info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته چهارم آبان‌ماه

 

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Microsoft  گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد.  همچنین در  محصولات شرکت‌های Qualcomm، Apache، Siemens ، IBM، Palo Alto،  Samba و کرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری

امتیاز مبنا

عنوان آسیب‌پذیری

ارزش روز صفر

رفع آسیب‌پذیری

CVE-2021-40518

۳.۵

Airangel HSMX Gateway cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-40519

۶.۳

Airangel HSMX Gateway hard-coded credentials

$۱k-$2k

Not Defined

CVE-2021-40520

۵.۵

Airangel HSMX Gateway improper authentication

$۱k-$2k

Not Defined

CVE-2021-40521

۶.۳

Airangel HSMX Gateway Privilege Escalation

$۲k-$5k

Not Defined

CVE-2021-40517

۳.۵

Airangel HSMX Gateway Table Update cross site scripting

$۰-$۱k

Not Defined

CVE-2021-26558

۵.۵

Apache ShardingSphere-UI deserialization

$۵k-$25k

Official Fix

CVE-2021-41972

۳.۵

Apache Superset Database Connection insufficiently protected credentials

$۰-$۵k

Not Defined

CVE-2021-43350

۶.۳

Apache Traffic Control API login ldap injection

$۵k-$25k

Not Defined

CVE-2021-25978

۴.۴

Apostrophe CMS Image Module cross site scripting

$۰-$۱k

Official Fix

CVE-2021-25979

۶.۷

Apostrophe CMS session expiration

$۱k-$2k

Official Fix

CVE-2021-41289

۵.۴

Asus P453UJ BIOS memory corruption

$۰-$۵k

Not Defined

CVE-2021-37910

۳.۷

ASUS Router WPA2/WPA3-SAE denial of service

$۰-$۵k

Not Defined

CVE-2021-42073

۴.۶

Barrier Cilent Label state issue

$۱k-$2k

Official Fix

CVE-2021-42072

۵.۵

Barrier Client Connection Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-42074

