آسیب‌پذیری‌های حیاتی هفته چهارم اردیبهشت‌ماه

این هفته سه‌شنبه‌های به‌روزرسانی مایکروسافت در ماه مِی را سپری کردیم. دومین سه‌شنبه هر ماه، شرکت مایکروسافت به‌روزرسانی‌های لازم را برای محصولات خود منتشر می‌کند. این آسیب‌پذیری‌ها مربوط به مهم‌ترین محصولات مایکروسافت یعنی ویندوز، مرورگرهای IE و Edge ، چارچوب‌های .NET و SharePoint بودند. امّا علاوه بر محصولات مایکروسافت، آسیب‌پذیری‌های بسیاری با سطوح خطر «بالا» و «حیاتی» در سایر محصولات شرکت‌های مهم از جمله IBM، Google Android، Apache، Adobe، Nextcloud و ... شناسایی شده است. به علاوه نرم‌افزارهایی نظیر Symantec، McAfee و Avira و کرنل لینوکس نیز چندین آسیب‌پذیری خطرناک و حیاتی داشتند.

لیست این آسیب‌پذیری‌ها به همراه لینک وصله‌ها و به‌روزرسانی‌های ارائه‌شده در جدول زیر آمده است.

رفع آسیب‌پذیری	نوع آسیب‌پذیری	محصول آسیب‌پذیر	شناسه آسیب‌پذیری
Official Fix	Remote Code Execution	Actionpack_page-caching Gem Web Server	CVE-2020-8159
Official Fix	DoS	Adobe Acrobat Reader	CVE-2020-9611
Official Fix	Memory Corruption	Adobe Acrobat Reader Heap-based	CVE-2020-9612
Official Fix	Information Disclosure	Adobe Acrobat Reader	CVE-2020-9593
Official Fix	Information Disclosure	Adobe Acrobat Reader	CVE-2020-9595
Official Fix	Information Disclosure	Adobe Acrobat Reader	CVE-2020-9598
Official Fix	Memory Corruption	Adobe Acrobat Reader	CVE-2020-9604
Official Fix	Memory Corruption	Adobe Acrobat Reader	CVE-2020-9605
Official Fix	DoS	Adobe Acrobat Reader NULL Pointer Dereference	CVE-2020-9610
Official Fix	Information Disclosure	Adobe Acrobat Reader Out-of-Bounds	CVE-2020-9599
Official Fix	Information Disclosure	Adobe Acrobat Reader Out-of-Bounds	CVE-2020-9600
Official Fix	Information Disclosure	Adobe Acrobat Reader Out-of-Bounds	CVE-2020-9601
Official Fix	Information Disclosure	Adobe Acrobat Reader Out-of-Bounds	CVE-2020-9602
Official Fix	Information Disclosure	Adobe Acrobat Reader Out-of-Bounds	CVE-2020-9603
Official Fix	Information Disclosure	Adobe Acrobat Reader Out-of-Bounds	CVE-2020-9608
Official Fix	Information Disclosure	Adobe Acrobat Reader Out-of-Bounds	CVE-2020-9609
Official Fix	Memory Corruption	Adobe Acrobat Reader Out-of-Bounds	CVE-2020-9594
Official Fix	Memory Corruption	Adobe Acrobat Reader Out-of-Bounds	CVE-2020-9597
Official Fix	Privilege Escalation	Adobe Acrobat Reader	CVE-2020-9592
Official Fix	Privilege Escalation	Adobe Acrobat Reader	CVE-2020-9596
Official Fix	Privilege Escalation	Adobe Acrobat Reader	CVE-2020-9613
Official Fix	Privilege Escalation	Adobe Acrobat Reader	CVE-2020-9614
Official Fix	Race Condition	Adobe Acrobat Reader	CVE-2020-9615
Official Fix	Memory Corruption	Adobe Acrobat Reader Use-After-Free	CVE-2020-9606
Official Fix	Memory Corruption	Adobe Acrobat Reader Use-After-Free	CVE-2020-9607
Not Defined	Directory Traversal	Advantech WebAccess Node	CVE-2020-12026
Not Defined	Directory Traversal	Advantech WebAccess Node	CVE-2020-12010
Not Defined	Directory Traversal	Advantech WebAccess Node	CVE-2020-12006
Not Defined	Memory Corruption	Advantech WebAccess Node Heap-based	CVE-2020-10638
Not Defined	Privilege Escalation	Advantech WebAccess Node Injection	CVE-2020-12022
Not Defined	Memory Corruption	Advantech WebAccess Node Out-of-Bounds	CVE-2020-12018
Not Defined	SQL Injection	Advantech WebAccess Node	CVE-2020-12014
Not Defined	Memory Corruption	Advantech WebAccess Node Stack-based	CVE-2020-12002
Not Defined	XSS	ALSong DOM-Based	CVE-2020-7809
Official Fix	Information Disclosure	Ansible Engine/Ansible Tower Decryption tmp	CVE-2020-10685
Not Defined	Privilege Escalation	Ansible Engine/Ansible Tower fuse Filesystem Temporary	CVE-2020-10744
Not Defined	XSS	Apache ActiveMQ Webconsole Admin GUI	CVE-2020-1941
Not Defined	Privilege Escalation	Apache ant Temp Directory Code Injection	CVE-2020-1945
Official Fix	Unknown Vulnerability	Apache Camel JMX	CVE-2020-11971
Official Fix	Privilege Escalation	Apache Camel Netty Deserialization	CVE-2020-11973
Official Fix	Privilege Escalation	Apache Camel RabbitMQ Deserialization	CVE-2020-11972
Official Fix	Command Injection	Apache CloudStack baremetal	CVE-2019-17562
