آسیبپذیریهای حیاتی هفته چهارم مهرماه
این هفته آسیبپذیریهای «حیاتی» و «پرخطر» بسیاری در محصولات مهم Microsoft ، Cisco و Google گزارش و وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شد. همچنین در محصولات شرکتهای IBM، SAMSUNG، Siemens ،Facebook، Foxit، McAfee، Apache وکرنل لینوکس، افزونههای WordPress و Jenkins و چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت.
لیست این آسیبپذیریها به همراه لینک وصلهها و بهروزرسانیهای ارائهشده در جدول زیر آمده است.
|
شناسه آسیبپذیری |
امتیاز مبنا |
عنوان آسیبپذیری |
ارزش روز صفر |
CTI |
رفع آسیبپذیری |
|
CVE-2020-9746 |
۷.۰ |
Adobe Flash Player HTTP Response null pointer dereference |
$۱۰k-$25k |
۰.۱۳ |
|
|
CVE-2020-6087 |
۶.۵ |
Allen-Bradley Flex IO 1794-AENT-B ENIP Request Path Data Segment denial of service |
$۰-$۱k |
۰.۵۹ |
Not Defined |
|
CVE-2020-6086 |
۵.۷ |
Allen-Bradley Flex IO 1794-AENT-B ENIP Request Path Data Segment denial of service |
$۰-$۱k |
۰.۴۸ |
Not Defined |
|
CVE-2020-6083 |
۳.۵ |
Allen-Bradley Flex IO 1794-AENT-B ENIP Request Path Port Segment denial of service |
$۰-$۱k |
۰.۴۹ |
Not Defined |
|
CVE-2020-12933 |
۵.۵ |
AMD ATIKMDAG.SYS API out-of-bounds read |
$۰-$۱k |
۰.۰۰ |
Not Defined |
|
CVE-2020-12911 |
۵.۷ |
AMD ATIKMDAG.SYS API out-of-bounds read |
$۰-$۱k |
۰.۵۱ |
Not Defined |
|
CVE-2020-12928 |
۸.۸ |
AMD Ryzen Master AMD Driver access control |
$۲k-$5k |
۰.۳۸ |
Not Defined |
|
CVE-2020-15255 |
۸.۷ |
Anuko Time Tracker CSV Export injection |
$۰-$۵k |
۰.۷۵ |
|
|
CVE-2020-13955 |
۳.۵ |
Apache Calcite Hostname Verification information disclosure |
$۲k-$5k |
۶.۳۹+ |
Not Defined |
|
CVE-2018-20243 |
۷.۵ |
Apache Fineract information disclosure |
$۵k-$10k |
۰.۷۵ |
Not Defined |
|
CVE-2020-13957 |
۷.۳ |
Apache Solr API authorization |
$۱۰k-$25k |
۰.۰۶ |
Not Defined |
|
CVE-2020-13943 |
۴.۳ |
Apache Tomcat HTTP2 Client information disclosure |
$۵k-$10k |
۰.۰۸ |
|
|
CVE-2020-26869 |
۳.۵ |
ARC Informatique PcVue information disclosure |
$۰-$۱k |
۰.۰۶ |
|
|
CVE-2020-26867 |
۶.۳ |
ARC Informatique PcVue Interface deserialization |
$۲k-$5k |
۰.۰۷ |
|
|
CVE-2020-26868 |
۵.۳ |
ARC Informatique PcVue Web Client denial of service |
$۰-$۱k |
۰.۰۸ |
|
|
CVE-2020-14184 |
۳.۵ |
Atlassian JIRA Server Issue Filter Export File cross site scripting |
$۰-$۱k |
۰.۰۶ |
|
|
CVE-2020-14185 |
۵.۳ |
Atlassian JIRA Server Issue Key ActionsAndOperations permission |
$۰-$۵k |
۰.۵۳ |
|
|
CVE-2020-14183 |
۳.۵ |
Atlassian JIRA Server/Data Center SEN information disclosure |
$۰-$۱k |
۰.۱۵ |
|
|
CVE-2020-11637 |
۵.۸ |
B&R Automation Runtime TFTP Service memory leak |
$۰-$۱k |
۰.۰۸ |
|
|
CVE-2020-11644 |
۶.۵ |
B&R GateManager 4260/GateManager 9250 Audit Log improper output neutralization for logs |
$۲k-$5k |
۰.۰۸ |
|
|
CVE-2020-11645 |
۶.۵ |
B&R GateManager 4260/GateManager 9250 denial of service |
$۰-$۱k |
۰.۱۵ |
|
|
CVE-2020-11643 |
۶.۵ |
B&R GateManager 4260/GateManager 9250 information disclosure |
$۱k-$2k |
۰.۰۸ |
|
|
CVE-2020-11646 |
۴.۳ |
B&R GateManager 4260/GateManager 9250 log file |
$۱k-$2k |
۰.۱۵ |
|
|
CVE-2020-11641 |
۷.۷ |
B&R SiteManager file inclusion |
$۲k-$5k |
۰.۲۳ |
|
|
CVE-2020-11642 |
۷.۷ |
B&R SiteManager files or directories accessible |
$۲k-$5k |
۰.۱۵ |
|
|
CVE-2019-18796 |
۳.۵ |
BASS Audio Library MP3 File BASS_StreamCreateFile infinite loop |
$۰-$۵k |
۰.۶۰ |
Not Defined |
|
CVE-2019-18794 |
۵.۵ |
BASS Audio Library OGG File BASS_StreamCreateFile use after free |
$۰-$۵k |
۰.۳۰ |
Not Defined |
|
CVE-2019-18795 |
۵.۵ |
BASS Audio Library WAV File BASS_StreamCreateFile out-of-bounds read |
$۰-$۵k |
۰.۶۰ |
Not Defined |
|
CVE-2019-19513 |
۵.۵ |
BASSMIDI Plugin out-of-bounds write |
$۰-$۵k |
۰.۴۵ |
Not Defined |
|
CVE-2020-27153 |
۶.۳ |
BlueZ MGMT Event att.c disconnect_cb double free |
$۲k-$5k |
۰.۴۸ |
|
|
CVE-2020-15251 |
۷.۷ |
Channelmgnt Plug-In ACL access control |
$۲k-$5k |
۰.۶۷ |
|
|
CVE-2020-3568 |
۵.۸ |
Cisco Email Security Appliance Antispam Protection Mechanism input validation |
$۲۵k-$50k |
۳.۶۹ |
|
|
CVE-2020-3596 |
۵.۹ |
Cisco Expressway Series Session Initiation Protocol denial of service |
$۵k-$10k |
۰.۴۳ |
|
|
CVE-2020-3320 |
۵.۴ |
Cisco FirePOWER Management Center Web-based Management Interface cross site scripting |
$۲k-$5k |
۰.۶۰ |
|
|
CVE-2020-3467 |
۷.۷ |
Cisco Identity Services Engine Web-based Management Interface Administrator authorization |
$۱۰k-$25k |
۰.۴۳ |
|
|
CVE-2020-3589 |
۴.۸ |
Cisco Identity Services Engine Web-based Management Interface cross site scripting |
$۲k-$5k |
۰.۴۳ |
|
|
CVE-2020-3567 |
۶.۵ |
Cisco Industrial Network Director Management REST API denial of service |
$۲k-$5k |
۰.۴۳ |
|
|
CVE-2020-3597 |
۵.۴ |
Cisco Nexus Data Broker Configuration Backup pathname traversal |
$۱۰k-$25k |
۰.۷۱ |
|
|
CVE-2020-3536 |
۶.۴ |
Cisco SD-WAN vManage Web-based Management Interface cross site scripting |
$۲k-$5k |
۰.۴۵ |
|
|
CVE-2020-3602 |
۶.۳ |
Cisco StarOS CLI input validation |
$۱۰k-$25k |
۲.۲۷ |
|
|
CVE-2020-3601 |
۴.۴ |
Cisco StarOS CLI input validation |
$۱۰k-$25k |
۱.۵۶ |
|
|
CVE-2020-3543 |
۶.۵ |
Cisco Video Surveillance 8000 Series IP Camera Cisco Discovery Protocol certain memory leak |
$۲k-$5k |
۰.۵۹ |
|
|
CVE-2020-3544 |
۸.۸ |
Cisco Video Surveillance 8000 Series IP Camera Cisco Discovery Protocol memory corruption |
$۱۰k-$25k |
۱.۱۳ |
|
|
CVE-2020-3598 |
۶.۵ |
Cisco Vision Dynamic Signage Director Web-based Management Interface authentication |
$۱۰k-$25k |
۰.۴۳ |
|
|
CVE-2020-3535 |
۷.۸ |
Cisco Webex Teams Client DLL Loader unknown vulnerability |
$۱۰k-$25k |
۰.۷۱ |
|
|
CVE-2020-26061 |
۷.۵ |
ClickStudios Passwordstate Password Reset Portal ResetPassword authentication |
$۰-$۱k |
۰.۰۷ |
|
|
CVE-2020-25803 |
۷.۲ |
Crafter CMS Crafter Studio os command injection |
$۱k-$2k |
۱.۳۱ |
|
|
CVE-2020-25802 |
۷.۲ |
Crafter CMS Groovy Script os command injection |
$۱k-$2k |
۱.۰۳ |
|
|
CVE-2020-15254 |
۸.۱ |
crossbeam-channel from_iter memory corruption |
$۰-$۵k |
۰.۶۰ |
|
|
CVE-2020-5389 |
۹.۰ |
Dell EMC Log log file |
$۲k-$5k |
۰.۸۵ |
|
|
CVE-2020-26183 |
۶.۸ |
Dell EMC NetWorker authorization |
$۵k-$25k |
۲.۱۹- |
|
|
CVE-2020-26182 |
۶.۸ |
Dell EMC NetWorker privileges assignment |
$۵k-$25k |
۲.۳۴- |
|
|
CVE-2020-26567 |
۴.۳ |
D-Link CGI Script upgradeStatusReboot.cgi denial of service |
$۲k-$5k |
۰.۴۳ |
|
|
CVE-2020-26582 |
۵.۵ |
D-Link DAP-1360U Ping privileges management |
$۱۰k-$25k |
۱.۸۱ |
|
|
CVE-2020-3427 |
۶.۶ |