۴.۳

Barrier TCP Connection denial of service

$۰-$۱k

Official Fix

CVE-2021-42075

۵.۳

Barrier TCP Connection resource consumption

$۰-$۱k

Official Fix

CVE-2021-42076

۳.۵

Barrier TCP Message memory allocation

$۰-$۱k

Official Fix

CVE-2021-43611

۳.۵

Belledonne Belle-sip Header denial of service

$۰-$۵k

Official Fix

CVE-2021-43610

۴.۳

Belledonne Belle-sip Header denial of service

$۰-$۵k

Official Fix

CVE-2021-3792

۴.۵

Binatone Hubble Camera Communication Channel cleartext transmission

$۰-$۵k

Not Defined

CVE-2021-3788

۶.۸

Binatone Hubble Camera Debug Interface access control

$۰-$۵k

Not Defined

CVE-2021-3793

۵.۴

Binatone Hubble Camera Firmware Update direct request

$۰-$۵k

Not Defined

CVE-2021-3789

۳.۱

Binatone Hubble Camera Firmware Update insufficiently protected credentials

$۰-$۵k

Not Defined

CVE-2021-3791

۵.۴

Binatone Hubble Camera log file

$۰-$۵k

Not Defined

CVE-2021-3787

۴.۲

Binatone Hubble Camera MQTT Credentials credentials storage

$۰-$۵k

Not Defined

CVE-2021-3577

۸.۸

Binatone Hubble Camera os command injection

$۰-$۵k

Not Defined

CVE-2021-3790

۵.۴

Binatone Hubble Camera Web Server stack-based overflow

$۰-$۵k

Not Defined

CVE-2021-3641

۴.۷

Bitdefender GravityZone Endpoint Security Tools denial of service

$۰-$۱k

Not Defined

CVE-2021-42774

۷.۳

Broadcom Emulex HBA Manager Management Mode buffer overflow

$۰-$۵k

Official Fix

CVE-2021-42773

۳.۷

Broadcom Emulex HBA Manager Management Mode GetDumpFile information disclosure

$۰-$۵k

Official Fix

CVE-2021-42775

۷.۳

Broadcom Emulex HBA Manager Management Mode Remote Code Execution

$۰-$۵k

Official Fix

CVE-2021-22955

۵.۳

Citrix ADC/Gateway VPN Gateway/AAA Virtual Server resource consumption

$۲k-$5k

Official Fix

CVE-2021-22956

۳.۱

Citrix ADC/Gateway/SD-WAN WANOP Edition NSIP/SNIP resource consumption

$۲k-$5k

Official Fix

CVE-2021-29994

۴.۸

Cloudera HUE cross site scripting

$۰-$۱k

Not Defined

CVE-2021-32481

۴.۸

Cloudera Hue Parameter cross site scripting

$۰-$۱k

Not Defined

CVE-2021-30132

۷.۶

Cloudera Manager access control

$۱k-$2k

Not Defined

CVE-2021-29243

۳.۵

Cloudera Manager cross site scripting

$۰-$۱k

Not Defined

CVE-2021-32483

۵.۴

Cloudera Manager Dashboard access control

$۱k-$2k

Not Defined

CVE-2021-32482

۳.۵

Cloudera Manager Parameter cross site scripting

$۰-$۱k

Not Defined

CVE-2021-3907

۶.۵

Cloudflare OctoRPKI Cache Folder path traversal

$۰-$۵k

Not Defined

CVE-2021-3908

۴.۸

Cloudflare OctoRPKI Certificate Chain resource consumption

$۰-$۵k

Not Defined

CVE-2021-3909

۳.۳

Cloudflare OctoRPKI HTTP Request resource consumption

$۰-$۵k

Not Defined

CVE-2021-3911

۳.۱

Cloudflare OctoRPKI Repository denial of service

$۰-$۵k

Not Defined

CVE-2021-3910

۳.۳

Cloudflare OctoRPKI Repository denial of service

$۰-$۵k

Not Defined

CVE-2021-3912

۳.۱

Cloudflare OctoRPKI Repository resource consumption

$۰-$۵k

Not Defined

CVE-2021-36325

۶.۹

Dell BIOS SMRAM input validation

$۵k-$25k

Not Defined

CVE-2021-36324

۶.۹

Dell BIOS SMRAM input validation

$۵k-$25k

Not Defined

CVE-2021-36323

۶.۹

Dell BIOS SMRAM input validation

$۵k-$25k

Not Defined

CVE-2021-36315

۶.۸

Dell EMC PowerScale Nodes access control

$۵k-$25k

Not Defined

CVE-2021-21528

۶.۴

Dell EMC PowerScale OneFS file information disclosure

$۵k-$25k

Not Defined

CVE-2021-36305

۵.۴

Dell EMC PowerScale OneFS SMB CA denial of service

$۰-$۵k

Not Defined

CVE-2021-3945

۶.۵

django-helpdesk Web Page Generation cross site scripting

$۰-$۵k

Official Fix

CVE-2021-33618

۳.۵

Dolibarr Attribute cross site scripting

$۰-$۵k

Official Fix

CVE-2021-33816

۶.۳

Dolibarr Website Builder protection mechanism

$۰-$۵k

Not Defined

CVE-2021-37850

۵.۱

ESET Cyber Security Daemon denial of service

$۰-$۱k

Official Fix

CVE-2021-24835

۶.۳

Frontend Manager for WooCommerce Plugin sql injection

$۱k-$2k

Official Fix

CVE-2021-22870

۴.۳

GitHub Enterprise Server Pages path traversal

$۱k-$2k

Official Fix

CVE-2021-43414

۸.۸

GNU Hurd Authentication Protocol access control

$۲k-$5k

Official Fix

CVE-2021-43412

۷.۸

GNU Hurd libports use after free

$۲k-$5k

Official Fix

CVE-2021-43413

۸.۸

GNU Hurd Pager Port access control

$۲k-$5k

Official Fix

CVE-2021-43411

۷.۵

GNU Hurd setuid info.c race condition

$۱k-$2k

Official Fix

CVE-2021-43332

۳.۱

GNU Mailman admindb.py insufficiently protected credentials

$۰-$۵k

Official Fix

CVE-2021-43331

۳.۵

GNU Mailman Options Page options.py cross site scripting

$۰-$۵k

Official Fix

CVE-2021-43618

۳.۵

GNU Multiple Precision Arithmetic Library inp_raw.c integer overflow

$۰-$۵k

Official Fix

CVE-2021-41771

۳.۵

Google Go Slice ImportedSymbols out-of-bounds read

$۲k-$5k

Official Fix

CVE-2021-41772

۳.۵

Google Go ZIP Archive denial of service

$۲k-$5k

Official Fix

CVE-2021-24594

۲.۴

Google Language Translator Plugin Setting cross site scripting

$۰-$۱k

Official Fix

CVE-2021-43561

۳.۵

google_for_jobs Extension cross site scripting

$۰-$۱k

Official Fix

CVE-2021-42838

۵.۲

Grand Vice webopac7 Search Field cross site scripting

$۰-$۵k

Not Defined

CVE-2021-42839

۷.۵

Grand Vice webopac7 unrestricted upload

$۰-$۵k

Not Defined

CVE-2021-34684

۸.۵

Hitachi Vantara Pentaho Business Analytics Data Source editor sql injection

$۲k-$5k

Not Defined

CVE-2021-34685

۴.۵

Hitachi Vantara Pentaho Business Analytics UploadService unrestricted upload

$۲k-$5k

Not Defined

CVE-2021-31599

۷.۵

Hitachi Vantara Pentaho Report File injection

$۲k-$5k

Not Defined

CVE-2021-31602

۵.۳

Hitachi Vantara Pentaho Security Model applicationContext-spring-security.xml access control

