آسیبپذیریهای حیاتی هفته سوم تیرماه
این هفته شرکت سیسکو چندین آسیبپذیری در محصولات خود و وصلههای نظیر آنها را گزارش کرد. همچنین در محصولات شرکتهای IBM، NVIDIA، McAfee، Nextcloud، Apache، Adobe، SQLite و ... چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت که وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شده است. بعلاوه آسیبپذیریهایی با سطوح خطر «بالا» و «حیاتی» در افزونههای WordPress و Jenkins شناسایی شده است. امّا از مهمترین آسیبپذیریهای هفته، آسیبپذیریهای سرورهای مایکروسافت با ارزشی بالغ بر ۱۰۰ هزار دلار بودند.
لیست این آسیبپذیریها به همراه لینک وصلهها و بهروزرسانیهای ارائهشده در جدول زیر آمده است.
|
رفع آسیبپذیری |
ارزش روز صفر |
نوع آسیبپذیری |
محصول آسیبپذیر |
امتیاز مبنا |
شناسه آسیبپذیری |
|
$۲k-$5k |
Information Disclosure |
Adobe After Effects Out-of-Bounds |
۵.۵ |
CVE-2020-3809 |
|
|
$۵k-$10k |
Code Execution & Memory Corruption |
Adobe Bridge |
۷.۸ |
CVE-2020-9568 |
|
|
$۵k-$10k |
Memory Corruption |
Adobe Bridge Heap-based |
۷.۸ |
CVE-2020-9563 |
|
|
$۵k-$10k |
Memory Corruption |
Adobe Bridge Heap-based |
۷.۸ |
CVE-2020-9562 |
|
|
$۲k-$5k |
Information Disclosure |
Adobe Bridge Out-of-Bounds |
۳.۳ |
CVE-2020-9558 |
|
|
$۲k-$5k |
Information Disclosure |
Adobe Bridge Out-of-Bounds |
۳.۳ |
CVE-2020-9553 |
|
|
$۲k-$5k |
Information Disclosure |
Adobe Bridge Out-of-Bounds |
۵.۵ |
CVE-2020-9557 |
|
|
$۵k-$10k |
Memory Corruption |
Adobe Bridge Out-of-Bounds |
۷.۸ |
CVE-2020-9569 |
|
|
$۵k-$10k |
Memory Corruption |
Adobe Bridge Out-of-Bounds |
۷.۸ |
CVE-2020-9565 |
|
|
$۵k-$10k |
Memory Corruption |
Adobe Bridge Out-of-Bounds |
۷.۸ |
CVE-2020-9564 |
|
|
$۵k-$10k |
Memory Corruption |
Adobe Bridge Out-of-Bounds |
۷.۸ |
CVE-2020-9561 |
|
|
$۵k-$10k |
Memory Corruption |
Adobe Bridge Out-of-Bounds |
۷.۸ |
CVE-2020-9560 |
|
|
$۵k-$10k |
Memory Corruption |
Adobe Bridge Out-of-Bounds |
۷.۸ |
CVE-2020-9559 |
|
|
$۵k-$10k |
Memory Corruption |
Adobe Bridge Out-of-Bounds |
۷.۸ |
CVE-2020-9556 |
|
|
$۵k-$10k |
Memory Corruption |
Adobe Bridge Out-of-Bounds |
۷.۸ |
CVE-2020-9554 |
|
|
$۵k-$10k |
Memory Corruption |
Adobe Bridge Stack-based |
۷.۸ |
CVE-2020-9555 |
|
|
$۵k-$10k |
Memory Corruption |
Adobe Bridge Use-After-Free |
۷.۸ |
CVE-2020-9567 |
|
|
$۵k-$10k |
Memory Corruption |
Adobe Bridge Use-After-Free |
۷.۸ |
CVE-2020-9566 |
|
|
$۵k-$10k |
Code Execution & Memory Corruption |
Adobe Character Animator |
۷.۸ |
CVE-2020-9586 |
|
|
$۲k-$5k |
Information Disclosure |
Adobe ColdFusion Access Control |
۶.۵ |
CVE-2020-3796 |
|
|