Duo Authentication for Windows Logon/RDP authentication |
$۰-$۱k |
۰.۴۲ |
|
|
CVE-2020-3483 |
۷.۱ |
Duo Network Gateway Log log file |
$۰-$۱k |
۰.۴۲ |
|
|
CVE-2020-26596 |
۵.۵ |
Dynamic OOO Widget code injection |
$۱k-$2k |
۰.۳۰ |
|
|
CVE-2019-17640 |
۵.۵ |
Eclipse Vert.x Backslash path traversal |
$۰-$۵k |
۰.۲۳ |
|
|
CVE-2020-5634 |
۸.۰ |
Elecom WRC-1167GST2 os command injection |
$۲k-$5k |
۱.۸۵ |
|
|
CVE-2020-15215 |
۵.۶ |
Electron Context Isolation sandbox |
$۱k-$2k |
۰.۰۰ |
|
|
CVE-2020-15174 |
۷.۵ |
Electron will-navigate sandbox |
$۱k-$2k |
۰.۰۰ |
|
|
CVE-2020-6107 |
۵.۵ |
F2fs-Tools F2fs.Fsck f2fs Filesystem dev_read information disclosure |
$۰-$۱k |
۰.۳۰ |
|
|
CVE-2020-6108 |
۷.۸ |
F2fs-Tools F2fs.Fsck f2fs Filesystem fsck_chk_orphan_node heap-based buffer overflow |
$۲k-$5k |
۰.۲۳ |
|
|
CVE-2020-6104 |
۵.۵ |
F2fs-Tools F2fs.Fsck f2fs Filesystem get_dnode_of_data information disclosure |
$۰-$۱k |
۰.۳۰ |
|
|
CVE-2020-6105 |
۷.۸ |
F2fs-Tools F2fs.Fsck f2fs Filesystem unknown vulnerability |
$۲k-$5k |
۰.۳۰ |
|
|
CVE-2020-6106 |
۵.۵ |
F2fs-Tools F2fs.Fsck Filesystem init_node_manager information disclosure |
$۰-$۱k |
۰.۳۰ |
|
|
CVE-2020-1914 |
۵.۵ |
Facebook Hermes Javascript SaveGeneratorLong control flow |
$۱۰k-$25k |
۰.۸۵ |
|
|
CVE-2020-1905 |
۳.۱ |
Facebook WhatsApp Media ContentProvider URI information disclosure |
$۵k-$10k |
۰.۰۸ |
|
|
CVE-2020-1901 |
۴.۳ |
Facebook WhatsApp Message denial of service |
$۵k-$10k |
۰.۰۰ |
|
|
CVE-2020-1904 |
۶.۳ |
Facebook WhatsApp/WhatsApp Business Attachment pathname traversal |
$۱۰k-$25k |
۰.۱۴ |
|
|
CVE-2020-1906 |
۵.۵ |
Facebook WhatsApp/WhatsApp Business E-AC-3 Audio Stream heap-based buffer overflow |
$۱۰k-$25k |
۰.۰۸ |
|
|
CVE-2020-1902 |
۳.۱ |
Facebook WhatsApp/WhatsApp Business Google service cleartext |
$۵k-$10k |
۰.۰۰ |
|
|
CVE-2020-1903 |
۴.۳ |
Facebook WhatsApp/WhatsApp Business Unzip denial of service |
$۵k-$10k |
۰.۰۰ |
|
|
CVE-2020-1907 |
۵.۵ |
Facebook WhatsApp/WhatsApp Business/WhatsApp for Portal RTP Extension Header out-of-bounds write |
$۱۰k-$25k |
۰.۱۴ |
|
|
CVE-2020-15241 |
۴.۷ |
Fluid Engine cross site scriting |
$۰-$۱k |
۰.۶۰ |
|
|
CVE-2020-17412 |
۷.۸ |
Foxit PhantomPDF U3D Object information disclosure |
$۱k-$2k |
۰.۰۶ |
Not Defined |
|
CVE-2020-17411 |
۳.۳ |
Foxit PhantomPDF U3D Object information disclosure |
$۱k-$2k |
۰.۱۱ |
Not Defined |
|
CVE-2020-17413 |
۷.۸ |
Foxit PhantomPDF U3D Object stack-based buffer overflow |
$۲k-$5k |
۰.۰۰ |
Not Defined |
|
CVE-2020-17415 |
۷.۸ |
Foxit PhantomPDF Update Service permission assignment |
$۲k-$5k |
۰.۶۸ |
Not Defined |
|
CVE-2020-17417 |
۷.۸ |
Foxit Reader Annotation Object use after free |
$۲k-$5k |
۰.۲۳ |
Not Defined |
|
CVE-2020-17416 |
۷.۸ |
Foxit Reader JPEG2000 Image out-of-bounds write |
$۲k-$5k |
۰.۲۸ |
Not Defined |
|
CVE-2020-17414 |
۷.۸ |
Foxit Reader Update Service permission |
$۲k-$5k |
۰.۶۱ |
Not Defined |
|
CVE-2020-14144 |
۷.۲ |
Gitea git Hook unknown vulnerability |
$۰-$۵k |
۰.۵۳ |
|
|
CVE-2020-13333 |
۴.۳ |
GitLab API denial of service |
$۰-$۱k |
۰.۰۰ |
Not Defined |
|
CVE-2020-13346 |
۶.۵ |
GitLab API information disclosure |
$۰-$۱k |
۰.۰۰ |
|
|
CVE-2020-13340 |
۸.۷ |
GitLab CI Job Log cross site scripting |
$۰-$۱k |
۰.۴۳ |
|
|
CVE-2020-13342 |
۲.۷ |
GitLab Confirmation Email unknown vulnerability |
$۲k-$5k |
۰.۳۱ |
|
|
CVE-2020-13345 |
۵.۵ |
GitLab cross site scripting |
$۰-$۱k |
۰.۰۰ |
Not Defined |
|
CVE-2020-13343 |
۷.۵ |
GitLab Custom Project Template information disclosure |
$۰-$۱k |
۰.۰۰ |
Not Defined |
|
CVE-2020-13334 |
۵.۹ |
GitLab GraphQL Query authorization |
$۱k-$2k |
۰.۲۹ |
|
|
CVE-2020-13335 |
۴.۳ |
GitLab Group Membership denial of service |
$۰-$۱k |
۰.۰۰ |
Not Defined |
|
CVE-2020-13344 |
۵.۷ |
GitLab Key Storage information disclosure |
$۰-$۱k |
۰.۲۹ |
|
|
CVE-2020-13341 |
۴.۹ |
GitLab Permission Check permission |
$۱k-$2k |
۰.۰۸ |
|
|
CVE-2020-13332 |
۷.۵ |
GitLab Project privileges management |
$۱k-$2k |
۰.۱۴ |
Not Defined |
|
CVE-2020-13347 |
۹.۱ |
GitLab Runner injection |
$۱k-$2k |
۰.۰۰ |
|
|
CVE-2020-13339 |
۶.۵ |
GitLab SVG File Preview cross site scripting |
$۰-$۱k |
۰.۵۷ |
|
|
CVE-2020-15226 |
۵.۰ |
GLPI API Search sql injection |
$۱k-$2k |
۰.۱۰ |
|
|
CVE-2020-15175 |
۷.۴ |
GLPI Image pluginimage.send.php information disclosure |
$۰-$۱k |
۰.۴۹ |
|
|
CVE-2020-15177 |
۸.۰ |
GLPI install.php cross site scripting |
$۰-$۱k |
۰.۱۵ |
|
|
CVE-2020-15217 |
۵.۳ |
GLPI Public FAQ information disclosure |
$۰-$۱k |
۰.۴۱ |
|
|
CVE-2020-15176 |
۸.۷ |
GLPI sql injection |
$۱k-$2k |
۰.۴۹ |
|
|
CVE-1999-0199 |
۵.۵ |
GNU C Library search.texi return value |
$۱k-$2k |
۰.۰۷ |
|
|
CVE-2020-0411 |
۶.۵ |
Google Android AACExtractor.cpp ~AACExtractor out-of-bounds write |
$۵۰k-$100k |
۰.۲۳ |
Official Fix |
|
CVE-2020-0412 |
۳.۳ |
Google Android ActivityManagerService.java setProcessMemoryTrimLevel information disclosure |
$۱۰k-$25k |
۰.۱۲ |
Official Fix |
|
CVE-2020-0414 |
۶.۵ |
Google Android Audio Buffer Threads.cpp threadLoop information disclosure |
$۲۵k-$50k |
۰.۴۰ |
Official Fix |
|
CVE-2020-0413 |
۷.۵ |
Google Android Bluetooth Server gatt_cl.cc gatt_process_read_by_type_rsp information disclosure |
$۲۵k-$50k |
۰.۲۲ |
Official Fix |
|
CVE-2020-0377 |
۷.۵ |
Google Android Bluetooth Server gatt_cl.cc gatt_process_read_by_type_rsp out-of-bounds read |
$۲۵k-$50k |
۱.۵۹ |
Official Fix |
|
CVE-2020-0421 |
۷.۸ |
Google Android Error Handling String8.cpp appendFormatV privileges management |
$۲۵k-$50k |
۰.۰۰ |
Official Fix |
|
CVE-2020-0423 |
۷.۸ |
Google Android Kernel binder.c binder_release_work use after free |
$۵۰k-$100k |
۰.۳۰ |
Official Fix |
|
CVE-2020-0376 |
۹.۱ |
Google Android out-of-bounds read |
$۱۰k-$25k |
۰.۰۶ |
Official Fix |
|
CVE-2020-0371 |
۹.۱ |
Google Android out-of-bounds read |
$۱۰k-$25k |
۰.۰۶ |
Official Fix |
|
CVE-2020-0339 |
۹.۱ |
Google Android out-of-bounds read |
$۱۰k-$25k |
۰.۰۰ |
Official Fix |
|
CVE-2020-0367 |
۹.۱ |
Google Android out-of-bounds write |
$۵۰k-$100k |
۰.۱۴ |
Official Fix |
|
CVE-2020-0283 |
۹.۱ |
Google Android out-of-bounds write |
$۵۰k-$100k |
۰.۰۶ |
Official Fix |
|
CVE-2020-0398 |
۵.۵ |
Google Android PendingIntent Error NotificationMgr.java updateMwi information disclosure |
$۱۰k-$25k |
۰.۴۰ |
Official Fix |
|
CVE-2020-0422 |
۳.۳ |
Google Android Pendingintent NotificationImportExportListener.java constructImportFailureNotification information disclosure |
