آسیبپذیریهای حیاتی هفته اول مهرماه
این هفته آسیبپذیریهای «حیاتی» و «پرخطر» بسیاری در محصولات محبوب Apple و سیستمعامل Google Android گزارش و وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شد. همچنین در محصولات شرکتهای IBM، Apache، Adobe، Cisco، VMware، McAfee، SUSE وکرنل لینوکس و افزونههای Jenkinsچندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت.
لیست این آسیبپذیریها به همراه لینک وصلهها و بهروزرسانیهای ارائهشده در جدول زیر آمده است.
|
شناسه آسیبپذیری |
امتیاز مبنا |
محصول آسیبپذیر |
نوع آسیبپذیری |
ارزش روز صفر |
CTI |
رفع آسیبپذیری |
|
CVE-2020-15172 |
۸.۷ |
Act Module Message |
Remote Code Execution |
$۲k-$5k |
۰.۳۳ |
|
|
CVE-2020-9745 |
۶.۱ |
Adobe Media Encoder Out-of-Bounds |
Memory Corruption |
$۵k-$10k |
۷.۶۵ |
|
|
CVE-2020-9744 |
۶.۱ |
Adobe Media Encoder Out-of-Bounds |
Memory Corruption |
$۵k-$10k |
۴.۹۰ |
|
|
CVE-2020-9739 |
۶.۱ |
Adobe Media Encoder Out-of-Bounds |
Memory Corruption |
$۵k-$10k |
۵.۲۰ |
|
|
CVE-2020-2262 |
۵.۴ |
Android Lint Plugin Stored |
XSS |
$۰-$۱k |
۰.۴۱ |
Not Defined |
|
CVE-2020-13944 |
۳.۵ |
Apache Airflow Endpoint trigger |
XSS |
$۵k-$10k |
۳.۰۷- |
|
|
CVE-2020-13928 |
۳.۵ |
Apache Atlas Search |
XSS |
$۵k-$10k |
۰.۷۶ |
|
|
CVE-2019-0230 |
۹.۸ |
Apache Struts Double OGNL Evaluation |
Remote Code Execution |
$۱۰k-$25k |
۰.۴۷ |
|
|
CVE-2019-0233 |
۷.۵ |
Apache Struts File Upload |
DoS |
$۵k-$10k |
۰.۰۸ |
|
|
CVE-2020-13948 |
۵.۵ |
Apache Superset Python Code Injection |
Privilege Escalation |
$۱۰k-$25k |
۳.۰۷- |
|
|
CVE-2020-11977 |
۵.۵ |
Apache Syncope Flowable Extension |
Code Execution |
$۱۰k-$25k |
۰.۰۸ |
|
|
CVE-2020-9958 |
۸.۸ |
Apple iOS/iPadOS AppleAVD Out-of-Bounds |
Memory Corruption |
$۵۰k-$100k |
۲.۸۴ |
Official Fix |
|
CVE-2020-9979 |
۵.۳ |
Apple iOS/iPadOS Assets Download |
Privilege Escalation |
$۲۵k-$50k |
۱.۲۹ |
|
|
CVE-2020-9773 |
۳.۳ |
Apple iOS/iPadOS Icons |
Information Disclosure |
$۱۰k-$25k |
۱.۳۱ |
|
|
CVE-2020-9992 |
۵.۶ |
Apple iOS/iPadOS IDE Device Support |
Privilege Escalation |
$۵۰k-$100k |
۱.۴۶ |
|
|
CVE-2020-9964 |
۳.۳ |
Apple iOS/iPadOS IOSurfaceAccelerator Kernel Memory |
Information Disclosure |
$۱۰k-$25k |
۱.۱۵ |
|
|
CVE-2020-9976 |
۳.۳ |
Apple iOS/iPadOS Keyboard |
Information Disclosure |
$۱۰k-$25k |
۰.۵۴ |
|
|
CVE-2020-9973 |
۶.۳ |
Apple iOS/iPadOS Model I/O Out-of-Bounds |
Memory Corruption |
$۱۰۰k and more |
۱.۴۶ |
|
|
CVE-2020-9946 |
۷.۴ |
Apple iOS/iPadOS Phone |
Weak Authentication |
$۲۵k-$50k |
۲.۳۶ |
|
|
CVE-2020-9968 |
۵.۳ |
Apple iOS/iPadOS Sandbox |
Privilege Escalation |
$۲۵k-$50k |
۰.۹۲ |
|
|
CVE-2020-9959 |
۲.۴ |
Apple iOS/iPadOS Siri Lockscreen |
Weak Authentication |
$۲k-$5k |
۱.۱۵ |
|
|
CVE-2020-9952 |
۴.۳ |
Apple iOS/iPadOS WebKit |
XSS |
$۲۵k-$50k |
۰.۹۲ |
|
|
CVE-2020-9952 |
۴.۳ |
Apple Safari WebKit |
XSS |
$۱۰k-$25k |
۰.۳۸ |
|
|
CVE-2020-9983 |
۶.۳ |
Apple Safari WebKit Out-of-Bounds |
Memory Corruption |
$۲۵k-$50k |
۰.۵۴ |
|
|
CVE-2020-9948 |
۶.۳ |
Apple Safari WebKit Type Confusion |
Memory Corruption |
$۲۵k-$50k |
۰.۸۴ |
|
|
CVE-2020-9951 |
۶.۳ |
Apple Safari WebKit Use-After-Free |
Memory Corruption |
$۲۵k-$50k |
۱.۶۸ |
|
|
CVE-2020-9976 |
۳.۳ |
Apple tvOS Keyboard |
Information Disclosure |
$۱k-$2k |
۱.۲۷ |
|
|
CVE-2020-9946 |
۶.۴ |
Apple tvOS Phone Lockscreen |
Weak Authentication |
$۲k-$5k |
۱.۵۵ |
|
|
CVE-2020-9968 |
۵.۳ |
Apple tvOS Sandbox |
Privilege Escalation |
$۲k-$5k |
۱.۵۵ |
|
|
CVE-2020-9952 |
۴.۳ |
Apple tvOS WebKit |
XSS |
$۲k-$5k |
۱.۲۴ |
|
|
CVE-2020-9976 |
۳.۳ |
Apple watchOS Keyboard |
Information Disclosure |
$۱k-$2k |
۱.۰۰ |
|
|
CVE-2020-9946 |
۶.۴ |
Apple watchOS Phone Lockscreen |
Weak Authentication |
$۲k-$5k |
۰.۵۳ |
|
|
CVE-2020-9968 |
۵.۳ |
Apple watchOS Sandbox |
Privilege Escalation |
$۲k-$5k |
۱.۱۰ |
|
|
CVE-2020-9952 |
۴.۳ |
Apple watchOS WebKit |
XSS |
$۲k-$5k |
۱.۱۶ |
|
|
CVE-2020-9992 |
۵.۶ |
Apple Xcode IDE Device Support |
Privilege Escalation |
$۱۰k-$25k |
۰.۸۴ |
|
|
CVE-2020-7358 |
۵.۸ |
AppSpider Installer |
Code Execution |
$۰-$۱k |
۴.۱۳ |
|
|
CVE-2020-11684 |
۹.۱ |
AT91bootstrap Authentication Key Memory |
Weak Encryption |
$۰-$۱k |
۰.۰۸ |
|
|
CVE-2020-11683 |
۶.۸ |
AT91bootstrap CMAC Side-Channel |
Privilege Escalation |
$۰-$۱k |
۰.۶۴ |
|
|
CVE-2020-14181 |
۵.۳ |
Atlassian JIRA Server/Data Center ViewUserHover.jspa |
Information Disclosure |
$۱k-$2k |
۱.۸۲ |
|
|
CVE-2020-12788 |
۷.۵ |
Atmel ATSAMA5 CMAC Verification Side-Channel |
Information Disclosure |
$۱k-$2k |
۰.۰۸ |
Not Defined |
|
CVE-2020-12787 |
۷.۵ |
Atmel ATSAMA5 Secure Mode |
Privilege Escalation |
$۲k-$5k |
۰.۰۸ |
Not Defined |
|
CVE-2020-12789 |
۷.۵ |
Atmel ATSAMA5 Secure Monitor Default Key |
Weak Encryption |
$۱k-$2k |
۰.۰۸ |
Not Defined |
|
CVE-2020-25289 |
۵.۵ |
Avast SecureLine VPN Service Symlink |
Privilege Escalation |
$۱k-$2k |
۰.۰۸ |
|
|
CVE-2020-25453 |
۸.۸ |
BlackCat CMS Code Execution |
CSRF |
$۰-$۱k |
۰.۱۵ |
Not Defined |
|
CVE-2020-2254 |
۶.۵ |
Blue Ocean Plugin |
Information Disclosure |