$۲k-$5k |
DoS |
Adobe ColdFusion |
۶.۵ |
CVE-2020-3767 |
|
|
$۲k-$5k |
Privilege Escalation |
Adobe ColdFusion DLL |
۷.۸ |
CVE-2020-3768 |
|
|
$۲k-$5k |
Information Disclosure |
Adobe Digital Editions |
۶.۵ |
CVE-2020-3798 |
|
|
$۵k-$10k |
Memory Corruption |
Adobe DNG Software Development Kit Heap-based |
۷.۸ |
CVE-2020-9621 |
|
|
$۵k-$10k |
Memory Corruption |
Adobe DNG Software Development Kit Heap-based |
۷.۸ |
CVE-2020-9620 |
|
|
$۵k-$10k |
Memory Corruption |
Adobe DNG Software Development Kit Heap-based |
۷.۸ |
CVE-2020-9590 |
|
|
$۵k-$10k |
Memory Corruption |
Adobe DNG Software Development Kit Heap-based |
۷.۸ |
CVE-2020-9589 |
|
|
$۲k-$5k |
Information Disclosure |
Adobe DNG Software Development Kit Out-of-Bounds |
۳.۳ |
CVE-2020-9626 |
|
|
$۲k-$5k |
Information Disclosure |
Adobe DNG Software Development Kit Out-of-Bounds |
۵.۵ |
CVE-2020-9629 |
|
|
$۲k-$5k |
Information Disclosure |
Adobe DNG Software Development Kit Out-of-Bounds |
۵.۵ |
CVE-2020-9624 |
|
|
$۲k-$5k |
Information Disclosure |
Adobe DNG Software Development Kit Out-of-Bounds |
۵.۵ |
CVE-2020-9622 |
|
|
$۲k-$5k |
Information Disclosure |
Adobe DNG Software Development Kit Out-of-Bounds |
۷.۵ |
CVE-2020-9628 |
|
|
$۲k-$5k |
Information Disclosure |
Adobe DNG Software Development Kit Out-of-Bounds |
۷.۵ |
CVE-2020-9627 |
|
|
$۲k-$5k |
Information Disclosure |
Adobe DNG Software Development Kit Out-of-Bounds |
۷.۵ |
CVE-2020-9625 |
|
|
$۲k-$5k |
Information Disclosure |
Adobe DNG Software Development Kit Out-of-Bounds |
۷.۵ |
CVE-2020-9623 |
|
|
$۵k-$10k |
Code Execution & Memory Corruption |
Adobe Illustrator |
۷.۸ |
CVE-2020-9574 |
|
|
$۵k-$10k |
Code Execution & Memory Corruption |
Adobe Illustrator |
۷.۸ |
CVE-2020-9573 |
|
|
$۵k-$10k |
Code Execution & Memory Corruption |
Adobe Illustrator |
۷.۸ |
CVE-2020-9572 |
|
|
$۵k-$10k |
Code Execution & Memory Corruption |
Adobe Illustrator |
۷.۸ |
CVE-2020-9571 |
|
|
$۵k-$10k |
Code Execution & Memory Corruption |
Adobe Illustrator |
۷.۸ |
CVE-2020-9570 |
|
|
$۲k-$5k |
Information Disclosure |
Adobe Premiere Pro Out-of-Bounds |
۵.۵ |
CVE-2020-9616 |
|
|
$۲k-$5k |
Information Disclosure |
Adobe Premiere Rush Out-of-Bounds |
۵.۵ |
CVE-2020-9617 |
|
|
Not Defined |
$۲k-$5k |
Code Execution |
Anker Zolo Halo GoAhead Web Server httpapi.asp |
۵.۵ |
CVE-2019-15311 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Anker Zolo Halo httpapi.asp |
۶.۳ |
CVE-2019-15312 |
|
Not Defined |
$۱k-$2k |
Weak Encryption |
