificate validation

$۱k-$2k

Not Defined

CVE-2021-44208

۳.۵

OX Software OX App Suite Chat cross site scripting

$۰-$۱k

Not Defined

CVE-2021-44211

۳.۵

OX Software OX App Suite HTML Email Signature cross site scripting

$۰-$۱k

Not Defined

CVE-2021-44209

۳.۵

OX Software OX App Suite HTML5 cross site scripting

$۰-$۱k

Not Defined

CVE-2021-44213

۳.۵

OX Software OX App Suite Multipart Message cross site scripting

$۰-$۱k

Not Defined

CVE-2021-44210

۳.۵

OX Software OX App Suite NIFF cross site scripting

$۰-$۱k

Not Defined

CVE-2021-44212

۳.۵

OX Software OX App Suite Trailing Control Character cross site scripting

$۰-$۱k

Not Defined

CVE-2021-45968

۵.۵

Pascom Cloud Phone System Jive platform server-side request forgery

$۱k-$2k

Official Fix

CVE-2021-45966

۶.۳

Pascom Cloud Phone System Management REST API apply os command injection

$۲k-$5k

Official Fix

CVE-2021-45967

۵.۵

Pascom Cloud Phone System Tomcat config

$۲k-$5k

Official Fix

CVE-2022-25269

۳.۵

Passwork On-Premise Edition cross site scripting

$۰-$۱k

Official Fix

CVE-2022-25266

۳.۵

Passwork On-Premise Edition downloadExportFile pathname traversal

$۱k-$2k

Official Fix

CVE-2022-25268

۴.۳

Passwork On-Premise Edition Subsystem cross-site request forgery

$۰-$۱k

Official Fix

CVE-2022-25267

۵.۵

Passwork On-Premise Edition Upload File uploadExportFile pathname traversal

$۱k-$2k

Official Fix

CVE-2022-26354

۳.۵

QEMU vhost-vsock Device release of resource

$۲k-$5k

Official Fix

CVE-2022-26353

۳.۵

QEMU virtio-net Device release of resource

$۲k-$5k

Not Defined

CVE-2021-3748

۵.۷

QEMU virtio-net Device use after free

$۱۰k-$25k

Official Fix

CVE-2021-3582

۵.۷

QEMU Vmware Paravirtual RDMA Device memory corruption

$۱۰k-$25k

Not Defined

CVE-2022-1052

۶.۴

radare2 iterate_chained_fixups heap-based overflow

$۲k-$5k

Official Fix

CVE-2022-1031

۶.۳

radare2 op_is_set_bp use after free

$۱k-$2k

Official Fix

CVE-2022-1061

۶.۳

radare2 parseDragons heap-based overflow

$۱k-$2k

Official Fix

CVE-2022-0237

۳.۶

Rapid7 Insight Agent runas.exe access control

$۰-$۱k

Official Fix

CVE-2022-0757

۵.۴

Rapid7 Nexpose Search Criteria sql injection

$۰-$۱k

Official Fix

CVE-2022-0758

۳.۰

Rapid7 Nexpose Shared Scan Configuration cross site scripting

$۰-$۱k

Official Fix

CVE-2021-27473

۶.۷

Rockwell Automation Automation Connected Components Workbench ccwarc Archive File path traversal

$۱k-$2k

Not Defined

CVE-2021-27475

۸.۷

Rockwell Automation Connected Components Workbench deserialization

$۲k-$5k

Not Defined

CVE-2021-27471

۸.۳

Rockwell Automation Connected Components Workbench File Parser path traversal

$۲k-$5k

Not Defined

CVE-2021-27460

۹.۹

Rockwell Automation FactoryTalk AssetCentre .NET Remoting Endpoint deserialization

$۲k-$5k

Not Defined

CVE-2021-27462

۹.۹

Rockwell Automation FactoryTalk AssetCentre AosService.rem deserialization

$۲k-$5k

Not Defined

CVE-2021-27468

۸.۶

Rockwell Automation FactoryTalk AssetCentre AosService.rem sql injection

$۲k-$5k

Not Defined

CVE-2021-27466

۹.۹

Rockwell Automation FactoryTalk AssetCentre ArchiveService.rem deserialization

$۲k-$5k

Not Defined

CVE-2021-27464

۹.۹

Rockwell Automation FactoryTalk AssetCentre ArchiveService.rem sql injection

$۲k-$5k

Not Defined

CVE-2021-27474

۹.۹

Rockwell Automation FactoryTalk AssetCentre IIS Remoting Services access control

$۲k-$5k

Not Defined

CVE-2021-27470

۹.۹

Rockwell Automation FactoryTalk AssetCentre LogService.rem deserialization

$۲k-$5k

Not Defined

CVE-2021-27476

۹.۹

Rockwell Automation FactoryTalk AssetCentre RACompare SaveConfigFile os command injection