$۱k-$2k |
۰.۱۵ |
Not Defined |
|
CVE-2020-2255 |
۴.۳ |
Blue Ocean Plugin Permission Check |
Privilege Escalation |
$۲k-$5k |
۰.۱۵ |
Not Defined |
|
CVE-2020-6781 |
۶.۸ |
Bosch Smart Home System App Certificate Validation Man-in-the-Middle |
Weak Authentication |
$۱k-$2k |
۰.۷۷ |
|
|
CVE-2020-8927 |
۵.۳ |
Brotli Decompression Crash |
DoS |
$۰-$۱k |
۰.۰۸ |
|
|
CVE-2020-5606 |
۴.۳ |
Buffalo WHR-G54S |
XSS |
$۱k-$2k |
۴.۲۳- |
Not Defined |
|
CVE-2020-5605 |
۳.۵ |
Buffalo WHR-G54S |
Directory Traversal |
$۱k-$2k |
۴.۳۰- |
Not Defined |
|
CVE-2020-2269 |
۵.۴ |
chosen-views-tabbar Plugin Stored |
XSS |
$۰-$۱k |
۰.۹۴ |
Not Defined |
|
CVE-2019-12635 |
۴.۳ |
Cisco Content Security Management Appliance and Cisco Email Security Appliance |
Information Disclosure |
|||
|
CVE-2020-3547 |
۴.۳ |
Cisco Content Security Management Appliance and Cisco Web Security Appliance |
Information Disclosure |
|||
|
CVE-2020-3451 |
۷.۳ |
Cisco Small Business RV340 Series Routers Command Injection and |
Remote Code Execution |
|||
|
CVE-2020-3453 |
۷.۳ |
Cisco Small Business RV340 Series Routers Command Injection and |
Remote Code Execution |
|||
|
CVE-2020-2270 |
۵.۴ |
ClearCase Release Plugin Stored |
XSS |
$۰-$۱k |
۰.۹۶ |
Not Defined |
|
CVE-2020-21845 |
۶.۱ |
Codoforum Admin Dashboard HTML Injection |
XSS |
$۰-$۱k |
۰.۳۱ |
Not Defined |
|
CVE-2020-15178 |
۸.۰ |
contactform module Contact Form |
XSS |
$۰-$۱k |
۰.۰۸ |
|
|
CVE-2020-2275 |
۶.۵ |
Copy Data to Workspace Plugin Permission |
Information Disclosure |
$۱k-$2k |
۰.۰۷ |
Not Defined |
|
CVE-2020-2265 |
۵.۴ |
Coverage-Complexity Scatter Plot Plugin Stored |
XSS |
$۰-$۱k |
۰.۷۵ |
Not Defined |
|
CVE-2020-14382 |
۷.۸ |
cryptsetup LUKS2 Validator luks2_json_metadata.c hdr_validate_segments |
Memory Corruption |
$۲k-$5k |
۰.۰۸ |
Not Defined |
|
CVE-2020-2264 |
۵.۴ |
Custom Job Icon Plugin Stored |
XSS |
$۰-$۱k |
۰.۱۵ |
Not Defined |
|
CVE-2020-8817 |
۸.۱ |
Dataiku DSS |
Privilege Escalation |
$۲k-$5k |
۰.۰۸ |
|
|
CVE-2019-20919 |
۷.۵ |
DBI Module hv_fetch() NULL Pointer Dereference |
DoS |
$۰-$۱k |
۱.۶۵- |
|
|
CVE-2020-22158 |
۶.۱ |
Ericsson RX8200 Reflected |
XSS |
$۰-$۱k |
۰.۴۲ |
Not Defined |
|
CVE-2020-24750 |
۵.۵ |
FasterXML jackson-databind Serialized |
Privilege Escalation |
$۲k-$5k |
۳.۳۱- |
|
|
CVE-2020-24374 |
۵.۵ |
Freebox HD DNS DNS Rebinding |
Privilege Escalation |
$۲k-$5k |
۰.۸۴ |
|
|
CVE-2020-24377 |
۵.۵ |
Freebox Server OS Web Interface DNS Rebinding |
Privilege Escalation |
$۲k-$5k |
۰.۷۶ |
|
|
CVE-2020-24376 |
۵.۵ |
Freebox Server UPnP IGD DNS Rebinding |
Privilege Escalation |
$۲k-$5k |
۰.۹۱ |
Official Fix |
|
CVE-2020-24373 |
۴.۳ |
Freebox Server UPnP MediaServer |
CSRF |
$۰-$۱k |
۰.۴۶ |
Official Fix |
|
CVE-2020-16098 |
۹.۸ |
Gallagher Command Centre Credentials |
Information Disclosure |
$۱k-$2k |
۰.۰۸ |
|
|
CVE-2020-16096 |
۹.۹ |
Gallagher Command Centre Credentials |
Information Disclosure |
$۱k-$2k |
۰.۰۸ |
|
|
CVE-2020-16100 |
۷.۵ |
Gallagher Command Centre DCOM Websocket Crash |
DoS |
$۰-$۱k |
۰.۰۸ |
|
|
CVE-2020-16101 |
۷.۵ |
Gallagher Command Centre DCOM Websocket Out-of-Bounds |
DoS |
$۰-$۱k |
۰.۰۸ |
|
|
CVE-2020-16099 |
۴.۳ |
Gallagher Command Centre Guard Tour Event |
DoS |
$۰-$۱k |
۰.۰۸ |
|
|
CVE-2020-16097 |
۷.۳ |
Gallagher Controller Key |
Information Disclosure |
$۰-$۱k |
۰.۰۷ |
|
|
CVE-2020-13308 |
۲.۷ |
GitLab 2FA |
DoS |
$۰-$۱k |
۰.۵۰ |
|
|
CVE-2020-13307 |
۴.۷ |
GitLab 2FA Session |
Weak Authentication |
$۱k-$2k |
۰.۶۲ |
|
|
CVE-2020-13304 |
۷.۲ |
GitLab 2FA |
Weak Authentication |
$۱k-$2k |
۰.۰۰ |
|
|
CVE-2020-13297 |
۵.۴ |
GitLab 2FA |
Weak Authentication |
$۱k-$2k |
۰.۴۰ |
|
|
CVE-2020-13289 |
۵.۴ |
GitLab 2FA |
Weak Authentication |
$۱k-$2k |
۰.۹۷ |
|
|
CVE-2020-13284 |
۶.۵ |
GitLab API Authorization |
Weak Authentication |
$۱k-$2k |
۰.۱۶ |
|
|
CVE-2020-13313 |
۴.۳ |
GitLab Authorization |
Privilege Escalation |
$۲k-$5k |
۰.۵۵ |
|
|
CVE-2020-13316 |
۴.۳ |
GitLab Command Line |
Privilege Escalation |
$۲k-$5k |
۰.۲۵ |
|
|
CVE-2020-13298 |
۷.۲ |
GitLab Conan Package Upload File |
Information Disclosure |
$۱k-$2k |
۰.۰۰ |
|
|
CVE-2020-13318 |
۷.۳ |
GitLab EKS |
Privilege Escalation |
$۲k-$5k |
۰.۶۳ |
|
|
CVE-2020-13287 |
۴.۳ |
GitLab EPIC |
Information Disclosure |
$۱k-$2k |
۰.۳۲ |
|
|
CVE-2020-13310 |
۶.۵ |
GitLab gitlab-runner Crash |
DoS |
$۰-$۱k |
۰.۰۸ |
|
|
CVE-2020-13317 |
۴.۹ |
GitLab GraphQL API |
DoS |
$۰-$۱k |
۰.۴۱ |
|
|
CVE-2020-13300 |
۱۰.۰ |
GitLab OAuth Authorization |
Privilege Escalation |
$۲k-$5k |
۰.۴۱ |
|
|
CVE-2020-13312 |
۹.۸ |
GitLab OAuth Endpoint Brute Force |
Weak Authentication |
$۱k-$2k |
۰.۵۶ |
|
|
CVE-2020-13314 |
۵.۳ |
GitLab Omniauth Endpoint |
XSS |
$۱k-$2k |
۰.۰۸ |
|
|
CVE-2020-13303 |
۷.۱ |
GitLab Permission |
Privilege Escalation |
$۲k-$5k |
۰.۵۴ |
|
|
CVE-2020-13315 |
۳.۷ |
GitLab Profile Activity Page |
DoS |
$۰-$۱k |
۰.۷۷ |
|
|
CVE-2020-13305 |
۴.۳ |
GitLab Project Invitation Link |
Weak Authentication |