$۲k-$5k

Not Defined

CVE-2021-31601

۵.۷

Hitachi Vantara Pentaho SOAP information disclosure

$۱k-$2k

Not Defined

CVE-2021-31600

۴.۳

Hitachi Vantara Pentaho SOAP information disclosure

$۱k-$2k

Not Defined

CVE-2020-28419

۵.۵

HP LaserJet Installation Privilege Escalation

$۱۰k-$25k

Not Defined

CVE-2019-18916

۵.۵

HP LaserJet Solution Software Privilege Escalation

$۱۰k-$25k

Not Defined

CVE-2019-16240

۶.۶

HP Officejet Pro/PageWide Managed Printer Print File buffer overflow

$۱۰k-$25k

Official Fix

CVE-2019-18912

۵.۶

HP Printer/MFP FutureSmart denial of service

$۲k-$5k

Not Defined

CVE-2019-18914

۳.۵

HP Printer/MFP Link cross site scripting

$۲k-$5k

Not Defined

CVE-2021-29843

۵.۰

IBM IBM MQ Message Property denial of service

$۲k-$5k

Official Fix

CVE-2021-38887

۴.۳

IBM InfoSphere Information Server Application Response information disclosure

$۵k-$10k

Official Fix

CVE-2021-3723

۷.۲

IBM Integrated Management Module SSH/Telnez os command injection

$۵k-$25k

Not Defined

CVE-2020-4160

۵.۲

IBM QRadar Network Security cleartext transmission

$۵k-$10k

Official Fix

CVE-2020-4152

۵.۵

IBM QRadar Network Security Communication Channel cleartext transmission

$۵k-$10k

Official Fix

CVE-2020-4153

۴.۸

IBM QRadar Network Security Web UI cross site scripting

$۲k-$5k

Official Fix

CVE-2021-29735

۴.۲

IBM Security Guardium Web UI cross site scripting

$۲k-$5k

Official Fix

CVE-2020-4146

۳.۸

IBM Security SiteProtector System cookie without 'httponly' flag

$۵k-$25k

Official Fix

CVE-2020-4140

۴.۴

IBM Security SiteProtector System Web UI cross site scripting

$۰-$۵k

Official Fix

CVE-2021-38985

۴.۳

IBM Tivoli Key Lifecycle Manager input validation

$۵k-$25k

Official Fix

CVE-2021-38973

۲.۶

IBM Tivoli Key Lifecycle Manager input validation

$۵k-$25k

Official Fix

CVE-2021-38972

۴.۳

IBM Tivoli Key Lifecycle Manager input validation

$۵k-$25k

Official Fix

CVE-2021-33086

۴.۷

Intel NUC out-of-bounds write

$۵k-$25k

Official Fix

CVE-2021-43183

۴.۳

JetBrains Hub Authentication Throttling excessive authentication

$۱k-$2k

Official Fix

CVE-2021-43180

۵.۵

JetBrains Hub Avatar Metadata information disclosure

$۰-$۱k

Official Fix

CVE-2021-43181

۴.۸

JetBrains Hub cross site scripting

$۰-$۱k

Official Fix

CVE-2021-43182

۵.۵

JetBrains Hub User Information denial of service

$۰-$۱k

Official Fix

CVE-2021-43203

۶.۵

JetBrains Ktor OAuth2 Authentication improper authentication

$۱k-$2k

Official Fix

CVE-2021-43200

۸.۵

JetBrains TeamCity Agent Push permission

$۲k-$5k

Official Fix

CVE-2021-43193

۸.۰

JetBrains TeamCity Agent Push Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-43199

۶.۳

JetBrains TeamCity Create Patch default permission

$۲k-$5k

Official Fix

CVE-2021-43198

۴.۴

JetBrains TeamCity cross site scripting

$۰-$۱k

Official Fix

CVE-2021-43196

۶.۴

JetBrains TeamCity Docker Registry Connection Dialog exposure of resource

$۱k-$2k

Official Fix

CVE-2021-43197

۵.۲

JetBrains TeamCity Email Notification cross site scripting

$۰-$۱k

Official Fix

CVE-2021-43195

۵.۳

JetBrains TeamCity HTTP Security Header unknown vulnerability

$۲k-$5k

Official Fix

CVE-2021-43194

۴.۴

JetBrains TeamCity information disclosure

$۰-$۱k

Official Fix

CVE-2021-43201

۵.۳

JetBrains TeamCity Project unknown vulnerability

$۲k-$5k

Official Fix

CVE-2021-43186

۴.۴

JetBrains YouTrack cross site scripting

$۰-$۱k

Official Fix

CVE-2021-43184

۳.۵

JetBrains YouTrack cross site scripting

$۰-$۱k

Official Fix

CVE-2021-43185

۵.۵

JetBrains YouTrack Header injection

$۱k-$2k

Official Fix

CVE-2021-43189

۵.۵

JetBrains YouTrack Mobile Access Token Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-43188

۵.۵

JetBrains YouTrack Mobile Access Token Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-43187

۳.۳

JetBrains YouTrack Mobile Cache information disclosure

$۰-$۱k

Official Fix

CVE-2021-43191

۵.۶

JetBrains YouTrack Mobile Security Screen missing authentication

$۱k-$2k

Official Fix

CVE-2021-43190

۵.۴

JetBrains YouTrack Mobile Task access control

$۱k-$2k

Official Fix

CVE-2021-43192

۵.۴

JetBrains YouTrack Mobile URL Scheme Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-3918

۸.۵

json-schema Object Prototype code injection

$۰-$۵k

Official Fix

CVE-2021-3840

۸.۸

Lenovo Antilles Installation uncontrolled search path

$۰-$۵k

Official Fix

CVE-2021-3519

۶.۶

Lenovo Desktop Boot Menu improper authentication

$۰-$۵k

Not Defined

CVE-2021-3720

۴.۴

Lenovo Legion Phone Pro/Legion Phone2 Pro Time Weather System widget default permission