Not Defined	Privilege Escalation	Apache Flink JMXRMI Registry Man-in-the-Middle	CVE-2020-1960
Official Fix	XML External Entity	Apache log4net Configuration File	CVE-2018-1285
Not Defined	Directory Traversal	Apache RocketMQ Broker	CVE-2019-17572
Not Defined	Information Disclosure	Avira Free Antivirus Avira.PWM.NativeMessaging.exe	CVE-2020-12680
Official Fix	DoS	BitDefender Engine Sample Scanner cevakrnl.rv0	CVE-2020-8100
Not Defined	Information Disclosure	Bond JetSelect Developer Tools Credentials	CVE-2019-13023
Not Defined	Weak Encryption	Bond JetSelect ENCtool.jar	CVE-2019-13022
Not Defined	Information Disclosure	Bond JetSelect sfc-general-properties	CVE-2019-13021
Not Defined	SQL Injection	Chop Slider Plugin index.php	CVE-2020-11530
Not Defined	Memory Corruption	ClamAV Antivirus ARJ Archive Parser Heap-based	CVE-2020-3327
Not Defined	Memory Corruption	ClamAV Antivirus PDF Archive Parser Stack-based	CVE-2020-3341
Official Fix	Privilege Escalation	CODESYS Development System	CVE-2020-12068
Not Defined	DoS	COVIDSafe App Bluetooth Advertisement Crash	CVE-2020-12717
Official Fix	Privilege Escalation	cPanel Account Backup	CVE-2020-12785
Official Fix	DoS	cPanel Mail Log	CVE-2020-12784
Not Defined	Weak Authentication	Dahua Device Login Mode	CVE-2019-9682
Not Defined	Weak Authentication	Dahua Products Session	CVE-2020-9502
Not Defined	Information Disclosure	Dahua Web P2P Key	CVE-2020-9501
Not Defined	Privilege Escalation	direct_mail Extension Access Control	CVE-2020-12698
Not Defined	DoS	direct_mail Extension	CVE-2020-12697
Not Defined	Information Disclosure	direct_mail Extension Newsletter Subscribe	CVE-2020-12700
Not Defined	Open Redirect	direct_mail Extension	CVE-2020-12699
Workaround	Privilege Escalation	D-Link DAP-1360 Telnet Service	CVE-2019-18666
Not Defined	Weak Authentication	DomainMod Password Reset reset.php	CVE-2020-12735
Official Fix	Memory Corruption	FreeBSD cryptodev Kernel Memory	CVE-2019-15879
Official Fix	Information Disclosure	FreeBSD FTP Packet	CVE-2020-7455
Official Fix	DoS	FreeBSD Kernel Panic	CVE-2019-15880
Official Fix	Memory Corruption	FreeBSD Out-of-Bounds	CVE-2020-7454
Official Fix	Memory Corruption	FreeBSD SCTP Use-After-Free	CVE-2019-15878
Not Defined	Information Disclosure	FreeRDP bitmap.c	CVE-2020-11525
Not Defined	Information Disclosure	FreeRDP gdi.c	CVE-2020-11522
Not Defined	Memory Corruption	FreeRDP interleaved.c	CVE-2020-11524
Not Defined	Memory Corruption	FreeRDP planar.c	CVE-2020-11521
Not Defined	Memory Corruption	FreeRDP region.c	CVE-2020-11523
Not Defined	Information Disclosure	FreeRDP update.c	CVE-2020-11526
Not Defined	Privilege Escalation	Gazie setup.php	CVE-2020-12743
Not Defined	SQL Injection	Gnuteca action=main:search:simpleSearch	CVE-2020-12766
Not Defined	Directory Traversal	Gnuteca file.php	CVE-2020-12764
Official Fix	Memory Corruption	Google Android a2dp_aac_decoder.cc a2dp_aac_decoder_cleanup	CVE-2020-0103
Official Fix	Privilege Escalation	Google Android ActivityStack.java navigateUpToLocked	CVE-2020-0098
Official Fix	Privilege Escalation	Google Android ActivityStartController.java startActivities	CVE-2020-0096
Official Fix	Memory Corruption	Google Android Airbrush FW	CVE-2020-0221
Official Fix	Privilege Escalation	Google Android Email	CVE-2020-0090
Official Fix	Information Disclosure	Google Android exif-data.c exif_data_save_data_entry	CVE-2020-0093
Official Fix	Memory Corruption	Google Android ExifUtils.cpp setImageWidth	CVE-2020-0094
Official Fix	Memory Corruption	Google Android gatt_server.cc SendResponse	CVE-2020-0102
Official Fix	Information Disclosure	Google Android ICrypto.cpp onTransact	CVE-2020-0101
Official Fix	Information Disclosure	Google Android IHDCP.cpp onTransact	CVE-2020-0100
Official Fix	Information Disclosure	Google Android KeyguardStateMonitor.java onShowingStateChanged	CVE-2020-0104
Official Fix	Privilege Escalation	Google Android mnld	CVE-2020-0091
Official Fix	Memory Corruption	Google Android msm-cirrus-playback.c crus_afe_callback	CVE-2020-0220