$۱۰k-$25k |
۰.۰۰ |
Official Fix |
|
CVE-2020-0400 |
۵.۵ |
Google Android Pendingintent NotificationMgr.java showDataRoamingNotification information disclosure |
$۱۰k-$25k |
۰.۳۵ |
Official Fix |
|
CVE-2020-0410 |
۵.۵ |
Google Android Pendingintent SapServer.java setNotification information disclosure |
$۱۰k-$25k |
۰.۴۹ |
Official Fix |
|
CVE-2020-0420 |
۷.۸ |
Google Android Permission Check GpuService.cpp setUpdatableDriverPath memory corruption |
$۲۵k-$50k |
۰.۰۰ |
Official Fix |
|
CVE-2020-0419 |
۵.۵ |
Google Android Permission Check PackageInstallerSession.java generateInfo information disclosure |
$۱۰k-$25k |
۰.۰۰ |
Official Fix |
|
CVE-2020-0378 |
۵.۵ |
Google Android Permission Check PasspointManager.java onWnmFrameReceived information disclosure |
$۱۰k-$25k |
۰.۰۶ |
Official Fix |
|
CVE-2020-0246 |
۵.۵ |
Google Android Permission Check UiccAccessRule.java getCarrierPrivilegeStatus information disclosure |
$۱۰k-$25k |
۰.۵۲ |
Official Fix |
|
CVE-2020-0416 |
۸.۸ |
Google Android Settings Screen permission |
$۲۵k-$50k |
۰.۰۰ |
Official Fix |
|
CVE-2020-0408 |
۷.۸ |
Google Android String16.cpp remove integer overflow |
$۲۵k-$50k |
۰.۶۳ |
Official Fix |
|
CVE-2019-2194 |
۷.۸ |
Google Android SurfaceFlinger SurfaceFlinger.cpp createLayer privileges management |
$۲۵k-$50k |
۰.۰۶ |
Official Fix |
|
CVE-2020-0415 |
۵.۵ |
Google Android SystemUI information disclosure |
$۱۰k-$25k |
۱.۴۶ |
Official Fix |
|
CVE-2019-4325 |
۳.۵ |
HCL AppScan Enterprise REST API User Detail cryptography |
$۰-$۱k |
۰.۰۰ |
Not Defined |
|
CVE-2019-4326 |
۳.۵ |
HCL AppScan Enterprise Rule Update information disclosure |
$۰-$۱k |
۰.۰۰ |
Not Defined |
|
CVE-2020-9090 |
۷.۸ |
Huawei FusionAccess authorization |
$۱۰k-$25k |
۰.۰۵ |
Not Defined |
|
CVE-2020-9109 |
۳.۵ |
Huawei Mate 20 information disclosure |
$۵k-$10k |
۰.۰۵ |
|
|
CVE-2020-9123 |
۵.۵ |
Huawei P30 Pro buffer overflow |
$۱۰k-$25k |
۰.۰۵ |
|
|
CVE-2020-9107 |
۵.۵ |
Huawei P30 Pro Message out-of-bounds read |
$۵k-$10k |
۰.۰۵ |
|
|
CVE-2020-9108 |
۵.۵ |
Huawei P30 Pro Message out-of-bounds write |
$۱۰k-$25k |
۰.۰۵ |
|
|
CVE-2020-9106 |
۴.۶ |
Huawei P30 Pro path traversal |
$۵k-$10k |
۰.۰۵ |
|
|
CVE-2020-9087 |
۵.۵ |
Huawei Taurus-AL00A XFRM Module out-of-bounds read |
$۲k-$5k |
۰.۰۰ |
Not Defined |
|
CVE-2020-9110 |
۴.۶ |
Huawei Taurus-AN00B information disclosure |
$۲k-$5k |
۰.۰۵ |
|
|
CVE-2020-9105 |
۵.۵ |
Huawei Taurus-AN00B input validation |
$۱۰k-$25k |
۸.۳۸+ |
|
|
CVE-2020-9240 |
۵.۵ |
Huawei Taurus-AN00B Module buffer overflow |
$۱۰k-$25k |
۰.۰۵ |
|
|
CVE-2020-9238 |
۶.۵ |
Huawei Taurus-AN00B Module buffer overflow |
$۱۰k-$25k |
۰.۰۶ |
|
|
CVE-2020-9091 |
۵.۵ |
Huawei Taurus-AN00B out-of-bounds write |
$۱۰k-$25k |
۰.۰۵ |
|
|
CVE-2020-9230 |
۶.۵ |
Huawei WS5800-10 Message denial of service |
$۲k-$5k |
۰.۰۵ |
Not Defined |
|
CVE-2020-9122 |
۶.۵ |
Huawei WS7200-10 input validation |
$۱۰k-$25k |
۰.۳۰ |
Not Defined |
|
CVE-2020-4302 |
۷.۸ |
IBM Cognos Analytics Excel File injection |
$۱۰k-$25k |
۰.۰۶ |
|
|
CVE-2020-4388 |
۸.۲ |
IBM Cognos Analytics Servlet information exposure |
$۵k-$10k |
۰.۰۶ |
|
|
CVE-2020-4775 |
۵.۴ |
IBM Curam Social Program Management cross site scripting |
$۲k-$5k |
۰.۰۶ |
|
|
CVE-2020-4773 |
۶.۵ |
IBM Curam Social Program Management cross-site request forgery |
$۵k-$10k |
۰.۰۷ |
|
|
CVE-2020-4778 |
۷.۵ |
IBM Curam Social Program Management encryption |
$۵k-$10k |
۰.۰۰ |
|
|
CVE-2020-4774 |
۵.۴ |
IBM Curam Social Program Management information disclosure |
$۵k-$10k |
۰.۰۵ |
|
|
CVE-2020-4780 |
۴.۳ |
IBM Curam Social Program Management OOTB Build Script information disclosure |
$۵k-$10k |
۰.۰۰ |
|
|
CVE-2020-4776 |
۷.۵ |
IBM Curam Social Program Management path traversal |
$۱۰k-$25k |
۰.۰۷ |
|
|
CVE-2020-4781 |
۶.۵ |
IBM Curam Social Program Management readLine denial of service |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2020-4772 |
۸.۱ |
IBM Curam Social Program Management xml external entity reference |
$۵k-$10k |
۰.۰۵ |
|
|
CVE-2020-4799 |
۷.۸ |
IBM Informix Spatial out-of-bounds write |
$۱۰k-$25k |
۲.۱۲ |
|
|
CVE-2020-4740 |
۵.۲ |
IBM InfoSphere Information Server cross site scriting |
$۵k-$10k |
۰.۰۰ |
|
|
CVE-2020-4741 |
۵.۴ |
IBM InfoSphere Information Server Web UI cross site scriting |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2020-4528 |
۵.۹ |
IBM MQ Appliance Log File information disclosure |
$۲k-$5k |
۰.۲۱ |
|
|
CVE-2019-4545 |
۷.۵ |
IBM QRadar SIEM Active Directory Authentication authentication |
$۵k-$10k |
۰.۹۹ |
|
|
CVE-2020-4280 |
۶.۳ |
IBM QRadar SIEM Java Deserialization deserialization |
$۱۰k-$25k |
۳.۶۷ |
|
|
CVE-2020-4636 |
۷.۲ |
IBM Resilient OnPrem command injection |
$۵k-$25k |
۲.۷۲- |
|
|
CVE-2020-4395 |
۶.۳ |
IBM Security Access Manager Appliance session expiration |
$۵k-$10k |
۰.۳۰ |
|
|
CVE-2019-4725 |
۶.۱ |
IBM Security Access Manager Appliance Web UI cross site scriting |
$۲k-$5k |
۰.۱۴ |
|
|
CVE-2020-4660 |
۵.۳ |
IBM Security Access Manager/Security Verify Access Access Manager information exposure |
$۵k-$10k |
۰.۰۶ |
|
|
CVE-2020-4499 |
۷.۳ |
IBM Security Access Manager/Security Verify Access authentication |
$۱۰k-$25k |
۰.۱۵ |
|
|
CVE-2020-4699 |
۵.۳ |
IBM Security Access Manager/Security Verify Access information exposure |
$۵k-$10k |
۰.۰۹ |
|
|
CVE-2020-4661 |
۵.۳ |
IBM Security Access Manager/Security Verify Access information exposure |
$۵k-$10k |
۰.۰۵ |
|
|
CVE-2019-4552 |
۶.۱ |
IBM Security Access Manager/Security Verify Access response splitting |
$۱۰k-$25k |
۰.۳۰ |
|
|
CVE-2020-4678 |
۴.۹ |
IBM Security Guardium Admin Access information disclosure |
$۵k-$10k |
۰.۰۶ |
|
|
CVE-2020-4254 |
۷.۵ |
IBM Security Guardium Big Data Intelligence encryption |
$۵k-$25k |
۳.۴۰- |
|
|
CVE-2020-4689 |
۶.۸ |
IBM Security Guardium File Content injection |
$۱۰k-$25k |
۰.۰۸ |
|
|
CVE-2020-4681 |
۵.۴ |
IBM Security Guardium Web UI cross site scripting |
$۵k-$10k |
۰.۰۰ |
|
|
CVE-2020-4680 |
۵.۴ |
IBM Security Guardium Web UI cross site scripting |
$۵k-$10k |
۰.۰۵ |
|
|
CVE-2020-4679 |
۴.۸ |
IBM Security Guardium Web UI cross site scriting |
$۲k-$5k |
۰.۰۶ |
|
|
CVE-2020-2289 |
۵.۴ |
Jenkins Active Choices Plugin cross site scripting |
$۰-$۱k |
۰.۴۳ |
Not Defined |
|
CVE-2020-2290 |
۵.۴ |
Jenkins Active Choices Plugin Sandbox cross site scripting |
$۰-$۱k |
۰.۷۱ |
Not Defined |
|
CVE-2020-2288 |