$۰-$۵k

Not Defined

CVE-2021-3786

۴.۴

Lenovo Notebook/ThinkPad SMRAM input validation

$۰-$۵k

Not Defined

CVE-2021-3719

۶.۷

Lenovo ThinkCentre/ThinkStation SMI Callback input validation

$۰-$۵k

Not Defined

CVE-2021-3718

۴.۳

Lenovo ThinkPad Enhanced Biometrics Setting denial of service

$۰-$۵k

Not Defined

CVE-2021-3599

۶.۷

Lenovo ThinkPad SMI Callback input validation

$۰-$۵k

Not Defined

CVE-2021-3843

۶.۷

Lenovo ThinkPad SMI input validation

$۰-$۵k

Not Defined

CVE-2021-31853

۸.۳

McAfee Drive Encryption DLL Loader uncontrolled search path

$۱۰k-$25k

Official Fix

CVE-2021-43209

۷.۰

Microsoft 3D Viewer Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-43208

۷.۰

Microsoft 3D Viewer Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-42323

۳.۸

Microsoft Azure RTOS information disclosure

$۵k-$10k

Official Fix

CVE-2021-42301

۳.۳

Microsoft Azure RTOS information disclosure

$۲k-$5k

Official Fix

CVE-2021-26444

۲.۷

Microsoft Azure RTOS information disclosure

$۰-$۱k

Official Fix

CVE-2021-42304

۵.۷

Microsoft Azure RTOS Local Privilege Escalation

$۵k-$10k

Official Fix

CVE-2021-42303

۵.۷

Microsoft Azure RTOS Local Privilege Escalation

$۵k-$10k

Official Fix

CVE-2021-42302

۵.۷

Microsoft Azure RTOS Local Privilege Escalation

$۵k-$10k

Official Fix

CVE-2021-41376

۲.۵

Microsoft Azure Sphere information disclosure

$۵k-$10k

Official Fix

CVE-2021-41375

۳.۵

Microsoft Azure Sphere information disclosure

$۵k-$10k

Official Fix

CVE-2021-41374

۶.۵

Microsoft Azure Sphere information disclosure

$۵k-$10k

Official Fix

CVE-2021-42300

۵.۸

Microsoft Azure Sphere Local Privilege Escalation

$۵k-$10k

Official Fix

CVE-2021-42316

۷.۶

Microsoft Dynamics 365 Privilege Escalation

$۱۰k-$25k

Official Fix

CVE-2021-41351

۴.۳

Microsoft Edge IE Mode information disclosure

$۲۵k-$50k

Official Fix

CVE-2021-41349

۵.۴

Microsoft Exchange Server information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-42321

۸.۸

Microsoft Exchange Server Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-42305

۶.۴

Microsoft Exchange Server Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2021-41373

۴.۹

Microsoft FSLogix information disclosure

$۵k-$10k

Official Fix

CVE-2021-42298

۸.۳

Microsoft Malware Protection Engine Defender Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2021-41368

۶.۲

Microsoft Office Access Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-42292

۷.۳

Microsoft Office Excel authorization

$۱۰k-$25k

Official Fix

CVE-2021-40442

۷.۰

Microsoft Office Excel Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-42296

۷.۰

Microsoft Office Word Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-41372

۷.۰

Microsoft Power BI Report Server Privilege Escalation

$۱۰k-$25k

Official Fix

CVE-2021-42322

۶.۴

Microsoft Visual Studio Code Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-42319

۳.۹

Microsoft Visual Studio denial of service

$۱k-$2k

Official Fix

CVE-2021-3711

۷.۶

Microsoft Visual Studio OpenSSL buffer overflow

$۱۰k-$25k

Official Fix

CVE-2021-42291

۷.۵

Microsoft Windows Active Directory Domain Services Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-42287

۷.۵

Microsoft Windows Active Directory Domain Services Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-42282

۷.۵

Microsoft Windows Active Directory Domain Services Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-42278

۷.۵

Microsoft Windows Active Directory Domain Services Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-42279

۴.۶

Microsoft Windows Chakra Scripting Engine Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2021-42275

۸.۸

Microsoft Windows COM for Windows Remote Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-42286

۸.۳

Microsoft Windows Core Shell SI Host Extension Framework Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-41366

۸.۳

Microsoft Windows Credential Security Support Provider Protocol Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-41356

۷.۵

Microsoft Windows denial of service

$۱۰k-$25k

Official Fix

CVE-2021-36957

۸.۳

Microsoft Windows Desktop Bridge Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-42277

۴.۹

Microsoft Windows Diagnostics Hub Standard Collector denial of service

$۱۰k-$25k

Official Fix

CVE-2021-41377

۸.۳

Microsoft Windows Fast FAT File System Driver Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-42280

۶.۰

Microsoft Windows Feedback Hub denial of service

$۱۰k-$25k

Official Fix

CVE-2021-42288

۶.۱

Microsoft Windows Hello Security improper authentication

$۱۰k-$25k

Official Fix

CVE-2021-42284

۶.۸

Microsoft Windows Hyper-V denial of service

$۱۰k-$25k

Official Fix

CVE-2021-42274

۶.۸

Microsoft Windows Hyper-V Discrete Device Assignment denial of service

$۱۰k-$25k

Official Fix

CVE-2021-41379

۵.۹

Microsoft Windows Installer Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-42285

۸.۳

Microsoft Windows Kernel Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-42276

۷.۰

Microsoft Windows Media Foundation Remote Code Execution

$۵۰k-$100k

Official Fix

CVE-2021-42283

۹.۴

Microsoft Windows NTFS Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-41378

۸.۳

Microsoft Windows NTFS Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-41370

۸.۳

Microsoft Windows NTFS Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-41367

۸.۳

Microsoft Windows NTFS Privilege Escalation

$۱۰۰k and more

Official Fix

CVE-2021-38666

۸.۸

Microsoft Windows Remote Desktop Client Remote Code Execution

$۱۰۰k and more

Official Fix

CVE-2021-38665

۶.۰

Microsoft Windows Remote Desktop Protocol Client information disclosure

$۲۵k-$50k

Official Fix

CVE-2021-41371

۳.۵

Microsoft Windows Remote Desktop Protocol information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-38631

