آسیب‌پذیری‌های حیاتی هفته اول دی‌ماه

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم SolarWinds و Google Android گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد. همچنین در محصولات شرکت‌های IBM، Apache ، Siemens ، Bitdefender، Citrix و کرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به همراه لینک وصله‌ها و به‌روزرسانی‌های ارائه‌شده در جدول زیر آمده است.

شناسه آسیب‌پذیری	امتیاز مبنا	عنوان آسیب‌پذیری	ارزش روز صفر	رفع آسِیبپذیری
CVE-2020-35186	۹.۸	Adminer Docker Image hard-coded password	$۲k-$5k	Official Fix
CVE-2019-14483	۸.۸	AdRem NetCrunch Credential Manager credentials storage	$۰-$۱k	Official Fix
CVE-2019-14477	۵.۵	AdRem NetCrunch Credentials Database credentials storage	$۰-$۱k	Official Fix
CVE-2019-14479	۵.۵	AdRem NetCrunch Remote Privilege Escalation	$۲k-$5k	Official Fix
CVE-2019-14476	۶.۵	AdRem NetCrunch SMB Request server-side request forgery	$۱k-$2k	Official Fix
CVE-2019-14480	۹.۸	AdRem NetCrunch user session	$۲k-$5k	Official Fix
CVE-2019-14478	۵.۴	AdRem NetCrunch Web Client cross site scripting	$۰-$۱k	Official Fix
CVE-2019-14481	۵.۴	AdRem NetCrunch Web Client cross-site request forgery	$۰-$۱k	Official Fix
CVE-2019-14482	۹.۸	AdRem NetCrunch Web Client hard-coded key	$۱k-$2k	Official Fix
CVE-2020-17520	۶.۳	Apache Pulsar Manager Verification permission	$۱۰k-$25k	Not Defined
CVE-2020-13931	۹.۸	Apache TomEE ActiveMQ Broker improper authentication	$۱۰k-$25k	Official Fix
CVE-2020-35468	۹.۸	Appbase Streams Docker Image hard-coded password	$۲k-$5k	Not Defined
CVE-2020-15733	۶.۵	BitDefender Antivirus Plus SafePay origin validation	$۲k-$5k	Official Fix
CVE-2020-15292	۵.۵	BitDefender HVI IntLixTaskDumpTree out-of-bounds read	$۰-$۱k	Official Fix
CVE-2020-15294	۷.۸	BitDefender Hypervisor Introspection Compiler Optimization IntPeParseUnwindData null pointer dereference	$۰-$۱k	Official Fix
CVE-2020-15293	۶.۱	BitDefender Hypervisor Introspection IntLixFileGetPath memory corruption	$۱k-$2k	Official Fix
CVE-2020-35466	۹.۸	Blackfire Docker Image hard-coded password	$۲k-$5k	Not Defined
CVE-2020-35188	۹.۸	Chronograf Docker Image hard-coded password	$۲k-$5k	Official Fix
CVE-2020-8257	۹.۸	Citrix Gateway Plug-in access control	$۱۰k-$25k	Official Fix
CVE-2020-8258	۷.۵	Citrix Gateway Plug-in Services privileges management	$۱۰k-$25k	Official Fix
CVE-2020-8283	۸.۸	Citrix Virtual Apps/Virtual Desktops/XenApp/XenDesktop Universal Print Server privileges management	$۱۰k-$25k	Official Fix
CVE-2020-35184	۹.۸	Composer Docker Image hard-coded password	$۲k-$5k	Official Fix
CVE-2020-7781	۹.۸	connection-tester Package index.js injection	$۲k-$5k	Official Fix
CVE-2020-35462	۹.۸	CoScale Agent Docker Image weak password	$۲k-$5k	Not Defined
CVE-2020-8286	۷.۵	curl Certificate Revocation certificate validation	$۱k-$2k	Not Defined
CVE-2020-8169	۷.۵	curl DNS Server information disclosure	$۱k-$2k	Not Defined
CVE-2020-8177	۷.۱	curl File Name injection	$۱k-$2k	Not Defined
CVE-2020-8284	۳.۷	curl FTP PASV information disclosure	$۱k-$2k	Not Defined
CVE-2020-20184	۹.۸	Dan McDougal GateOne SSH Connection os command injection	$۲k-$5k	Not Defined
CVE-2020-28458	۹.۸	datatables.net Package code injection	$۲k-$5k	Official Fix
CVE-2020-5360	۷.۵	Dell BSAFE Micro Edition Suite buffer overflow	$۱۰k-$25k	Official Fix
CVE-2020-5359	۵.۸	Dell BSAFE Micro Edition Suite return value	$۱۰k-$25k	Official Fix
CVE-2020-26198	۶.۱	Dell EMC iDRAC9 Web Application cross site scripting	$۵k-$10k	Official Fix
CVE-2020-25757	۸.۸	D-Link DSR-150/DSR-250/DSR-500/DSR-1000AC LUA CGI access control	$۱۰k-$25k	Official Fix
CVE-2020-25758	۸.۸	D-Link DSR-250 Configuration File injection	$۱۰k-$25k	Official Fix
CVE-2020-25759	۸.۸	D-Link DSR-250 Unified Services Router Web Interface command injection	$۱۰k-$25k	Official Fix
CVE-2020-35467	۹.۸	Docker Docs Docker Image hard-coded password	$۲k-$5k	Not Defined
CVE-2020-35191	۹.۸	Drupal Docker Image hard-coded password	$۲k-$5k	Official Fix
CVE-2020-14368	۸.۸	Eclipse Che CodeReady Workspace services cross-site request forgery	$۰-$۱k	Official Fix
CVE-2020-35396	۶.۱	EGavilan Barcodes Generator index.php cross site scripting	$۰-$۱k	Not Defined
CVE-2020-35395	۶.۱	EGavilan Media Expense Management System Add Expense cross site scripting	$۰-$۱k	Not Defined