$۱k-$2k |
۰.۰۸ |
|
|
CVE-2020-13309 |
۵.۴ |
GitLab Repository Mirroring |
Server-Side Request Forgery |
$۲k-$5k |
۰.۰۸ |
|
|
CVE-2020-13299 |
۸.۱ |
GitLab Revocation |
Weak Authentication |
$۱k-$2k |
۰.۰۹ |
|
|
CVE-2020-13302 |
۷.۲ |
GitLab Session Revokation |
Weak Authentication |
$۱k-$2k |
۰.۴۸ |
|
|
CVE-2020-13301 |
۵.۵ |
GitLab Standalone Vulnerability Page Stored |
XSS |
$۰-$۱k |
۰.۱۶ |
|
|
CVE-2020-13306 |
۷.۵ |
GitLab Webhook Flooding |
DoS |
$۰-$۱k |
۰.۰۸ |
|
|
CVE-2020-13311 |
۴.۳ |
GitLab Wiki |
DoS |
$۰-$۱k |
۰.۳۹ |
|
|
CVE-2020-25412 |
۵.۵ |
Gnuplot command.c com_line |
Memory Corruption |
$۲k-$5k |
۰.۳۰ |
Not Defined |
|
CVE-2020-25559 |
۵.۵ |
Gnuplot print_set_output Double-Free |
Memory Corruption |
$۲k-$5k |
۰.۰۸ |
Not Defined |
|
CVE-2020-0279 |
۴.۳ |
Google Android AAC Parser Out-of-Bounds |
Information Disclosure |
$۲۵k-$50k |
۴.۳۱- |
Official Fix |
|
CVE-2020-0338 |
۳.۳ |
Google Android AccountManager |
Information Disclosure |
$۱۰k-$25k |
۱.۱۴- |
Official Fix |
|
CVE-2020-0372 |
۳.۳ |
Google Android ActivityManager |
Information Disclosure |
$۱۰k-$25k |
۱.۷۷- |
Official Fix |
|
CVE-2020-0296 |
۳.۳ |
Google Android ADB Server/USB Server |
Information Disclosure |
$۱۰k-$25k |
۱.۱۵- |
Official Fix |
|
CVE-2020-0322 |
۳.۳ |
Google Android apexd Out-of-Bounds |
Information Disclosure |
$۱۰k-$25k |
۰.۹۸- |
Official Fix |
|
CVE-2020-0356 |
۴.۵ |
Google Android Audio HAL Out-of-Bounds |
Memory Corruption |
$۲۵k-$50k |
۱.۷۷- |
Official Fix |
|
CVE-2020-0089 |
۵.۳ |
Google Android Audio Server |
Privilege Escalation |
$۲۵k-$50k |
۲.۱۴ |
|
|
CVE-2020-0314 |
۳.۳ |
Google Android AudioService |
Information Disclosure |
$۱۰k-$25k |
۱.۰۰- |
|
|
CVE-2020-0312 |
۳.۳ |
Google Android Battery Saver |
Information Disclosure |
$۱۰k-$25k |
۰.۸۵- |
|
|
CVE-2020-0380 |
۷.۳ |
Google Android bitalloc.c allocExcessBits Out-of-Bounds |
Memory Corruption |
$۵۰k-$100k |
۲.۳۷- |
|
|
CVE-2020-0433 |
۵.۳ |
Google Android blk-mq-tag.c blk_mq_queue_tag_busy_iter Use-After-Free |
Memory Corruption |
$۲۵k-$50k |
۶.۵۳- |
|
|
CVE-2020-0354 |
۷.۳ |
Google Android Bluetooth Out-of-Bounds |
Memory Corruption |
$۵۰k-$100k |
۲.۱۵ |
|
|
CVE-2020-0379 |
۳.۵ |
Google Android Bluetooth Service |
Information Disclosure |
$۱۰k-$25k |
۲.۱۴- |
|
|
CVE-2020-0394 |
۴.۸ |
Google Android BluetoothPairingDialog.java onCreate |
Privilege Escalation |
$۲۵k-$50k |
۲.۱۵- |
|
|
CVE-2020-0328 |
۲.۵ |
Google Android Camera Integer Overflow |
Information Disclosure |
$۱۰k-$25k |
۰.۸۴- |
|
|
CVE-2020-0428 |
۴.۵ |
Google Android CamX Use-After-Free |
Memory Corruption |
$۲۵k-$50k |
۲.۷۷- |
|
|
CVE-2020-0397 |
۳.۳ |
Google Android CarrierServiceStateTracker.java getNotificationBuilder |
Information Disclosure |
$۱۰k-$25k |
۲.۲۳- |
|
|
CVE-2020-0434 |
۵.۳ |
Google Android Catpipe Library Use-After-Free |
Memory Corruption |
$۲۵k-$50k |
۵.۸۴- |
|
|
CVE-2020-0245 |
۴.۹ |
Google Android combined_decode.cpp DecodeFrameCombinedMode Out-of-Bounds |
Memory Corruption |
$۵۰k-$100k |
۱.۴۵- |
|
|
CVE-2020-0427 |
۳.۳ |
Google Android core.c create_pinctrl Use-After-Free |
Information Disclosure |
$۱۰k-$25k |
۲.۶۹- |
|
|
CVE-2020-0393 |
۳.۳ |
Google Android CryptoPlugin.cpp decrypt_1_2 |
Information Disclosure |
$۱۰k-$25k |
۲.۶۸- |
|
|
CVE-2020-0297 |
۳.۳ |
Google Android devicepolicy Service |
Information Disclosure |
$۱۰k-$25k |
۰.۹۹- |
|
|
CVE-2020-0407 |
۲.۵ |
Google Android Disk Encryption fscrypt_ice.c |
Weak Encryption |
$۵k-$10k |
۲.۶۹- |
|
|
CVE-2020-0341 |
۵.۳ |
Google Android DisplayManager |
Privilege Escalation |
$۲۵k-$50k |
۱.۰۸- |
|
|
CVE-2020-0345 |
۴.۸ |
Google Android DocumentsUI |
Privilege Escalation |
$۲۵k-$50k |
۱.۶۹- |
|
|
CVE-2020-0382 |
۳.۳ |
Google Android dumpstate.cpp RunInternal |
Information Disclosure |
$۱۰k-$25k |
۲.۷۵- |
|
|
CVE-2020-0383 |
۴.۳ |
Google Android eas_mdls.c Parse_ins Out-of-Bounds |
Information Disclosure |
$۲۵k-$50k |
۲.۲۱- |
|
|
CVE-2020-0381 |
۵.۳ |
Google Android eas_mdls.c Parse_wave Integer Overflow |
Information Disclosure |
$۲۵k-$50k |
۲.۶۰- |
|
|
CVE-2020-0395 |
۳.۳ |
Google Android EmergencyCallbackModeService.java showNotification |
Information Disclosure |
$۱۰k-$25k |
۲.۱۵- |
|
|
CVE-2020-0435 |
۴.۵ |
Google Android f2fs.h inline_data_addr Integer Overflow |
Memory Corruption |
$۲۵k-$50k |
۶.۲۲- |
|
|
CVE-2020-0266 |
۵.۳ |
Google Android Factory Reset Protection |
Privilege Escalation |
$۲۵k-$50k |
۱.۳۷- |
|
|
CVE-2020-0403 |
۴.۵ |
Google Android FPC TrustZone Fingerprint App |
Privilege Escalation |
$۲۵k-$50k |
۲.۵۴- |
|
|
CVE-2020-0359 |
۳.۳ |
Google Android GLESRenderEngine Out-of-Bounds |
Information Disclosure |
$۱۰k-$25k |
۱.۷۷- |
|
|
CVE-2020-0388 |
۵.۳ |
Google Android GnssVisibilityControl.java createEmergencyLocationUserNotification |
Privilege Escalation |
$۲۵k-$50k |
۲.۶۷- |
|
|
CVE-2020-0330 |
۸.۸ |
Google Android iorap Use-After-Free |
Memory Corruption |
$۵۰k-$100k |
۱.۳۶- |
|
|
CVE-2020-0293 |