۳.۵

Microsoft Windows Remote Desktop Protocol information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-26443

۹.۰

Microsoft Windows Virtual Machine Bus Privilege Escalation

$۵۰k-$100k

Official Fix

CVE-2021-43174

۳.۵

Nlnet Labs Routinator gzip Transfer Encoding resource consumption

$۰-$۱k

Not Defined

CVE-2021-43173

۳.۵

Nlnet Labs Routinator RRDP Repository exceptional condition

$۱k-$2k

Official Fix

CVE-2021-43172

۳.۵

Nlnet Labs Routinator RRDP Repository recursion

$۰-$۱k

Official Fix

CVE-2021-37157

۴.۳

OGP-Agent-Linux Config.pm missing encryption

$۰-$۱k

Not Defined

CVE-2021-37158

۵.۵

OGP-Agent-Linux Counter-Strike Server os command injection

$۱k-$2k

Official Fix

CVE-2021-43273

۵.۵

Open Design Alliance Drawings SDK DGN File out-of-bounds read

$۰-$۵k

Official Fix

CVE-2021-43390

۵.۵

Open Design Alliance Drawings SDK DGN File out-of-bounds write

$۰-$۵k

Official Fix

CVE-2021-43275

۵.۵

Open Design Alliance Drawings SDK DGN File use after free

$۰-$۵k

Official Fix

CVE-2021-43274

۵.۵

Open Design Alliance Drawings SDK DWF File Parser use after free

$۰-$۵k

Official Fix

CVE-2021-43280

۵.۵

Open Design Alliance Drawings SDK DWF File stack-based overflow

$۰-$۵k

Official Fix

CVE-2021-43391

۵.۵

Open Design Alliance Drawings SDK DXF File out-of-bounds read

$۰-$۵k

Official Fix

CVE-2021-43336

۵.۵

Open Design Alliance Drawings SDK DXF File out-of-bounds write

$۰-$۵k

Official Fix

CVE-2021-43278

۵.۵

Open Design Alliance Drawings SDK OBJ File out-of-bounds read

$۰-$۵k

Official Fix

CVE-2021-43276

۵.۵

Open Design Alliance ODA Viewer DWF File out-of-bounds read

$۰-$۵k

Official Fix

CVE-2021-43272

۵.۵

Open Design Alliance ODA Viewer DWF File Privilege Escalation

$۰-$۵k

Official Fix

CVE-2021-43277

۵.۵

Open Design Alliance PRC SDK U3D File out-of-bounds read

$۰-$۵k

Official Fix

CVE-2021-43279

۵.۵

Open Design Alliance PRC SDK U3D File out-of-bounds write

$۰-$۵k

Official Fix

CVE-2021-43494

۳.۵

OpenCV-REST-API pathname traversal

$۰-$۵k

Not Defined

CVE-2021-43577

۵.۵

OWASP Dependency-Check Plugin XML Parser xml external entity reference

$۰-$۵k

Not Defined

CVE-2021-3061

۶.۵

Palo Alto PAN-OS Command Line Interface os command injection

$۲k-$5k

Official Fix

CVE-2021-3056

۸.۸

Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow

$۲k-$5k

Official Fix

CVE-2021-3062

۷.۲

Palo Alto PAN-OS GlobalProtect Portal access control

$۲k-$5k

Official Fix

CVE-2021-3063

۶.۴

Palo Alto PAN-OS GlobalProtect Portal exceptional condition

$۲k-$5k

Official Fix

CVE-2021-3064

۹.۸

Palo Alto PAN-OS GlobalProtect Portal stack-based overflow

$۲k-$5k

Official Fix

CVE-2021-3059

۸.۱

Palo Alto PAN-OS Management Interface os command injection

$۲k-$5k

Official Fix

CVE-2021-3060

۸.۱

Palo Alto PAN-OS Simple Certificate Enrollment Protocol os command injection

$۲k-$5k

Official Fix

CVE-2021-3058

۸.۰

Palo Alto PAN-OS Web Interface os command injection

$۲k-$5k

Official Fix

CVE-2020-23878

۵.۵

pdf2json fetch stack-based overflow

$۰-$۵k

Not Defined

CVE-2020-23879

۳.۵

pdf2json getObject null pointer dereference

$۰-$۵k

Not Defined

CVE-2020-23874

۵.۵

pdf2xml addAttributsNode heap-based overflow

$۰-$۵k

Not Defined

CVE-2020-23873

۵.۵

pdf2xml dump heap-based overflow

$۰-$۵k

Not Defined

CVE-2020-23877

۵.۵

pdf2xml getObjectStream stack-based overflow

$۰-$۵k

Not Defined

CVE-2020-23872

۴.۳

pdf2xml restoreState null pointer dereference

$۰-$۵k

Not Defined

CVE-2020-23876

۳.۵

pdf2xml testLinkedText memory leak

$۰-$۵k

Not Defined

CVE-2021-34598

۶.۴

Phoenix Contact FL MGUARD 1102/FL MGUARD 1105 Remote Logging memory leak

$۰-$۱k

Not Defined

CVE-2021-34582

۵.۴

Phoenix Contact FL MGUARD 1102/FL MGUARD 1105 Web-based Management/REST API cross site scripting