$۲k-$5k

Not Defined

CVE-2021-27472

۸.۶

Rockwell Automation FactoryTalk AssetCentre SearchService RunSearch sql injection

$۲k-$5k

Not Defined

CVE-2022-25610

۳.۲

Simple Ajax Chat cross site scripting

$۰-$۱k

Not Defined

CVE-2022-25611

۳.۸

Simple Event Planner Plugin cross site scripting

$۰-$۱k

Not Defined

CVE-2022-25612

۳.۸

Simple Event Planner Plugin cross site scripting

$۰-$۱k

Not Defined

CVE-2022-0760

۷.۳

Simple Link Directory Plugin SQL Statement qcopd_upvote_action sql injection

$۲k-$5k

Official Fix

CVE-2022-0681

۴.۳

Simple Membership Plugin Transaction cross-site request forgery

$۰-$۱k

Official Fix

CVE-2022-26260

۵.۵

Simple-Plist parse code injection

$۱k-$2k

Not Defined

CVE-2021-45791

۶.۳

Slims8 Akasia index.php sql injection

$۱k-$2k

Not Defined

CVE-2021-45794

۶.۳

Slims9 Bulian backup.php sql injection

$۱k-$2k

Not Defined

CVE-2021-45793

۶.۳

Slims9 Bulian comment.inc.php sql injection

$۱k-$2k

Not Defined

CVE-2021-45792

۳.۵

Slims9 Bulian custom_field.php cross site scripting

$۰-$۱k

Not Defined

CVE-2022-24235

۴.۳

Snapt Aria cross-site request forgery

$۰-$۱k

Not Defined

CVE-2022-24236

۶.۳

Snapt Aria Email permission

$۲k-$5k

Not Defined

CVE-2022-24237

۵.۵

Snapt Aria snaptPowered2 command injection

$۱k-$2k

Not Defined

CVE-2021-35254

۸.۲

SolarWinds WebHelpDesk input validation

$۲k-$5k

Official Fix

CVE-2022-22273

۶.۳

SonicWALL SMA 100 os command injection

$۲k-$5k

Unavailable

CVE-2022-22274

۷.۳

SonicWALL SonicOS HTTP Request stack-based overflow

$۲k-$5k

Not Defined

CVE-2022-1040

۹.۸

Sophos Firewall User Portal/Webadmin improper authentication

$۱k-$2k

Not Defined

CVE-2022-0652

۳.۲

Sophos UTM Confd Log File unknown vulnerability

$۰-$۱k

Official Fix

CVE-2022-0386

۷.۵

Sophos UTM Mail Manager sql injection

$۱k-$2k

Official Fix

CVE-2021-44088

۷.۳

SourceCodester Attendance and Payroll System Login improper authentication

$۱k-$2k

Not Defined

CVE-2021-44087

۷.۳

SourceCodester Attendance and Payroll System Photo unrestricted upload

$۲k-$5k

Not Defined

CVE-2022-1081

۴.۳

SourceCodester Microfinance Management System addcustomerHandler.php cross site scripting

$۰-$۱k

Not Defined

CVE-2022-1082

۷.۳

SourceCodester Microfinance Management System Login Page login.php sql injection

$۲k-$5k

Not Defined

CVE-2022-1080

۷.۳

SourceCodester One Church Management System attendancy.php sql injection

$۲k-$5k

Not Defined

CVE-2022-1079

۴.۳

SourceCodester One Church Management System cross site scripting

$۰-$۱k

Not Defined

CVE-2022-1084

۷.۳

SourceCodester One Church Management System Session userregister.php improper authentication

$۱k-$2k

Not Defined

CVE-2022-26295

۳.۵

Sourcecodester Online Project Time Management System cross site scripting

$۰-$۱k

Not Defined

CVE-2022-26293

۶.۳

Sourcecodester Online Project Time Management System Users.php save_employee sql injection

$۱k-$2k

Not Defined

CVE-2022-1102

۴.۳

SourceCodester Royale Event Management System companyprofile.php cross site scripting

$۰-$۱k

Not Defined

CVE-2022-1101

۷.۳

SourceCodester Royale Event Management System userregister.php improper authentication

$۱k-$2k

Not Defined

CVE-2022-26284

۶.۳

Sourcecodester Simple Client Management System manage_client endpoint sql injection