CVE-2020-35470	۸.۸	Envoy Network Filter unknown vulnerability	$۲k-$5k	Official Fix
CVE-2020-35471	۷.۵	Envoy UDP Datagram denial of service	$۰-$۱k	Official Fix
CVE-2020-28931	۸.۸	Epson EPS TSE Server 8 Administrative Interface cross-site request forgery	$۰-$۱k	Not Defined
CVE-2020-28929	۹.۸	Epson EPS TSE Server 8 information disclosure	$۱k-$2k	Not Defined
CVE-2020-28930	۵.۴	Epson EPS TSE Server 8 users.php cross site scripting	$۰-$۱k	Not Defined
CVE-2020-35491	۸.۱	FasterXML jackson-databind deserialization	$۲k-$5k	Official Fix
CVE-2020-35490	۸.۱	FasterXML jackson-databind deserialization	$۲k-$5k	Official Fix
CVE-2020-26276	۱۰.۰	Fleet SAML Response authentication spoofing	$۱k-$2k	Official Fix
CVE-2020-20139	۶.۱	Flexmonster Pivot Table & Charts Remote JSON cross site scripting	$۰-$۱k	Not Defined
CVE-2020-20140	۶.۱	Flexmonster Pivot Table & Charts Remote Report cross site scripting	$۰-$۱k	Not Defined
CVE-2020-20142	۶.۱	Flexmonster Pivot Table & Charts To Remote CSV cross site scripting	$۰-$۱k	Not Defined
CVE-2020-20141	۶.۱	Flexmonster Pivot Table & Charts XMLA cross site scripting	$۰-$۱k	Not Defined
CVE-2020-28203	۵.۵	Foxit Reader/PhantomPDF PDF File denial of service	$۰-$۱k	Not Defined
CVE-2020-35465	۹.۸	FullArmor HAPI File Share Mount Docker Image hard-coded password	$۲k-$5k	Not Defined
CVE-2020-16104	۷.۲	Gallagher Command Centre Enterprise Data Interface sql injection	$۱k-$2k	Official Fix
CVE-2020-16102	۸.۲	Gallagher Command Centre Server improper authentication	$۱k-$2k	Official Fix
CVE-2020-16103	۸.۸	Gallagher Command Centre Server type confusion	$۲k-$5k	Official Fix
CVE-2020-25175	۹.۸	GE Healthcare Signa cleartext transmission	$۱k-$2k	Not Defined
CVE-2020-25179	۹.۸	GE Healthcare Signa credentials management	$۲k-$5k	Not Defined
CVE-2020-35185	۹.۸	Ghost Docker Image hard-coded password	$۲k-$5k	Official Fix
CVE-2020-35380	۷.۵	GJSON JSON File denial of service	$۰-$۱k	Official Fix
CVE-2020-35457	۷.۸	Gnome GLib g_option_group_add_entries integer overflow	$۱k-$2k	Official Fix
CVE-2020-0481	۳.۳	Google Android AndroidManifest.xml permission	$۲۵k-$50k	Official Fix
CVE-2020-0476	۴.۴	Google Android Assistant.java onNotificationRemoved log file	$۱۰k-$25k	Official Fix
CVE-2020-0444	۶.۵	Google Android auditfilter.c audit_free_lsm_field privileges management	$۲۵k-$50k	Official Fix
CVE-2020-27021	۳.۳	Google Android avrc_pars_tg.cc avrc_ctrl_pars_vendor_cmd out-of-bounds read	$۵k-$10k	Official Fix
CVE-2020-0497	۴.۴	Google Android BiometricServiceBase canUseBiometric information disclosure	$۱۰k-$25k	Official Fix
CVE-2020-0499	۵.۴	Google Android bitreader.c FLAC__bitreader_read_rice_signed_block out-of-bounds read	$۲۵k-$50k	Official Fix
CVE-2020-0492	۵.۴	Google Android Bitstream bitstream.cpp BitstreamFillCache out-of-bounds read	$۲۵k-$50k	Official Fix
CVE-2020-0463	۵.۹	Google Android Bluetooth Server sdp_server.cc sdp_server_handle_client_req information disclosure	$۲۵k-$50k	Official Fix
CVE-2020-27024	۶.۴	Google Android Bluetooth smp_br_main.cc smp_br_state_machine_event out-of-bounds read	$۲۵k-$50k	Official Fix
CVE-2020-27054	۶.۵	Google Android BluetoothManagerService BluetoothManagerService.java onFactoryReset permission	$۲۵k-$50k	Official Fix
CVE-2020-27023	۳.۳	Google Android BluetoothMediaBrowserService.java setErrorPlaybackState information disclosure	$۵k-$10k	Official Fix
CVE-2020-0473	۴.۳	Google Android BluetoothOppNotification.java updateIncomingFileConfirmNotification unrestricted upload	$۰-$۱k	Official Fix
CVE-2020-0019	۷.۸	Google Android Broadcom Nexus Firmware hard-coded password	$۲۵k-$50k	Official Fix
CVE-2020-0016	۷.۸	Google Android Broadcom Nexus Firmware hard-coded password	$۲۵k-$50k	Official Fix
CVE-2020-27035	۴.۴	Google Android C2AllocatorIon.cpp priorLinearAllocation use after free	$۲۵k-$50k	Official Fix
CVE-2020-27038	۵.۴	Google Android C2SoftVorbisDec.cpp process memory leak	$۱۰k-$25k	Official Fix
CVE-2020-0368	۳.۳	Google Android CallLogProvider.java queryInternal information disclosure	$۱۰k-$25k	Official Fix
CVE-2020-27045	۶.۵	Google Android ce_main.cc CE_SendRawFrame out-of-bounds write	$۲۵k-$50k	Official Fix
CVE-2020-27047	۴.۴	Google Android ce_t4t.cc ce_t4t_update_binary out-of-bounds read	$۱۰k-$25k	Official Fix
CVE-2020-0460	۶.۴	Google Android Certificate CertInstaller.java createNameCredentialDialog information disclosure	$۲۵k-$50k	Official Fix
