آسیبپذیریهای حیاتی هفته دوم آبانماه
این هفته آسیبپذیریهای «حیاتی» و «پرخطر» بسیاری در محصولات مهم Apple و Google گزارش و وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شد. همچنین در محصولات شرکتهای IBM، HPE، NVIDIA، Qualcomm وWordPress چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت.
لیست این آسیبپذیریها به همراه لینک وصلهها و بهروزرسانیهای ارائهشده در جدول زیر آمده است.
|
شناسه آسیبپذیری |
امتیاز مبنا |
عنوان آسیبپذیری |
ارزش روز صفر |
CTI |
رفع آسیبپذیری |
|
CVE-2020-10256 |
۹.۸ |
۱Password command-line tool/SCIM Bridge prng seed |
$۰-$۱k |
۰.۰۵ |
|
|
CVE-2020-25646 |
۷.۵ |
Ansible Community Private Key openssl_privatekey_info log file |
$۱k-$2k |
۱.۱۹ |
Not Defined |
|
CVE-2020-18766 |
۹.۶ |
AntSword System Command cross site scripting |
$۰-$۱k |
۰.۰۴ |
Not Defined |
|
CVE-2020-25470 |
۶.۱ |
AntSword View Site cross site scripting |
$۰-$۱k |
۰.۰۷ |
Not Defined |
|
CVE-2019-8848 |
۷.۸ |
Apple iCloud Application access control |
$۵k-$10k |
۰.۶۲ |
|
|
CVE-2019-8834 |
۴.۳ |
Apple iCloud HSTS Preload access control |
$۱۰k-$25k |
۰.۰۹ |
|
|
CVE-2019-8825 |
۸.۸ |
Apple iCloud State Management memory corruption |
$۱۰k-$25k |
۰.۰۷ |
|
|
CVE-2019-8844 |
۸.۸ |
Apple iCloud Web Contents memory corruption |
$۱۰k-$25k |
۰.۰۶ |
|
|
CVE-2019-8835 |
۸.۸ |
Apple iCloud Web Contents memory corruption |
$۱۰k-$25k |
۰.۰۷ |
|
|
CVE-2019-8846 |
۸.۸ |
Apple iCloud Web Contents use after free |
$۱۰k-$25k |
۰.۵۷ |
|
|
CVE-2019-8825 |
۸.۸ |
Apple iOS State Management memory corruption |
$۵۰k-$100k |
۰.۰۷ |
|
|
CVE-2019-8841 |
۷.۸ |
Apple iOS/iPadOS access control |
$۵۰k-$100k |
۰.۶۱ |
|
|
CVE-2019-8856 |
۳.۳ |
Apple iOS/iPadOS API state issue |
$۰-$۱k |
۰.۷۸ |
|
|
CVE-2019-8848 |
۷.۸ |
Apple iOS/iPadOS Application access control |
$۲۵k-$50k |
۰.۶۷ |
|
|
CVE-2019-8838 |
۷.۸ |
Apple iOS/iPadOS Application memory corruption |
$۵۰k-$100k |
۰.۰۷ |
|
|
CVE-2019-8836 |
۷.۸ |
Apple iOS/iPadOS Application memory corruption |
$۵۰k-$100k |
۰.۰۵ |
|
|
CVE-2019-8833 |
۷.۸ |
Apple iOS/iPadOS Application memory corruption |
$۵۰k-$100k |
۰.۰۵ |
|
|
CVE-2019-8832 |
۷.۸ |
Apple iOS/iPadOS Application memory corruption |
$۵۰k-$100k |
۰.۰۰ |
|
|
CVE-2019-8829 |
۷.۸ |
Apple iOS/iPadOS Application memory corruption |
$۵۰k-$100k |
۰.۱۴ |
|
|
CVE-2019-8828 |
۷.۸ |
Apple iOS/iPadOS Application memory corruption |
$۵۰k-$100k |
۰.۴۰ |
|
|
CVE-2019-8850 |
۵.۵ |
Apple iOS/iPadOS Audio File out-of-bounds read |
$۲۵k-$50k |
۰.۷۲ |
|
|
CVE-2019-8830 |
۸.۸ |
Apple iOS/iPadOS FaceTime out-of-bounds read |
$۲۵k-$50k |
۰.۰۵ |
|
|
CVE-2019-8834 |
۴.۳ |
Apple iOS/iPadOS HSTS Preload access control |
$۵۰k-$100k |
۰.۲۰ |
|
|
CVE-2020-3880 |
۷.۸ |
Apple iOS/iPadOS Image out-of-bounds read |
$۲۵k-$50k |
۰.۲۵ |
|
|
CVE-2019-8809 |
۳.۳ |
Apple iOS/iPadOS information disclosure |
$۱۰k-$25k |
۰.۱۳ |
|
|
CVE-2019-8857 |
۳.۵ |
Apple iOS/iPadOS Live Photo information disclosure |
$۱۰k-$25k |
۰.۷۱ |
|
|
CVE-2019-8831 |
۷.۸ |
Apple iOS/iPadOS memory corruption |
$۵۰k-$100k |
۰.۰۹ |
|
|
CVE-2019-8901 |
۶.۵ |
Apple iOS/iPadOS SSH information disclosure |
$۲۵k-$50k |
۰.۳۲ |
|
|
CVE-2019-8898 |
۴.۳ |
Apple iOS/iPadOS Storage Access API information disclosure |
$۲۵k-$50k |
۰.۰۷ |
|
|
CVE-2020-9932 |
۶.۳ |
Apple iOS/iPadOS Web Contents memory corruption |
$۱۰۰k and more |
۱.۷۲ |
|
|
CVE-2019-8844 |
۸.۸ |
Apple iOS/iPadOS Web Contents memory corruption |
$۱۰۰k and more |
۰.۶۶ |
|
|
CVE-2019-8835 |
۸.۸ |
Apple iOS/iPadOS Web Contents memory corruption |
$۱۰۰k and more |
۰.۰۷ |
|
|
CVE-2019-8846 |
۸.۸ |
Apple iOS/iPadOS Web Contents use after free |
$۱۰۰k and more |
۰.۱۳ |
|
|
CVE-2019-8848 |
۷.۸ |
Apple iTunes Application access control |
$۵k-$10k |
۰.۶۶ |
|
|
CVE-2019-8834 |
۴.۳ |
Apple iTunes HSTS Preload access control |
$۱۰k-$25k |
۰.۰۹ |
|
|
CVE-2019-8825 |
۸.۸ |
Apple iTunes State Management memory corruption |
$۱۰k-$25k |
۰.۰۴ |
|
|
CVE-2019-8898 |
۴.۳ |
Apple iTunes Storage Access API information disclosure |
$۵k-$10k |
۰.۰۴ |
|
|
CVE-2019-8844 |
۸.۸ |
Apple iTunes Web Contents memory corruption |
$۱۰k-$25k |
۰.۰۰ |
|
|
CVE-2019-8835 |
۸.۸ |
Apple iTunes Web Contents memory corruption |
$۱۰k-$25k |
۰.۲۸ |
|
|
CVE-2019-8846 |
۸.۸ |
Apple iTunes Web Contents use after free |
$۱۰k-$25k |
۰.۷۴ |
|
|
CVE-2019-8837 |
۷.۸ |
Apple macOS access control |
$۵k-$10k |
۰.۴۷ |
|
|
CVE-2019-8856 |
۳.۳ |
Apple macOS API state issue |
$۰-$۱k |
۰.۷۲ |
|
|
CVE-2020-9786 |
۳.۳ |
Apple macOS Application access control |
$۵k-$10k |
۰.۲۸ |
|
|
CVE-2019-8848 |
۷.۸ |
Apple macOS Application access control |
$۵k-$10k |
۰.۳۹ |
|
|
CVE-2020-3863 |
۷.۸ |
Apple macOS Application memory corruption |
$۱۰k-$25k |
۰.۱۳ |
|
|
CVE-2019-8852 |
۷.۸ |
Apple macOS Application memory corruption |
$۱۰k-$25k |
۰.۶۳ |