۳.۳ |
Google Android Java Network API |
Information Disclosure |
$۱۰k-$25k |
۱.۰۸- |
|
|
CVE-2020-0431 |
۵.۳ |
Google Android keyboard.c kbd_keycode Out-of-Bounds |
Memory Corruption |
$۲۵k-$50k |
۳.۲۳- |
|
|
CVE-2020-0429 |
۴.۵ |
Google Android l2tp_core.c l2tp_session_delete Use-After-Free |
Memory Corruption |
$۲۵k-$50k |
۲.۸۴- |
|
|
CVE-2020-0370 |
۴.۳ |
Google Android libAACdec Out-of-Bounds |
Information Disclosure |
$۲۵k-$50k |
۱.۸۵- |
|
|
CVE-2020-0369 |
۵.۳ |
Google Android libavb Integer Overflow |
Memory Corruption |
$۲۵k-$50k |
۲.۳۱- |
|
|
CVE-2020-0323 |
۳.۳ |
Google Android libavb Out-of-Bounds |
Information Disclosure |
$۱۰k-$25k |
۰.۹۳- |
|
|
CVE-2020-0340 |
۴.۳ |
Google Android libcodec2_soft_mp3dec |
Information Disclosure |
$۲۵k-$50k |
۱.۰۰- |
|
|
CVE-2020-0361 |
۴.۳ |
Google Android libDRCdec |
Information Disclosure |
$۲۵k-$50k |
۱.۳۱- |
|
|
CVE-2020-0364 |
۴.۳ |
Google Android libDRCdec Out-of-Bounds |
Information Disclosure |
$۲۵k-$50k |
۱.۹۲- |
|
|
CVE-2020-0355 |
۴.۳ |
Google Android libFraunhoferAAC Out-of-Bounds |
Information Disclosure |
$۲۵k-$50k |
۱.۵۴- |
|
|
CVE-2020-0363 |
۴.۳ |
Google Android libmedia Resource Exhaustion |
DoS |
$۱۰k-$25k |
۲.۱۵- |
|
|
CVE-2020-0287 |
۴.۳ |
Google Android libmkvextractor Resource Exhaustion |
DoS |
$۱۰k-$25k |
۴.۳۹- |
|
|
CVE-2020-0353 |
۴.۳ |
Google Android libmp4extractor Resource Exhaustion |
DoS |
$۱۰k-$25k |
۱.۴۶- |
|
|
CVE-2020-0406 |
۵.۳ |
Google Android libmpeg2dec Out-of-Bounds |
Memory Corruption |
$۲۵k-$50k |
۲.۶۱- |
|
|
CVE-2020-0324 |
۴.۳ |
Google Android libsonivox Out-of-Bounds |
Information Disclosure |
$۲۵k-$50k |
۰.۹۳- |
|
|
CVE-2020-0351 |
۴.۳ |
Google Android libstagefright CPU Exhaustion |
DoS |
$۱۰k-$25k |
۱.۵۴- |
|
|
CVE-2020-0264 |
۶.۳ |
Google Android libstagefright Integer Overflow |
Memory Corruption |
$۵۰k-$100k |
۲.۰۰- |
|
|
CVE-2020-0332 |
۴.۳ |
Google Android libstagefright Loop |
DoS |
$۱۰k-$25k |
۰.۹۳- |
|
|
CVE-2020-0362 |
۴.۳ |
Google Android libstagefright Resource Exhaustion |
DoS |
$۱۰k-$25k |
۱.۶۹- |
|
|
CVE-2020-0320 |
۴.۳ |
Google Android libstagefright Resource Exhaustion |
DoS |
$۱۰k-$25k |
۰.۹۲- |
|
|
CVE-2020-0301 |
۴.۳ |
Google Android libstagefright Resource Exhaustion |
DoS |
$۱۰k-$25k |
۱.۰۰- |
|
|
CVE-2020-0306 |
۵.۳ |
Google Android LLVM Stack-based |
Privilege Escalation |
$۲۵k-$50k |
۰.۹۲- |
|
|
CVE-2020-0425 |
۳.۳ |
Google Android Lockdown |
Information Disclosure |
$۱۰k-$25k |
۲.۹۲- |
|
|
CVE-2020-0384 |
۵.۳ |
Google Android Media Extractor eas_mdls.c Parse_art Out-of-Bounds |
Information Disclosure |
$۲۵k-$50k |
۲.۲۹- |
|
|
CVE-2020-0385 |
۴.۳ |
Google Android Media Extractor eas_mdls.c Parse_insh Out-of-Bounds |
Information Disclosure |
$۲۵k-$50k |
۲.۲۲- |
|
|
CVE-2020-0303 |
۶.۳ |
Google Android Media Extractor Use-After-Free |
Memory Corruption |
$۵۰k-$100k |
۰.۹۲- |
|
|
CVE-2020-0125 |
۳.۳ |
Google Android mediadrm Out-of-Bounds |
Information Disclosure |
$۱۰k-$25k |
۰.۹۹- |
|
|
CVE-2020-0337 |
۳.۳ |
Google Android MediaProvider |
Information Disclosure |
$۱۰k-$25k |
۱.۰۷- |
|
|
CVE-2020-0275 |
۵.۳ |
Google Android MediaProvider |
Privilege Escalation |
$۲۵k-$50k |
۴.۳۴- |
|
|
CVE-2020-0352 |
۵.۳ |
Google Android MediaProvider |
SQL injection |
$۱۰k-$25k |
۱.۵۴- |
|
|
CVE-2020-0344 |
۵.۳ |
Google Android MediaProvider |
SQL injection |
$۱۰k-$25k |
۱.۲۳- |
|
|
CVE-2020-0346 |
۵.۳ |
Google Android Mediaserver Integer Overflow |
Memory Corruption |
$۲۵k-$50k |
۱.۹۳- |
|
|
CVE-2020-0321 |
۶.۳ |
Google Android mp3 Extractor Out-of-Bounds |
Memory Corruption |
$۵۰k-$100k |
۱.۰۸- |
|
|
CVE-2020-0432 |
۵.۳ |
Google Android networking.c skb_to_mamac Integer Overflow |
Memory Corruption |
$۲۵k-$50k |
۶.۳۰- |
|
|
CVE-2020-0277 |
۵.۳ |
Google Android NetworkPolicyManagerService |
Privilege Escalation |
$۲۵k-$50k |
۳.۲۷- |
|
|
CVE-2020-0343 |
۳.۳ |
Google Android NetworkStatsService |
Information Disclosure |
$۱۰k-$25k |
۱.۱۵- |
|
|
CVE-2020-0374 |
۵.۳ |
Google Android NFC |
Privilege Escalation |
$۲۵k-$50k |
۲.۱۶- |
|
|
CVE-2020-0360 |
۴.۸ |
Google Android Notification Access Confirmation |
Privilege Escalation |
$۲۵k-$50k |
۲.۰۰- |
|
|
CVE-2020-0399 |
۳.۳ |
Google Android NotificationMgr.java showLimitedSimFunctionWarningNotification |
Information Disclosure |
$۱۰k-$25k |
۲.۴۶- |
|
|
CVE-2020-0329 |
۳.۳ |
Google Android OMX Encoder Out-of-Bounds |
Information Disclosure |
$۱۰k-$25k |
۰.۷۶- |
|
|
CVE-2020-0274 |
۳.۳ |
Google Android OMX Parser |
Information Disclosure |
$۱۰k-$25k |
۳.۲۳- |
|
|
CVE-2020-0342 |
۵.۵ |
Google Android Out-of-Bounds |
Memory Corruption |
$۵۰k-$100k |
۱.۲۳- |
|
|
CVE-2020-0278 |
۵.۵ |
Google Android Out-of-Bounds |
Memory Corruption |
$۵۰k-$100k |
۴.۰۷- |
|
|
CVE-2020-0229 |
۵.۵ |
Google Android Out-of-Bounds |
Memory Corruption |
$۵۰k-$100k |
۱.۲۲- |
|
|
CVE-2020-0123 |
۵.۵ |
Google Android Out-of-Bounds |
Memory Corruption |
$۵۰k-$100k |
۱.۴۶- |
|
|
CVE-2020-0366 |