۵.۳ |
Jenkins Audit Trail Plugin Regular Expression unknown vulnerability |
$۲k-$5k |
۰.۵۷ |
Not Defined |
|
CVE-2020-2287 |
۵.۵ |
Jenkins Audit Trail Plugin Stapler Web Framework unknown vulnerability |
$۲k-$5k |
۰.۵۷ |
Not Defined |
|
CVE-2020-2295 |
۶.۵ |
Jenkins Maven Cascade Release Plugin cross-site request forgery |
$۰-$۱k |
۰.۹۹ |
Not Defined |
|
CVE-2020-2294 |
۶.۵ |
Jenkins Maven Cascade Release Plugin Permission Check authorization |
$۱k-$2k |
۰.۷۱ |
Not Defined |
|
CVE-2020-2298 |
۵.۵ |
Jenkins Nerrvana Plugin XML Parser xml external entity reference |
$۱k-$2k |
۰.۵۷ |
Not Defined |
|
CVE-2020-2293 |
۶.۵ |
Jenkins Persona Plugin Permission path traversal |
$۱k-$2k |
۰.۷۱ |
Not Defined |
|
CVE-2020-2292 |
۳.۵ |
Jenkins Release Plugin Badge Tooltip cross site scripting |
$۰-$۱k |
۰.۴۳ |
Not Defined |
|
CVE-2020-2286 |
۵.۵ |
Jenkins Role-based Authorization Strategy Plugin Permission Cache permission |
$۱k-$2k |
۰.۴۳ |
Not Defined |
|
CVE-2020-2296 |
۴.۳ |
Jenkins Shared Objects Plugin Shared Object cross-site request forgery |
$۰-$۱k |
۰.۷۱ |
Not Defined |
|
CVE-2020-2297 |
۳.۵ |
Jenkins SMS Notification Plugin Global Configuration cleartext |
$۰-$۱k |
۰.۵۷ |
Not Defined |
|
CVE-2019-17444 |
۹.۸ |
JFrog Artifactory authentication |
$۱k-$2k |
۰.۲۳ |
|
|
CVE-2020-1688 |
۶.۵ |
Juniper ClearPass Junos Web API key management |
$۰-$۵k |
۲.۶۴- |
|
|
CVE-2020-1678 |
۶.۵ |
Juniper Junos BGP Packet memory leak |
$۰-$۵k |
۲.۶۴- |
|
|
CVE-2020-1664 |
۷.۸ |
Juniper Junos Daemon stack-based buffer overflow |
$۵k-$25k |
۲.۵۶- |
|
|
CVE-2020-1669 |
۶.۳ |
Juniper Junos Device Manager Container passwd credentials storage |
$۵k-$25k |
۳.۲۵- |
|
|
CVE-2020-1656 |
۸.۸ |
Juniper Junos DHCPv6 Relay-Agent Service null pointer dereference |
$۵k-$25k |
۳.۳۲- |
|
|
CVE-2020-1685 |
۵.۸ |
Juniper Junos Firewall Filter information exposure |
$۵k-$25k |
۳.۰۲- |
|
|
CVE-2020-1684 |
۷.۵ |
Juniper Junos HTTP Traffic resource consumption |
$۵k-$25k |
۲.۷۱- |
|
|
CVE-2020-1661 |
۵.۳ |
Juniper Junos jdhcp denial of service |
$۵k-$25k |
۲.۵۶- |
|
|
CVE-2020-1672 |
۷.۵ |
Juniper Junos jdhcpd denial of service |
$۵k-$25k |
۲.۱۱- |
|
|
CVE-2020-1671 |
۷.۵ |
Juniper Junos JDHCPD out-of-bounds read |
$۵k-$25k |
۳.۰۲- |
|
|
CVE-2020-1673 |
۸.۸ |
Juniper Junos J-Web cross site scripting |
$۵k-$25k |
۲.۰۴- |
|
|
CVE-2020-1657 |
۷.۵ |
Juniper Junos key-management-daemon denial of service |
$۵k-$25k |
۲.۶۴- |
|
|
CVE-2020-1674 |
۵.۴ |
Juniper Junos MACsec Packet protection mechanism failure |
$۵k-$25k |
۲.۳۴- |
|
|
CVE-2020-1660 |
۸.۳ |
Juniper Junos Multiservices PIC Management Daemon denial of service |
$۵k-$25k |
۲.۴۹- |
|
|
CVE-2020-1667 |
۸.۳ |
Juniper Junos Multiservices PIC Management Daemon race condition |
$۵k-$25k |
۲.۶۴- |
|
|
CVE-2020-1680 |
۵.۳ |
Juniper Junos NAT64 format string |
$۵k-$25k |
۲.۶۳- |
|
|
CVE-2020-1681 |
۶.۵ |
Juniper Junos NDP handling of exceptional conditions |
$۵k-$25k |
۳.۱۷- |
|
|
CVE-2020-1679 |
۷.۵ |
Juniper Junos Packet Forwarding Engine denial of service |
$۵k-$25k |
۲.۵۶- |
|
|
CVE-2020-1665 |
۵.۳ |
Juniper Junos Packet Forwarding Engine denial of service |
$۵k-$25k |
۲.۲۶- |
|
|
CVE-2020-1670 |
۶.۵ |
Juniper Junos Routing Engine resource consumption |
$۰-$۵k |
۲.۷۹- |
|
|
CVE-2020-1668 |
۶.۵ |
Juniper Junos Routing Engine resource consumption |
$۵k-$25k |
۲.۵۶- |
|
|
CVE-2020-1662 |
۷.۵ |
Juniper Junos RPD denial of service |
$۵k-$25k |
۲.۷۹- |
|
|
CVE-2020-1682 |
۵.۵ |
Juniper Junos srxpfe denial of service |
$۰-$۵k |
۲.۷۱- |
|
|
CVE-2020-1666 |
۶.۶ |
Juniper Junos System Console access control |
$۰-$۵k |
۱۰.۰۰- |
|
|
CVE-2020-1689 |
۶.۵ |
Juniper Junos Virtual Chassis resource consumption |
$۰-$۵k |
۳.۰۹- |
|
|
CVE-2020-1686 |
۷.۵ |
Juniper Junos vmcore double free |
$۵k-$25k |
۴.۶۸- |
|
|
CVE-2020-1683 |
۷.۵ |
Juniper Junos vmcore memory leak |
$۵k-$25k |
۲.۶۴- |
|
|
CVE-2020-1687 |
۶.۵ |
Juniper Junos VXLAN resource consumption |
$۰-$۵k |
۲.۷۹- |
|
|
CVE-2020-1675 |
۸.۳ |
Juniper Mist Cloud UI SAML authentication |
$۵k-$25k |
۲.۳۴- |
|
|
CVE-2020-1677 |
۷.۲ |
Juniper Mist Cloud UI SAML Response authentication |
$۵k-$25k |
۲.۴۹- |
|
|
CVE-2020-1676 |
۷.۲ |
Juniper Mist Cloud UI SAML Response authentication |
$۵k-$25k |
۲.۳۴- |
|
|
CVE-2020-26164 |
۳.۵ |
KDE Connect Packet denial of service |
$۰-$۱k |
۰.۶۳ |
|
|
CVE-2020-8349 |
۹.۸ |
Lenovo Cloud Networking Operating System REST API input validation |
$۲k-$5k |
۰.۵۶ |
Not Defined |
|
CVE-2020-8338 |
۷.۸ |
Lenovo Diagnostics DLL untrusted search path |
$۲k-$5k |
۰.۰۷ |
|
|
CVE-2020-8345 |
۷.۳ |
Lenovo HardwareScan Plugin Vantage Hardware Scan uncontrolled search path |
$۲k-$5k |
۰.۴۸ |
|
|
CVE-2020-8332 |
۶.۴ |
Lenovo/IBM System X Server BIOS Mode USB Driver toctou |
$۲k-$5k |
۰.۱۴ |
Not Defined |
|
CVE-2020-8350 |
۸.۸ |
LenovoThinkPad ThinkPad Stack Wireless Router authentication |
$۱k-$2k |
۰.۱۵ |
Not Defined |
|
CVE-2020-26598 |
۷.۵ |
LG Mobile Devices Network Management denial of service |
$۲k-$5k |
۰.۰۰ |
Not Defined |
|
CVE-2020-26597 |
۷.۵ |
LG Mobile Devices Wi-Fi Subsystem denial of service |
$۲k-$5k |
۰.۰۰ |
Not Defined |
|
CVE-2020-27194 |
۵.۵ |
Linux Kernel 64-bit Value verifier.c scalar32_min_max_or unknown vulnerability |
$۵k-$25k |
۴.۸۳- |
|
|
CVE-2020-25641 |
۵.۵ |
Linux Kernel biovecs infinite loop |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2020-25645 |
۷.۵ |
Linux Kernel Geneve Endpoint cleartext |
$۵k-$10k |
۰.۸۶ |
|
|
CVE-2020-25643 |
۵.۵ |
Linux Kernel HDLC_PPP Module memory corruption |
$۱۰k-$25k |
۱.۹۹ |
|
|
CVE-2020-24408 |
۶.۱ |
Magento File Upload cross site scripting |
$۰-$۵k |
۰.۷۵ |
|
|
CVE-2020-27176 |
۸.۳ |
Mark Text cross site scripting |
$۰-$۵k |
۰.۴۵ |
Not Defined |
|
CVE-2020-7743 |
۷.۳ |
mathjs deepExtend unknown vulnerability |
$۲k-$5k |
۰.۰۶ |
|
|
CVE-2020-7326 |
۶.۰ |
McAfee Active Response Core Trust Component security check for standard |
$۱۰k-$25k |
۰.۱۵ |
|
|
CVE-2020-7334 |
۷.۷ |
McAfee Application and Change Control MSI Configuration access control |
$۱۰k-$25k |
۱.۵۱ |
|
|
CVE-2020-7318 |
۴.۳ |
McAfee ePolicy Orchistrator cross site scripting |
$۵k-$10k |
۰.۲۵ |
|
|
CVE-2020-7317 |
۴.۳ |
McAfee ePolicy Orchistrator cross site scripting |
$۵k-$10k |
۰.۷۲ |
|
|
CVE-2020-7316 |
۶.۶ |
McAfee File/Removable Media Protection unquoted search path |
$۵k-$10k |
۰.۹۵ |
|
|
CVE-2020-7327 |
۶.۰ |