$۰-$۱k

Not Defined

CVE-2021-24816

۴.۹

Phoenix Media Rename Plugin AJAX Action phoenix_media_rename access control

$۱k-$2k

Official Fix

CVE-2021-42078

۳.۵

PHP Event Calendar Parameter events_manager.php cross site scripting

$۰-$۱k

Official Fix

CVE-2021-42077

۷.۳

PHP Event Calendar user_manager.php sql injection

$۲k-$5k

Official Fix

CVE-2021-24669

۷.۵

Preloader Builder Plugin mzldr Shortcode sql injection

$۱k-$2k

Official Fix

CVE-2021-25975

۴.۴

Publify File Upload cross site scripting

$۰-$۱k

Official Fix

CVE-2021-25974

۴.۴

Publify Page cross site scripting

$۰-$۱k

Official Fix

CVE-2021-3572

۵.۰

python-pip Unicode input validation

$۲k-$5k

Official Fix

CVE-2021-38684

۸.۱

QNAP Multimedia Console stack-based overflow

$۰-$۵k

Official Fix

CVE-2021-34357

۵.۶

QNAP QmailAgent cross site scripting

$۰-$۵k

Official Fix

CVE-2021-1903

۵.۳

Qualcomm Snapdragon Auto Channel Switch Announcement IE denial of service

$۵k-$25k

Official Fix

CVE-2021-1912

۸.۶

Qualcomm Snapdragon Auto Count integer overflow

$۲۵k-$100k

Official Fix

CVE-2021-30266

۷.۰

Qualcomm Snapdragon Auto Interface Add Command use after free

$۵k-$25k

Official Fix

CVE-2021-30265

۷.۰

Qualcomm Snapdragon Auto Statistics memory corruption

$۵k-$25k

Official Fix

CVE-2021-30264

۷.۰

Qualcomm Snapdragon Auto use after free

$۵k-$25k

Official Fix

CVE-2021-30321

۹.۸

Qualcomm Snapdragon Compute MBSSID Scan buffer overflow

$۲۵k-$100k

Official Fix

CVE-2021-30263

۷.۰

Qualcomm Snapdragon Compute On-Device Logging race condition

$۵k-$25k

Official Fix

CVE-2021-43573

۵.۵

Realtek RTL8195AM Response Frame buffer overflow

$۰-$۵k

Official Fix

CVE-2021-24767

۳.۵

Redirect 404 Error Page to Homepage or Custom Page with Logs Plugin Log cross-site request forgery

$۰-$۱k

Official Fix

CVE-2021-24766

۳.۵

Redirect, Log and Notify 404 Errors Plugin cross-site request forgery

$۰-$۱k

Official Fix

CVE-2021-24731

۶.۳

Registration Forms Plugin REST API Endpoint login sql injection

$۱k-$2k

Official Fix

CVE-2021-24647

۵.۶

Registration Forms Plugin Social Login improper authentication

$۱k-$2k

Official Fix

CVE-2020-25722

۸.۸

Samba AD DC access control

$۲k-$5k

Official Fix

CVE-2021-3738

۶.۳

Samba AD DC RPC Server use after free

$۲k-$5k

Official Fix

CVE-2020-25718

۷.۵

Samba AD DC sandbox

$۲k-$5k

Official Fix

CVE-2020-25717

۸.۸

Samba AD Domain Privilege Escalation

$۲k-$5k

Official Fix

CVE-2020-25721

۵.۵

Samba AD Identifier Privilege Escalation

$۲k-$5k

Official Fix

CVE-2021-23192

۵.۶

Samba DCE/RPC injection

$۲k-$5k

Official Fix

CVE-2020-25719

۷.۲

Samba Kerberos Ticket Privilege Escalation

$۲k-$5k

Official Fix

CVE-2016-2124

۳.۷

Samba SMB1 Client Connection cleartext transmission

$۰-$۱k

Official Fix

CVE-2021-40501

۵.۵

SAP ABAP Platform Kernel authorization

$۱۰k-$25k

Official Fix

CVE-2021-40502

۶.۳

SAP Commerce B2B Unit improper authorization

$۱۰k-$25k

Official Fix

CVE-2021-42062

۳.۵

SAP ERP HCM Portugal Report authorization

$۵k-$10k

Official Fix

CVE-2021-40503

۳.۵

SAP GUI information disclosure

$۲k-$5k

Official Fix

CVE-2021-40504

۵.۵

SAP NetWeaver Application Server for ABAP Template Role authorization

$۱۰k-$25k

Official Fix

CVE-2021-28024

۸.۰

ServiceTonic Helpdesk Login Form improper authentication

$۱k-$2k

Official Fix

CVE-2021-28022

۶.۲

ServiceTonic Helpdesk Login Form sql injection

$۱k-$2k

Official Fix

CVE-2021-28023

۷.۶

ServiceTonic Helpdesk Service Import path traversal

$۱k-$2k

Official Fix

CVE-2021-3776

۴.۳

ShowDoc cross-site request forgery

$۰-$۵k

Official Fix

CVE-2021-3775

۴.۳

ShowDoc cross-site request forgery

$۰-$۵k

Official Fix

CVE-2021-3683

۴.۸

ShowDoc cross-site request forgery

$۰-$۵k

Official Fix

CVE-2021-31883

۵.۳

Siemens APOGEE MBC DHCP ACK Message memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-31882

۵.۳

Siemens APOGEE MBC DHCP ACK Packet memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-31881