Official Fix	Information Disclosure	Google Android NotificationStackScrollLayout.java setHideSensitive	CVE-2020-0092
Official Fix	Privilege Escalation	Google Android PackageManagerService.java	CVE-2020-0097
Official Fix	Privilege Escalation	Google Android Permission Check key_store_service.cpp onKeyguardVisibilityChanged	CVE-2020-0105
Official Fix	Privilege Escalation	Google Android Permission Check NotificationManagerService.java simulatePackageSuspendBroadcast	CVE-2020-0109
Official Fix	Privilege Escalation	Google Android	CVE-2020-0064
Official Fix	Memory Corruption	Google Android psi.c psi_write	CVE-2020-0110
Official Fix	Privilege Escalation	Google Android Receiver	CVE-2020-0065
Official Fix	Information Disclosure	Google Android SDK Version Check PhoneInterfaceManager.java getCellLocation	CVE-2020-0106
Official Fix	Privilege Escalation	Google Android SettingsBaseActivity.java onCreate	CVE-2020-0024
Not Defined	Privilege Escalation	Groupfolders App Access Control	CVE-2020-8153
Official Fix	Weak Authentication	Huawei P20	CVE-2020-9073
Official Fix	Information Disclosure	Huawei View 20/Honor 20/Honor 20 Pro/Honor Magic2 Out-of-Bounds	CVE-2020-1808
Not Defined	Memory Corruption	IBM i2 Intelligent Analyis Platform	CVE-2020-4468
Not Defined	Memory Corruption	IBM i2 Intelligent Analyis Platform	CVE-2020-4467
Not Defined	Memory Corruption	IBM i2 Intelligent Analyis Platform	CVE-2020-4422
Not Defined	Memory Corruption	IBM i2 Intelligent Analyis Platform	CVE-2020-4343
Not Defined	Memory Corruption	IBM i2 Intelligent Analyis Platform	CVE-2020-4288
Not Defined	Memory Corruption	IBM i2 Intelligent Analyis Platform	CVE-2020-4287
Not Defined	Memory Corruption	IBM i2 Intelligent Analyis Platform	CVE-2020-4285
Not Defined	Memory Corruption	IBM i2 Intelligent Analyis Platform	CVE-2020-4266
Not Defined	Memory Corruption	IBM i2 Intelligent Analyis Platform	CVE-2020-4265
Not Defined	Memory Corruption	IBM i2 Intelligent Analyis Platform	CVE-2020-4264
Not Defined	Memory Corruption	IBM i2 Intelligent Analyis Platform	CVE-2020-4263
Not Defined	Memory Corruption	IBM i2 Intelligent Analyis Platform	CVE-2020-4262
Not Defined	Memory Corruption	IBM i2 Intelligent Analyis Platform	CVE-2020-4261
Not Defined	Memory Corruption	IBM i2 Intelligent Analyis Platform	CVE-2020-4258
Not Defined	Memory Corruption	IBM i2 Intelligent Analyis Platform	CVE-2020-4257
Not Defined	Information Disclosure	IBM Sterling B2B Integrator Standard Edition	CVE-2020-4299
Not Defined	Information Disclosure	IBM Sterling B2B Integrator Standard Edition Web Page Cache	CVE-2020-4312
Not Defined	Privilege Escalation	IBM Sterling File Gateway	CVE-2020-4259
Not Defined	Information Disclosure	IBM UrbanCode Deploy HSTS	CVE-2019-4667
Not Defined	Server-Side Request Forgery	IBM WebSphere Application Server	CVE-2020-4365
Official Fix	Memory Corruption	Iconimlib2 Color Map loader_ico.c	CVE-2020-12761
Official Fix	Memory Corruption	iproute2 ipnetns.c get_netnsid_from_name	CVE-2019-20795
Official Fix	Privilege Escalation	JAL Information Technology Pallet Control Access Control	CVE-2020-5538
Official Fix	Directory Traversal	Jooby	CVE-2020-7647
Not Defined	Memory Corruption	json-c JSON File printbuf_memappend	CVE-2020-12762
Not Defined	Weak Authentication	KDE kio-extras fish.cpp establishConnection	CVE-2020-12755
Not Defined	Privilege Escalation	KeyCloak Admin Console	CVE-2019-10170
Official Fix	Privilege Escalation	KeyCloak Deserialization	CVE-2020-1714
Official Fix	Information Disclosure	KeyCloak HttpMethod	CVE-2020-1698
Official Fix	Information Disclosure	KeyCloak	CVE-2020-1724
Official Fix	Weak Authentication	KeyCloak TLS Hostname Verification Man-in-the-Middle	CVE-2020-1758
Not Defined	Privilege Escalation	KeyCloak User-Managed Access Interface	CVE-2019-10169
Not Defined	Remote Code Execution	LG Mobile Devices Bootloader	CVE-2020-12753
Not Defined	Privilege Escalation	LG Mobile Devices Window System Service	CVE-2020-12754
Not Defined	DoS	libEMF	CVE-2020-11864
Not Defined	DoS	libEMF	CVE-2020-11863
Not Defined	Memory Corruption	libEMF Out-of-Bounds	CVE-2020-11865