|
|
CVE-2019-8847 |
۷.۸ |
Apple macOS Application memory corruption |
$۱۰k-$25k |
۱.۱۰ |
|
|
CVE-2019-8838 |
۷.۸ |
Apple macOS Application memory corruption |
$۱۰k-$25k |
۰.۶۵ |
|
|
CVE-2019-8833 |
۷.۸ |
Apple macOS Application memory corruption |
$۱۰k-$25k |
۰.۰۴ |
|
|
CVE-2019-8832 |
۷.۸ |
Apple macOS Application memory corruption |
$۱۰k-$25k |
۰.۲۰ |
|
|
CVE-2019-8829 |
۷.۸ |
Apple macOS Application memory corruption |
$۱۰k-$25k |
۰.۰۹ |
|
|
CVE-2019-8828 |
۷.۸ |
Apple macOS Application memory corruption |
$۱۰k-$25k |
۰.۲۸ |
|
|
CVE-2019-8850 |
۵.۵ |
Apple macOS Audio File out-of-bounds read |
$۵k-$10k |
۱.۱۴ |
|
|
CVE-2019-8830 |
۸.۸ |
Apple macOS FaceTime out-of-bounds read |
$۵k-$10k |
۰.۰۰ |
|
|
CVE-2019-8834 |
۴.۳ |
Apple macOS HSTS Preload access control |
$۱۰k-$25k |
۰.۰۵ |
|
|
CVE-2020-3880 |
۷.۸ |
Apple macOS Image out-of-bounds read |
$۵k-$10k |
۰.۰۴ |
|
|
CVE-2019-8809 |
۳.۳ |
Apple macOS information disclosure |
$۲k-$5k |
۰.۱۳ |
|
|
CVE-2019-8854 |
۷.۵ |
Apple macOS MAC Address information disclosure |
$۵k-$10k |
۰.۴۶ |
|
|
CVE-2019-8831 |
۷.۸ |
Apple macOS memory corruption |
$۱۰k-$25k |
۰.۰۹ |
|
|
CVE-2020-9782 |
۵.۴ |
Apple macOS Path Validation unknown vulnerability |
$۱۰k-$25k |
۰.۴۲ |
|
|
CVE-2019-8842 |
۳.۳ |
Apple macOS Print Job buffer overflow |
$۱۰k-$25k |
۰.۰۴ |
|
|
CVE-2019-8839 |
۵.۵ |
Apple macOS Privileges denial of service |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2019-8855 |
۶.۳ |
Apple macOS Restrictions sandbox |
$۵k-$10k |
۰.۷۰ |
|
|
CVE-2020-9774 |
۷.۵ |
Apple macOS Siri Suggestion access control |
$۵k-$10k |
۰.۰۴ |
|
|
CVE-2019-8851 |
۴.۳ |
Apple macOS State Management improper authentication |
$۱k-$2k |
۰.۶۶ |
|
|
CVE-2019-8824 |
۷.۸ |
Apple macOS State Management memory corruption |
$۱۰k-$25k |
۰.۰۵ |
|
|
CVE-2019-8826 |
۸.۸ |
Apple macOS State Management memory corruption |
$۱۰k-$25k |
۰.۰۴ |
|
|
CVE-2019-8825 |
۸.۸ |
Apple macOS State Management memory corruption |
$۱۰k-$25k |
۰.۰۵ |
|
|
CVE-2019-8858 |
۳.۱ |
Apple macOS State Management state issue |
$۵k-$10k |
۰.۲۳ |
|
|
CVE-2020-9982 |
۵.۵ |
Apple Music Application information disclosure |
$۲k-$5k |
۰.۶۷ |
|
|
CVE-2020-9860 |
۵.۴ |
Apple Safari Javascript input validation |
$۲۵k-$50k |
۰.۱۸ |
|
|
CVE-2019-8898 |
۴.۳ |
Apple Safari Storage Access API information disclosure |
$۱۰k-$25k |
۰.۶۱ |
|
|
CVE-2020-9932 |
۶.۳ |
Apple Safari Web Contents memory corruption |
$۲۵k-$50k |
۰.۰۴ |
|
|
CVE-2019-8844 |
۸.۸ |
Apple Safari Web Contents memory corruption |
$۲۵k-$50k |
۰.۹۸ |
|
|
CVE-2019-8835 |
۸.۸ |
Apple Safari Web Contents memory corruption |
$۲۵k-$50k |
۰.۰۷ |
|
|
CVE-2019-8846 |
۸.۸ |
Apple Safari Web Contents use after free |
$۲۵k-$50k |
۰.۶۲ |
|
|
CVE-2019-8848 |
۷.۸ |
Apple tvOS Application access control |
$۲k-$5k |
۰.۸۵ |
|
|
CVE-2019-8838 |
۷.۸ |
Apple tvOS Application memory corruption |
$۵k-$10k |
۰.۰۰ |
|
|
CVE-2019-8836 |
۷.۸ |
Apple tvOS Application memory corruption |
$۵k-$10k |
۰.۵۱ |
|
|
CVE-2019-8833 |
۷.۸ |
Apple tvOS Application memory corruption |
$۵k-$10k |
۰.۰۷ |
|
|
CVE-2019-8832 |
۷.۸ |
Apple tvOS Application memory corruption |
$۵k-$10k |
۰.۱۴ |
|
|
CVE-2019-8829 |
۷.۸ |
Apple tvOS Application memory corruption |
$۵k-$10k |
۰.۱۴ |
|
|
CVE-2019-8828 |
۷.۸ |
Apple tvOS Application memory corruption |
$۵k-$10k |
۰.۰۵ |
|
|
CVE-2019-8850 |
۵.۵ |
Apple tvOS Audio File out-of-bounds read |
$۲k-$5k |
۱.۲۰ |
|
|
CVE-2019-8830 |
۸.۸ |
Apple tvOS FaceTime out-of-bounds read |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2019-8834 |
۴.۳ |
Apple tvOS HSTS Preload access control |
$۵k-$10k |
۰.۱۵ |
|
|
CVE-2020-3880 |
۷.۸ |
Apple tvOS Image out-of-bounds read |
$۲k-$5k |
۰.۰۴ |
|
|
CVE-2019-8809 |
۳.۳ |
Apple tvOS information disclosure |
$۱k-$2k |
۰.۱۴ |
|
|
CVE-2019-8854 |
۷.۵ |
Apple tvOS MAC Address information disclosure |
$۲k-$5k |
۰.۷۴ |
|
|
CVE-2019-8831 |
۷.۸ |
Apple tvOS memory corruption |
$۵k-$10k |
۰.۰۹ |
|
|
CVE-2019-8799 |
۲.۴ |
Apple tvOS random values |
$۰-$۱k |
۰.۰۴ |
|
|
CVE-2019-8898 |
۴.۳ |
Apple tvOS Storage Access API information disclosure |
$۲k-$5k |
۱.۰۸ |
|
|
CVE-2020-9932 |
۶.۳ |
Apple tvOS Web Contents memory corruption |
$۵k-$10k |
۰.۰۹ |
|
|
CVE-2019-8844 |
۸.۸ |
Apple tvOS Web Contents memory corruption |
$۵k-$10k |
۰.۶۶ |
|
|
CVE-2019-8835 |
۸.۸ |
Apple tvOS Web Contents memory corruption |
$۵k-$10k |
۰.۱۳ |
|
|
CVE-2019-8846 |
۸.۸ |
Apple tvOS Web Contents use after free |
$۵k-$10k |
۰.۷۸ |
|
|
CVE-2019-8856 |
۳.۳ |
Apple watchOS API state issue |
$۰-$۱k |
۰.۴۱ |
|
|
CVE-2019-8848 |
۷.۸ |
Apple watchOS Application access control |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2019-8838 |
۷.۸ |
Apple watchOS Application memory corruption |
$۵k-$10k |
۰.۰۶ |