CVE-2020-0498	۴.۹	Google Android codebook.c decode_packed_entry_number out-of-bounds read	$۲۵k-$50k	Official Fix
CVE-2020-0484	۵.۴	Google Android ComposerClient.h destroyResources memory corruption	$۱۰k-$25k	Official Fix
CVE-2020-27041	۴.۴	Google Android ConnectivityService.java showProvisioningNotification information disclosure	$۱۰k-$25k	Official Fix
CVE-2020-0486	۶.۵	Google Android ContactsProvider2.java openAssetFileListener permission	$۲۵k-$50k	Official Fix
CVE-2020-0496	۴.۴	Google Android cpdf_renderstatus.cpp LoadSMask use after free	$۲۵k-$50k	Official Fix
CVE-2020-0493	۴.۴	Google Android cpdf_sampledfunc.cpp v_Call information disclosure	$۱۰k-$25k	Official Fix
CVE-2020-0440	۶.۵	Google Android DisplayManagerService.java createVirtualDisplay permission	$۲۵k-$50k	Official Fix
CVE-2020-0480	۶.۵	Google Android DocumentsProvider.java callUnchecked permission	$۲۵k-$50k	Official Fix
CVE-2020-0479	۶.۵	Google Android DocumentsProvider.java callUnchecked permission	$۲۵k-$50k	Official Fix
CVE-2020-0483	۵.۴	Google Android DrmManagerService.cpp ~DrmManagerService memory corruption	$۱۰k-$25k	Official Fix
CVE-2020-27025	۴.۴	Google Android EapFailureNotifier.java information disclosure	$۱۰k-$25k	Official Fix
CVE-2020-0489	۷.۵	Google Android eas_mdls.c Parse_data out-of-bounds write	$۵۰k-$100k	Official Fix
CVE-2020-0466	۶.۵	Google Android eventpoll.c do_epoll_ctl use after free	$۲۵k-$50k	Official Fix
CVE-2020-27026	۴.۱	Google Android Fingerprint information disclosure	$۵k-$10k	Official Fix
CVE-2020-0490	۵.۴	Google Android floor1.c floor1_info_unpack information disclosure	$۲۵k-$50k	Official Fix
CVE-2020-27057	۳.۳	Google Android GpuService.cpp getGpuStatsAppInfo information disclosure	$۱۰k-$25k	Official Fix
CVE-2020-0474	۶.۱	Google Android HalCamera.cpp requestNewFrame use after free	$۲۵k-$50k	Official Fix
CVE-2020-27030	۶.۵	Google Android HandleApiCalls.java onCreate permission	$۲۵k-$50k	Official Fix
CVE-2020-27028	۳.۸	Google Android hci_layer.cc filter_incoming_event out-of-bounds read	$۱۰k-$25k	Official Fix
CVE-2020-0494	۵.۴	Google Android ih264d_sei.c ih264d_parse_ave out-of-bounds read	$۲۵k-$50k	Official Fix
CVE-2020-0488	۵.۴	Google Android ihevc_inter_pred_filters_ssse3_intr.c ihevc_inter_pred_chroma_copy_ssse3 information disclosure	$۲۵k-$50k	Official Fix
CVE-2020-0482	۳.۸	Google Android IncidentService.cpp command information disclosure	$۱۰k-$25k	Official Fix
CVE-2020-0500	۴.۴	Google Android InputMethodManager.java startInputUncheckedLocked information disclosure	$۱۰k-$25k	Official Fix
CVE-2020-0495	۴.۴	Google Android JBig2_SddProc.cpp decode_Huffman integer overflow	$۲۵k-$50k	Official Fix
CVE-2020-0465	۶.۵	Google Android Kernel hid-multitouch.c out-of-bounds write	$۲۵k-$50k	Official Fix
CVE-2020-27067	۵.۳	Google Android l2tp Subsystem use after free	$۱۰k-$25k	Official Fix
CVE-2020-27052	۶.۵	Google Android Lock Task Mode ActivityRecord.java getLockTaskLaunchMode permission	$۲۵k-$50k	Official Fix
CVE-2020-0469	۴.۴	Google Android LockSettingsService.java addEscrowToken denial of service	$۵k-$10k	Official Fix
CVE-2020-0491	۵.۴	Google Android MatroskaExtractor.cpp readBlock resource consumption	$۱۰k-$25k	Official Fix
CVE-2020-0280	۴.۴	Google Android nci_hrcv.cc nci_proc_ee_management_rsp information disclosure	$۱۰k-$25k	Official Fix
CVE-2020-0477	۴.۴	Google Android Network Configuration ClientModeImpl.java sendLinkConfigurationChangedBroadcast information disclosure	$۱۰k-$25k	Official Fix
CVE-2020-0467	۴.۴	Google Android Network Traffic Vpn.java onUserStopped information disclosure	$۱۰k-$25k	Official Fix
CVE-2020-27051	۶.۵	Google Android nfa_rw_api.cc NFA_RwI93WriteMultipleBlocks out-of-bounds write	$۲۵k-$50k	Official Fix
CVE-2020-27040	۳.۸	Google Android NFC Server phNxpNciHal.cc phNxpNciHal_core_initialized out-of-bounds read	$۱۰k-$25k	Official Fix
CVE-2020-27037	۳.۳	Google Android NFC Server phNxpNciHal.cc phNxpNciHal_core_initialized out-of-bounds read	$۵k-$10k	Official Fix
CVE-2020-27036	۵.۴	Google Android NFC Server phNxpNciHal_ext.cc phNxpNciHal_send_ext_cmd out-of-bounds write	$۱۰k-$25k	Official Fix
CVE-2020-27043	۳.۳	Google Android nfc_main.cc nfc_enabled out-of-bounds read	$۵k-$10k	Official Fix