Apache ActiveMQ Artemis Management API artemis-users.properties |
۲.۵ |
CVE-2020-10727 |
|
$۵k-$10k |
Information Disclosure |
Apache Guacamole RDP |
۳.۵ |
CVE-2020-9497 |
|
|
$۱۰k-$25k |
Memory Corruption |
Apache Guacamole RDP |
۵.۵ |
CVE-2020-9498 |
|
|
Not Defined |
$۱۰k-$25k |
SQL Injection |
Apache SkyWalking H2/MySQL/TiDB |
۶.۳ |
CVE-2020-9483 |
|
$۵k-$10k |
DoS |
Apache Tomcat HTTP2 CPU Exhaustion |
۷.۵ |
CVE-2020-11996 |
|
|
$۲k-$5k |
Privilege Escalation |
Atlassian Confluence Server/Data Center Template Injection |
۶.۳ |
CVE-2020-4027 |
|
|
$۲k-$5k |
Server-Side Request Forgery |
Atlassian JIRA Server makeRequest JiraWhitelist |
۶.۳ |
CVE-2019-20408 |
|
|
$۱k-$2k |
XSS |
Atlassian JIRA Server/Data Center Attachment Download |
۴.۳ |
CVE-2020-4025 |
|
|
$۱k-$2k |
XSS |
Atlassian JIRA Server/Data Center Attachment Download |
۴.۳ |
CVE-2020-4022 |
|
|
$۱k-$2k |
XSS |
Atlassian JIRA Server/Data Center Attachment Download |
۵.۴ |
CVE-2020-4024 |
|
|
$۱k-$2k |
Information Disclosure |
Atlassian JIRA Server/Data Center Comment |
۴.۳ |
CVE-2019-20410 |
|
|
$۱k-$2k |
Information Disclosure |
Atlassian JIRA Server/Data Center Convert Sub-Task to Issue Page |
۴.۳ |
CVE-2019-20412 |
|
|
$۱k-$2k |
Information Disclosure |
Atlassian JIRA Server/Data Center createshared |
۴.۳ |
CVE-2020-4029 |
|
|
$۱k-$2k |
CSRF |
Atlassian JIRA Server/Data Center |
۵.۳ |
CVE-2019-20411 |
|
|
$۱k-$2k |
CSRF |
Atlassian JIRA Server/Data Center |
۵.۳ |
CVE-2019-20415 |
|
|
$۰-$۱k |
DoS |
Atlassian JIRA Server/Data Center |
۴.۳ |
CVE-2020-14167 |
|
|
$۲k-$5k |
Privilege Escalation |
Atlassian JIRA Server/Data Center DLL |
۶.۳ |
CVE-2019-20419 |
|
|
$۲k-$5k |
Privilege Escalation |
Atlassian JIRA Server/Data Center Email Client Man-in-the-Middle |
۶.۳ |
CVE-2020-14168 |
|
|
$۱k-$2k |
XSS |
Atlassian JIRA Server/Data Center File Upload |
۴.۳ |
CVE-2020-14173 |
|
|
$۱k-$2k |
Information Disclosure |
Atlassian JIRA Server/Data Center Internal |
۴.۳ |
CVE-2019-20417 |
|
|
$۱k-$2k |
XSS |
Atlassian JIRA Server/Data Center Issue Navigator Basic Search |
۴.۳ |
CVE-2019-20414 |
|
|
$۱k-$2k |
XSS |
Atlassian JIRA Server/Data Center Project Configuration |
۴.۳ |
CVE-2019-20416 |
|
|
$۱k-$2k |
XSS |
Atlassian JIRA Server/Data Center Quick Search |
۴.۳ |
CVE-2020-14169 |
|
|
$۱k-$2k |
Information Disclosure |
Atlassian JIRA Server/Data Center UniversalAvatarResource.getAvatars |
۴.۳ |
CVE-2020-14165 |
|
|
$۰-$۱k |
DoS |
Atlassian JIRA Server/Data Center UserPickerBrowser.jspa |
۴.۳ |
CVE-2019-20413 |