|
|
CVE-2019-8836 |
۷.۸ |
Apple watchOS Application memory corruption |
$۵k-$10k |
۰.۰۷ |
|
|
CVE-2019-8833 |
۷.۸ |
Apple watchOS Application memory corruption |
$۵k-$10k |
۰.۰۰ |
|
|
CVE-2019-8832 |
۷.۸ |
Apple watchOS Application memory corruption |
$۵k-$10k |
۰.۰۰ |
|
|
CVE-2019-8829 |
۷.۸ |
Apple watchOS Application memory corruption |
$۵k-$10k |
۰.۰۹ |
|
|
CVE-2019-8828 |
۷.۸ |
Apple watchOS Application memory corruption |
$۵k-$10k |
۰.۰۵ |
|
|
CVE-2019-8850 |
۵.۵ |
Apple watchOS Audio File out-of-bounds read |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2019-8830 |
۸.۸ |
Apple watchOS FaceTime out-of-bounds read |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2019-8834 |
۴.۳ |
Apple watchOS HSTS Preload access control |
$۵k-$10k |
۰.۰۰ |
|
|
CVE-2020-3880 |
۷.۸ |
Apple watchOS Image out-of-bounds read |
$۲k-$5k |
۰.۲۳ |
|
|
CVE-2019-8809 |
۳.۳ |
Apple watchOS information disclosure |
$۱k-$2k |
۰.۳۱ |
|
|
CVE-2019-8854 |
۷.۵ |
Apple watchOS MAC Address information disclosure |
$۲k-$5k |
۰.۴۱ |
|
|
CVE-2019-8831 |
۷.۸ |
Apple watchOS memory corruption |
$۵k-$10k |
۰.۰۰ |
|
|
CVE-2019-8799 |
۲.۴ |
Apple watchOS random values |
$۰-$۱k |
۰.۱۳ |
|
|
CVE-2019-8844 |
۸.۸ |
Apple watchOS Web Contents memory corruption |
$۵k-$10k |
۰.۹۸ |
|
|
CVE-2019-8840 |
۵.۰ |
Apple Xcode out-of-bounds read |
$۵k-$10k |
۰.۰۰ |
|
|
CVE-2020-13100 |
۴.۳ |
Arista CloudVision eXchange Server ControllerOob Agent denial of service |
$۰-$۱k |
۰.۰۳ |
|
|
CVE-2020-15897 |
۶.۳ |
Arista EOS IS-IS Router unknown vulnerability |
$۲k-$5k |
۰.۰۴ |
|
|
CVE-2020-7124 |
۹.۸ |
Aruba AirWave access control |
$۲k-$5k |
۰.۰۷ |
|
|
CVE-2020-7125 |
۸.۸ |
Aruba AirWave Privileges insufficient privileges |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2020-7126 |
۵.۸ |
Aruba AirWave server-side request forgery |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2020-7127 |
۹.۸ |
Aruba AirWave Software unknown vulnerability |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2020-24632 |
۷.۲ |
Aruba AirWave unknown vulnerability |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2020-24631 |
۷.۲ |
Aruba AirWave unknown vulnerability |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2020-15276 |
۷.۷ |
baserCMS Blog Comment cross site scripting |
$۰-$۱k |
۰.۲۲ |
|
|
CVE-2020-15273 |
۷.۳ |
baserCMS Edit Feed Settings cross site scripting |
$۰-$۱k |
۰.۲۲ |
|
|
CVE-2020-15277 |
۷.۲ |
baserCMS Edit Template unrestricted upload |
$۱k-$2k |
۰.۲۲ |
|
|
CVE-2020-15238 |
۷.۱ |
Blueman D-Bus Interface argument injection |
$۲k-$5k |
۰.۰۹ |
|
|
CVE-2020-6022 |
۵.۵ |
Check Point ZoneAlarm Anti-Ransomware permission |
$۱k-$2k |
۰.۰۵ |
|
|
CVE-2020-6023 |
۷.۸ |
Check Point ZoneAlarm Anti-Ransomware untrusted search path |
$۱k-$2k |
۰.۰۰ |
|
|
CVE-2020-27740 |
۵.۳ |
Citadel WebCit information disclosure |
$۱k-$2k |
۰.۲۱ |
Not Defined |
|
CVE-2020-27742 |
۴.۳ |
Citadel WebCit Object Reference msg_confirm_move authorization |
$۲k-$5k |
۰.۱۷ |
Not Defined |
|
CVE-2020-27741 |
۳.۵ |
Citadel WebCit Parameter cross site scripting |
$۰-$۱k |
۰.۲۱ |
Not Defined |
|
CVE-2020-27739 |
۷.۳ |
Citadel WebCit user session |
$۲k-$5k |
۰.۲۶ |
Not Defined |
|
CVE-2020-7755 |
۷.۵ |
dat.gui RGB/RGBA incorrect regex |
$۲k-$5k |
۰.۱۸ |
Not Defined |
|
CVE-2020-27708 |
۸.۸ |
Electronic Arts Origin Client access control |
$۲k-$5k |
۲.۰۷ |
Not Defined |
|
CVE-2020-15914 |
۴.۳ |
Electronic Arts Origin Client Javascript cross site scripting |
$۰-$۱k |
۲.۳۳ |
Not Defined |
|
CVE-2020-27887 |
۵.۵ |
EyesOfNetwork AutoDiscovery Module autodiscovery.php os command injection |
$۱k-$2k |
۱.۳۴ |
Not Defined |
|
CVE-2020-27886 |
۶.۳ |
EyesOfNetwork eonweb Web Interface functions.php username_available sql injection |
$۱k-$2k |
۱.۱۹ |
Not Defined |
|
CVE-2020-5937 |
۳.۵ |
F5 BIG-IP AFM Traffic Management Microkernel denial of service |
$۲k-$5k |
۴.۱۹- |
|
|
CVE-2020-5934 |
۳.۵ |
F5 BIG-IP APM SLO URL denial of service |
$۲k-$5k |
۳.۰۷- |
|
|
CVE-2020-5932 |
۳.۵ |
F5 BIG-IP ASM Configuration Utility cross site scripting |
$۲k-$5k |
۳.۳۷- |
|
|
CVE-2020-5933 |
۳.۵ |
F5 BIG-IP HTTP Compression resource consumption |
$۲k-$5k |
۳.۳۰- |
|
|
CVE-2020-5938 |
۳.۷ |
F5 BIG-IP IPSec Tunnel inadequate encryption |
$۵k-$10k |
۵.۰۲- |
|
|
CVE-2020-5936 |
۵.۳ |
F5 BIG-IP LTM Traffic Management Microkernel resource consumption |
$۰-$۱k |
۳.۶۷- |
|
|
CVE-2020-5935 |
۳.۵ |
F5 BIG-IP MQTT Traffic denial of service |
$۲k-$5k |
۳.۳۰- |
|
|
CVE-2020-5931 |
۳.۵ |
F5 BIG-IP OneConnect Profile resource consumption |
$۲k-$5k |
۳.۵۲- |
|
|
CVE-2020-1915 |
۷.۵ |
Facebook Hermes Javascript Interpreter out-of-bounds read |
$۲k-$5k |
۰.۰۴ |
|
|
CVE-2020-25034 |
۶.۵ |
FireEye eMPS sort_by sql injection |
$۱k-$2k |