McAfee MVision Endpoint Core Trust Component security check for standard |
$۱۰k-$25k |
۰.۳۰ |
|
|
CVE-2020-7330 |
۷.۵ |
McAfee Total Protection Task Scheduling privileges management |
$۵k-$10k |
۰.۰۶ |
|
|
CVE-2020-17407 |
۹.۸ |
Microhard Bullet-LTE Authentication Header stack-based buffer overflow |
$۲k-$5k |
۰.۰۶ |
|
|
CVE-2020-17406 |
۸.۸ |
Microhard Bullet-LTE tools.sh authentication |
$۲k-$5k |
۰.۶۸ |
|
|
CVE-2020-17003 |
۷.۸ |
Microsoft 3D Viewer memory corruption |
$۱۰k-$25k |
۰.۱۱ |
|
|
CVE-2020-16918 |
۷.۸ |
Microsoft 3D Viewer/365 Apps for Enterprise memory corruption |
$۱۰k-$25k |
۰.۱۰ |
|
|
CVE-2020-16904 |
۵.۳ |
Microsoft Azure Functions unknown vulnerability |
Calculating |
۰.۰۰ |
|
|
CVE-2020-16943 |
۶.۵ |
Microsoft Dynamics 365 Commerce authorization |
$۱۰k-$25k |
۰.۵۳ |
|
|
CVE-2020-16931 |
۷.۸ |
Microsoft Excel memory corruption |
$۱۰k-$25k |
۰.۱۰ |
|
|
CVE-2020-16932 |
۷.۸ |
Microsoft Excel memory corruption |
$۱۰k-$25k |
۰.۰۶ |
|
|
CVE-2020-16969 |
۷.۱ |
Microsoft Exchange Server information disclosure |
$۱۰k-$25k |
۰.۲۲ |
|
|
CVE-2020-16937 |
۴.۷ |
Microsoft Microsoft .NET Framework information disclosure |
$۲k-$5k |
۰.۲۵ |
|
|
CVE-2020-16956 |
۵.۴ |
Microsoft Microsoft Dynamics 365 cross site scripting |
$۵k-$10k |
۰.۱۲ |
|
|
CVE-2020-16978 |
۵.۴ |
Microsoft Microsoft Dynamics 365 cross site scripting |
$۵k-$10k |
۰.۰۶ |
|
|
CVE-2020-16957 |
۷.۸ |
Microsoft Office Access Connectivity Engine memory corruption |
$۱۰k-$25k |
۰.۰۵ |
|
|
CVE-2020-16928 |
۷.۸ |
Microsoft Office AppVLP access control |
$۱۰k-$25k |
۰.۰۶ |
|
|
CVE-2020-16955 |
۷.۸ |
Microsoft Office AppVLP access control |
$۱۰k-$25k |
۰.۰۰ |
|
|
CVE-2020-16934 |
۷.۰ |
Microsoft Office AppVLP authorization |
$۱۰k-$25k |
۰.۰۵ |
|
|
CVE-2020-16930 |
۷.۸ |
Microsoft Office Excel memory corruption |
$۱۰k-$25k |
۰.۱۴ |
|
|
CVE-2020-16954 |
۷.۸ |
Microsoft Office memory corruption |
$۱۰k-$25k |
۰.۰۶ |
|
|
CVE-2020-16929 |
۷.۸ |
Microsoft Office memory corruption |
$۱۰k-$25k |
۰.۱۶ |
|
|
CVE-2020-16949 |
۴.۷ |
Microsoft Outlook denial of service |
$۲k-$5k |
۰.۰۷ |
|
|
CVE-2020-16947 |
۷.۵ |
Microsoft Outlook memory corruption |
$۱۰k-$25k |
۱.۲۲ |
|
|
CVE-2020-16886 |
۵.۳ |
Microsoft PowerShellGet WDAC access control |
$۱۰k-$25k |
۰.۰۷ |
|
|
CVE-2020-16951 |
۸.۶ |
Microsoft SharePoint Server Application Package access control |
$۱۰k-$25k |
۰.۵۵ |
|
|
CVE-2020-16952 |
۸.۶ |
Microsoft SharePoint Server Application Package unknown vulnerability |
$۱۰k-$25k |
۰.۶۷ |
|
|
CVE-2020-16946 |
۸.۷ |
Microsoft SharePoint Server cross site scripting |
$۵k-$10k |
۰.۱۱ |
|
|
CVE-2020-16945 |
۸.۷ |
Microsoft SharePoint Server cross site scripting |
$۵k-$10k |
۰.۲۹ |
|
|
CVE-2020-16944 |
۸.۷ |
Microsoft SharePoint Server cross site scripting |
$۵k-$10k |
۰.۲۹ |
|
|
CVE-2020-16950 |
۵.۰ |
Microsoft SharePoint Server information disclosure |
$۲k-$5k |
۰.۰۸ |
|
|
CVE-2020-16941 |
۴.۱ |
Microsoft SharePoint Server information disclosure |
$۲k-$5k |
۰.۰۶ |
|
|
CVE-2020-16942 |
۴.۱ |
Microsoft SharePoint Server information disclosure |
$۱k-$2k |
۰.۳۸ |
|
|
CVE-2020-16953 |
۶.۵ |
Microsoft SharePoint Server information disclosure |
$۵k-$10k |
۰.۰۵ |
|
|
CVE-2020-16948 |
۶.۵ |
Microsoft SharePoint Server information disclosure |
$۵k-$10k |
۰.۲۹ |
|
|
CVE-2020-16995 |
۷.۸ |
Microsoft unknown vulnerability |
Calculating |
۰.۱۶ |
|
|
CVE-2020-17023 |
۷.۸ |
Microsoft Visual Studio Code JSON unknown vulnerability |
$۱۰k-$25k |
۷.۴۷- |
|
|
CVE-2020-16977 |
۷.۰ |
Microsoft Visual Studio Code Python Extension access control |
$۱۰k-$25k |
۰.۰۶ |
|
|
CVE-2020-16876 |
۷.۱ |
Microsoft Windows Application Compatibility Client Library access control |
$۵۰k-$100k |
۰.۰۰ |
|
|
CVE-2020-16920 |
۷.۸ |
Microsoft Windows Application Compatibility Client Library access control |
$۵۰k-$100k |
۱.۶۶ |
|
|
CVE-2020-16976 |
۷.۸ |
Microsoft Windows Backup Service access control |
$۵۰k-$100k |
۰.۰۶ |
|
|
CVE-2020-16974 |
۷.۸ |
Microsoft Windows Backup Service access control |
$۵۰k-$100k |
۰.۰۰ |
|
|
CVE-2020-16973 |
۷.۸ |
Microsoft Windows Backup Service access control |
$۵۰k-$100k |
۰.۰۰ |
|
|
CVE-2020-16975 |
۷.۸ |
Microsoft Windows Backup Service access control |
$۵۰k-$100k |
۰.۰۰ |
|
|
CVE-2020-16936 |
۷.۸ |
Microsoft Windows Backup Service access control |
$۵۰k-$100k |
۰.۲۰ |
|
|
CVE-2020-16912 |
۷.۸ |
Microsoft Windows Backup Service access control |
$۵۰k-$100k |
۱.۰۵ |
|
|
CVE-2020-16972 |
۷.۸ |
Microsoft Windows Backup Service authentication |
$۲۵k-$50k |
۱.۴۲ |
|
|
CVE-2020-16968 |
۷.۸ |
Microsoft Windows Camera Codec Pack memory corruption |
$۵۰k-$100k |
۰.۰۵ |
|
|
CVE-2020-16967 |
۷.۸ |
Microsoft Windows Camera Codec Pack memory corruption |
$۵۰k-$100k |
۰.۰۰ |
|
|
CVE-2020-17022 |
۷.۸ |
Microsoft Windows Codecs Library memory corruption |
$۵۰k-$100k |
۵.۸۸- |
|
|
CVE-2020-16916 |
۷.۸ |
Microsoft Windows COM Server access control |
$۵۰k-$100k |
۰.۰۰ |
|
|
CVE-2020-16935 |
۷.۸ |
Microsoft Windows COM Server access control |
$۵۰k-$100k |
۰.۰۰ |
|
|
CVE-2020-16919 |
۵.۵ |
Microsoft Windows Enterprise App Management Service information disclosure |
$۲۵k-$50k |
۰.۱۱ |
|
|
CVE-2020-16905 |
۶.۸ |
Microsoft Windows Error Reporting access control |
$۵۰k-$100k |
۰.۰۰ |
|
|
CVE-2020-16909 |
۷.۸ |
Microsoft Windows Error Reporting access control |
$۵۰k-$100k |
۰.۰۸ |
|
|
CVE-2020-16895 |
۷.۸ |
Microsoft Windows Error Reporting Manager access control |
$۵۰k-$100k |
۱.۹۶ |
|
|
CVE-2020-16900 |
۷.۰ |
Microsoft Windows Event System memory corruption |
$۵۰k-$100k |
۰.۰۶ |
|
|
CVE-2020-16922 |
۵.۳ |
Microsoft Windows File Signature Validation signature verification |
$۲۵k-$50k |
۰.۰۰ |
|
|
CVE-2020-16914 |
۵.۵ |
Microsoft Windows GDI+ information disclosure |
$۱۰k-$25k |
۰.۰۰ |
|
|
CVE-2020-16911 |
۸.۸ |
Microsoft Windows GDI+ memory corruption |
$۱۰۰k and more |
۰.۷۶ |
|
|
CVE-2020-1167 |
۷.۸ |
Microsoft Windows Graphics memory corruption |
$۵۰k-$100k |
۰.۱۳ |
|
|
CVE-2020-16923 |
۷.۸ |
Microsoft Windows Graphics memory corruption |
$۵۰k-$100k |
۰.۰۰ |
|
|
CVE-2020-16939 |
۷.۸ |
Microsoft Windows Group Policy privileges assignment |
$۵۰k-$100k |
۰.۴۸ |
|
|
CVE-2020-16891 |
۸.۸ |
Microsoft Windows Hyper-V access control |
$۲۵k-$50k |
۰.۰۸ |
|
|
CVE-2020-1243 |
۷.۸ |
Microsoft Windows Hyper-V denial of service |
$۵k-$10k |
۰.۰۶ |
|
|
CVE-2020-1047 |
۷.۸ |
Microsoft Windows Hyper-V memory corruption |
$۵۰k-$100k |