CVE-2020-27031	۳.۸	Google Android nfc_ncif.cc nfc_data_event out-of-bounds read	$۱۰k-$25k	Official Fix
CVE-2020-27046	۳.۳	Google Android nfc_ncif.cc nfc_ncif_proc_ee_action out-of-bounds read	$۵k-$10k	Official Fix
CVE-2020-27033	۳.۳	Google Android nfc_ncif.cc nfc_ncif_proc_get_routing out-of-bounds read	$۵k-$10k	Official Fix
CVE-2020-27027	۴.۴	Google Android nfc_ncif.cc nfc_ncif_proc_get_routing out-of-bounds read	$۱۰k-$25k	Official Fix
CVE-2020-27068	۳.۳	Google Android nl80211.c nl80211_policy out-of-bounds read	$۵k-$10k	Official Fix
CVE-2020-0455	۶.۶	Google Android out-of-bounds read	$۱۰k-$25k	Official Fix
CVE-2020-0457	۷.۶	Google Android out-of-bounds write	$۵۰k-$100k	Official Fix
CVE-2020-0456	۷.۶	Google Android out-of-bounds write	$۵۰k-$100k	Official Fix
CVE-2020-27056	۳.۳	Google Android Package Metadata information disclosure	$۱۰k-$25k	Official Fix
CVE-2020-27044	۶.۵	Google Android Parcel.cpp restartWrite memory corruption	$۲۵k-$50k	Official Fix
CVE-2020-27032	۴.۴	Google Android PhoneInterfaceManager.java getRadioAccessFamily information disclosure	$۱۰k-$25k	Official Fix
CVE-2020-0464	۴.۰	Google Android res_cache.cpp resolv_cache_lookup information disclosure	$۵k-$10k	Official Fix
CVE-2020-0470	۴.۹	Google Android restoration.c extend_frame_highbd heap-based overflow	$۵۰k-$100k	Official Fix
CVE-2020-0478	۶.۵	Google Android restoration.c extend_frame_lowbd out-of-bounds write	$۲۵k-$50k	Official Fix
CVE-2020-27050	۶.۵	Google Android rw_i93.cc rw_i93_send_cmd_write_multi_blocks out-of-bounds write	$۲۵k-$50k	Official Fix
CVE-2020-27048	۶.۵	Google Android rw_main.cc RW_SendRawFrame out-of-bounds write	$۲۵k-$50k	Official Fix
CVE-2020-27049	۶.۵	Google Android rw_t3t.cc rw_t3t_send_raw_frame out-of-bounds write	$۲۵k-$50k	Official Fix
CVE-2020-27039	۴.۴	Google Android ServiceRecord.java postNotification information disclosure	$۱۰k-$25k	Official Fix
CVE-2020-27034	۴.۴	Google Android SimSelectNotification.java createSimSelectNotification information disclosure	$۱۰k-$25k	Official Fix
CVE-2020-0244	۴.۴	Google Android SPDIFEncoder.cpp writeBurstBufferBytes information disclosure	$۱۰k-$25k	Official Fix
CVE-2020-0458	۷.۵	Google Android SPDIFEncoder.cpp writeBurstBufferBytes integer overflow	$۵۰k-$100k	Official Fix
CVE-2020-0487	۵.۴	Google Android stream_decoder.c read_metadata_vorbiscomment_ denial of service	$۱۰k-$25k	Official Fix
CVE-2020-0468	۴.۴	Google Android TelephonyRegistry.java listen information disclosure	$۱۰k-$25k	Official Fix
CVE-2020-27029	۵.۴	Google Android TextView.java TextView denial of service	$۱۰k-$25k	Official Fix
CVE-2020-0485	۶.۵	Google Android UsbBackend.java areFunctionsSupported permission	$۲۵k-$50k	Official Fix
CVE-2020-27055	۶.۴	Google Android WiFi Configuration WifiConfigController.java showWarningMessagesIfAppropriate information disclosure	$۲۵k-$50k	Official Fix
CVE-2020-0459	۳.۳	Google Android WiFi Configuration WifiConfigManager.java sendConfiguredNetworkChangedBroadcast information disclosure	$۱۰k-$25k	Official Fix
CVE-2020-27053	۳.۳	Google Android WiFi Name ClientModeImpl.java broadcastWifiCredentialChanged information disclosure	$۵k-$10k	Official Fix
CVE-2020-0099	۶.۳	Google Android WindowManagerService.java addWindow clickjacking	$۲۵k-$50k	Official Fix
CVE-2020-0475	۶.۵	Google Android WindowManagerService.java createInputConsumer permission	$۲۵k-$50k	Official Fix
CVE-2020-27066	۵.۴	Google Android xfrm6_tunnel.c xfrm6_tunnel_free_spi use after free	$۱۰k-$25k	Official Fix
CVE-2020-8944	۵.۳	Google Asylo ecall_restore buffer overflow	$۵k-$10k	Official Fix
CVE-2020-8935	۷.۸	Google Asylo Ecall_restore memory corruption	$۵k-$10k	Not Defined
CVE-2020-8937	۵.۳	Google Asylo enc_untrusted_create_wait_queue buffer overflow	$۵k-$10k	Official Fix
CVE-2020-8939	۵.۵	Google Asylo enc_untrusted_inet_ntop out-of-bounds read	$۲k-$5k	Official Fix
CVE-2020-8941	۵.۵	Google Asylo enc_untrusted_inet_pton buffer overflow	$۵k-$10k	Official Fix
CVE-2020-8942	۵.۵	Google Asylo enc_untrusted_read buffer overflow	$۵k-$10k	Official Fix
CVE-2020-8943	۵.۵	Google Asylo enc_untrusted_recvfrom buffer overflow	$۵k-$10k	Official Fix
CVE-2020-8940	۵.۵	Google Asylo enc_untrusted_recvmsg buffer overflow	$۵k-$10k	Official Fix
CVE-2020-8938	۳.۳	Google Asylo FromkLinuxSockAddr memory corruption	$۵k-$10k	Official Fix