۰.۰۵ |
|
|
CVE-2020-14425 |
۶.۳ |
Foxit Reader Javascript API app.opencPDFWebPage access control |
$۲k-$5k |
۲.۲۸ |
|
|
CVE-2020-15272 |
۹.۶ |
git-tag-annotation-action Environment Variable os command injection |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2020-15974 |
۶.۳ |
Google Blink integer overflow |
$۱۰k-$25k |
۱.۶۷ |
|
|
CVE-2020-16005 |
۶.۳ |
Google Chrome ANGLE heap-based buffer overflow |
$۵۰k-$100k |
۱.۵۸+ |
|
|
CVE-2020-15972 |
۶.۳ |
Google Chrome Audio use after free |
$۵۰k-$100k |
۱.۵۲ |
Official Fix |
|
CVE-2020-15990 |
۶.۳ |
Google Chrome Autofill use after free |
$۵۰k-$100k |
۱.۳۰+ |
Official Fix |
|
CVE-2020-15968 |
۶.۳ |
Google Chrome Blink use after free |
$۵۰k-$100k |
۱.۴۶ |
Official Fix |
|
CVE-2020-15985 |
۶.۳ |
Google Chrome clickjacking |
$۵۰k-$100k |
۱.۲۵+ |
Official Fix |
|
CVE-2020-15977 |
۴.۳ |
Google Chrome Dialog Validation information disclosure |
$۲۵k-$50k |
۱.۶۸ |
Official Fix |
|
CVE-2020-15988 |
۶.۳ |
Google Chrome Download access control |
$۵۰k-$100k |
۱.۲۴+ |
Official Fix |
|
CVE-2020-15976 |
۶.۳ |
Google Chrome HTML use after free |
$۵۰k-$100k |
۱.۶۳ |
Official Fix |
|
CVE-2020-15982 |
۴.۳ |
Google Chrome information disclosure |
$۲۵k-$50k |
۱.۵۲ |
Official Fix |
|
CVE-2020-16007 |
۵.۳ |
Google Chrome Installer access control |
$۲۵k-$50k |
۱.۷۵+ |
Official Fix |
|
CVE-2020-15980 |
۵.۳ |
Google Chrome Intents unknown vulnerability |
$۲۵k-$50k |
۲.۳۸ |
Official Fix |
|
CVE-2020-15986 |
۶.۳ |
Google Chrome Media integer overflow |
$۵۰k-$100k |
۱.۱۳+ |
Official Fix |
|
CVE-2020-15997 |
۶.۳ |
Google Chrome Mojo use after free |
$۵۰k-$100k |
۱.۳۵+ |
Official Fix |
|
CVE-2020-15978 |
۶.۳ |
Google Chrome Navigation unknown vulnerability |
$۵۰k-$100k |
۱.۶۸ |
Official Fix |
|
CVE-2020-6557 |
۴.۳ |
Google Chrome Networking clickjacking |
$۵۰k-$100k |
۱.۶۹+ |
Official Fix |
|
CVE-2020-15970 |
۷.۳ |
Google Chrome NFC use after free |
$۵۰k-$100k |
۲.۷۶ |
Official Fix |
|
CVE-2020-15984 |
۶.۳ |
Google Chrome Omnibox clickjacking |
$۵۰k-$100k |
۱.۱۴+ |
Official Fix |
|
CVE-2020-15981 |
۴.۳ |
Google Chrome out-of-bounds read |
$۲۵k-$50k |
۱.۳۵ |
Official Fix |
|
CVE-2020-15991 |
۶.۳ |
Google Chrome Password Manager use after free |
$۵۰k-$100k |
۱.۱۴+ |
Official Fix |
|
CVE-2020-15996 |
۶.۳ |
Google Chrome Passwords use after free |
$۵۰k-$100k |
۱.۲۵+ |
Official Fix |
|
CVE-2020-15967 |
۶.۳ |
Google Chrome Payments use after free |
$۵۰k-$100k |
۱.۴۶ |
Official Fix |
|
CVE-2020-15989 |
۴.۳ |
Google Chrome PDFium uninitialized pointer |
$۲۵k-$50k |
۱.۲۴+ |
Official Fix |
|
CVE-2020-15993 |
۶.۳ |
Google Chrome Printing use after free |
$۵۰k-$100k |
۱.۴۱+ |
Official Fix |
|
CVE-2020-15998 |
۶.۳ |
Google Chrome Renderer Process use after free |
$۵۰k-$100k |
۱.۵۲+ |
Official Fix |
|
CVE-2020-15971 |
۶.۳ |
Google Chrome Renderer Process use after free |
$۵۰k-$100k |
۱.۴۶ |
Official Fix |
|
CVE-2020-15973 |
۴.۳ |
Google Chrome Same Origin Policy unknown vulnerability |
$۵۰k-$100k |
۱.۵۷ |
Official Fix |
|
CVE-2020-15992 |
۶.۳ |
Google Chrome Same Origin Policy unknown vulnerability |
$۵۰k-$100k |
۱.۱۹+ |
|
|
CVE-2020-15975 |
۶.۳ |
Google Chrome SwiftShader integer overflow |
$۵۰k-$100k |
۱.۴۱ |
|
|
CVE-2020-16011 |
۶.۳ |
Google Chrome UI buffer overflow |
$۵۰k-$100k |
۱.۸۶+ |
|
|
CVE-2020-16010 |
۶.۳ |
Google Chrome UI buffer overflow |
$۵۰k-$100k |
۱.۶۹+ |
|
|
CVE-2020-16004 |
۶.۳ |
Google Chrome User Interface use after free |
$۵۰k-$100k |
۱.۶۹+ |
|
|
CVE-2020-16009 |
۶.۳ |
Google Chrome v8 heap-based buffer overflow |
$۵۰k-$100k |
۱.۸۰+ |
|
|
CVE-2020-16006 |
۶.۳ |
Google Chrome v8 heap-based buffer overflow |
$۵۰k-$100k |
۱.۵۳+ |
|
|
CVE-2020-15979 |
۶.۳ |
Google Chrome v8 heap-based buffer overflow |
$۵۰k-$100k |
۲.۸۲ |
Official Fix |
|
CVE-2020-15995 |
۶.۳ |
Google Chrome v8 out-of-bounds write |
$۵۰k-$100k |
۱.۳۵+ |
Official Fix |
|
CVE-2020-15994 |
۶.۳ |
Google Chrome v8 use after free |
$۵۰k-$100k |
۱.۴۶+ |
Official Fix |
|
CVE-2020-16008 |
۶.۳ |
Google Chrome WebRTC buffer overflow |
$۵۰k-$100k |
۱.۵۸+ |
Official Fix |
|
CVE-2020-15987 |
۶.۳ |
Google Chrome WebRTC Stream use after free |
$۵۰k-$100k |
۱.۰۳+ |
Official Fix |
|
CVE-2020-15969 |
۶.۳ |
Google Chrome WebRTC use after free |
$۵۰k-$100k |
۱.۵۲ |
Official Fix |
|
CVE-2020-15983 |
۴.۸ |
Google Chrome webUI improper restriction of rendered ui layers |
$۲۵k-$50k |
۱.۴۶+ |
Official Fix |
|
CVE-2020-24712 |
۵.۴ |
Gophish Account Settings Page cross site scripting |
$۰-$۱k |
۰.۳۰ |
|
|
CVE-2020-24711 |
۶.۵ |
Gophish Account Settings Page denial of service |
$۰-$۱k |
۰.۲۱ |
|
|
CVE-2020-24713 |
۷.۵ |
Gophish Cookie session expiration |
$۱k-$2k |
۰.۲۶ |
Not Defined |
|
CVE-2020-24707 |
۷.۸ |
Gophish CSV unknown vulnerability |