۰.۰۷ |
|
|
CVE-2020-1080 |
۸.۸ |
Microsoft Windows Hyper-V memory corruption |
$۲۵k-$50k |
۰.۰۶ |
|
|
CVE-2020-16902 |
۷.۸ |
Microsoft Windows Installer access control |
$۲۵k-$50k |
۰.۰۷ |
|
|
CVE-2020-16980 |
۷.۸ |
Microsoft Windows iSCSI Target Service access control |
$۵۰k-$100k |
۰.۰۶ |
|
|
CVE-2020-16924 |
۷.۸ |
Microsoft Windows Jet Database Engine memory corruption |
$۵۰k-$100k |
۰.۰۵ |
|
|
CVE-2020-16892 |
۷.۸ |
Microsoft Windows Kernel Image memory corruption |
$۲۵k-$50k |
۰.۰۰ |
|
|
CVE-2020-16901 |
۵.۰ |
Microsoft Windows Kernel information disclosure |
$۱۰k-$25k |
۰.۰۵ |
|
|
CVE-2020-16938 |
۵.۵ |
Microsoft Windows Kernel information disclosure |
$۱۰k-$25k |
۰.۸۳ |
|
|
CVE-2020-16890 |
۷.۸ |
Microsoft Windows Kernel memory corruption |
$۱۰۰k and more |
۰.۶۰ |
|
|
CVE-2020-16889 |
۵.۵ |
Microsoft Windows KernelStream information disclosure |
$۲۵k-$50k |
۰.۰۰ |
|
|
CVE-2020-16915 |
۷.۸ |
Microsoft Windows Media Foundation memory corruption |
$۵۰k-$100k |
۰.۰۰ |
|
|
CVE-2020-16894 |
۷.۷ |
Microsoft Windows NAT memory corruption |
$۵۰k-$100k |
۰.۰۶ |
|
|
CVE-2020-16897 |
۵.۵ |
Microsoft Windows NetBIOS over TCP information disclosure |
$۲۵k-$50k |
۰.۱۱ |
|
|
CVE-2020-16887 |
۷.۸ |
Microsoft Windows Network Connections Service memory corruption |
$۲۵k-$50k |
۰.۰۶ |
|
|
CVE-2020-16927 |
۷.۵ |
Microsoft Windows Remote Desktop Protocol denial of service |
$۱۰k-$25k |
۰.۰۷ |
|
|
CVE-2020-16896 |
۷.۵ |
Microsoft Windows Remote Desktop Protocol information disclosure |
$۲۵k-$50k |
۰.۰۷ |
|
|
CVE-2020-16863 |
۷.۵ |
Microsoft Windows Remote Desktop Service denial of service |
$۱۰k-$25k |
۰.۰۵ |
|
|
CVE-2020-16877 |
۷.۱ |
Microsoft Windows Reparse Point access control |
$۵۰k-$100k |
۰.۲۵ |
|
|
CVE-2020-16908 |
۷.۸ |
Microsoft Windows Setup access control |
$۲۵k-$50k |
۰.۰۶ |
|
|
CVE-2020-0764 |
۷.۸ |
Microsoft Windows Storage Services access control |
$۵۰k-$100k |
۰.۰۶ |
|
|
CVE-2020-16885 |
۷.۸ |
Microsoft Windows Storage VSP Driver access control |
$۵۰k-$100k |
۰.۰۰ |
|
|
CVE-2020-16899 |
۷.۵ |
Microsoft Windows TCPIP Stack denial of service |
$۱۰k-$25k |
۰.۰۶ |
|
|
CVE-2020-16898 |
۹.۸ |
Microsoft Windows TCPIP Stack unknown vulnerability |
$۵۰k-$100k |
۰.۴۵ |
|
|
CVE-2020-16921 |
۵.۵ |
Microsoft Windows Text Services Framework information disclosure |
$۲۵k-$50k |
۰.۲۵ |
|
|
CVE-2020-16910 |
۶.۲ |
Microsoft Windows Unified Extensible Firmware Interface access control |
$۵۰k-$100k |
۰.۰۰ |
|
|
CVE-2020-16940 |
۷.۸ |
Microsoft Windows User Profile Service access control |
$۵۰k-$100k |
۰.۰۰ |
|
|
CVE-2020-16913 |
۷.۸ |
Microsoft Windows Win32k memory corruption |
$۱۰۰k and more |
۰.۷۵ |
|
|
CVE-2020-16907 |
۷.۸ |
Microsoft Windows Win32k memory corruption |
$۱۰۰k and more |
۰.۶۱ |
|
|
CVE-2020-16933 |
۷.۰ |
Microsoft Word LNK File 7pk security |
$۱۰k-$25k |
۰.۱۰ |
|
|
CVE-2020-25986 |
۳.۵ |
MonoCMS Blog cross-site request forgery |
$۰-$۱k |
۰.۰۰ |
Not Defined |
|
CVE-2020-25985 |
۸.۱ |
MonoCMS Blog File denial of service |
$۰-$۱k |
۰.۰۰ |
Not Defined |
|
CVE-2020-25987 |
۷.۵ |
MonoCMS Blog log.xml encryption |
$۰-$۱k |
۰.۰۰ |
Not Defined |
|
CVE-2020-12400 |
۵.۵ |
Mozilla Firefox Coordinate information disclosure |
$۱۰k-$25k |
۰.۲۹ |
|
|
CVE-2020-12401 |
۲.۶ |
Mozilla Firefox ECDSA Signature Generation information disclosure |
$۵k-$10k |
۰.۴۵ |
|
|
CVE-2020-15646 |
۳.۵ |
Mozilla Thunderbird Microsoft Exchange Autodiscovery cleartext |
$۵k-$10k |
۰.۵۷ |
|
|
CVE-2020-7465 |
۹.۸ |
MPD L2TP memory corruption |
$۲k-$5k |
۰.۶۱ |
|
|
CVE-2020-7466 |
۷.۵ |
MPD PPP Authentication out-of-bounds read |
$۰-$۱k |
۰.۱۳ |
|
|
CVE-2020-26928 |
۹.۶ |
Netgear CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 authentication |
$۵k-$10k |
۳.۴۱ |
|
|
CVE-2020-26926 |
۹.۶ |
Netgear CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 authentication |
$۵k-$10k |
۳.۵۵ |
|
|
CVE-2020-26910 |
۸.۴ |
Netgear CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 command injection |
$۱۰k-$25k |
۳.۲۷ |
|
|
CVE-2020-26906 |
۹.۶ |
Netgear CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 information disclosure |
$۵k-$10k |
۰.۸۶ |
|
|
CVE-2020-26905 |
۹.۶ |
Netgear CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 information disclosure |
$۵k-$10k |
۰.۸۵ |
|
|
CVE-2020-26904 |
۹.۶ |
Netgear CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 information disclosure |
$۵k-$10k |
۰.۴۳ |
|
|
CVE-2020-26903 |
۹.۶ |
Netgear CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 information disclosure |
$۵k-$10k |
۰.۵۷ |
|
|
CVE-2020-26900 |
۹.۶ |
Netgear CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 information disclosure |
$۵k-$10k |
۰.۸۹ |
|
|
CVE-2020-26899 |
۹.۶ |
Netgear CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 information disclosure |
$۵k-$10k |
۰.۴۳ |
|
|
CVE-2020-26897 |
۹.۶ |
Netgear CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 information disclosure |
$۵k-$10k |
۰.۵۷ |
|
|
CVE-2020-26909 |
۸.۸ |
Netgear D7800/R7500v2 command injection |
$۱۰k-$25k |
۳.۱۲ |
|
|
CVE-2020-26930 |
۳.۳ |
Netgear EX7700 config |
$۱۰k-$25k |
۴.۵۴ |
|
|
CVE-2020-26921 |
۸.۳ |
Netgear GS110EMX/GS810EMX/XS512EM/XS724EM authentication |
$۵k-$10k |
۴.۴۰ |
|
|
CVE-2020-26925 |
۳.۲ |
Netgear GS808E denial of service |
$۲k-$5k |
۴.۱۲ |
|
|
CVE-2020-26919 |
۹.۸ |
Netgear JGS516PE Access Control access control |
$۱۰k-$25k |
۴.۵۹ |
|
|
CVE-2020-17409 |
۶.۵ |
Netgear R6120/R6080/R6260/R6220/R6020/JNR3210/WNR2020 mini_httpd Service authentication |
$۵k-$10k |
۰.۶۸ |
Not Defined |
|
CVE-2020-26929 |
۷.۳ |
Netgear R6220/R6230 injection |
$۱۰k-$25k |
۴.۸۳ |
|
|
CVE-2020-26918 |
۴.۱ |
Netgear R8500 cross site scripting |
$۵k-$10k |
۶.۴۶ |
|
|
CVE-2020-26917 |
۴.۱ |
Netgear R8500 cross site scripting |
$۵k-$10k |
۶.۶۳ |
|
|
CVE-2020-26898 |
۹.۶ |
Netgear RAX40 config |
$۱۰k-$25k |
۰.۴۳ |
|
|
CVE-2020-26902 |
۹.۶ |
Netgear RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 command injection |
$۱۰k-$25k |
۰.۸۵ |
|
|
CVE-2020-26901 |
۹.۶ |
Netgear RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 information disclosure |
$۵k-$10k |
۰.۹۹ |
|
|
CVE-2020-26907 |
۹.۶ |
Netgear RBK852/RBR850/RBS850 os command injection |
$۱۰k-$25k |
۴.۶۸ |
|
|
CVE-2020-26920 |
۸.۸ |
Netgear SRK60/SRR60/SRS60 command injection |
$۱۰k-$25k |
۳.۸۸ |
|
|
CVE-2020-26924 |
۳.۱ |
Netgear WAC720/WAC730 information disclosure |
$۲k-$5k |
۴.۴۰ |
|
|
CVE-2020-26922 |