$۱k-$2k

Not Defined

CVE-2022-26285

۶.۳

Sourcecodester Simple Subscription Website Apply Endpoint sql injection

$۱k-$2k

Not Defined

CVE-2022-26283

۵.۵

Sourcecodester Simple Subscription Website view_plan endpoint sql injection

$۱k-$2k

Not Defined

CVE-2022-22687

۹.۸

Synology DiskStation Manager Authentication buffer overflow

$۲k-$5k

Official Fix

CVE-2022-22688

۸.۸

Synology DiskStation Manager File Service command injection

$۲k-$5k

Official Fix

CVE-2022-25505

۶.۳

Taocms Category.php sql injection

$۱k-$2k

Not Defined

CVE-2022-23880

۵.۵

taocms File Management Module unrestricted upload

$۱k-$2k

Not Defined

CVE-2022-23242

۵.۱

TeamViewer Connection Password access control

$۱k-$2k

Official Fix

CVE-2021-38772

۵.۵

Tenda AC10-1200 fromSetIpMacBind buffer overflow

$۲k-$5k

Not Defined

CVE-2021-38278

۵.۵

Tenda AC10-1200 saveParentControlInfo buffer overflow

$۲k-$5k

Not Defined

CVE-2022-26243

۵.۵

Tenda AC10-1200 setSmartPowerManagement buffer overflow

$۲k-$5k

Not Defined

CVE-2022-27076

۵.۵

Tenda M3 delAd command injection

$۱k-$2k

Not Defined

CVE-2022-26289

۵.۵

Tenda M3 exeCommand command injection

$۱k-$2k

Not Defined

CVE-2022-27078

۵.۵

Tenda M3 setAdInfoDetail command injection

$۱k-$2k

Not Defined

CVE-2022-26536

۵.۵

Tenda M3 setFixTools command injection

$۱k-$2k

Not Defined

CVE-2022-27082

۶.۳

Tenda M3 SetInternetLanInfo command injection

$۲k-$5k

Not Defined

CVE-2022-27081

۵.۵

Tenda M3 SetLanInfo command injection

$۱k-$2k

Not Defined

CVE-2022-27079

۵.۵

Tenda M3 setPicListItem command injection

$۱k-$2k

Not Defined

CVE-2022-27080

۵.۵

Tenda M3 setWorkmode command injection

$۱k-$2k

Not Defined

CVE-2022-27083

۵.۵

Tenda M3 uploadAccessCodePic command injection

$۱k-$2k

Not Defined

CVE-2022-27077

۵.۵

Tenda M3 uploadWeiXinPic command injection

$۱k-$2k

Not Defined

CVE-2022-26290

۵.۵

Tenda M3 WriteFacMac command injection

$۱k-$2k

Not Defined

CVE-2022-26186

۵.۵

TOTOLINK N600R exportOvpn Interface cstecgi.cgi command injection

$۱k-$2k

Not Defined

CVE-2022-26189

۵.۵

TOTOLINK N600R Login Interface command injection

$۱k-$2k

Not Defined

CVE-2022-26188

۵.۵

TOTOLINK N600R NTPSyncWithHost command injection

$۱k-$2k

Not Defined

CVE-2022-26187

۵.۵

TOTOLINK N600R pingCheck command injection

$۱k-$2k

Not Defined

CVE-2021-43636

۵.۵

TOTOLINK T10 HTTP Request http_request_parse buffer overflow

$۲k-$5k

Not Defined

CVE-2022-26503

۵.۳

Veeam Agent deserialization

$۱k-$2k

Not Defined

CVE-2022-26501

۵.۵

Veeam Backup and Replication access control

$۱k-$2k

Not Defined

CVE-2022-26500

۶.۳

Veeam Backup and Replication API unrestricted upload

$۲k-$5k

Not Defined

CVE-2022-26504

۶.۳

Veeam Backup and Replication Veeam.Backup.PSManager.exe improper authentication

$۱k-$2k

Not Defined

CVE-2022-22951

۴.۷

Vmware Carbon Black App Control Administration Interface os command injection

$۱۰k-$25k

Official Fix

CVE-2022-22952

۴.۳

Vmware Carbon Black App Control Administration Interface unrestricted upload

$۵k-$10k

Official Fix

CVE-2021-44260

۷.۳

WAVLINK AC1200 live_mfg.html improper authentication

$۱k-$2k

Not Defined

CVE-2021-44259

۷.۳

WAVLINK AC1200 wx.html improper authentication

$۱k-$2k

Not Defined

CVE-2022-26268

۶.۳

xiaohuanxiong Books.php sql injection

$۱k-$2k

Not Defined

CVE-2021-43738

۴.۳

xiaohuanxiong cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-43737

۴.۳

xiaohuanxiong cross-site request forgery

$۰-$۱k

Not Defined

 

 

    

تحت نظارت وف ایرانی