Not Defined	Memory Corruption	libEMF Use-After-Free	CVE-2020-11866
Not Defined	DoS	libexif exif-entry.c exif_entry_get_value	CVE-2020-12767
Not Defined	DoS	Linux Kernel btree.c btree_gc_coalesce	CVE-2020-12771
Official Fix	Privilege Escalation	Linux Kernel Fix CVE-2019-11599 get_task_mm	CVE-2019-14898
Not Defined	DoS	Linux Kernel fuse Filesystem Resource Exhaustion	CVE-2019-20794
Official Fix	Memory Corruption	Linux Kernel ptp Device ptpX	CVE-2020-10690
Official Fix	Privilege Escalation	Linux Kernel sg_write	CVE-2020-12770
Official Fix	DoS	Linux Kernel spi-dw.c dw_spi_transfer_one	CVE-2020-12769
Official Fix	DoS	Linux Kernel svm.c svm_cpu_uninit	CVE-2020-12768
Not Defined	Privilege Escalation	Linux Kernel VFIO PCI Driver	CVE-2020-12888
Official Fix	Privilege Escalation	McAfee Active Response	CVE-2020-7291
Official Fix	Privilege Escalation	McAfee Active Response	CVE-2020-7290
Official Fix	Privilege Escalation	McAfee Active Response	CVE-2020-7289
Official Fix	Privilege Escalation	McAfee Endpoint Security Symbolic Link	CVE-2020-7265
Official Fix	Privilege Escalation	McAfee Endpoint Security Symbolic Links	CVE-2020-7264
Official Fix	Privilege Escalation	McAfee Exploit Detection and Response	CVE-2020-7288
Official Fix	Privilege Escalation	McAfee Exploit Detection and Response	CVE-2020-7287
Official Fix	Privilege Escalation	McAfee Exploit Detection and Response	CVE-2020-7286
Official Fix	Privilege Escalation	McAfee MVision Endpoint	CVE-2020-7285
Official Fix	Privilege Escalation	McAfee VirusScan Enterprise Symbolic Link	CVE-2020-7267
Official Fix	Privilege Escalation	McAfee VirusScan Enterprise Symbolic Link	CVE-2020-7266
Official Fix	DoS	Microsoft .NET Core/.NET Framework	CVE-2020-1108
Official Fix	Privilege Escalation	Microsoft .NET Framework	CVE-2020-1066
Official Fix	XSS	Microsoft Dynamics 365 on-premises	CVE-2020-1063
Official Fix	Privilege Escalation	Microsoft Edge Cross-Origin	CVE-2020-1056
Official Fix	Open Redirect	Microsoft Edge	CVE-2020-1059
Official Fix	Memory Corruption	Microsoft Edge PDF	CVE-2020-1096
Official Fix	Memory Corruption	Microsoft Edge/ChakraCore Chakra Scripting Engine	CVE-2020-1037
Official Fix	Memory Corruption	Microsoft Edge/ChakraCore Scripting Engine	CVE-2020-1065
Official Fix	Memory Corruption	Microsoft Excel	CVE-2020-0901
Official Fix	Memory Corruption	Microsoft Internet Explorer	CVE-2020-1092
Official Fix	Memory Corruption	Microsoft Internet Explorer	CVE-2020-1062
Official Fix	Privilege Escalation	Microsoft Internet Explorer MSHTML Engine	CVE-2020-1064
Official Fix	Memory Corruption	Microsoft Internet Explorer VBScript	CVE-2020-1060
Official Fix	Memory Corruption	Microsoft Internet Explorer VBScript	CVE-2020-1058
Official Fix	Memory Corruption	Microsoft Internet Explorer VBScript	CVE-2020-1035
Official Fix	Memory Corruption	Microsoft Internet Explorer VBScript	CVE-2020-1093
Official Fix	Privilege Escalation	Microsoft Power BI Report Server	CVE-2020-1173
Official Fix	Privilege Escalation	Microsoft SharePoint Enterprise Server ASP.Net Web Control	CVE-2020-1069
Official Fix	CSRF	Microsoft SharePoint Enterprise Server	CVE-2020-1103
Official Fix	XSS	Microsoft SharePoint Enterprise Server	CVE-2020-1107
Official Fix	XSS	Microsoft SharePoint Enterprise Server	CVE-2020-1106
Official Fix	XSS	Microsoft SharePoint Enterprise Server	CVE-2020-1105
Official Fix	XSS	Microsoft SharePoint Enterprise Server	CVE-2020-1104
Official Fix	XSS	Microsoft SharePoint Enterprise Server	CVE-2020-1101
Official Fix	XSS	Microsoft SharePoint Enterprise Server	CVE-2020-1100
Official Fix	XSS	Microsoft SharePoint Enterprise Server	CVE-2020-1099
Official Fix	Privilege Escalation	Microsoft SharePoint Enterprise Server Source Markup	CVE-2020-1102
Official Fix	Privilege Escalation	Microsoft SharePoint Enterprise Server Source Markup	CVE-2020-1024
Official Fix	Privilege Escalation	Microsoft SharePoint Enterprise Server Source Markup	CVE-2020-1023
Official Fix	Privilege Escalation	Microsoft Visual Studio Code Python Extension	CVE-2020-1171