۶.۴ |
Netgear WC7500/WC7600/WC7600v2/WC9500 command injection |
$۱۰k-$25k |
۳.۶۹ |
|
|
CVE-2020-26923 |
۴.۳ |
Netgear WC7500/WC7600/WC7600v2/WC9500 cross site scripting |
$۲k-$5k |
۳.۴۱ |
|
|
CVE-2020-26931 |
۵.۹ |
Netgear WC7500/WC7600/WC7600v2/WC9500 information disclosure |
$۲k-$5k |
۳.۵۵ |
|
|
CVE-2020-26911 |
۸.۳ |
Netgear WNR2020 access control |
$۱۰k-$25k |
۳.۴۲ |
|
|
CVE-2020-26927 |
۹.۴ |
Netgear WNR2020 authentication |
$۱۰k-$25k |
۳.۸۳ |
|
|
CVE-2020-26908 |
۹.۴ |
Netgear WNR2020 authentication |
$۱۰k-$25k |
۳.۲۷ |
|
|
CVE-2020-26914 |
۶.۷ |
Netgear WNR2020 command injection |
$۱۰k-$25k |
۳.۴۲ |
|
|
CVE-2020-26916 |
۵.۴ |
Netgear WNR2020 config |
$۱۰k-$25k |
۴.۲۵ |
|
|
CVE-2020-26912 |
۷.۵ |
Netgear WNR2020 cross-site request forgery |
$۵k-$10k |
۲.۹۷ |
|
|
CVE-2020-26913 |
۶.۸ |
Netgear XR500 buffer overflow |
$۱۰k-$25k |
۳.۲۸ |
|
|
CVE-2020-26915 |
۶.۰ |
Netgear XR700 cross site scripting |
$۵k-$10k |
۴.۱۳ |
|
|
CVE-2020-15242 |
۴.۷ |
Next.js redirect |
$۱k-$2k |
۰.۸۵ |
|
|
CVE-2020-7740 |
۸.۲ |
node-pdf-generator server-side request forgery |
$۱k-$2k |
۰.۰۰ |
Not Defined |
|
CVE-2020-15224 |
۶.۸ |
Open Enclave Syscall information disclosure |
$۱k-$2k |
۰.۱۵ |
|
|
CVE-2020-16124 |
۷.۳ |
OpenRobotics ros_comm Communications Package XML RPC Library integer overflow |
$۲k-$5k |
۱.۰۲ |
|
|
CVE-2020-26571 |
۵.۵ |
OpenSC gemsafe GPK Smart Card Software Driver sc_pkcs15emu_gemsafeGPK_init stack-based buffer overflow |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2020-26570 |
۵.۵ |
OpenSC Oberthur Smart Card Software Driver sc_oberthur_read_file buffer overflow |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2020-26572 |
۵.۵ |
OpenSC TCOS Smart Card Software Driver tcos_decipher buffer overflow |
$۲k-$5k |
۰.۰۷ |
|
|
CVE-2020-26943 |
۵.۵ |
OpenStack blazar-dashboard access control |
$۰-$۵k |
۲.۵۶ |
|
|
CVE-2020-24246 |
۴.۳ |
Peplink Balance Web Admin connector.php information disclosure |
$۱k-$2k |
۱.۱۴ |
|
|
CVE-2020-12500 |
۷.۳ |
Pepperl Fuchs RocketLinx Comtrol Administration Interface authentication |
$۱k-$2k |
۶.۹۶ |
Official Fix |
|
CVE-2020-12501 |
۷.۳ |
Pepperl Fuchs RocketLinx Comtrol Administration Interface backdoor |
$۲k-$5k |
۶.۸۱ |
Official Fix |
|
CVE-2020-12503 |
۶.۳ |
Pepperl Fuchs RocketLinx Comtrol Administration Interface command injection |
$۲k-$5k |
۷.۵۲ |
Official Fix |
|
CVE-2020-12502 |
۴.۳ |
Pepperl Fuchs RocketLinx Comtrol Administration Interface cross-site request forgery |
$۰-$۱k |
۶.۹۶ |
Official Fix |
|
CVE-2020-12504 |
۵.۳ |
Pepperl Fuchs RocketLinx Comtrol TFTP Service information disclosure |
$۱k-$2k |
۴.۵۴ |
Official Fix |
|
CVE-2020-25271 |
۳.۵ |
PHPGurukul hospital-management-system-in-php patient-search.php cross site scripting |
$۰-$۱k |
۰.۴۳ |
Not Defined |
|
CVE-2020-25270 |
۳.۵ |
PHPGurukul hostel-management-system cross site scripting |
$۰-$۱k |
۰.۷۱ |
Not Defined |
|
CVE-2020-26935 |
۶.۳ |
phpMyAdmin SearchController sql injection |
$۱۰k-$25k |
۶.۶۷+ |
|
|
CVE-2020-26934 |
۳.۵ |
phpMyAdmin Transformation Feature cross site scripting |
$۲k-$5k |
۶.۱۰+ |
|
|
CVE-2020-25263 |
۳.۵ |
PyroCMS anomaly.module.blocks cross-site request forgery |
$۰-$۱k |
۰.۷۱ |
Not Defined |
|
CVE-2020-25262 |
۳.۵ |
PyroCMS cross-site request forgery |
$۰-$۱k |
۰.۴۳ |
Not Defined |
|
CVE-2020-25637 |
۶.۷ |
QEMU libvirt API access control |
$۵k-$10k |
۰.۰۰ |
|
|
CVE-2020-25743 |
۳.۲ |
QEMU pci.c ide_cancel_dma_sync null pointer dereference |
$۲k-$5k |
۰.۰۸ |
|
|
CVE-2020-25742 |
۳.۲ |
QEMU pci.c pci_change_irq_level null pointer dereference |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2020-25858 |
۳.۵ |
Qualcomm QCMAP Mobile Hotspot QCMAP_Web_CLIENT Tokenizer denial of service |
$۰-$۱k |
۰.۳۰ |
|
|
CVE-2020-25859 |
۵.۳ |
Qualcomm QCMAP SetGatewayUrl os command injection |
$۱k-$2k |
۰.۲۳ |
|
|
CVE-2020-7383 |
۸.۱ |
Rapid7 Nexpose sql injection |
$۱k-$2k |
۰.۶۶ |
|
|
CVE-2020-14299 |
۵.۵ |
Red Hat JBoss EAP Legacy SecurityRealm authentication |
$۵k-$25k |
۰.۸۳ |
Not Defined |
|
CVE-2020-25613 |
۵.۵ |
Ruby WEBrick request smuggling |
$۱k-$2k |
۰.۰۰ |
Not Defined |
|
CVE-2020-26600 |
۷.۵ |
Samsung Mobile Device Auto Hotspot information disclosure |
$۰-$۱k |
۰.۰۰ |
Official Fix |
|
CVE-2020-26599 |
۵.۳ |
Samsung Mobile Device Dynamic Lockscreen authentication |
$۰-$۱k |
۰.۰۰ |
Official Fix |
|
CVE-2020-26601 |
۷.۵ |
Samsung Mobile Device Pendingintent unknown vulnerability |
$۲k-$5k |
۰.۰۰ |
Official Fix |
|
CVE-2020-26605 |
۷.۵ |
Samsung Mobile Devices Log information disclosure |
$۰-$۱k |
۰.۲۱ |
Official Fix |
|
CVE-2020-26604 |
۷.۵ |
Samsung Mobile Devices Pendingintent unknown vulnerability |
$۲k-$5k |
۰.۴۷ |
Official Fix |
|
CVE-2020-26602 |
۷.۵ |
Samsung Mobile Devices Pendingintent unknown vulnerability |
$۲k-$5k |
۰.۴۱ |
Official Fix |
|
CVE-2020-26606 |
۷.۵ |
Samsung Mobile Devices Secure Folder unknown vulnerability |
$۲k-$5k |
۰.۶۹ |
Official Fix |
|
CVE-2020-26603 |
۵.۳ |
Samsung Mobile Devices Sticker Center pathname traversal |
$۱k-$2k |
۰.۴۹ |
Official Fix |
|
CVE-2020-26607 |
۹.۸ |
Samsung Mobile Devices TimaService unknown vulnerability |
$۲k-$5k |
۰.۷۴ |
Official Fix |
|
CVE-2020-7811 |
۷.۸ |
Samsung Update Inter-Process Communication deserialization |
$۱k-$2k |
۰.۰۰ |
Not Defined |
|
CVE-2020-6375 |
۵.۵ |
SAP 3D Visual Enterprise Viewer CGM File denial of service |
$۵k-$10k |
۰.۰۸ |
Not Defined |
|
CVE-2020-6374 |
۷.۸ |
SAP 3D Visual Enterprise Viewer JT File denial of service |
$۵k-$10k |
۰.۰۸ |
Not Defined |
|
CVE-2020-6373 |
۷.۸ |
SAP 3D Visual Enterprise Viewer PDF File denial of service |
$۵k-$10k |
۰.۲۸ |
Not Defined |
|
CVE-2020-6372 |
۷.۸ |
SAP 3D Visual Enterprise Viewer PDF File denial of service |
$۵k-$10k |
۰.۴۲ |
Not Defined |
|
CVE-2020-6376 |
۵.۵ |
SAP 3D Visual Enterprise Viewer RH File denial of service |
$۲k-$5k |
۰.۶۱ |
Not Defined |
|
CVE-2020-6368 |
۵.۴ |
SAP Business Planning and Consolidation cross site scripting |
$۲k-$5k |
۰.۲۳ |
Not Defined |
|
CVE-2020-6363 |
۴.۶ |
SAP Commerce Cloud session expiration |
$۵k-$10k |
۰.۰۸ |
Not Defined |
|
CVE-2020-6272 |
۵.۴ |
SAP Commerce Cloud Web CMS Components cross site scripting |
$۲k-$5k |
۰.۱۳ |
Not Defined |
|
CVE-2020-6371 |
۴.۳ |
SAP NetWeaver Application Server ABAP information disclosure |
$۵k-$10k |
۰.۴۸ |
Not Defined |
|
CVE-2020-6319 |
۶.۱ |
SAP NetWeaver Application Server Java cross site scripting |