۵.۳

Siemens APOGEE MBC DHCP OFFER Message out-of-bounds read

$۵k-$10k

Official Fix

CVE-2021-31884

۷.۳

Siemens APOGEE MBC DHCP Option out-of-bounds write

$۱۰k-$25k

Official Fix

CVE-2021-31888

۷.۳

Siemens APOGEE MBC FTP Server stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-31887

۷.۳

Siemens APOGEE MBC FTP Server stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-31886

۷.۳

Siemens APOGEE MBC FTP Server stack-based overflow

$۱۰k-$25k

Official Fix

CVE-2021-31344

۷.۳

Siemens APOGEE MBC ICMP Echo Packet type confusion

$۱۰k-$25k

Official Fix

CVE-2021-31346

۷.۳

Siemens APOGEE MBC ICMP Packet buffer overflow

$۱۰k-$25k

Official Fix

CVE-2021-31890

۷.۳

Siemens APOGEE MBC TCP buffer overflow

$۱۰k-$25k

Official Fix

CVE-2021-31889

۷.۳

Siemens APOGEE MBC TCP SACK Packet integer underflow

$۱۰k-$25k

Official Fix

CVE-2021-31885

۴.۳

Siemens APOGEE MBC TFTP Server buffer overflow

$۱۰k-$25k

Official Fix

CVE-2021-31345

۷.۳

Siemens APOGEE MBC UDP Protocol buffer overflow

$۱۰k-$25k

Official Fix

CVE-2021-40366

۳.۷

Siemens Climatix POL909 Web Server missing encryption

$۵k-$10k

Official Fix

CVE-2021-42026

۳.۵

Siemens Mendix authorization

$۵k-$10k

Official Fix

CVE-2021-42025

۵.۵

Siemens Mendix authorization

$۱۰k-$25k

Official Fix

CVE-2021-42015

۳.۳

Siemens Mendix Cache information disclosure

$۲k-$5k

Official Fix

CVE-2021-37207

۵.۳

Siemens SENTRON powermanager Configuration Folder permission assignment

$۵k-$10k

Official Fix

CVE-2021-40364

۳.۵

Siemens SIMATIC PCS 7/SIMATIC WinCC log file

$۲k-$5k

Not Defined

CVE-2021-40358

۵.۵

Siemens SIMATIC PCS 7/SIMATIC WinCC Pathname path traversal

$۵k-$10k

Official Fix

CVE-2021-40359

۳.۵

Siemens SIMATIC PCS 7/SIMATIC WinCC Pathname path traversal

$۵k-$10k

Not Defined

CVE-2020-10053

۳.۳

Siemens SIMATIC RTLS Locating Manager Configuration File cleartext storage

$۲k-$5k

Official Fix

CVE-2020-10054

۳.۳

Siemens SIMATIC RTLS Locating Manager Configuration File Import denial of service

$۱k-$2k

Official Fix

CVE-2020-10052

۳.۳

Siemens SIMATIC RTLS Locating Manager log file

$۲k-$5k

Official Fix

CVE-2021-42021

۵.۳

Siemens Siveillance Video DLNA Server path traversal

$۱۰k-$25k

Not Defined

CVE-2021-24698

۴.۶

Simple Download Monitor Plugin access control

$۱k-$2k

Official Fix

CVE-2021-24697

۳.۵

Simple Download Monitor Plugin cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24693

۳.۵

Simple Download Monitor Plugin File Thumbnail cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24695

۴.۳

Simple Download Monitor Plugin Log information disclosure

$۱k-$2k

Official Fix

CVE-2021-3931

۴.۳

Snipe-IT cross-site request forgery

$۰-$۵k

Official Fix

CVE-2021-3938

۳.۷

snipe-it Web Page Generation cross site scripting

$۰-$۵k

Official Fix

CVE-2021-40871

۶.۵

Softing OPC UA C++ SDK Message type confusion

$۰-$۵k

Official Fix

CVE-2021-40873

۶.۵

Softing OPC UA C++ SDK/uaToolkit Embedded Message double free

$۰-$۵k

Official Fix

CVE-2021-40872

۶.۳

Softing uaToolkit Embedded Message type confusion

$۰-$۵k

Official Fix

CVE-2021-40577

۳.۵

Sourcecodester Online Enrollment Management System in PHP Add-Users Page cross site scripting

$۰-$۱k

Not Defined

CVE-2021-40260

۳.۵

SourceCodester Tailor Management cross site scripting

$۰-$۱k

Not Defined

CVE-2021-43569

۴.۶

Stark Bank ecdsa-dotnet Message signature verification

$۱k-$2k

Official Fix

CVE-2021-43568

۴.۶

Stark Bank ecdsa-elixir Message signature verification

$۱k-$2k

Official Fix

CVE-2021-43570

۴.۶

Stark Bank ecdsa-java Message verify signature verification

$۱k-$2k

Official Fix

CVE-2021-43571

۴.۶

Stark Bank ecdsa-node Message verify signature verification

$۱k-$2k

Official Fix

CVE-2021-43572

۵.۵

Stark Bank ecdsa-python improper validation of integrity check value

$۲k-$5k

Official Fix

CVE-2021-41653

۶.۳

TP-LINK TL-WR840N EU ping Privilege Escalation

$۰-$۵k

Not Defined

CVE-2021-24829

۶.۳

Visitor Traffic Real Time Statistics Plugin AJAX Action today_traffic_index sql injection