$۲k-$5k |
۰.۳۹ |
|
|
CVE-2020-24709 |
۵.۴ |
Gophish Landing Page/Email Template cross site scripting |
$۰-$۱k |
۰.۳۹ |
Not Defined |
|
CVE-2020-24708 |
۵.۴ |
Gophish Send Profile Form cross site scripting |
$۰-$۱k |
۰.۳۰ |
|
|
CVE-2020-24710 |
۵.۳ |
Gophish server-side request forgery |
$۱k-$2k |
۰.۳۴ |
|
|
CVE-2020-7196 |
۹.۸ |
HPE BlueData EPIC Software Platform Kerberos Password information disclosure |
$۵k-$10k |
۰.۰۵ |
|
|
CVE-2020-7197 |
۱۰.۰ |
HPE StoreServ Management Console improper authentication |
$۱۰k-$25k |
۰.۰۹ |
|
|
CVE-2020-4724 |
۷.۸ |
IBM i2 Analyst Notebook memory corruption |
$۱۰k-$25k |
۳.۸۱- |
|
|
CVE-2020-4723 |
۷.۸ |
IBM i2 Analyst Notebook memory corruption |
$۱۰k-$25k |
۳.۲۹ |
|
|
CVE-2020-4722 |
۷.۸ |
IBM i2 Analyst Notebook memory corruption |
$۱۰k-$25k |
۱.۱۲ |
|
|
CVE-2020-4721 |
۷.۸ |
IBM i2 Analyst Notebook Memory memory corruption |
$۱۰k-$25k |
۱.۱۹ |
|
|
CVE-2020-4584 |
۷.۵ |
IBM i2 iBase information exposure |
$۵k-$10k |
۰.۲۲ |
|
|
CVE-2020-4588 |
۷.۸ |
IBM i2 iBase unrestricted upload |
$۱۰k-$25k |
۰.۱۶ |
|
|
CVE-2020-4864 |
۴.۳ |
IBM Resilient SOAR unknown vulnerability |
$۱۰k-$25k |
۲.۸۴- |
|
|
CVE-2019-4563 |
۵.۳ |
IBM Security Directory Server Authorization Token missing secure attribute |
$۵k-$10k |
۱.۱۹ |
|
|
CVE-2019-4547 |
۵.۳ |
IBM Security Directory Server information exposure |
$۵k-$10k |
۱.۱۹ |
|
|
CVE-2020-4767 |
۷.۵ |
IBM Sterling Connect Direct buffer overflow |
$۱۰k-$25k |
۰.۱۷ |
|
|
CVE-2020-4782 |
۶.۵ |
IBM WebSphere Application Server path traversal |
$۱۰k-$25k |
۱.۱۶ |
|
|
CVE-2020-27678 |
۹.۸ |
illumos pam_framework.c parse_user_name buffer overflow |
$۲k-$5k |
۰.۰۳ |
Not Defined |
|
CVE-2020-27187 |
۷.۸ |
KDE Partition Manager fstab kpmcore_externalcommand access control |
$۲k-$5k |
۰.۰۴ |
|
|
CVE-2020-27182 |
۶.۱ |
konzept-ix publiXone appletError.jsp cross site scripting |
$۰-$۱k |
۰.۰۳ |
|
|
CVE-2020-27181 |
۶.۵ |
konzept-ix publiXone Configuration File CipherUtils.java hard-coded key |
$۰-$۱k |
۰.۰۴ |
|
|
CVE-2020-27180 |
۷.۵ |
konzept-ix publiXone files or directories accessible |
$۱k-$2k |
۰.۰۳ |
|
|
CVE-2020-27183 |
۹.۸ |
konzept-ix publiXone RemoteFunctions Endpoint access control |
$۲k-$5k |
۰.۰۷ |
|
|
CVE-2020-27179 |
۹.۸ |
konzept-ix publiXone User Account weak password recovery |
$۱k-$2k |
۰.۰۰ |
|
|
CVE-2020-15271 |
۹.۳ |
lookatme terminal/file_loader terminal.py os command injection |
$۱k-$2k |
۰.۰۵ |
|
|
CVE-2020-25849 |
۸.۸ |
MailGates/MailAudit command injection |
$۲k-$5k |
۱.۲۰ |
|
|
CVE-2020-11854 |
۹.۸ |
Micro Focus Operation bridge Manager unknown vulnerability |
$۲k-$5k |
۰.۳۰ |
Not Defined |
|
CVE-2020-11858 |
۷.۸ |
Micro Focus Operation Bridge Manager/Operation Bridge Privileges access control |
$۲k-$5k |
۰.۰۴ |
Not Defined |
|
CVE-2020-17087 |
۸.۰ |
Microsoft Windows Kernel Cryptography Driver cng.sys CfgAdtpFormatPropertyBlock buffer overflow |
$۵۰k-$100k |
۱۰.۰۰ |
Not Defined |
|
CVE-2020-28043 |
۶.۵ |
MISP REST Client server-side request forgery |
$۱k-$2k |
۱.۴۰ |
|
|
CVE-2020-5656 |
۶.۵ |
Mitsubishi Electric MELSEC iQ-R Network Interface access control |
$۲k-$5k |
۱.۵۶ |
Not Defined |
|
CVE-2020-5657 |
۶.۳ |
Mitsubishi Electric MELSEC iQ-R Network Interface argument injection |
$۲k-$5k |
۱.۹۵ |
Not Defined |
|
CVE-2020-5653 |
۵.۳ |
Mitsubishi Electric MELSEC iQ-R Network Interface buffer overflow |
$۲k-$5k |
۱.۷۸ |
Not Defined |
|
CVE-2020-5654 |
۶.۳ |
Mitsubishi Electric MELSEC iQ-R Network Interface IP session fixiation |
$۱k-$2k |
۱.۶۳ |
Not Defined |
|
CVE-2020-5655 |
۵.۳ |
Mitsubishi Electric MELSEC iQ-R Network Interface null pointer dereference |
$۰-$۱k |
۲.۰۶ |
Not Defined |
|
CVE-2020-5658 |
۶.۵ |
Mitsubishi Electric MELSEC iQ-R Network Interface unknown vulnerability |
$۲k-$5k |
۱.۵۶ |
Not Defined |
|
CVE-2020-5652 |
۵.۳ |
Mitsubishi Electric MELSEC iQ-R/MELSEC iQ-Q/MELSEC iQ-L 02 resource consumption |
$۰-$۱k |
۱.۷۵ |
Not Defined |
|
CVE-2020-26566 |
۷.۵ |
Motion-Project Motion HTTP Request webu.c denial of service |
$۰-$۱k |
۰.۰۷ |
|
|
CVE-2020-6829 |
۵.۳ |
Mozilla Firefox EC Scalar Point Multiplication key management |
$۵k-$10k |
۰.۱۳ |
|
|
CVE-2020-23989 |
۳.۵ |
NeDi pwsec.php cross site scripting |
$۰-$۱k |
۲.۱۶ |
Not Defined |
|
CVE-2020-23868 |
۳.۵ |
NeDi rt-popup.php cross site scripting |
$۰-$۱k |
۱.۷۳ |
Not Defined |
|
CVE-2020-8579 |
۷.۵ |
NetApp Clustered Data ONTAP Intercluster LIF denial of service |
$۰-$۱k |
۰.۰۹ |
Not Defined |
|
CVE-2020-28041 |
۵.۸ |
Netgear Nighthawk R7000 NAT protection mechanism failure |
$۱۰k-$25k |
۲.۱۲ |
|
|
CVE-2020-8183 |
۳.۵ |
Nextcloud Server API Call credentials storage |
$۱k-$2k |
۱.۴۱ |
Not Defined |
|
CVE-2020-8173 |
۲.۶ |
Nextcloud Server Encryption random values |
$۰-$۱k |