Official Fix	Privilege Escalation	Microsoft Visual Studio Code Python Extension	CVE-2020-1192
Official Fix	DoS	Microsoft Visual Studio/ASP.NET Core	CVE-2020-1161
Official Fix	XSS	Microsoft Windows Active Directory Federation Services	CVE-2020-1055
Official Fix	Privilege Escalation	Microsoft Windows Background Intelligent Transfer Service File Upload	CVE-2020-1112
Official Fix	DoS	Microsoft Windows Block Level Backup Engine Service	CVE-2020-1010
Official Fix	Privilege Escalation	Microsoft Windows Clipboard	CVE-2020-1111
Official Fix	Privilege Escalation	Microsoft Windows Clipboard Service	CVE-2020-1166
Official Fix	Privilege Escalation	Microsoft Windows Clipboard Service	CVE-2020-1165
Official Fix	Privilege Escalation	Microsoft Windows Clipboard Service	CVE-2020-1121
Official Fix	Memory Corruption	Microsoft Windows Color Management ICM32.dll	CVE-2020-1117
Official Fix	Privilege Escalation	Microsoft Windows Common Log File System Driver	CVE-2020-1154
Official Fix	DoS	Microsoft Windows Connected User Experiences and Telemetry Service	CVE-2020-1123
Official Fix	DoS	Microsoft Windows Connected User Experiences and Telemetry Service	CVE-2020-1084
Official Fix	Information Disclosure	Microsoft Windows CSRSS	CVE-2020-1116
Official Fix	DoS	Microsoft Windows	CVE-2020-1076
Official Fix	Memory Corruption	Microsoft Windows DirectX	CVE-2020-1140
Official Fix	Privilege Escalation	Microsoft Windows Error Reporting Manager	CVE-2020-1132
Official Fix	Privilege Escalation	Microsoft Windows Error Reporting	CVE-2020-1088
Official Fix	Privilege Escalation	Microsoft Windows Error Reporting	CVE-2020-1082
Official Fix	Privilege Escalation	Microsoft Windows Error Reporting	CVE-2020-1021
Official Fix	Information Disclosure	Microsoft Windows GDI	CVE-2020-1179
Official Fix	Information Disclosure	Microsoft Windows GDI	CVE-2020-1145
Official Fix	Information Disclosure	Microsoft Windows GDI	CVE-2020-1141
Official Fix	Information Disclosure	Microsoft Windows GDI	CVE-2020-0963
Official Fix	Memory Corruption	Microsoft Windows GDI	CVE-2020-1142
Official Fix	Memory Corruption	Microsoft Windows Graphics Component	CVE-2020-1135
Official Fix	Memory Corruption	Microsoft Windows Graphics Component	CVE-2020-1153
Official Fix	DoS	Microsoft Windows Hyper-V	CVE-2020-0909
Official Fix	Information Disclosure	Microsoft Windows	CVE-2020-1072
Official Fix	Memory Corruption	Microsoft Windows JET Database Engine	CVE-2020-1176
Official Fix	Memory Corruption	Microsoft Windows JET Database Engine	CVE-2020-1175
Official Fix	Memory Corruption	Microsoft Windows JET Database Engine	CVE-2020-1174
Official Fix	Memory Corruption	Microsoft Windows JET Database Engine	CVE-2020-1051
Official Fix	Memory Corruption	Microsoft Windows Kernel	CVE-2020-1114
Official Fix	Memory Corruption	Microsoft Windows Kernel	CVE-2020-1087
Official Fix	Memory Corruption	Microsoft Windows Media Foundation	CVE-2020-1150
Official Fix	Memory Corruption	Microsoft Windows Media Foundation	CVE-2020-1136
Official Fix	Memory Corruption	Microsoft Windows Media Foundation	CVE-2020-1126
Official Fix	Memory Corruption	Microsoft Windows Media Foundation	CVE-2020-1028
Official Fix	Privilege Escalation	Microsoft Windows Media Service	CVE-2020-1068
Official Fix	Memory Corruption	Microsoft Windows	CVE-2020-1079
Official Fix	Memory Corruption	Microsoft Windows	CVE-2020-1067
Official Fix	Privilege Escalation	Microsoft Windows Print Spooler	CVE-2020-1070
Official Fix	Privilege Escalation	Microsoft Windows Print Spooler	CVE-2020-1048
Official Fix	Privilege Escalation	Microsoft Windows Printer Service	CVE-2020-1081
Official Fix	Memory Corruption	Microsoft Windows Push Notification Service	CVE-2020-1137
Official Fix	Privilege Escalation	Microsoft Windows Remote Access Common Dialog	CVE-2020-1071
Official Fix	Memory Corruption	Microsoft Windows Script Runtime	CVE-2020-1061
Official Fix	Memory Corruption	Microsoft Windows State Repository Service	CVE-2020-1191
Official Fix	Memory Corruption	Microsoft Windows State Repository Service	CVE-2020-1190