$۱k-$2k

Official Fix

CVE-2020-12488

۴.۷

Vivo Jovi Smart Scene access control

$۱k-$2k

Official Fix

CVE-2021-22051

۶.۰

VMware Spring Cloud Gateway Downstream Service authorization

$۱۰k-$25k

Official Fix

CVE-2021-22048

۴.۶

VMware vCenter Server/Cloud Foundation IWA access control

$۱۰k-$25k

Not Defined

CVE-2020-23889

۴.۳

WildBit Viewer ICO File denial of service

$۰-$۵k

Not Defined

CVE-2020-23890

۴.۳

WildBit Viewer JPG File JPGCodec buffer overflow

$۰-$۵k

Not Defined

CVE-2020-23888

۴.۳

WildBit Viewer PSD File denial of service

$۰-$۵k

Not Defined

CVE-2020-23902

۴.۳

WildBit Viewer TGA File buffer overflow

$۰-$۵k

Not Defined

CVE-2020-23900

۴.۳

WildBit Viewer TGA File buffer overflow

$۰-$۵k

Not Defined

CVE-2020-23901

۴.۳

WildBit Viewer TGA File denial of service

$۰-$۵k

Not Defined

CVE-2020-23899

۴.۳

WildBit Viewer TGA File denial of service

$۰-$۵k

Not Defined

CVE-2020-23898

۴.۳

WildBit Viewer TGA File denial of service

$۰-$۵k

Not Defined

CVE-2020-23897

۴.۳

WildBit Viewer TGA File denial of service

$۰-$۵k

Not Defined

CVE-2020-23896

۴.۳

WildBit Viewer TIFF File denial of service

$۰-$۵k

Not Defined

CVE-2020-23895

۴.۳

WildBit Viewer TIFF File denial of service

$۰-$۵k

Not Defined

CVE-2020-23894

۴.۳

WildBit Viewer TIFF File denial of service

$۰-$۵k

Not Defined

CVE-2020-23891

۴.۳

WildBit Viewer TIFF File denial of service

$۰-$۵k

Not Defined

CVE-2020-23893

۴.۳

WildBit Viewer TIFF File denial of service

$۰-$۵k

Not Defined

CVE-2021-24798

۳.۵

WP Header Images Plugin Settings Page cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24832

۴.۳

WP SEO Redirect 301 Plugin cross-site request forgery

$۰-$۱k

Official Fix

CVE-2021-24801

۳.۵

WP Survey Plus Plugin AJAX A cross site scripting

$۰-$۱k

Not Defined

CVE-2021-24806

۳.۹

wpDiscuz Plugin Comments cross-site request forgery

$۰-$۱k

Official Fix

CVE-2021-24664

۴.۱

WPSchoolPress Attribute sanitize_text_field cross site scripting

$۰-$۱k

Official Fix

CVE-2021-24575

۶.۳

WPSchoolPress Plugin POST Variable sql injection

$۱k-$2k

Official Fix

CVE-2020-23903

۳.۵

Xiph Speex WAV File read_samples divide by zero

$۰-$۵k

Not Defined

CVE-2020-23904

۵.۵

Xiph Speex WAV File speexenc.c stack-based overflow

$۰-$۵k

Not Defined

CVE-2020-23887

۴.۳

XnView MP ICO File SmartStretchDIBits denial of service

$۰-$۵k

Not Defined

CVE-2020-23886

۴.۳

XnView MP PICT File RtlpLowFragHeapFree denial of service

$۰-$۵k

Not Defined

CVE-2021-42370

۳.۵

XoruX LPAR2RRD/STOR2RRD Device Property missing encryption

$۰-$۱k

Official Fix

CVE-2021-42371

۶.۳

XoruX LPAR2RRD/STOR2RRD hard-coded credentials

$۱k-$2k

Official Fix

CVE-2021-42372

۶.۳

XoruX LPAR2RRD/STOR2RRD SNMP os command injection

$۲k-$5k

Official Fix

CVE-2021-42847

۵.۵

Zoho ManageEngine ADAudit Plus Privilege Escalation

$۰-$۵k

Official Fix

CVE-2021-42002

۶.۳

Zoho ManageEngine ADManager Plus unrestricted upload

$۰-$۵k

Official Fix

CVE-2021-41081

۶.۳

Zoho ManageEngine Network Configuration Manager Configuration Search sql injection

$۰-$۵k

Official Fix

CVE-2021-41080

۶.۳

Zoho ManageEngine Network Configuration Manager Hardware Details Search sql injection

$۰-$۵k

Official Fix

CVE-2021-41833

۷.۳

Zoho ManageEngine Patch Connect Plus Remote Code Execution

$۰-$۵k

Official Fix

CVE-2021-34419

۳.۴

Zoom Client for Meetings Screen Sharing injection

$۵k-$25k

Official Fix

CVE-2021-34420

۴.۹

Zoom Client for Meetings signature verification

$۵k-$25k

Official Fix

CVE-2021-34421

۳.۷

Zoom Keybase Client Message information disclosure

$۰-$۵k

Official Fix

CVE-2021-34422

۷.۳

Zoom Keybase Client Team Folder path traversal

$۵k-$25k

Official Fix

CVE-2021-34418

۴.۲

Zoom On-Premise Meeting Connector Controller Authentication denial of service

$۰-$۵k

Official Fix

CVE-2021-34417

۶.۳

Zoom On-Premise Meeting Connector Controller Web Portal command injection

$۵k-$25k

Official Fix

 

 

 

    

 

تحت نظارت وف ایرانی