۱.۳۵ |
Not Defined |
|
CVE-2020-8236 |
۵.۵ |
Nextcloud Server WebAuthn improper authentication |
$۱k-$2k |
۱.۴۶ |
Not Defined |
|
CVE-2020-7754 |
۷.۵ |
npm-user-validate Email Validator incorrect regex |
$۲k-$5k |
۰.۰۴ |
|
|
CVE-2020-5991 |
۵.۵ |
NVIDIA CUDA Toolkit NVJPEG Library out-of-bounds write |
$۲k-$5k |
۰.۲۷ |
|
|
CVE-2020-11616 |
۳.۵ |
NVIDIA DGX AMI BMC Firmware weak prng |
$۰-$۱k |
۰.۲۱ |
|
|
CVE-2020-11615 |
۳.۵ |
NVIDIA DGX Cipher Key hard-coded key |
$۰-$۱k |
۰.۳۰ |
|
|
CVE-2020-11484 |
۲.۴ |
NVIDIA DGX-1 AMI BMC Firmware IPMI information disclosure |
$۰-$۱k |
۰.۲۶ |
Official Fix |
|
CVE-2020-11486 |
۶.۳ |
NVIDIA DGX-1 AMI BMC Firmware unrestricted upload |
$۲k-$5k |
۰.۲۶ |
Official Fix |
|
CVE-2020-11485 |
۳.۵ |
NVIDIA DGX-1 cross-site request forgery |
$۰-$۱k |
۰.۳۰ |
Official Fix |
|
CVE-2020-11483 |
۶.۳ |
NVIDIA DGX-1/DGX-2 AMI BMC Firmware hard-coded credentials |
$۱k-$2k |
۰.۳۹ |
Official Fix |
|
CVE-2020-11489 |
۵.۳ |
NVIDIA DGX-1/DGX-2 AMI BMC Firmware information disclosure |
$۱k-$2k |
۰.۳۹ |
Official Fix |
|
CVE-2020-11488 |
۵.۵ |
NVIDIA DGX-1/DGX-2 Firmware Signature code download |
$۰-$۱k |
۰.۲۶ |
Official Fix |
|
CVE-2020-11487 |
۳.۵ |
NVIDIA DGX-1/DGX-2/DGX A100 AMI BMC Firmware hard-coded key |
$۰-$۱k |
۰.۳۴ |
Official Fix |
|
CVE-2020-14750 |
۹.۸ |
Oracle WebLogic Server unknown vulnerability |
$۲۵k-$50k |
۵.۰۳ |
|
|
CVE-2020-27975 |
۸.۸ |
osCommerce Phoenix CE define_language.php cross-site request forgery |
$۰-$۱k |
۰.۱۷ |
|
|
CVE-2020-27976 |
۹.۸ |
osCommerce Phoenix CE POST Parameter mail.php os command injection |
$۲k-$5k |
۰.۸۶ |
|
|
CVE-2020-24881 |
۷.۱ |
osTicket server-side request forgery |
$۲k-$5k |
۱.۸۹ |
|
|
CVE-2020-27743 |
۹.۸ |
pam_tacplus libtac RAND_pseudo_bytes random values |
$۰-$۱k |
۰.۰۶ |
Not Defined |
|
CVE-2020-7751 |
۷.۲ |
pathval Package resource consumption |
$۰-$۱k |
۰.۰۵ |
Not Defined |
|
CVE-2020-28046 |
۷.۸ |
ProlinOS access control |
$۲k-$5k |
۱.۷۳ |
Not Defined |
|
CVE-2020-28044 |
۴.۱ |
ProlinOS Management Mode permission |
$۰-$۱k |
۱.۴۶ |
|
|
CVE-2020-28045 |
۳.۱ |
ProlinOS Signature insufficient verification of data authenticity |
$۱k-$2k |
۱.۶۷ |
Not Defined |
|
CVE-2020-8255 |
۴.۹ |
Pulse Connect Secure Admin Web Interface input validation |
$۲k-$5k |
۰.۲۷ |
|
|
CVE-2020-8260 |
۷.۲ |
Pulse Connect Secure Admin Web Interface unrestricted upload |
$۲k-$5k |
۰.۱۸ |
|
|
CVE-2020-8263 |
۵.۴ |
Pulse Connect Secure User Web Interface cross site scripting |
$۰-$۱k |
۰.۲۶ |
|
|
CVE-2020-8261 |
۵.۵ |
Pulse Connect Secure/Pulse Policy Secure Cookie buffer overflow |
$۲k-$5k |
۰.۲۳ |
|
|
CVE-2020-8262 |
۳.۵ |
Pulse Connect Secure/Pulse Policy Secure User Web Interface cross site scripting |
$۰-$۱k |
۰.۲۲ |
|
|
CVE-2020-15352 |
۶.۳ |
Pulse Connect Secure/Pulse Policy Secure XML External Entity server-side request forgery |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2020-8250 |
۵.۳ |
Pulse Secure Desktop Client access control |
$۱k-$2k |
۰.۳۴ |
|
|
CVE-2020-8248 |
۵.۳ |
Pulse Secure Desktop Client access control |
$۱k-$2k |
۰.۳۰ |
|
|
CVE-2020-8249 |
۵.۳ |
Pulse Secure Desktop Client buffer overflow |
$۱k-$2k |
۰.۱۳ |
|
|
CVE-2020-8241 |
۵.۶ |
Pulse Secure Desktop Client channel accessible |
$۲k-$5k |
۰.۵۲ |
|
|
CVE-2020-8254 |
۶.۳ |
Pulse Secure Desktop Client Dynamic Certificate Trust path traversal |
$۱k-$2k |
۰.۱۷ |
|
|
CVE-2020-8240 |
۵.۵ |
Pulse Secure Desktop Client Embedded Browser unknown vulnerability |
$۲k-$5k |
۰.۱۳ |
|
|
CVE-2020-8239 |
۵.۵ |
Pulse Secure Desktop Client Registry Privileges access control |
$۱k-$2k |
۰.۰۹ |
|
|
CVE-2020-8956 |
۳.۵ |
Pulse Secure Desktop Save information disclosure |
$۰-$۱k |
۰.۰۰ |
|
|
CVE-2018-19950 |
۹.۸ |
QNAP Music Station Command command injection |
$۲k-$5k |
۳.۰۶- |
|
|
CVE-2018-19951 |
۶.۱ |
QNAP Music Station Scripting cross site scripting |
$۰-$۱k |
۲.۲۴- |
|
|
CVE-2018-19952 |
۴.۳ |
QNAP Music Station SQL Injection sql injection |
$۱k-$2k |
۳.۲۲- |
|
|
CVE-2018-19954 |
۴.۳ |
QNAP Photo Station cross site scripting |
$۰-$۱k |
۲.۴۰- |
|
|
CVE-2018-19956 |
۶.۱ |
QNAP Photo Station Scripting photo_station cross site scripting |
$۰-$۱k |
۹.۱۷- |
|
|
CVE-2018-19955 |
۶.۱ |
QNAP Photo Station Scripting photo_station cross site scripting |
$۰-$۱k |
۲.۱۸- |
|
|
CVE-2018-19949 |
۶.۳ |
QNAP QTS command injection |
$۲k-$5k |
۰.۱۷ |
|
|
CVE-2018-19953 |
۳.۵ |
QNAP QTS cross site scripting |
$۰-$۱k |
۰.۲۶ |
|
|
CVE-2018-19943 |
۳.۵ |
QNAP QTS cross site scripting |
$۰-$۱k |
۰.۲۶ |
|
|
CVE-2020-3638 |
۵.۵ |
Qualcomm Snapdragon Auto access control |
$۱۰k-$25k |
۲.۱۵- |
|
|
CVE-2020-11174 |
۵.۵ |
Qualcomm Snapdragon Auto array index |
$۱۰k-$25k |
۳.۲۱- |
|
|
CVE-2020-3703 |
۵.۵ |
Qualcomm Snapdragon Auto Bluetooth buffer overflow |