$۵k-$10k |
۰.۳۳ |
Not Defined |
|
CVE-2020-6365 |
۶.۱ |
SAP NetWeaver AS JAVA Start Page redirect |
$۱۰k-$25k |
۰.۲۰ |
Not Defined |
|
CVE-2020-6323 |
۶.۱ |
SAP Netweaver Enterprise Portal Fiori Framework Page cross site scripting |
$۲k-$5k |
۰.۲۵ |
Not Defined |
|
CVE-2020-6364 |
۱۰.۰ |
SAP Solution Manager/Focused Run CA Introscope Enterprise Manager code injection |
$۱۰k-$25k |
۰.۱۵ |
Not Defined |
|
CVE-2020-15797 |
۴.۳ |
Siemens DCA Vantage Analyzer Kiosk Mode access control |
$۲k-$5k |
۰.۳۸ |
|
|
CVE-2020-7590 |
۴.۱ |
Siemens DCA Vantage Analyzer Onboard Database hard-coded password |
$۰-$۱k |
۰.۲۳ |
|
|
CVE-2020-15794 |
۴.۳ |
Siemens Desigo Insight Web Application information exposure |
$۵k-$25k |
۰.۳۸ |
Not Defined |
|
CVE-2020-15792 |
۴.۳ |
Siemens Desigo Insight Web Service sql injection |
$۵k-$25k |
۰.۳۰ |
|
|
CVE-2020-15793 |
۴.۳ |
Siemens Desigo Insight X-Frame-Options clickjacking |
$۵k-$25k |
۰.۳۸ |
Not Defined |
|
CVE-2020-7591 |
۵.۵ |
Siemens SIPORT MP Single Sign-On authentication spoofing |
$۵k-$25k |
۲.۶۴ |
|
|
CVE-2020-8781 |
۷.۸ |
Sierra Wireless ALEOS authorization |
$۱k-$2k |
۰.۲۸ |
|
|
CVE-2020-8782 |
۹.۸ |
Sierra Wireless ALEOS RPC Server unknown vulnerability |
$۲k-$5k |
۰.۹۹ |
|
|
CVE-2020-7742 |
۷.۵ |
simpl-schema unknown vulnerability |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2020-15229 |
۸.۲ |
Singularity unsquashfs path traversal |
$۱k-$2k |
۰.۵۴ |
|
|
CVE-2020-15243 |
۹.۱ |
Smartstore WebApi Authentication authentication |
$۱k-$2k |
۰.۵۷ |
Not Defined |
|
CVE-2020-5135 |
۴.۳ |
SonicWALL SonicOS buffer overflow |
$۲k-$5k |
۰.۴۵ |
Not Defined |
|
CVE-2020-5133 |
۵.۳ |
SonicWALL SonicOS buffer overflow |
$۲k-$5k |
۰.۲۳ |
Not Defined |
|
CVE-2020-5143 |
۵.۳ |
SonicWALL SonicOS Login Page information exposure |
$۱k-$2k |
۰.۰۷ |
Not Defined |
|
CVE-2020-5134 |
۳.۵ |
SonicWALL SonicOS out-of-bounds read |
$۰-$۱k |
۰.۰۶ |
Not Defined |
|
CVE-2020-5139 |
۵.۳ |
SonicWALL SonicOS release of reference |
$۰-$۱k |
۰.۰۰ |
Not Defined |
|
CVE-2020-5137 |
۷.۳ |
SonicWALL SonicOS SSL VPN Service buffer overflow |
$۲k-$5k |
۰.۰۵ |
Not Defined |
|
CVE-2020-5138 |
۵.۳ |
SonicWALL SonicOS SSL VPN Service heap-based buffer overflow |
$۲k-$5k |
۰.۰۵ |
Not Defined |
|
CVE-2020-5140 |
۵.۳ |
SonicWALL SonicOS SSL VPN Service out-of-bounds read |
$۱k-$2k |
۰.۰۰ |
Not Defined |
|
CVE-2020-5142 |
۴.۳ |
SonicWALL SonicOS SSL VPN Web Interface cross site scripting |
$۰-$۱k |
۰.۰۶ |
Not Defined |
|
CVE-2020-5136 |
۳.۵ |
SonicWALL SonicOS SSL-VPN Portal buffer overflow |
$۱k-$2k |
۰.۰۰ |
Not Defined |
|
CVE-2020-5141 |
۳.۷ |
SonicWALL SonicOS Virtual Assist Ticket ID protection mechanism failure |
$۲k-$5k |
۰.۰۵ |
Not Defined |
|
CVE-2020-25272 |
۳.۵ |
Sourcecodester Booking System book_now.php cross site scripting |
$۰-$۱k |
۰.۳۰ |
|
|
CVE-2020-25273 |
۷.۳ |
Sourcecodester Online Bus Booking System Admin Login Screen admin.php sql injection |
$۲k-$5k |
۰.۴۳ |
|
|
CVE-2020-26880 |
۵.۳ |
Sympa Configuration File privileges management |
$۱k-$2k |
۰.۳۰ |
|
|
CVE-2020-26932 |
۵.۵ |
Sympa Package permission |
$۱k-$2k |
۶.۲۵+ |
|
|
CVE-2020-25824 |
۲.۵ |
Telegram Desktop Export Telegram Data wizard authentication |
$۰-$۱k |
۰.۰۸ |
|
|
CVE-2020-25779 |
۶.۳ |
Trend Micro Antivirus Internationalized Domain Name access control |
$۱۰k-$25k |
۰.۶۰ |
|
|
CVE-2020-25778 |
۳.۵ |
Trend Micro Antivirus Kernel Extension information disclosure |
$۲k-$5k |
۰.۰۸ |
|
|
CVE-2020-25777 |
۵.۵ |
Trend Micro Antivirus Web Threat Protection access control |
$۱۰k-$25k |
۰.۱۵ |
|
|
CVE-2020-27013 |
۶.۳ |
Trend Micro Antivirus Webserver API access control |
$۱۰k-$25k |
۰.۴۷ |
Not Defined |
|
CVE-2020-27156 |
۹.۸ |
Veritas APTARE Authorization authorization |
$۲k-$5k |
۱.۸۱ |
|
|
CVE-2020-27157 |
۸.۱ |
Veritas APTARE Login authentication |
$۱k-$2k |
۱.۸۹ |
|
|
CVE-2020-9048 |
۷.۱ |
Victor Web Client denial of service |
$۰-$۱k |
۰.۵۷ |
Not Defined |
|
CVE-2020-3991 |
۵.۵ |
VMware Horizon Client Installation access control |
$۵k-$25k |
۱.۴۳ |
|
|
CVE-2020-8820 |
۵.۴ |
Webmin Cluster Shell Commands Endpoint cross site scripting |
$۰-$۱k |
۰.۰۰ |
Not Defined |
|
CVE-2020-8821 |
۵.۴ |
Webmin Command Shell Endpoint input validation |
$۱k-$2k |
۰.۰۰ |
Not Defined |
|
CVE-2020-12670 |
۶.۱ |
Webmin Read User Email Module/Mailboxes Endpoint cross site scripting |
$۰-$۱k |
۰.۰۶ |
Not Defined |
|
CVE-2020-25644 |
۷.۵ |
WildFly OpenSSL HTTP Session memory leak |
$۵k-$10k |
۰.۰۰ |
|
|
CVE-2020-15258 |
۸.۰ |
Wire URL shell.openExternal input validation |
$۰-$۵k |
۲.۷۳- |
|
|
CVE-2020-25866 |
۷.۵ |
Wireshark BLIP Protocol Dissector packet-blip.c null pointer dereference |
$۰-$۱k |
۰.۵۳ |
|
|
CVE-2020-26575 |
۳.۵ |
Wireshark Facebook Zero Protocol Dissector packet-fbzero.c by infinite loop |
$۰-$۱k |
۰.۰۷ |
|
|
CVE-2020-25863 |
۷.۵ |
Wireshark MIME Multipart Dissector packet-multipart.c denial of service |
$۰-$۱k |
۰.۰۸ |
|
|
CVE-2020-25862 |
۷.۵ |
Wireshark TCP Dissector packet-tcp.c denial of service |
$۰-$۱k |
۰.۱۴ |
|
|
CVE-2020-26876 |
۵.۵ |
WordPress courses Plugin JSON REST API wp-json unknown vulnerability |
$۲k-$5k |
۰.۹۰ |
Not Defined |
|
CVE-2020-5642 |
۸.۸ |
WordPress Live Chat - Live Support cross-site request forgery |
$۰-$۱k |
۰.۲۵ |
Not Defined |
|
CVE-2020-26672 |
۳.۵ |
WordPress Testimonial Rotator Plugin post.php cross site scripting |
$۰-$۵k |
۰.۷۵ |
Not Defined |
|
CVE-2020-15252 |
۸.۵ |
XWiki Application Server Servlet code injection |
$۰-$۵k |
۰.۳۸ |
|
|
CVE-2020-11800 |
۹.۰ |
Zabbix Server unknown vulnerability |
$۲k-$5k |
۱.۵۶ |
|
|
CVE-2020-10816 |
۷.۳ |
Zoho ManageEngine Applications Manager AAMRequestProcessor Servlet authorization |
$۲k-$5k |
۳.۵۳ |
Not Defined |
|
CVE-2020-16267 |
۶.۳ |
Zoho ManageEngine Applications Manager RCA module sql injection |
$۱k-$2k |
۰.۱۴ |
|
|
CVE-2020-15927 |
۶.۳ |
Zoho ManageEngine Applications Manager SAP Module sql injection |
$۱k-$2k |
۰.۰۰ |
|
|
CVE-2020-6875 |
۵.۵ |
ZTE ZXONE 19700 SNPE Access Control access control |
$۱k-$2k |
۰.۱۴ |
Not Defined |
سطح خطر حدود ۴۵% آسیبپذیریهای هفته، «پرخطر» و «حیاتی» برآورد شده است که قابل توجّه است.
ارزش روز صفرم ۳۹% آسیبپذیریهای هفته بیش از ۵۰۰۰ دلار بوده است.
خوشبختانه برای ۷۵% آسیبپذیریهای هفته، بهروزرسانیها و یا وصلههایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده ازآسیبپذیریها بهتر است سریعاً اعمال شوند.