۴.۸ |
Google Android PackageInstaller |
Privilege Escalation |
$۲۵k-$50k |
۲.۰۰- |
|
|
CVE-2020-0290 |
۳.۳ |
Google Android PackageManager |
Information Disclosure |
$۱۰k-$25k |
۰.۹۲- |
|
|
CVE-2020-0289 |
۳.۳ |
Google Android PackageManager |
Information Disclosure |
$۱۰k-$25k |
۱.۰۰- |
|
|
CVE-2020-0288 |
۳.۳ |
Google Android PackageManager |
Information Disclosure |
$۱۰k-$25k |
۱.۰۸- |
|
|
CVE-2020-0391 |
۷.۸ |
Google Android PackageManagerService.java applyPolicy |
Privilege Escalation |
$۵۰k-$100k |
۲.۳۷- |
|
|
CVE-2020-0401 |
۵.۳ |
Google Android PackageManagerService.java setInstallerPackageName |
Privilege Escalation |
$۲۵k-$50k |
۲.۴۶- |
|
|
CVE-2020-0074 |
۴.۸ |
Google Android PackageManagerService.java verifyIntentFiltersIfNeeded |
Privilege Escalation |
$۲۵k-$50k |
۱.۳۱- |
|
|
CVE-2020-0389 |
۳.۳ |
Google Android RecordingService.java createSaveNotification |
Information Disclosure |
$۱۰k-$25k |
۲.۳۷- |
|
|
CVE-2020-0386 |
۵.۳ |
Google Android RequestPermissionActivity.java onCreate |
Privilege Escalation |
$۲۵k-$50k |
۲.۳۷- |
|
|
CVE-2020-0130 |
۵.۳ |
Google Android screencap |
Command Injection |
$۲۵k-$50k |
۱.۱۶- |
|
|
CVE-2020-0430 |
۵.۳ |
Google Android skbuff.h skb_headlen Out-of-Bounds |
Memory Corruption |
$۲۵k-$50k |
۳.۳۱- |
|
|
CVE-2020-0387 |
۴.۸ |
Google Android SmartSpace Package |
Privilege Escalation |
$۲۵k-$50k |
۲.۲۲- |
|
|
CVE-2020-0373 |
۳.۳ |
Google Android SoundTriggerHwService Out-of-Bounds |
Information Disclosure |
$۱۰k-$25k |
۱.۷۷- |
|
|
CVE-2020-0336 |
۴.۵ |
Google Android Surfaceflinger |
Memory Corruption |
$۲۵k-$50k |
۰.۹۹- |
|
|
CVE-2020-0358 |
۴.۵ |
Google Android Surfaceflinger Use-After-Free |
Memory Corruption |
$۲۵k-$50k |
۱.۸۵- |
|
|
CVE-2020-0357 |
۵.۳ |
Google Android Surfaceflinger Use-After-Free |
Memory Corruption |
$۲۵k-$50k |
۱.۴۶- |
|
|
CVE-2020-0392 |
۵.۳ |
Google Android SurfaceFlinger.cpp getLayerDebugInfo Double-Free |
Memory Corruption |
$۲۵k-$50k |
۲.۶۰- |
|
|
CVE-2020-0426 |
۳.۳ |
Google Android SyncManager |
Information Disclosure |
$۱۰k-$25k |
۲.۶۱- |
|
|
CVE-2020-0318 |
۵.۵ |
Google Android System UI Crash |
DoS |
$۵k-$10k |
۲.۲۳ |
|
|
CVE-2020-0396 |
۳.۳ |
Google Android Telephony |
Information Disclosure |
$۱۰k-$25k |
۲.۰۰- |
|
|
CVE-2020-0375 |
۵.۳ |
Google Android Telephony |
Privilege Escalation |
$۲۵k-$50k |
۲.۱۴- |
|
|
CVE-2020-0270 |
۴.۳ |
Google Android tremolo Out-of-Bounds |
Information Disclosure |
$۲۵k-$50k |
۳.۸۰- |
|
|
CVE-2020-0333 |
۷.۳ |
Google Android UrlQuerySanitizer |
Remote Code Execution |
$۵۰k-$100k |
۱.۲۲- |
|
|
CVE-2020-0317 |
۳.۳ |
Google Android UsageStatsManager |
Information Disclosure |
$۱۰k-$25k |
۰.۹۱- |
|
|
CVE-2020-0404 |
۷.۸ |
Google Android uvc_driver.c uvc_scan_chain_forward |
Privilege Escalation |
$۵۰k-$100k |
۲.۶۱- |
|
|
CVE-2020-0262 |
۵.۳ |
Google Android WiFi Tethering |
Privilege Escalation |
$۲۵k-$50k |
۲.۱۵ |
|
|
CVE-2020-0308 |
۳.۳ |
Google Android Window Manager |
Information Disclosure |
$۱۰k-$25k |
۰.۹۲- |
|
|
CVE-2020-0267 |
۴.۸ |
Google Android windowmanager |
Privilege Escalation |
$۲۵k-$50k |
۳.۵۰- |
|
|
CVE-2020-0390 |
۳.۳ |
Google Android zygote SE Policy App |
Information Disclosure |
$۱۰k-$25k |
۲.۴۴- |
|
|
CVE-2020-15776 |
۸.۸ |
Gradle Enterprise |
CSRF |
$۰-$۱k |
۳.۶۷ |
|
|
CVE-2020-15767 |
۴.۳ |
Gradle Enterprise |
CSRF |
$۰-$۱k |
۲.۰۰ |
|
|
CVE-2020-15773 |
۶.۵ |
Gradle Enterprise Export API Cross-Origin |
Information Disclosure |
$۱k-$2k |
۲.۱۵ |
|
|
CVE-2020-15770 |
۳.۷ |
Gradle Enterprise Lockout |
Weak Authentication |
$۱k-$2k |
۱.۹۹ |
|
|
CVE-2020-15775 |
۵.۵ |
Gradle Enterprise |
Privilege Escalation |
$۲k-$5k |
۱.۹۱ |
|
|
CVE-2020-15772 |
۵.۵ |
Gradle Enterprise SAML IDP |
XML External Entity |
$۲k-$5k |
۲.۲۳ |
|
|
CVE-2020-15774 |
۵.۹ |
Gradle Enterprise Session |
Weak Authentication |
$۱k-$2k |
۲.۱۴ |
Not Defined |
|
CVE-2020-15769 |
۳.۵ |
Gradle Enterprise URL |
XSS |
$۰-$۱k |
۱.۸۵ |
Not Defined |
|
CVE-2020-15771 |
۴.۳ |
Gradle Enterprise/Enterprise Build Cache Node |
CSRF |
$۰-$۱k |
۲.۱۵ |
Not Defined |
|
CVE-2020-15768 |
۴.۳ |
Gradle Enterprise/Enterprise Build Cache Node headers |
Information Disclosure |
$۱k-$2k |
۲.۰۰ |
Not Defined |
|
CVE-2020-15185 |
۲.۲ |
Helm Chart Injection |
Privilege Escalation |
$۱k-$2k |
۲.۸۴- |
|
|
CVE-2020-15184 |
۳.۷ |
Helm Chart.yaml Injection |
Privilege Escalation |
$۲k-$5k |
۳.۰۰- |
|
|
CVE-2020-15186 |
۳.۴ |
Helm Plugin Name |
Privilege Escalation |
$۲k-$5k |
۳.۲۱- |
|
|
CVE-2020-15187 |
۳.۰ |
Helm Plugin |
Privilege Escalation |
$۱k-$2k |
۳.۴۴- |
|
|
CVE-2020-4530 |
۵.۴ |
IBM Business Automation Workflow Web UI |
XSS |
$۵k-$10k |
۰.۷۰ |
|
|
CVE-2019-4671 |
۶.۳ |
IBM Maximo Asset Management Back-End Database |
SQL injection |
$۱۰k-$25k |
۰.۵۴ |
|
|
CVE-2020-4526 |
۴.۳ |
IBM Maximo Asset Management |
CSRF |
$۵k-$10k |
۰.۳۳ |
|
|
CVE-2020-4521 |
۸.۸ |
IBM Maximo Asset Management Java Deserialization |
Privilege Escalation |
$۱۰k-$25k |