$۱۰k-$25k |
۲.۶۸- |
|
|
CVE-2020-11156 |
۵.۵ |
Qualcomm Snapdragon Auto Bluetooth buffer overflow |
$۱۰k-$25k |
۳.۹۲ |
|
|
CVE-2020-11155 |
۵.۵ |
Qualcomm Snapdragon Auto Bluetooth buffer overflow |
$۱۰k-$25k |
۳.۹۹ |
|
|
CVE-2020-11154 |
۵.۵ |
Qualcomm Snapdragon Auto Bluetooth buffer overflow |
$۱۰k-$25k |
۲.۳۳ |
|
|
CVE-2020-11141 |
۵.۵ |
Qualcomm Snapdragon Auto Bluetooth estack buffer overflow |
$۱۰k-$25k |
۲.۱۲ |
|
|
CVE-2020-11157 |
۳.۵ |
Qualcomm Snapdragon Auto Control Message denial of service |
$۲k-$5k |
۲.۱۷ |
|
|
CVE-2020-3657 |
۶.۳ |
Qualcomm Snapdragon Auto Device Control array index |
$۱۰k-$25k |
۳.۸۱- |
|
|
CVE-2020-11173 |
۴.۶ |
Qualcomm Snapdragon Auto fastRPC Driver race condition |
$۲k-$5k |
۲.۳۱- |
|
|
CVE-2020-11153 |
۶.۳ |
Qualcomm Snapdragon Auto GATT Data out-of-bounds read |
$۵k-$10k |
۲.۰۴ |
|
|
CVE-2020-3692 |
۵.۵ |
Qualcomm Snapdragon Auto IMEI buffer overflow |
$۱۰k-$25k |
۲.۴۳- |
|
|
CVE-2020-11169 |
۵.۵ |
Qualcomm Snapdragon Auto L2CAP Packet integer overflow |
$۱۰k-$25k |
۱.۹۵ |
|
|
CVE-2020-11125 |
۳.۵ |
Qualcomm Snapdragon Auto MHI Command out-of-bounds read |
$۵k-$10k |
۲.۴۳ |
|
|
CVE-2020-11162 |
۵.۵ |
Qualcomm Snapdragon Auto MHI Driver buffer overflow |
$۱۰k-$25k |
۳.۷۵ |
|
|
CVE-2020-3670 |
۳.۵ |
Qualcomm Snapdragon Auto NAS Transport out-of-bounds read |
$۵k-$10k |
۲.۱۵- |
|
|
CVE-2020-3704 |
۳.۵ |
Qualcomm Snapdragon Auto PDU state issue |
$۲k-$5k |
۲.۶۲- |
Official Fix |
|
CVE-2020-11164 |
۵.۵ |
Qualcomm Snapdragon Auto Perfdump access control |
$۱۰k-$25k |
۳.۰۹ |
Official Fix |
|
CVE-2020-3696 |
۵.۵ |
Qualcomm Snapdragon Auto Permission use after free |
$۱۰k-$25k |
۲.۵۱- |
Official Fix |
|
CVE-2020-3684 |
۵.۵ |
Qualcomm Snapdragon Auto QSEE permission |
$۱۰k-$25k |
۲.۳۷- |
Official Fix |
|
CVE-2020-3694 |
۵.۵ |
Qualcomm Snapdragon Auto qseecom buffer overflow |
$۱۰k-$25k |
۲.۴۶- |
Official Fix |
|
CVE-2020-3693 |
۵.۵ |
Qualcomm Snapdragon Auto qseecom buffer overflow |
$۱۰k-$25k |
۲.۳۷- |
Official Fix |
|
CVE-2020-3673 |
۵.۵ |
Qualcomm Snapdragon Auto SIP Message buffer overflow |
$۱۰k-$25k |
۲.۲۶- |
Official Fix |
|
CVE-2020-3654 |
۵.۵ |
Qualcomm Snapdragon Auto SIP Message buffer overflow |
$۱۰k-$25k |
۲.۳۱- |
Official Fix |
|
CVE-2020-3690 |
۵.۵ |
Qualcomm Snapdragon Auto SMUU Configuration unknown vulnerability |
$۱۰k-$25k |
۲.۱۷- |
Official Fix |
|
CVE-2020-11114 |
۵.۳ |
Qualcomm Snapdragon Compute Bluetooth buffer overflow |
$۵k-$10k |
۲.۱۹ |
Official Fix |
|
CVE-2020-3678 |
۵.۵ |
Qualcomm Snapdragon Consumer IOT API buffer overflow |
$۱۰k-$25k |
۲.۲۰- |
Official Fix |
|
CVE-2020-11172 |
۵.۵ |
Qualcomm Snapdragon Wired Infrastructure and Networking fscanf stack-based buffer overflow |
$۱۰k-$25k |
۲.۸۱- |
Official Fix |
|
CVE-2020-7384 |
۷.۰ |
Rapid7 Metasploit APK File command injection |
$۲k-$5k |
۰.۷۵ |
Not Defined |
|
CVE-2020-15278 |
۷.۷ |
Red Discord Bot Mod Module access control |
$۲k-$5k |
۰.۰۹ |
|
|
CVE-2020-27358 |
۳.۵ |
REDCap CSV information disclosure |
$۰-$۱k |
۱.۸۴ |
|
|
CVE-2020-27359 |
۳.۵ |
REDCap Messenger cross site scripting |
$۰-$۱k |
۱.۸۹ |
|
|
CVE-2020-26878 |
۸.۸ |
Ruckus API Endpoint createUser command injection |
$۲k-$5k |
۰.۰۴ |
Not Defined |
|
CVE-2020-26879 |
۹.۸ |
Ruckus vRioT API validate_token.py improper authorization |
$۲k-$5k |
۰.۰۴ |
Not Defined |
|
CVE-2018-17932 |
۶.۳ |
Shun Hu JUUKO K-800 authentication replay |
$۱k-$2k |
۱.۷۹ |
Not Defined |
|
CVE-2018-19025 |
۶.۳ |
Shun Hu JUUKO K-808 authentication replay |
$۱k-$2k |
۱.۷۹ |
Not Defined |
|
CVE-2020-22552 |
۳.۵ |
Snap7 Server COTP Protocol denial of service |
$۰-$۱k |
۰.۰۹ |
Not Defined |
|
CVE-2020-28002 |
۷.۳ |
SonarQube Project Endpoint submit improper authentication |
$۱k-$2k |
۱.۶۲ |
Not Defined |
|
CVE-2020-5145 |
۸.۶ |
SonicWALL Global VPN Client Library uncontrolled search path |
$۲k-$5k |
۰.۴۸ |
|
|
CVE-2020-5144 |
۷.۸ |
SonicWALL Global VPN Client untrusted search path |
$۲k-$5k |
۰.۱۸ |
|
|
CVE-2020-27656 |
۶.۵ |
Synology DiskStation Manager DDNS channel accessible |
$۲k-$5k |
۰.۴۳ |
|
|
CVE-2020-27650 |
۵.۸ |
Synology DiskStation Manager missing secure attribute |
$۱k-$2k |
۰.۳۰ |
|
|
CVE-2020-27648 |
۸.۳ |
Synology DiskStation Manager OpenVPN Client channel accessible |
$۲k-$5k |
۰.۴۷ |
|
|
CVE-2020-27652 |
۸.۳ |
Synology DiskStation Manager QuickConnect channel accessible |
$۲k-$5k |
۰.۲۲ |
|
|
CVE-2020-27657 |
۶.۵ |
Synology Router Manager DDNS channel accessible |
$۲k-$5k |
۰.۳۹ |
|
|
CVE-2020-27654 |
۹.۸ |
Synology Router Manager lbd tcp access control |
$۲k-$5k |
۰.۷۳ |
|
|
CVE-2020-27651 |
۵.۸ |
Synology Router Manager missing secure attribute |
$۱k-$2k |
۰.۳۰ |
|
|
CVE-2020-27649 |
۸.۳ |
Synology Router Manager OpenVPN Client certificate validation |