CVE-2020-8936	۵.۵	Google Asylo sgx_params out-of-bounds read	$۲k-$5k	Official Fix
CVE-2020-29511	۹.۸	Google Go Encoding XML Package encoding error	$۱۰k-$25k	Workaround
CVE-2020-29510	۹.۸	Google Go Encoding XML Package encoding error	$۱۰k-$25k	Workaround
CVE-2020-29509	۹.۸	Google Go Encoding XML Package encoding error	$۱۰k-$25k	Workaround
CVE-2020-5682	۷.۵	GROWI denial of service	$۰-$۱k	Official Fix
CVE-2020-5683	۷.۵	GROWI pathname traversal	$۱k-$2k	Official Fix
CVE-2020-35195	۹.۸	Haproxy Docker Image hard-coded password	$۲k-$5k	Official Fix
CVE-2020-35453	۵.۵	Hashicorp Vault Enterprise Sentinel EGP Policy Feature unknown vulnerability	$۲k-$5k	Official Fix
CVE-2020-35177	۳.۵	Hashicorp Vault/Vault Enterprise LDAP Auth Method information disclosure	$۰-$۱k	Official Fix
CVE-2020-8285	۷.۵	haxx.se cURL FTP Wildcard stack-based overflow	$۲k-$5k	Not Defined
CVE-2020-14248	۳.۷	HCL BigFix Inventory missing secure attribute	$۱k-$2k	Official Fix
CVE-2020-14254	۳.۷	HCL BigFix Inventory TLS-RSA Cipher Suite risky encryption	$۰-$۱k	Official Fix
CVE-2020-14271	۴.۳	HCL iNotes Message Content or cross site scripting	$۰-$۱k	Not Defined
CVE-2020-14224	۷.۳	HCL Notes MIME Message buffer overflow	$۲k-$5k	Not Defined
CVE-2020-14232	۵.۵	HCL Notes Parameter stack-based overflow	$۲k-$5k	Not Defined
CVE-2020-4080	۴.۳	HCL Verse Message Content cross site scripting	$۰-$۱k	Not Defined
CVE-2020-7203	۶.۳	HPE iLO Amplifier Pack Server Remote Privilege Escalation	$۱۰k-$25k	Not Defined
CVE-2020-7201	۳.۵	HPE StoreEver MSL2024/StoreEver 1-8 G2 cross-site request forgery	$۲k-$5k	Not Defined
CVE-2020-7200	۶.۳	HPE Systems Insight Manager Remote Privilege Escalation	$۱۰k-$25k	Not Defined
CVE-2020-4747	۹.۸	IBM Connect:Direct for UNIX CLI improper authentication	$۱۰k-$25k	Official Fix
CVE-2020-4905	۵.۹	IBM Financial Transaction Manager cleartext transmission	$۵k-$10k	Official Fix
CVE-2020-4904	۶.۵	IBM Financial Transaction Manager cross-site request forgery	$۵k-$10k	Official Fix
CVE-2020-4906	۳.۳	IBM Financial Transaction Manager information disclosure	$۲k-$5k	Official Fix
CVE-2020-4907	۵.۳	IBM Financial Transaction Manager information exposure	$۵k-$10k	Official Fix
CVE-2020-4908	۵.۳	IBM Financial Transaction Manager Login Dialog information disclosure	$۵k-$10k	Official Fix
CVE-2020-4764	۴.۳	IBM Planning Analytics cross-site request forgery	$۵k-$10k	Official Fix
CVE-2020-4846	۲.۷	IBM Security Key Lifecycle Manager information exposure	$۵k-$10k	Official Fix
CVE-2020-4845	۵.۴	IBM Security Key Lifecycle Manager Web UI cross site scripting	$۲k-$5k	Official Fix
CVE-2020-4657	۶.۱	IBM Sterling B2B Integrator Web UI cross site scripting	$۵k-$10k	Official Fix
CVE-2020-4658	۶.۱	IBM Sterling File Gateway Web UI cross site scripting	$۵k-$10k	Official Fix
CVE-2020-4849	۶.۱	IBM Tivoli Netcool Impact Remote Privilege Escalation	$۱۰k-$25k	Official Fix
CVE-2020-35194	۹.۸	Influxdb Docker Image hard-coded password	$۲k-$5k	Official Fix
CVE-2020-35463	۹.۸	Instana Dynamic APM Docker Image hard-coded password	$۲k-$5k	Not Defined
CVE-2020-28442	۹.۸	js-data Package deepFill code injection	$۲k-$5k	Official Fix
CVE-2020-35381	۷.۵	jsonparser GET Call denial of service	$۰-$۱k	Not Defined
CVE-2020-22083	۹.۸	jsonpickle decode deserialization	$۲k-$5k	Official Fix
CVE-2020-13535	۸.۸	Kepware LinkMaster access control	$۲k-$5k	Not Defined
CVE-2020-14302	۴.۹	Keycloak authentication replay	$۱k-$2k	Official Fix
CVE-2020-10770	۵.۳	Keycloak server-side request forgery	$۲k-$5k	Official Fix
CVE-2020-35122	۷.۵	Keysight Database Connector Plugin access control	$۱k-$2k	Official Fix
CVE-2020-35121	۸.۸	Keysight Database Connector Plugin Save Macro Parameter cross site scripting	$۰-$۱k	Official Fix
CVE-2020-35189	۹.۸	Kong Docker Image hard-coded password	$۲k-$5k	Official Fix
CVE-2020-25010	۶.۳	Kyland KPS2204 Instruction unrestricted upload	$۲k-$5k	Not Defined
CVE-2020-25011	۴.۳	Kyland KPS2204 webadminget.cgi information disclosure	$۱k-$2k	Not Defined
CVE-2020-13528	۳.۷	Lantronix XPort EDGE Telnet CLI information disclosure	$۱k-$2k	Not Defined
CVE-2020-13527	۶.۳	Lantronix XPort EDGE Web Manager improper authentication	$۱k-$2k	Not Defined
CVE-2020-35555	۵.۹	LG Mobile Device Dual Screen improper authentication	$۵k-$10k	Official Fix