۰.۱۵ |
|
|
CVE-2020-4409 |
۶.۸ |
IBM Maximo Asset Management |
Open Redirect |
$۱۰k-$25k |
۰.۷۱ |
|
|
CVE-2020-4708 |
۳.۷ |
IBM Security Trusteer Pinpoint Detect |
Information Disclosure |
$۵k-$10k |
۰.۳۰ |
|
|
CVE-2020-4703 |
۸.۰ |
IBM Spectrum Protect Plus Administrative Console |
Remote Code Execution |
$۱۰k-$25k |
۰.۴۳ |
|
|
CVE-2020-4711 |
۶.۵ |
IBM Spectrum Protect Plus |
Directory Traversal |
$۵k-$10k |
۰.۱۷ |
|
|
CVE-2020-4344 |
۴.۰ |
IBM Tivoli Business Service Manager |
Information Disclosure |
$۲k-$5k |
۰.۱۷ |
|
|
CVE-2020-24457 |
۴.۳ |
Intel CPU BIOS Firmware |
Privilege Escalation |
$۲k-$5k |
۰.۰۸ |
Not Defined |
|
CVE-2020-2266 |
۵.۴ |
Jenkins Description Column Plugin Stored |
XSS |
$۰-$۱k |
۰.۸۸ |
Not Defined |
|
CVE-2020-2273 |
۴.۳ |
Jenkins ElasTest Plugin |
CSRF |
$۰-$۱k |
۰.۸۱ |
Not Defined |
|
CVE-2020-2274 |
۵.۵ |
Jenkins ElasTest Plugin Global Configuration |
Weak Encryption |
$۱k-$2k |
۰.۵۷ |
Not Defined |
|
CVE-2020-2272 |
۴.۳ |
Jenkins ElasTest Plugin Permission Check |
Privilege Escalation |
$۲k-$5k |
۰.۵۷ |
Not Defined |
|
CVE-2020-2253 |
۴.۸ |
Jenkins Email Extension Plugin SMTP Server |
Weak Authentication |
$۲k-$5k |
۰.۱۵ |
Not Defined |
|
CVE-2020-2258 |
۴.۳ |
Jenkins Health Advisor by CloudBees Plugin Permission Check |
Privilege Escalation |
$۲k-$5k |
۰.۱۵ |
Not Defined |
|
CVE-2020-2271 |
۵.۴ |
Jenkins Locked Files Report Plugin Stored |
XSS |
$۰-$۱k |
۰.۵۷ |
Not Defined |
|
CVE-2020-2252 |
۴.۸ |
Jenkins Mailer Plugin SMTP Server |
Weak Authentication |
$۲k-$5k |
۰.۱۵ |
Not Defined |
|
CVE-2020-2260 |
۴.۳ |
Jenkins Perfecto Plugin Permission Check |
Privilege Escalation |
$۲k-$5k |
۰.۲۳ |
Not Defined |
|
CVE-2020-2261 |
۸.۸ |
Jenkins Perfecto Plugin |
Privilege Escalation |
$۲k-$5k |
۰.۱۵ |
Not Defined |
|
CVE-2020-2256 |
۵.۴ |
Jenkins Pipeline Maven Integration Plugin Stored |
XSS |
$۰-$۱k |
۰.۱۵ |
Not Defined |
|
CVE-2020-2263 |
۵.۴ |
Jenkins Radiator View Plugin Stored |
XSS |
$۰-$۱k |
۰.۰۸ |
Not Defined |
|
CVE-2020-2276 |
۸.۸ |
Jenkins Selection tasks Plugin Permission |
Privilege Escalation |
$۲k-$5k |
۰.۴۹ |
Not Defined |
|
CVE-2020-2278 |
۶.۵ |
Jenkins Storable Configs Plugin config.xml |
Privilege Escalation |
$۲k-$5k |
۰.۳۱ |
Not Defined |
|
CVE-2020-2277 |
۶.۵ |
Jenkins Storable Configs Plugin Permission |
Privilege Escalation |
$۲k-$5k |
۰.۳۸ |
Not Defined |
|
CVE-2020-2257 |
۵.۴ |
Jenkins Validating String Parameter Plugin Stored |
XSS |
$۰-$۱k |
۰.۱۵ |
Not Defined |
|
CVE-2020-25751 |
۶.۳ |
Joomla! paGO Commerce Plugin |
SQL injection |
$۲k-$5k |
۷.۳۸- |
Not Defined |
|
CVE-2019-14757 |
۶.۱ |
KaiOS Contacts Application |
XSS |
$۰-$۱k |
۰.۰۰ |
Not Defined |
|
CVE-2019-14756 |
۶.۱ |
KaiOS Email Application |
XSS |
$۰-$۱k |
۰.۴۷ |
Not Defined |
|
CVE-2019-14758 |
۶.۱ |
KaiOS File Manager |
XSS |
$۰-$۱k |
۰.۰۰ |
Not Defined |
|
CVE-2019-14761 |
۴.۴ |
KaiOS Note Application |
XSS |
$۱k-$2k |
۰.۹۵ |
Not Defined |
|
CVE-2019-14759 |
۴.۴ |
KaiOS Radio Application |
XSS |
$۱k-$2k |
۰.۸۵ |
Not Defined |
|
CVE-2019-14760 |
۴.۴ |
KaiOS Recorder Application |
XSS |
$۱k-$2k |
۰.۸۵ |
Not Defined |
|
CVE-2020-10748 |
۳.۵ |
KeyCloak Data Filter |
XSS |
$۰-$۱k |
۰.۰۸ |
Not Defined |
|
CVE-2020-10758 |
۳.۵ |
KeyCloak Flooding |
DoS |
$۰-$۱k |
۰.۱۵ |
|
|
CVE-2020-1694 |
۳.۵ |
KeyCloak NodeJS Adapter |
Information Disclosure |
$۱k-$2k |
۰.۵۴ |
|
|
CVE-2020-25291 |
۷.۸ |
Kingsoft WPS Office GdiDrawHoriLineIAlt qbrush.cpp setMatrix Heap-based |
Memory Corruption |
$۲k-$5k |
۰.۳۱ |
|
|
CVE-2020-24660 |
۹.۸ |
LemonLDAP::NG Access Control |
Privilege Escalation |
$۲k-$5k |
۰.۰۸ |
Not Defined |
|
CVE-2020-8339 |
۴.۳ |
Lenovo IBM BladeCenter Advanced Management Module Web Interface |
XSS |
$۰-$۱k |
۰.۹۳ |
Not Defined |
|
CVE-2020-8346 |
۵.۵ |
Lenovo System Interface Foundation Configuration File |
DoS |
$۰-$۱k |
۰.۶۷ |
|
|
CVE-2020-8342 |
۷.۳ |
Lenovo System Update |
Privilege Escalation |
$۱k-$2k |
۰.۱۷ |
|
|
CVE-2020-8340 |
۶.۳ |
Lenovo System x IMM2 |
XSS |
$۰-$۱k |
۰.۱۶ |
Not Defined |
|
CVE-2020-7807 |
۵.۶ |
LG PC Suite Setup DLL |
Privilege Escalation |
$۲k-$5k |
۰.۰۸ |
Not Defined |
|
CVE-2020-24889 |
۵.۵ |
LibRaw normalize_model.cpp GetNormalizedModel |
Memory Corruption |
$۲k-$5k |
۲.۲۶ |
|
|
CVE-2020-24890 |
۵.۵ |
LibRaw tiff.cpp parse_tiff_ifd NULL Pointer Dereference |
Memory Corruption |
$۲k-$5k |
۰.۳۰ |
Not Defined |
|
CVE-2020-10767 |
۵.۵ |
Linux Kernel Enhanced IBPB |
Privilege Escalation |
$۵k-$10k |
۰.۰۰ |
|
|
CVE-2020-14304 |
۴.۴ |
Linux Kernel Ethernet Driver Kernel Memory |
Information Disclosure |
$۱k-$2k |
۰.۴۹ |
|
|
CVE-2020-14314 |
۵.۵ |
Linux Kernel EXT File System Out-of-Bounds |
DoS |
$۲k-$5k |
۰.۵۸ |
|
|
CVE-2020-25285 |
۷.۰ |
Linux Kernel hugetlb sysctl hugetlb.c NULL Pointer Dereference |
Memory Corruption |
$۵k-$10k |
۰.۳۸ |
|
|
CVE-2020-14386 |
۶.۷ |
Linux Kernel |
Memory Corruption |
$۱۰k-$25k |
۰.۳۸ |
|
|
CVE-2020-10768 |
۵.۵ |
Linux Kernel prctl() |