Official Fix	Memory Corruption	Microsoft Windows State Repository Service	CVE-2020-1189
Official Fix	Memory Corruption	Microsoft Windows State Repository Service	CVE-2020-1188
Official Fix	Memory Corruption	Microsoft Windows State Repository Service	CVE-2020-1187
Official Fix	Memory Corruption	Microsoft Windows State Repository Service	CVE-2020-1186
Official Fix	Memory Corruption	Microsoft Windows State Repository Service	CVE-2020-1185
Official Fix	Memory Corruption	Microsoft Windows State Repository Service	CVE-2020-1184
Official Fix	Memory Corruption	Microsoft Windows State Repository Service	CVE-2020-1144
Official Fix	Memory Corruption	Microsoft Windows State Repository Service	CVE-2020-1134
Official Fix	Memory Corruption	Microsoft Windows State Repository Service	CVE-2020-1131
Official Fix	Memory Corruption	Microsoft Windows State Repository Service	CVE-2020-1124
Official Fix	Privilege Escalation	Microsoft Windows Storage Service	CVE-2020-1138
Official Fix	Information Disclosure	Microsoft Windows Subsystem for Linux	CVE-2020-1075
Official Fix	Privilege Escalation	Microsoft Windows Task Scheduler	CVE-2020-1113
Official Fix	DoS	Microsoft Windows TLS	CVE-2020-1118
Official Fix	Memory Corruption	Microsoft Windows Update Stack	CVE-2020-1110
Official Fix	Memory Corruption	Microsoft Windows Update Stack	CVE-2020-1109
Official Fix	Memory Corruption	Microsoft Windows Win32k	CVE-2020-1143
Official Fix	Memory Corruption	Microsoft Windows Win32k	CVE-2020-1054
Official Fix	Privilege Escalation	Microsoft Windows Windows Installer	CVE-2020-1078
Official Fix	Memory Corruption	Microsoft Windows Windows Runtime	CVE-2020-1164
Official Fix	Memory Corruption	Microsoft Windows Windows Runtime	CVE-2020-1158
Official Fix	Memory Corruption	Microsoft Windows Windows Runtime	CVE-2020-1157
Official Fix	Memory Corruption	Microsoft Windows Windows Runtime	CVE-2020-1156
Official Fix	Memory Corruption	Microsoft Windows Windows Runtime	CVE-2020-1155
Official Fix	Memory Corruption	Microsoft Windows Windows Runtime	CVE-2020-1151
Official Fix	Memory Corruption	Microsoft Windows Windows Runtime	CVE-2020-1139
Official Fix	Memory Corruption	Microsoft Windows Windows Runtime	CVE-2020-1125
Official Fix	Memory Corruption	Microsoft Windows Windows Runtime	CVE-2020-1090
Official Fix	Memory Corruption	Microsoft Windows Windows Runtime	CVE-2020-1086
Official Fix	Privilege Escalation	Microsoft Windows Windows Runtime	CVE-2020-1149
Official Fix	Privilege Escalation	Microsoft Windows Windows Runtime	CVE-2020-1077
Not Defined	Information Disclosure	MongoDB Ops Manager Log	CVE-2019-2388
Not Defined	CSRF	Movable Type	CVE-2020-5576
Not Defined	XSS	Movable Type	CVE-2020-5575
Not Defined	XSS	Movable Type	CVE-2020-5574
Not Defined	Privilege Escalation	Movable Type File Upload	CVE-2020-5577
Not Defined	DoS	NetApp Service Processor/Baseboard Management Controller	CVE-2019-5500
Not Defined	Weak Authentication	NextCloud Mail TLS Host Man-in-the-Middle	CVE-2020-8156
Not Defined	DoS	Nextcloud Server Endpoint	CVE-2020-8154
Not Defined	XSS	Nextcloud Server PDF Viewer	CVE-2020-8155
Not Defined	Privilege Escalation	nginx Request Smuggling	CVE-2020-12440
Official Fix	Remote Code Execution	OpenNMS Horizon/Meridian ActiveMQ Channel	CVE-2020-12760
Official Fix	XSS	openSUSE open-build-service Web Page Generation	CVE-2020-8020
Not Defined	Privilege Escalation	Opto 22 SoftPAC DLL	CVE-2020-10616
Not Defined	Privilege Escalation	Opto 22 SoftPAC	CVE-2020-12042
Workaround	Privilege Escalation	Opto 22 SoftPAC Service Port 22000	CVE-2020-10612
Not Defined	Privilege Escalation	Opto 22 SoftPAC Signature	CVE-2020-12046
Not Defined	Weak Authentication	Opto 22 SoftPAC	CVE-2020-10620
Not Defined	Information Disclosure	Oracle iPlanet Web Server Administration Console	CVE-2020-9315
Not Defined	Privilege Escalation	Oracle iPlanet Web Server Administration Console Injection	CVE-2020-9314
Official Fix	Information Disclosure	Palo Alto GlobalProtect App Diagnostic Log PanGPS.log	CVE-2020-2004
Official Fix	Weak Authentication	Palo Alto PAN-OS Authentication Daemon	CVE-2020-2002