$۱k-$2k |
۱.۰۳ |
|
|
CVE-2020-27655 |
۶.۵ |
Synology Router Manager QuickConnect access control |
$۲k-$5k |
۰.۹۵ |
|
|
CVE-2020-27653 |
۸.۳ |
Synology Router Manager QuickConnect channel accessible |
$۲k-$5k |
۰.۳۰ |
|
|
CVE-2020-27658 |
۷.۱ |
Synology Router Manager Set-Cookie Header cookie without 'httponly' flag |
$۱k-$2k |
۰.۵۶ |
|
|
CVE-2020-7752 |
۸.۸ |
systeminformation Curl os command injection |
$۱k-$2k |
۰.۰۸ |
|
|
CVE-2020-27891 |
۷.۵ |
Texas Instruments CC2538 Zigbee Protocol zclHandleExternal stack-based buffer overflow |
$۱k-$2k |
۰.۰۴ |
|
|
CVE-2020-27892 |
۷.۵ |
Texas Instruments CC2538 Zigbee Protocol zclParseInDiscCmdsRspCmd stack-based buffer overflow |
$۱k-$2k |
۰.۰۴ |
|
|
CVE-2020-27890 |
۸.۲ |
Texas Instruments CC2538 Zigbee Protocol zclParseInWriteCmd stack-based buffer overflow |
$۱k-$2k |
۰.۰۴ |
|
|
CVE-2020-27015 |
۳.۳ |
Trend Micro Antivirus information exposure |
$۲k-$5k |
۲.۹۸ |
|
|
CVE-2020-27014 |
۳.۵ |
Trend Micro Antivirus Web Threat Protection race condition |
$۲k-$5k |
۲.۷۶ |
|
|
CVE-2020-7373 |
۶.۳ |
vBulletin subWidgets Data widget_tabbedcontainer_tab_panel unknown vulnerability |
$۲k-$5k |
۰.۳۸ |
|
|
CVE-2020-23945 |
۷.۵ |
Victor CMS category.php sql injection |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2020-5425 |
۷.۵ |
VMware Tanzu SSO Operator Dashboard improper authentication |
$۵k-$10k |
۰.۳۸ |
|
|
CVE-2020-12830 |
۹.۸ |
Western Digital My Cloud buffer overflow |
$۲k-$5k |
۰.۱۸ |
|
|
CVE-2020-27158 |
۹.۸ |
Western Digital My Cloud cgi_api.php access control |
$۲k-$5k |
۰.۱۴ |
|
|
CVE-2020-27744 |
۶.۳ |
Western Digital My Cloud NAS access control |
$۲k-$5k |
۱.۴۹ |
|
|
CVE-2020-27160 |
۶.۳ |
Western Digital My Cloud NAS AvailableApps.php unknown vulnerability |
$۲k-$5k |
۰.۰۴ |
|
|
CVE-2020-27159 |
۶.۳ |
Western Digital My Cloud NAS DsdkProxy.php unknown vulnerability |
$۲k-$5k |
۰.۰۴ |
|
|
CVE-2020-25765 |
۹.۸ |
Western Digital My Cloud reg_device.php unknown vulnerability |
$۲k-$5k |
۰.۰۹ |
|
|
CVE-2020-15274 |
۵.۴ |
Wiki.js Search Result cross site scripting |
$۰-$۱k |
۰.۰۴ |
|
|
CVE-2020-25689 |
۵.۳ |
WildFly Connection resource consumption |
$۰-$۱k |
۱.۷۳ |
|
|
CVE-2020-16262 |
۷.۸ |
Winston access control |
$۲k-$5k |
۰.۴۳ |
|
|
CVE-2020-16257 |
۵.۵ |
Winston API command injection |
$۱k-$2k |
۰.۱۷ |
|
|
CVE-2020-16256 |
۳.۵ |
Winston API cross-site request forgery |
$۰-$۱k |
۰.۲۶ |
|
|
CVE-2020-16263 |
۷.۳ |
Winston Configuration unknown vulnerability |
$۲k-$5k |
۰.۲۶ |
|
|
CVE-2020-16260 |
۶.۳ |
Winston improper authorization |
$۲k-$5k |
۰.۳۰ |
Not Defined |
|
CVE-2020-16258 |
۶.۳ |
Winston Monit Service hard-coded credentials |
$۱k-$2k |
۰.۳۹ |
Not Defined |
|
CVE-2020-16261 |
۷.۸ |
Winston U-Boot Interrupt access control |
$۲k-$5k |
۰.۴۳ |
Not Defined |
|
CVE-2020-16259 |
۵.۵ |
Winston unknown vulnerability |
$۲k-$5k |
۰.۳۰ |
Not Defined |
|
CVE-2020-27853 |
۹.۸ |
Wire AVS/Secure Messenger sdp.c sdp_media_set_lattr denial of service |
$۰-$۱k |
۰.۳۴ |
|
|
CVE-2020-28030 |
۴.۳ |
Wireshark GQUIC Dissector packet-gquic.c denial of service |
$۰-$۱k |
۱.۵۱ |
|
|
CVE-2020-28040 |
۴.۳ |
WordPress Background Image cross-site request forgery |
$۵k-$10k |
۱.۶۷ |
|
|
CVE-2020-28033 |
۵.۵ |
WordPress Embed unknown vulnerability |
$۱۰k-$25k |
۱.۵۶ |
|
|
CVE-2020-28039 |
۴.۶ |
WordPress File meta.php is_protected_meta path traversal |
$۵k-$10k |
۱.۷۳ |
|
|
CVE-2020-28032 |
۵.۵ |
WordPress FilteredIterator.php deserialization |
$۱۰k-$25k |
۱.۶۲ |
|
|
CVE-2020-28034 |
۶.۱ |
WordPress Global Variable cross site scripting |
$۵k-$10k |
۱.۵۷ |
|
|
CVE-2020-28037 |
۶.۳ |
WordPress Installation functions.php is_blog_installed access control |
$۱۰k-$25k |
۱.۶۸ |
|
|
CVE-2020-28038 |
۶.۱ |
WordPress Post Slug cross site scripting |
$۵k-$10k |
۱.۵۷ |
|
|
CVE-2020-28035 |
۹.۸ |
WordPress XML-RPC access control |
$۱۰k-$25k |
۱.۶۸ |
Official Fix |
|
CVE-2020-28036 |
۹.۸ |
WordPress XML-RPC class-wp-xmlrpc-server.php access control |
$۱۰k-$25k |
۱.۷۹ |
Official Fix |
|
CVE-2020-27885 |
۳.۵ |
WSO2 API Manager cross site scripting |
$۰-$۱k |
۱.۷۹ |
Not Defined |
|
CVE-2020-25516 |
۳.۵ |
WSO2 Enterprise Integrator BPMN Explorer Task cross site scripting |
$۰-$۱k |
۱.۴۹ |
Not Defined |
|
CVE-2020-27995 |
۵.۵ |
Zoho ManageEngine Applications Manager MyPage.do sql injection |
$۱k-$2k |
۱.۸۶ |
|
|
CVE-2020-6876 |
۵.۴ |
ZTE eVDC Verification cross site scripting |
$۰-$۱k |
۰.۰۷ |
سطح خطر حدود ۳۹% آسیبپذیریهای هفته، «پرخطر» و «حیاتی» برآورد شده است که قابل توجّه است.
ارزش روز صفرم ۴۷% آسیبپذیریهای هفته بیش از ۵۰۰۰ دلار بوده است.
خوشبختانه برای ۸۳% آسیبپذیریهای هفته، بهروزرسانیها و یا وصلههایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده ازآسیبپذیریها بهتر است سریعاً اعمال شوند.