CVE-2020-35554	۵.۵	LG Mobile Device WebView SSL unknown vulnerability	$۱۰k-$25k	Official Fix
CVE-2020-29569	۸.۸	Linux Kernel Kernel Thread denial of service	$۲k-$5k	Official Fix
CVE-2020-27777	۷.۲	Linux Kernel RTAS authorization	$۱۰k-$25k	Official Fix
CVE-2020-27780	۸.۰	Linux-PAM Empty Password improper authentication	$۱k-$2k	Official Fix
CVE-2020-25094	۸.۸	LogRhythm Platform Manager Websocket command injection	$۲k-$5k	Not Defined
CVE-2020-25095	۳.۵	LogRhythm Platform Manager Websocket cross-site request forgery	$۰-$۱k	Not Defined
CVE-2020-35479	۶.۱	MediaWiki BlockLogFormatter.php translateBlockExpiry cross site scripting	$۰-$۱k	Official Fix
CVE-2020-35480	۵.۳	MediaWiki information disclosure	$۱k-$2k	Official Fix
CVE-2020-35477	۵.۴	MediaWiki Log Entry unknown vulnerability	$۲k-$5k	Official Fix
CVE-2020-35474	۳.۵	MediaWiki Messages text cross site scripting	$۰-$۱k	Official Fix
CVE-2020-35478	۴.۳	MediaWiki Raw HTML BlockLogFormatter.php makePageLink cross site scripting	$۰-$۱k	Official Fix
CVE-2020-35475	۴.۳	MediaWiki Raw HTML Special:UserRights cross site scripting	$۰-$۱k	Official Fix
CVE-2020-27154	۳.۵	Mitel BusinessCTI Enterprise Client Chat Window information disclosure	$۰-$۱k	Official Fix
CVE-2020-25610	۵.۵	Mitel MiCollab AWV access control	$۱k-$2k	Official Fix
CVE-2020-25606	۳.۵	Mitel MiCollab AWV cross site scripting	$۰-$۱k	Official Fix
CVE-2020-25611	۳.۵	Mitel MiCollab AWV Portal cross site scripting	$۰-$۱k	Official Fix
CVE-2020-25612	۳.۵	Mitel MiCollab NuPoint Messenger access control	$۱k-$2k	Official Fix
CVE-2020-25609	۳.۵	Mitel MiCollab NuPoint Messenger Portal cross site scripting	$۰-$۱k	Official Fix
CVE-2020-27340	۵.۵	Mitel MiCollab redirect	$۱k-$2k	Official Fix
CVE-2020-25608	۶.۳	Mitel MiCollab SAS Portal sql injection	$۱k-$2k	Official Fix
CVE-2020-24693	۳.۳	Mitel MiContact Center Business Ignite Portal information disclosure	$۰-$۱k	Official Fix
CVE-2020-27639	۴.۹	Mitel MiVoice 6873i/MiVoice 6930/MiVoice 6940 Bluetooth Handset Local Privilege Escalation	$۱k-$2k	Official Fix
CVE-2020-27640	۴.۹	Mitel MiVoice 6930/MiVoice 6940 Bluetooth Handset improper authentication	$۰-$۱k	Official Fix
CVE-2020-35338	۹.۸	Mobile Viewpoint Wireless Multiplex Terminal Playout Server hard-coded credentials	$۱k-$2k	Not Defined
CVE-2020-20189	۹.۸	NewPK newpost.php sql injection	$۱k-$2k	Not Defined
CVE-2020-13519	۵.۵	NZXT Cam IO Request Packet access control	$۱k-$2k	Not Defined
CVE-2020-13515	۵.۵	NZXT Cam IO Request Packet access control	$۱k-$2k	Not Defined
CVE-2020-13514	۵.۵	NZXT Cam IO Request Packet access control	$۱k-$2k	Not Defined
CVE-2020-13513	۵.۵	NZXT Cam IO Request Packet access control	$۱k-$2k	Not Defined
CVE-2020-13512	۵.۵	NZXT Cam IO Request Packet access control	$۱k-$2k	Not Defined
CVE-2020-13518	۳.۵	NZXT Cam IO Request Packet information disclosure	$۰-$۱k	Not Defined
CVE-2020-13517	۳.۵	NZXT Cam IO Request Packet information disclosure	$۰-$۱k	Not Defined
CVE-2020-13516	۳.۵	NZXT Cam IO Request Packet information disclosure	$۰-$۱k	Not Defined
CVE-2020-13511	۳.۵	NZXT Cam IO Request Packet information disclosure	$۰-$۱k	Not Defined
CVE-2020-13510	۳.۵	NZXT Cam IO Request Packet information disclosure	$۰-$۱k	Not Defined
CVE-2020-13509	۵.۵	NZXT Cam IO Request Packet information disclosure	$۰-$۱k	Not Defined
CVE-2020-35378	۹.۸	Online Bus Ticket Reservation Login Page sql injection	$۲k-$5k	Not Defined
CVE-2020-28856	۷.۵	OpenAsset Asset Management HTTP Request access control	$۱k-$2k	Not Defined
CVE-2020-28857	۶.۱	OpenAsset Digital Asset Management cross site scripting	$۰-$۱k	Not Defined
CVE-2020-28858	۸.۸	OpenAsset Digital Asset Management cross-site request forgery	$۰-$۱k	Not Defined
CVE-2020-28861	۵.۳	OpenAsset Digital Asset Management ProjectsCSV access control	$۲k-$5k	Not Defined
CVE-2020-28859	۶.۱	OpenAsset Digital Asset Management Scripting cross site scripting	$۰-$۱k	Not Defined
CVE-2020-26280	۸.۹	OpenSlides cross site scripting	$۰-$۱k	Official Fix
CVE-2020-35476	۹.۸	OpenTSDB gnuplot File tmp command injection	$۲k-$5k	Not Defined
CVE-2020-25096	۶.۳	Oracle Application Server Websocket access control	$۱۰k-$25k	Not Defined
CVE-2020-29363	۶.۳	p11-kit Byte Array heap-based overflow	$۲k-$5k	Not Defined
CVE-2020-29361	۷.۵	p11-kit LIST Command integer overflow	$۲k-$5k	Official Fix