Official Fix	Weak Encryption	Palo Alto PAN-OS Cleartext	CVE-2020-2013
Official Fix	DoS	Palo Alto PAN-OS Command	CVE-2020-2003
Official Fix	DoS	Palo Alto PAN-OS Configuration Daemon Crash	CVE-2020-2011
Official Fix	XSS	Palo Alto PAN-OS GlobalProtect Clientless VPN	CVE-2020-2005
Official Fix	Open Redirect	Palo Alto PAN-OS GlobalProtect Gateway	CVE-2020-1997
Official Fix	Weak Authentication	Palo Alto PAN-OS GlobalProtect Portal Session Fixation	CVE-2020-1993
Official Fix	Privilege Escalation Command Injection	Palo Alto PAN-OS Management Interface OS	CVE-2020-2010
Official Fix	Privilege Escalation	Palo Alto PAN-OS Management Interface	CVE-2020-2001
Official Fix	XML External Entity	Palo Alto PAN-OS Management Interface	CVE-2020-2012
Official Fix	Privilege Escalation	Palo Alto PAN-OS Management Server Injection	CVE-2020-1996
Official Fix	Memory Corruption	Palo Alto PAN-OS Management Server	CVE-2020-2015
Official Fix	Privilege Escalation Command Injection	Palo Alto PAN-OS Management Server OS	CVE-2020-2014
Official Fix	Privilege Escalation Command Injection	Palo Alto PAN-OS Management Server OS	CVE-2020-2007
Official Fix	Memory Corruption	Palo Alto PAN-OS Management Server Stack-based	CVE-2020-2006
Official Fix	XSS	Palo Alto PAN-OS Management Web Interface DOM-Based	CVE-2020-2017
Official Fix	Privilege Escalation Command Injection	Palo Alto PAN-OS OS	CVE-2020-2008
Official Fix	Weak Authentication	Palo Alto PAN-OS Proxy Service	CVE-2020-2018
Official Fix	DoS	Palo Alto PAN-OS rasmgr Daemon NULL Pointer Dereference	CVE-2020-1995
Official Fix	Privilege Escalation	Palo Alto PAN-OS SAML Permission	CVE-2020-1998
Official Fix	Remote Code Execution	Palo Alto PAN-OS SD WAN	CVE-2020-2009
Not Defined	Privilege Escalation	Palo Alto PAN-OS Temp Directory	CVE-2020-2016
Official Fix	Privilege Escalation	Palo Alto PAN-OS Temp File	CVE-2020-1994
Not Defined	XSS	php-fusion Preview Comment comments.php	CVE-2020-12718
Not Defined	Remote Code Execution	Pi-Hole Gravity Updater gravity.sh gravity_DownloadBlocklistFromUrl	CVE-2020-11108
Official Fix	Memory Corruption	Ping Identity PingID SSH Authenticating Endpoint Heap-based	CVE-2020-10654
Not Defined	Spoofing	Samsung Galaxy S8/Galaxy S8+/Galaxy Note 8 Bluetooth Pseudo Random Number Generator	CVE-2020-6616
Not Defined	Memory Corruption	Samsung Mobile Devices Bootloader Heap-based	CVE-2020-12747
Not Defined	Memory Corruption	Samsung Mobile Devices Exynos Chipset	CVE-2020-12749
Not Defined	Privilege Escalation	Samsung Mobile Devices Factory Reset Protection	CVE-2020-12750
Not Defined	Information Disclosure	Samsung Mobile Devices Gatekeeper Trustlet Bruteforce	CVE-2020-12752
Not Defined	Weak Authentication	Samsung Mobile Devices Protection Mechanism	CVE-2020-12745
Not Defined	Memory Corruption	Samsung Mobile Devices Quram Image Codec Library	CVE-2020-12751
Not Defined	Weak Authentication	Samsung Mobile Devices Screenlock	CVE-2020-12748
Not Defined	Memory Corruption	Samsung Mobile Devices Secure Bootloader Heap-based	CVE-2020-12746
Not Defined	Information Disclosure	SAP Adaptive Server Enterprise	CVE-2020-6259
Not Defined	Information Disclosure	SAP Adaptive Server Enterprise	CVE-2020-6252
Not Defined	SQL Injection	SAP Adaptive Server Enterprise Web Services	CVE-2020-6253
Not Defined	Privilege Escalation	SAP Application Server ABAP Data Download Service Code Injection	CVE-2020-6262
Not Defined	XSS	SAP Business Intelligence Platform	CVE-2020-6257
Not Defined	Privilege Escalation	SAP Business Intelligence Platform Error	CVE-2020-6251
Not Defined	XSS	SAP Enterprise Threat Detection Error Message Reflected	CVE-2020-6254
Not Defined	Information Disclosure	SAP Identity Management	CVE-2020-6258
Not Defined	Privilege Escalation	SAP Master Data Governance	CVE-2020-6256
Official Fix	Memory Corruption	SecureCRT Integer Overflow	CVE-2020-12651
Official Fix	Privilege Escalation	SEOmatic Plugin URL DynamicMeta.php	CVE-2020-12790
Official Fix	Unknown Vulnerability	Shopizer Backend	CVE-2020-11006