Privilege Escalation |
$۵k-$10k |
۰.۸۵ |
|
|
CVE-2020-25284 |
۵.۵ |
Linux Kernel rbd Block Device Driver rbd.c |
Privilege Escalation |
$۵k-$10k |
۰.۲۳ |
Not Defined |
|
CVE-2020-10766 |
۵.۵ |
Linux Kernel SSBD |
Privilege Escalation |
$۵k-$10k |
۰.۶۳ |
|
|
CVE-2020-14331 |
۵.۳ |
Linux Kernel Video Out-of-Bounds |
Memory Corruption |
$۵k-$10k |
۰.۷۴ |
Not Defined |
|
CVE-2020-14385 |
۵.۵ |
Linux Kernel XFS File System |
DoS |
$۲k-$5k |
۰.۸۰ |
|
|
CVE-2020-10781 |
۵.۵ |
Linux Kernel ZRAM Kernel Module hot_add Kernel Memory |
DoS |
$۲k-$5k |
۰.۳۸ |
|
|
CVE-2020-7268 |
۴.۳ |
McAfee Email Gateway |
Directory Traversal |
$۵k-$10k |
۰.۱۵ |
|
|
CVE-2020-7293 |
۹.۰ |
McAfee Web Gateway Access Control Password |
Privilege Escalation |
$۱۰k-$25k |
۰.۳۲ |
|
|
CVE-2020-7297 |
۵.۷ |
McAfee Web Gateway Access Control |
Privilege Escalation |
$۱۰k-$25k |
۰.۲۴ |
|
|
CVE-2020-7295 |
۴.۶ |
McAfee Web Gateway Access Control |
Privilege Escalation |
$۱۰k-$25k |
۰.۳۰ |
|
|
CVE-2020-7296 |
۵.۷ |
McAfee Web Gateway Configuration File |
Privilege Escalation |
$۱۰k-$25k |
۰.۱۵ |
|
|
CVE-2020-7294 |
۴.۶ |
McAfee Web Gateway REST Interface |
Privilege Escalation |
$۱۰k-$25k |
۰.۰۸ |
|
|
CVE-2020-25380 |
۵.۴ |
Mike Rooijackers Recall Products admin.php Stored |
XSS |
$۰-$۱k |
۰.۰۸ |
Not Defined |
|
CVE-2020-25379 |
۸.۸ |
Mike Rooijackers Recall Products |
SQL injection |
$۱k-$2k |
۰.۶۳ |
Not Defined |
|
CVE-2020-11881 |
۷.۵ |
MikroTik RouterOS SMB Server Crash |
DoS |
$۰-$۱k |
۰.۱۵ |
Not Defined |
|
CVE-2020-2268 |
۴.۳ |
MongoDB Plugin |
CSRF |
$۰-$۱k |
۰.۷۴ |
Not Defined |
|
CVE-2020-2267 |
۵.۵ |
MongoDB Plugin Permission Check |
Privilege Escalation |
$۲k-$5k |
۰.۹۶ |
Not Defined |
|
CVE-2020-6146 |
۸.۸ |
Nitro Pro File Heap-based |
Memory Corruption |
$۲k-$5k |
۰.۶۹ |
Not Defined |
|
CVE-2020-6112 |
۵.۵ |
Nitro Pro JPEG 2000 File Out-of-Bounds |
Memory Corruption |
$۲k-$5k |
۵.۷۴- |
Not Defined |
|
CVE-2020-6113 |
۵.۵ |
Nitro Pro Object Stream Parser Integer Overflow |
Memory Corruption |
$۲k-$5k |
۵.۲۸- |
Not Defined |
|
CVE-2020-6116 |
۵.۵ |
Nitro Pro Rendering Engine |
Memory Corruption |
$۲k-$5k |
۵.۴۳- |
Not Defined |
|
CVE-2020-6115 |
۵.۵ |
Nitro Pro Table Use-After-Free |
Memory Corruption |
$۲k-$5k |
۵.۰۵- |
Not Defined |
|
CVE-2020-5975 |
۳.۵ |
NVIDIA GeForce Now |
Information Disclosure |
$۱k-$2k |
۳.۴۴ |
|
|
CVE-2020-5976 |
۳.۷ |
NVIDIA GeForce Now Network Test |
Weak Encryption |
$۰-$۱k |
۴.۲۸ |
|
|
CVE-2020-24753 |
۵.۵ |
Objective Systems Objective Open CBOR Run-time Stack-based |
Memory Corruption |
$۲k-$5k |
۳.۰۸- |
|
|
CVE-2020-10715 |
۵.۵ |
openshift Error Page Injection |
Spoofing |
$۱k-$2k |
۰.۰۰ |
Not Defined |
|
CVE-2020-14306 |
۸.۸ |
Openshift service-mesh/istio-rhel8-operator |
Privilege Escalation |
$۲k-$5k |
۰.۲۳ |
Not Defined |
|
CVE-2020-14392 |
۵.۳ |
Perl-DBI dbd_db_login6_sv() Pointer Dereference |
Memory Corruption |
$۱k-$2k |
۰.۱۵ |
|
|
CVE-2020-14393 |
۵.۳ |
Perl-DBI Out-of-Bounds |
Memory Corruption |
$۱k-$2k |
۰.۱۵ |
|
|
CVE-2020-10733 |
۷.۵ |
PostgreSQL Installer |
Privilege Escalation |
$۲k-$5k |
۰.۱۵ |
Not Defined |
|
CVE-2020-15590 |
۳.۷ |
Private Internet Access Kill Switch |
Information Disclosure |
$۱k-$2k |
۰.۳۹ |
|
|
CVE-2020-23833 |
۹.۸ |
projectworlds House Rental index.php |
SQL injection |
$۲k-$5k |
۰.۰۸ |
Not Defined |
|
CVE-2020-0570 |
۵.۳ |
QT Library |
Privilege Escalation |
$۱k-$2k |
۰.۰۸ |
|
|
CVE-2020-13259 |
۵.۳ |
RAD SecFlow-1v os-image Web-based Management Interface |
CSRF |
$۱k-$2k |
۰.۹۲ |
Not Defined |
|
CVE-2020-13260 |
۳.۵ |
RAD SecFlow-1v Web-based Management Interface Stored |
XSS |
$۰-$۱k |
۳.۰۸- |
Not Defined |
|
CVE-2020-10759 |
۷.۱ |
Red Hat Enterprise Linux PGP Signature |
Privilege Escalation |
$۱۰k-$25k |
۰.۰۰ |
Not Defined |
|
CVE-2020-1710 |
۵.۵ |
Red Hat JBoss EAP RFC7230 |
unknown vulnerability |
$۲۵k-$50k |
۰.۱۵ |
Not Defined |
|
CVE-2020-1748 |
۴.۳ |
Red Hat Wildfly Elytron WildFlySecurityManager |
Information Disclosure |
$۵k-$10k |
۰.۰۸ |
|
|
CVE-2020-25727 |
۶.۳ |
Reset Password Add-On |
SQL injection |
$۲k-$5k |
۵.۴۳- |
|
|
CVE-2020-25728 |
۴.۶ |
Reset Password Add-On |
Weak Authentication |
$۱k-$2k |
۴.۵۹- |
|
|
CVE-2020-25744 |
۵.۳ |
SaferVPN Log Symlink |
Privilege Escalation |
$۱k-$2k |
۴.۰۷- |
|
|
CVE-2020-7531 |
۴.۹ |
Schneider Electric SCADAPack 7x Remote Connect Access Control |
Privilege Escalation |
$۲k-$5k |
۰.۰۸ |
Not Defined |
|
CVE-2020-7530 |
۵.۵ |
Schneider Electric SCADAPack 7x Remote Connect |
Privilege Escalation |
$۲k-$5k |
۰.۹۴ |
Not Defined |
|
CVE-2020-7528 |
۵.۵ |
Schneider Electric SCADAPack 7x Remote Connect PRJ File Deserialization |
Privilege Escalation |
$۲k-$5k |
۲.۶۳ |
Not Defined |
|
CVE-2020-7529 |
۵.۵ |
Schneider Electric SCADAPack 7x Remote Connect RCZ File |
Directory Traversal |
$۲k-$5k |
۰.۷۷ |
Not Defined |
|
CVE-2020-7532 |
۵.۵ |
Schneider Electric SCADAPack x70 Security Administrator SDB File Deserialization |