CVE-2020-29362	۶.۳	p11-kit RPC heap-based overflow	$۲k-$5k	Not Defined
CVE-2020-12523	۹.۱	Phoenix Contact mGuard LAN Port missing initialization of resource	$۲k-$5k	Official Fix
CVE-2020-12517	۹.۰	Phoenix Contact PLCnext cross site scripting	$۰-$۱k	Official Fix
CVE-2020-12518	۵.۵	Phoenix Contact PLCnext information disclosure	$۰-$۱k	Official Fix
CVE-2020-12521	۶.۵	Phoenix Contact PLCnext LLDP Packet denial of service	$۰-$۱k	Official Fix
CVE-2020-12519	۹.۸	Phoenix Contact PLCnext privileges management	$۲k-$5k	Official Fix
CVE-2020-35190	۹.۸	Plone Docker Image hard-coded password	$۲k-$5k	Official Fix
CVE-2020-35196	۹.۸	Rabbitmq Docker Image hard-coded password	$۲k-$5k	Official Fix
CVE-2020-29303	۶.۱	SabaiApp Directories Pro Plugin cross site scripting	$۰-$۱k	Not Defined
CVE-2020-29304	۶.۱	SabaiApp Directories Pro Plugin CSV File cross site scripting	$۰-$۱k	Not Defined
CVE-2020-35553	۷.۵	Samsung Mobile Device denial of service	$۰-$۱k	Official Fix
CVE-2020-35549	۵.۵	Samsung Mobile Device Dialer Local Privilege Escalation	$۱k-$2k	Official Fix
CVE-2020-35550	۹.۸	Samsung Mobile Device Factory Reset Protection access control	$۲k-$5k	Official Fix
CVE-2020-35548	۵.۵	Samsung Mobile Device Finder denial of service	$۰-$۱k	Official Fix
CVE-2020-35552	۵.۳	Samsung Mobile Device GPS Daemon information disclosure	$۰-$۱k	Official Fix
CVE-2020-35551	۹.۸	Samsung Mobile Device RPMB access control	$۲k-$5k	Official Fix
CVE-2020-28457	۴.۸	s-cart Package Admin Dashboard AdminOrderController.phpindex cross site scripting	$۰-$۱k	Official Fix
CVE-2020-28456	۶.۱	s-cart Package Admin Panel cross site scripting	$۰-$۱k	Official Fix
CVE-2020-25229	۷.۵	Siemens LOGO!‎ 8 BM authentication replay	$۵k-$10k	Official Fix
CVE-2020-25233	۵.۵	Siemens LOGO!‎ 8 BM Firmware hard-coded key	$۲k-$5k	Official Fix
CVE-2020-25228	۹.۸	Siemens LOGO!‎ 8 BM Service Port 10005 missing authentication	$۱۰k-$25k	Official Fix
CVE-2020-25230	۷.۵	Siemens LOGO!‎ 8 BM Service Port 10005 risky encryption	$۵k-$10k	Official Fix
CVE-2020-25232	۷.۵	Siemens LOGO!‎ 8 BM tcp risky encryption	$۲k-$5k	Official Fix
CVE-2020-25235	۷.۵	Siemens LOGO!‎ 8 BM Website/Access Tool insufficiently protected credentials	$۵k-$10k	Official Fix
CVE-2020-25231	۵.۵	Siemens LOGO!‎ 8 BM/LOGO!‎ Soft Comfort hard-coded key	$۲k-$5k	Official Fix
CVE-2020-25234	۷.۷	Siemens LOGO!‎ 8 BM/LOGO!‎ Soft Comfort UDF hard-coded key	$۲k-$5k	Official Fix
CVE-2020-28396	۷.۳	Siemens SICAM A8000 CP-8022 Web Server protection mechanism	$۱۰k-$25k	Official Fix
CVE-2020-15796	۷.۵	Siemens SIMATIC ET 200SP/SIMATIC S7-1500 Web Server denial of service	$۲k-$5k	Not Defined
CVE-2019-19284	۵.۴	Siemens XHQ cross site scripting	$۲k-$5k	Official Fix
CVE-2019-19287	۶.۵	Siemens XHQ path traversal	$۱۰k-$25k	Official Fix
CVE-2019-19286	۷.۲	Siemens XHQ sql injection	$۱۰k-$25k	Official Fix
CVE-2019-19288	۶.۱	Siemens XHQ Web Interface cross site scripting	$۲k-$5k	Official Fix
CVE-2019-19285	۵.۴	Siemens XHQ Web Interface cross site scriting	$۲k-$5k	Official Fix
CVE-2019-19289	۸.۸	Siemens XHQ Web Interface cross-site request forgery	$۵k-$10k	Official Fix
CVE-2019-19283	۵.۳	Siemens XHQ Web Server information disclosure	$۲k-$5k	Official Fix
CVE-2020-35469	۹.۸	Software AG Terracotta Server OSS Docker Image hard-coded password	$۲k-$5k	Not Defined
CVE-2018-16243	۵.۴	Solarwinds Database Performance Analyzer cross site scripting	$۰-$۱k	Not Defined
CVE-2020-25617	۸.۸	SolarWinds N-Central Administration Console path traversal	$۲k-$5k	Official Fix
CVE-2020-25620	۷.۸	SolarWinds N-Central Administrative Console hard-coded credentials	$۱k-$2k	Not Defined
CVE-2020-25622	۸.۸	Solarwinds N-central AdvancedScripts HTTP Endpoint cross-site request forgery	$۰-$۱k	Not Defined
CVE-2020-25621	۸.۴	Solarwinds N-central Network Interface improper authentication	$۱k-$2k	Not Defined
CVE-2020-25619	۴.۴	Solarwinds N-central SSH access control	$۲k-$5k	Official Fix
CVE-2020-25618	۸.۸	SolarWinds N-Central sudo Configuration access control	$۲k-$5k	Official Fix
CVE-2019-16955	۵.۴	Solarwinds Web Help Desk SVG Document cross site scripting	$۰-$۱k	Not Defined
CVE-2019-16957	۵.۴	Solarwinds Web Help Desk User Account cross site scripting	$۰-$۱k	Not Defined
CVE-2020-35193	۹.۸	Sonarqube Docker Image hard-coded password	$۲k-$5k	Official Fix