Official Fix	Directory Traversal	simple-file-list Plugin	CVE-2020-12832
Official Fix	Weak Encryption	Spring Security CBC Mode	CVE-2020-5408
Official Fix	Privilege Escalation	Spring Security Signature	CVE-2020-5407
Not Defined	CSRF	Subrion CMS	CVE-2019-20390
Not Defined	XSS	Subrion CMS General Settings Page general	CVE-2019-20389
Official Fix	XSS	SVG Sanitizer Extension Markup	CVE-2020-11070
Official Fix	DoS	SwiftNIO Extras	CVE-2020-9840
Official Fix	Privilege Escalation	Symantec Endpoint Protection ACL	CVE-2020-5836
Official Fix	Privilege Escalation	Symantec Endpoint Protection Log File	CVE-2020-5837
Official Fix	Privilege Escalation	Symantec Endpoint Protection Manager Client Remote Deployment	CVE-2020-5835
Official Fix	Directory Traversal	Symantec Endpoint Protection Manager	CVE-2020-5834
Official Fix	Memory Corruption	Symantec Endpoint Protection Manager Out-of-Bounds	CVE-2020-5833
Official Fix	XSS	Symantec IT Analytics	CVE-2020-5838
Not Defined	Memory Corruption	tcpreplay tcprewrite get.c get_ipv6_next()‎	CVE-2020-12740
Official Fix	Memory Corruption	transmission Torrent File variant.c	CVE-2018-10756
Not Defined	Memory Corruption	TRENDnet TV-IP512WN sbin	CVE-2020-12763
Not Defined	Privilege Escalation	TylerTech Eagle	CVE-2019-16112
Official Fix	CSRF	TYPO3 CMS Backend User Interface	CVE-2020-11069
Official Fix	Privilege Escalation	TYPO3 CMS Deserialization	CVE-2020-11067
Official Fix	Privilege Escalation	TYPO3 CMS unserialize()‎	CVE-2020-11066
Official Fix	XSS	TYPO3 HTML Placeholder Attribute	CVE-2020-11064
Official Fix	XSS	TYPO3 Link Tag	CVE-2020-11065
Not Defined	Information Disclosure	TYPO3 Password Reset Email	CVE-2020-11063
Official Fix	Privilege Escalation	vBulletin Access Control	CVE-2020-12720
Official Fix	Information Disclosure	Veritas APTARE	CVE-2020-12877
Official Fix	Information Disclosure	Veritas APTARE	CVE-2020-12876
Official Fix	Information Disclosure	Veritas APTARE	CVE-2020-12875
Official Fix	Weak Authentication	Veritas APTARE	CVE-2020-12874
Official Fix	Memory Corruption	VideoLAN VLC Media Player sdl_image.c DecodeBlock	CVE-2019-19721
Not Defined	XML External Entity	WSO2 API Manager Management Console	CVE-2020-12719
Official Fix	Memory Corruption	zephyrproject-rtos zephyr JSON Parser updatehub_probe	CVE-2020-10060
Not Defined	Code Execution	zephyrproject-rtos zephyr Kscan Subsystem	CVE-2020-10058
Official Fix	Memory Corruption	zephyrproject-rtos zephyr Shell Subsystem	CVE-2020-10023
Official Fix	Privilege Escalation	zephyrproject-rtos zephyr Syscall	CVE-2020-10028
Official Fix	Memory Corruption	zephyrproject-rtos zephyr System Call Integer Overflow	CVE-2020-10067
Official Fix	Privilege Escalation	zephyrproject-rtos zephyr System Call	CVE-2020-10024
Not Defined	Weak Authentication	zephyrproject-rtos zephyr UpdateHub Module Man-in-the-Middle	CVE-2020-10059
Official Fix	Memory Corruption	zephyrproject-rtos zephyr UpdateHub Server	CVE-2020-10022
Official Fix	Memory Corruption	zephyrproject-rtos zephyr USB DFU	CVE-2020-10019
Official Fix	Memory Corruption	zephyrproject-rtos zephyr USB Mass Storage memoryWrite	CVE-2020-10021
Official Fix	Code Execution	zephyrproject-rtos zephyr User Thread	CVE-2020-10027
Official Fix	Directory Traversal	Zoho ManageEngine DataSecurity Plus DataEngine Xnode Server Application	CVE-2020-11531
Official Fix	Weak Authentication	Zoho ManageEngine DataSecurity Plus DataEngine Xnode Server Default Credentials	CVE-2020-11532
Official Fix	XSS	Zoho ManageEngine ServiceDesk Plus Asset	CVE-2019-15083
Official Fix	Weak Authentication	Zulip Desktop SSL Certificate Validator	CVE-2020-12637

طبق استاندارد CVSS، سطح خطر ۱۳۸ آسیب‌پذیری یعنی بالغ بر ۳۵% آسیب‌پذیری‌های هفته، «پرخطر» و «حیاتی» برآورد شده که آمار بسیار قابل‌توجّهی است.

خوشبختانه برای ۶۸% آسیب‌پذیری‌‌های هفته، به‌روزرسانی‌ها و یا وصله‌هایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده از آسیب‌پذیری‌ها بهتر است سریعاً اعمال شوند.

همچنین با ۱۱۹ مورد، اکثر آسیب‌پذیری‌های هفته (۳۰%) از نوع «تخریب حافظه» بودند.

خدمات آپا

سایر آسیب پذیری ها

آسیب‌پذیری‌های حیاتی هفته چهارم اردیبهشت‌ماه