Privilege Escalation |
$۲k-$5k |
۰.۳۷ |
Not Defined |
|
CVE-2020-15179 |
۸.۰ |
ScratchSig Extension Stored |
XSS |
$۰-$۱k |
۰.۷۰ |
|
|
CVE-2020-15183 |
۸.۴ |
SOY CMS Reflected |
XSS |
$۰-$۱k |
۲.۷۷- |
Not Defined |
|
CVE-2020-15182 |
۸.۴ |
SOY CMS SOY Inquiry |
Remote Code Execution |
$۱k-$2k |
۲.۹۲- |
Not Defined |
|
CVE-2020-23451 |
۸.۸ |
Spiceworks users |
CSRF |
$۰-$۱k |
۰.۶۳ |
Not Defined |
|
CVE-2020-25490 |
۶.۳ |
Sqreen PHP Agent Daemon Virtual Machine |
Privilege Escalation |
$۲k-$5k |
۴.۷۴- |
|
|
CVE-2020-25489 |
۶.۳ |
Sqreen PyMiniRacer Heap-based |
Memory Corruption |
$۲k-$5k |
۳.۲۹- |
|
|
CVE-2020-8028 |
۹.۳ |
SuSE Linux Enterprise Module for SUSE Manager Server Salt |
Privilege Escalation |
$۵k-$10k |
۱.۶۹ |
|
|
CVE-2020-25040 |
۵.۵ |
Sylabs Singularity Permission |
Privilege Escalation |
$۲k-$5k |
۰.۹۹ |
Not Defined |
|
CVE-2020-25039 |
۵.۵ |
Sylabs Singularity Permission |
Privilege Escalation |
$۲k-$5k |
۰.۷۶ |
Not Defined |
|
CVE-2020-25540 |
۷.۵ |
ThinkAdmin |
Directory Traversal |
$۲k-$5k |
۰.۲۴ |
Not Defined |
|
CVE-2020-9416 |
۸.۲ |
TIBCO Spotfire Analyst Spotfire Client |
XSS |
$۰-$۱k |
۰.۲۳ |
Not Defined |
|
CVE-2020-11700 |
۵.۵ |
TitanHQ SpamTitan certs-x.php |
Code Execution |
$۲k-$5k |
۶.۹۱- |
Not Defined |
|
CVE-2020-11699 |
۵.۵ |
TitanHQ SpamTitan certs-x.php |
Code Execution |
$۲k-$5k |
۶.۳۰- |
Not Defined |
|
CVE-2020-24045 |
۸.۰ |
TitanHQ SpamTitan ISO |
Privilege Escalation |
$۲k-$5k |
۳.۱۳- |
Not Defined |
|
CVE-2020-11804 |
۵.۵ |
TitanHQ SpamTitan mailqueue.php Code Injection |
Privilege Escalation |
$۲k-$5k |
۴.۸۴- |
Not Defined |
|
CVE-2020-11803 |
۵.۵ |
TitanHQ SpamTitan mailqueue.php eval() PHP |
Privilege Escalation |
$۲k-$5k |
۶.۷۲- |
Not Defined |
|
CVE-2020-24046 |
۴.۶ |
TitanHQ SpamTitan Sandbox passwd |
Privilege Escalation |
$۲k-$5k |
۳.۳۷- |
Not Defined |
|
CVE-2020-11698 |
۶.۳ |
TitanHQ SpamTitan snmp-x.php |
Command Injection |
$۲k-$5k |
۵.۴۶- |
Not Defined |
|
CVE-2020-7733 |
۷.۵ |
ua-parser-js ReDoS |
DoS |
$۰-$۱k |
۰.۵۳ |
|
|
CVE-2020-5629 |
۶.۳ |
UNIQLO App |
Open Redirect |
$۲k-$5k |
۴.۸۱- |
Not Defined |
|
CVE-2020-5628 |
۶.۳ |
UNIQLO App |
Open Redirect |
$۲k-$5k |
۴.۶۱- |
Not Defined |
|
CVE-2020-3980 |
۷.۴ |
VMware Fusion Path |
Privilege Escalation |
$۱۰k-$25k |
۰.۵۴ |
|
|
CVE-2020-3990 |
۳.۵ |
VMware Workstation/Horizon Client Cortado Thinprint Integer Overflow |
Information Disclosure |
$۵k-$10k |
۱.۰۷ |
Official Fix |
|
CVE-2020-3989 |
۳.۵ |
VMware Workstation/Horizon Client Cortado Thinprint Out-of-Bounds |
DoS |
$۵k-$10k |
۰.۸۴ |
|
|
CVE-2020-3988 |
۵.۵ |
VMware Workstation/Horizon Client Cortado Thinprint Out-of-Bounds |
Memory Corruption |
$۱۰k-$25k |
۰.۸۴ |
|
|
CVE-2020-3987 |
۵.۵ |
VMware Workstation/Horizon Client Cortado Thinprint Out-of-Bounds |
Memory Corruption |
$۱۰k-$25k |
۰.۸۴ |
|
|
CVE-2020-3986 |
۵.۵ |
VMware Workstation/Horizon Client Cortado Thinprint Out-of-Bounds |
Memory Corruption |
$۱۰k-$25k |
۰.۷۶ |
|
|
CVE-2020-10229 |
۸.۸ |
vtecrm vtenext |
CSRF |
$۰-$۱k |
۰.۰۸ |
|
|
CVE-2020-10227 |
۶.۱ |
vtecrm vtenext Email |
XSS |
$۰-$۱k |
۰.۶۶ |
Not Defined |
|
CVE-2020-10228 |
۸.۸ |
vtecrm vtenext File Upload |
Remote Code Execution |
$۲k-$5k |
۰.۰۰ |
Not Defined |
|
CVE-2020-25734 |
۳.۵ |
webTareas Directory |
Information Disclosure |
$۱k-$2k |
۳.۰۰- |
Not Defined |
|
CVE-2020-25735 |
۳.۵ |
webTareas editclient.php |
XSS |
$۰-$۱k |
۳.۰۸- |
Not Defined |
|
CVE-2020-25733 |
۵.۵ |
webTareas File Upload |
Privilege Escalation |
$۲k-$5k |
۲.۷۷- |
Not Defined |
|
CVE-2020-25286 |
۵.۳ |
WordPress comment-template.php |
Information Disclosure |
$۵k-$10k |
۰.۳۸ |
|
|
CVE-2020-25378 |
۶.۱ |
WP AccessPress Themes WP Floating Menu |
XSS |
$۰-$۱k |
۰.۰۸ |
Not Defined |
|
CVE-2020-14362 |
۷.۸ |
X.org X11 Server Integer Underflow |
Memory Corruption |
$۱k-$2k |
۰.۰۰ |
|
|
CVE-2020-14361 |
۷.۸ |
X.org X11 Server Integer Underflow |
Memory Corruption |
$۱k-$2k |
۰.۳۴ |
|
|
CVE-2020-14346 |
۷.۸ |
X.org X11 Server X Input Extension Protocol Decoder Integer Underflow |
Memory Corruption |
$۱k-$2k |
۰.۰۰ |
|
|
CVE-2020-14345 |
۵.۳ |
X.org X11 Server XkbSetNames Out-of-Bounds |
Memory Corruption |
$۱k-$2k |
۰.۴۷ |
|
|
CVE-2020-14338 |
۵.۵ |
Xerces JBoss JAXP XMLSchemaValidator |
Privilege Escalation |
$۲k-$5k |
۲.۴۶- |
|
|
CVE-2020-15148 |
۸.۹ |
Yii unserialize() |
Remote Code Execution |
$۲k-$5k |
۰.۶۹ |
|
|
CVE-2020-25215 |
۵.۵ |
yWorks yEd Desktop XML Data |
XML External Entity |
$۲k-$5k |
۳.۱۶- |
|
|
CVE-2020-25216 |
۵.۵ |
yWorks yEd Desktop XSL |
Code Execution |
$۲k-$5k |
۳.۳۷- |
سطح خطر حدود ۱۸% آسیبپذیریهای هفته، «پرخطر» و «حیاتی» برآورد شده است که قابل توجّه است.
ارزش روز صفرم ۶۸% آسیبپذیریهای هفته بیش از ۲۰۰۰ دلار بوده است.
خوشبختانه برای ۷۱% آسیبپذیریهای هفته، بهروزرسانیها و یا وصلههایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده ازآسیبپذیریها بهتر است سریعاً اعمال شوند.
همچنین با ۹۱ مورد، اکثر آسیبپذیریهای هفته (۲۵%) از نوع «ارتقا امتیاز» بودند.