CVE-2020-29652	۷.۵	SSH Component denial of service	$۰-$۱k	Not Defined
CVE-2020-26176	۴.۳	Tangro Business Workflow API Endpoint attachments access control	$۲k-$5k	Official Fix
CVE-2020-26178	۵.۳	Tangro Business Workflow Attachment information disclosure	$۱k-$2k	Official Fix
CVE-2020-26171	۴.۳	Tangro Business Workflow Attachment upload access control	$۲k-$5k	Official Fix
CVE-2020-26172	۶.۵	Tangro Business Workflow JWT Token authentication replay	$۱k-$2k	Official Fix
CVE-2020-26173	۴.۳	Tangro Business Workflow PDF improper authentication	$۱k-$2k	Official Fix
CVE-2020-26177	۴.۳	Tangro Business Workflow profile access control	$۲k-$5k	Official Fix
CVE-2020-26175	۶.۵	Tangro Business Workflow profile access control	$۲k-$5k	Official Fix
CVE-2020-26174	۸.۸	Tangro Business Workflow Restrictions unrestricted upload	$۲k-$5k	Official Fix
CVE-2020-35187	۹.۸	Telegraf Docker Image hard-coded password	$۲k-$5k	Official Fix
CVE-2020-8464	۵.۵	Trend Micro InterScan Web Security Virtual Appliance Admin Interface unknown vulnerability	$۱۰k-$25k	Official Fix
CVE-2020-8466	۹.۸	Trend Micro InterScan Web Security Virtual Appliance command injection	$۱۰k-$25k	Official Fix
CVE-2020-8462	۴.۸	Trend Micro InterScan Web Security Virtual Appliance cross site scripting	$۲k-$5k	Official Fix
CVE-2020-8461	۸.۸	Trend Micro InterScan Web Security Virtual Appliance cross-site request forgery	$۲k-$5k	Official Fix
CVE-2020-8465	۶.۳	Trend Micro InterScan Web Security Virtual Appliance improper authentication	$۵k-$10k	Official Fix
CVE-2020-8463	۷.۵	Trend Micro InterScan Web Security Virtual Appliance improper authorization	$۱۰k-$25k	Official Fix
CVE-2020-27010	۴.۸	Trend Micro InterScan Web Security Virtual Appliance Web Interface cross site scripting	$۲k-$5k	Official Fix
CVE-2020-20277	۷.۳	uftpd FTP Server common.c compose_abspath pathname traversal	$۲k-$5k	Official Fix
CVE-2020-20276	۷.۳	uftpd FTP Server common.c handle_PORT buffer overflow	$۲k-$5k	Official Fix
CVE-2020-35192	۹.۸	Vault Docker Image hard-coded password	$۲k-$5k	Official Fix
CVE-2020-4008	۶.۳	Vmware macOS Sensor for VMware Carbon Black Cloud Installation Remote Privilege Escalation	$۱۰k-$25k	Official Fix
CVE-2020-12522	۱۰.۰	WAGO PFC 100 os command injection	$۲k-$5k	Not Defined
CVE-2020-35464	۹.۸	Weave Cloud Agent Docker Image hard-coded password	$۲k-$5k	Not Defined
CVE-2020-20299	۵.۵	WeiPHP POST access control	$۱k-$2k	Not Defined
CVE-2020-20300	۶.۳	WeiPHP wp_where sql injection	$۱k-$2k	Not Defined
CVE-2020-29570	۶.۲	Xen denial of service	$۲k-$5k	Official Fix
CVE-2020-29568	۶.۵	Xen denial of service	$۲k-$5k	Official Fix
CVE-2020-29567	۶.۲	Xen denial of service	$۰-$۱k	Official Fix
CVE-2020-29566	۵.۵	Xen denial of service	$۲k-$5k	Official Fix
CVE-2020-29571	۶.۲	Xen null pointer dereference	$۲k-$5k	Official Fix
CVE-2020-29479	۸.۸	Xen Ocaml xenstored Implementation access control	$۱۰k-$25k	Official Fix
CVE-2020-29485	۵.۵	Xen Ocaml xenstored Implementation denial of service	$۲k-$5k	Official Fix
CVE-2020-29483	۶.۵	Xen Shared Memory denial of service	$۵k-$10k	Official Fix
CVE-2020-29487	۳.۵	Xen XAPI xenstore denial of service	$۰-$۱k	Official Fix
CVE-2020-29486	۶.۰	Xen xenstore denial of service	$۲k-$5k	Official Fix
CVE-2020-29484	۶.۰	Xen Xenstore denial of service	$۲k-$5k	Official Fix
CVE-2020-29481	۸.۸	Xen Xenstore Node access control	$۱۰k-$25k	Official Fix
CVE-2020-29482	۶.۰	Xen xenstore Path $DOMID denial of service	$۲k-$5k	Official Fix
CVE-2020-29480	۲.۳	Xen xenstore permission	$۱۰k-$25k	Official Fix
CVE-2020-25495	۶.۱	Xinuos OpenServer cross site scripting	$۰-$۱k	Not Defined
CVE-2020-25494	۹.۸	Xinuos OpenServer printbook os command injection	$۱k-$2k	Not Defined
CVE-2020-26259	۶.۸	XStream os command injection	$۲k-$5k	Official Fix
CVE-2020-26258	۷.۷	XStream server-side request forgery	$۲k-$5k	Official Fix
CVE-2020-20183	۷.۵	ZyXEL P1302-T10 v3 Admin Page resource injection	$۲k-$5k	Not Defined

سطح خطر حدود ۴۶% آسیب‌پذیری‌های هفته، «پرخطر» و «حیاتی» برآورد شده است که بسیار قابل‌توجه است.

ارزش روز صفرم ۴۷% آسیب‌پذیری‌های هفته بیش از ۵۰۰۰ دلار بوده است.

خوشبختانه برای ۷۰% آسیب‌پذیری‌‌های هفته، به‌روزرسانی‌ها و یا وصله‌هایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده ازآسیب‌پذیری‌ها بهتر است سریعاً اعمال شوند.

خدمات آپا

سایر آسیب پذیری ها

آسیب‌پذیری‌های حیاتی هفته اول دی‌ماه