|
|
$۲k-$5k |
Privilege Escalation |
Atlassian JIRA Server/Data Center Web Resources Manager Injection |
۶.۳ |
CVE-2020-14172 |
|
|
$۰-$۱k |
DoS |
Atlassian JIRA Server/Data Center wiki |
۴.۳ |
CVE-2019-20418 |
|
|
$۱k-$2k |
XSS |
Atlassian JIRA Server/Data Center WYSIWYG Editor |
۴.۳ |
CVE-2020-14164 |
|
|
$۱k-$2k |
XSS |
Atlassian Jira Service Desk Server/Data Center portals |
۴.۳ |
CVE-2020-14166 |
|
|
$۵k-$10k |
Privilege Escalation |
Avast/AVG Free Antivirus Hard Link |
۵.۵ |
CVE-2020-13657 |
|
|
Not Defined |
$۰-$۱k |
Weak Encryption |
Baxter ExactaMix EM 1200/ExactaMix EM 2400 Cleartext |
۳.۷ |
CVE-2020-12008 |
|
Not Defined |
$۰-$۱k |
Weak Authentication |
Baxter ExactaMix EM 1200/ExactaMix EM 2400 Default Admin Password |
۴.۳ |
CVE-2020-12012 |
|
Not Defined |
$۱k-$2k |
Weak Authentication |
Baxter ExactaMix EM 1200/ExactaMix EM 2400 Default Credentials |
۷.۳ |
CVE-2020-12016 |
|
Not Defined |
$۱k-$2k |
Information Disclosure |
Baxter ExactaMix EM 1200/ExactaMix EM 2400 |
۳.۵ |
CVE-2020-12032 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Baxter ExactaMix EM 1200/ExactaMix EM 2400 Startup Script |
۶.۳ |
CVE-2020-12020 |
|
Not Defined |
$۰-$۱k |
Privilege Escalation |
Baxter ExactaMix EM 1200/ExactaMix EM 2400 USB Interface |
۴.۳ |
CVE-2020-12024 |
|
Not Defined |
$۱k-$2k |
Weak Authentication |
Baxter PrismaFlex/PrisMax Default Credentials |
۵.۵ |
CVE-2020-12035 |
|
Not Defined |
$۰-$۱k |
Weak Encryption |
Baxter PrismaFlex/PrisMax |
۳.۷ |
CVE-2020-12037 |
|
Not Defined |
$۰-$۱k |
Weak Encryption |
Baxter PrismaFlex/PrisMax |
۳.۷ |
CVE-2020-12036 |
|
Not Defined |
$۰-$۱k |
Weak Authentication |
Baxter SIGMA Spectrum Infusion System Default Credentials |
۶.۸ |
CVE-2020-12039 |
|
Not Defined |
$۰-$۱k |
Weak Encryption |
Baxter SIGMA Spectrum Infusion System Man-in-the-Middle |
۳.۷ |
CVE-2020-12040 |
|
Not Defined |
$۱k-$2k |
Weak Authentication |
Baxter Spectrum WBM FTP Service Default Credentials |
۵.۵ |
CVE-2020-12047 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Baxter Spectrum WBM FTP Service |
۵.۵ |
CVE-2020-12043 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Baxter Spectrum WBM Telnet Command-Line Interface |
۶.۳ |
CVE-2020-12041 |
|
Workaround |
$۱k-$2k |
Weak Authentication |
Baxter Spectrum WBM Telnet Service Default Credentials |
۵.۵ |
CVE-2020-12045 |
|
Not Defined |
$۰-$۱k |
Weak Encryption |
BIOTRONIK CardioMessenger II Network Authentication Credentials |
۲.۰ |
CVE-2019-18256 |
|
Not Defined |
$۱k-$2k |
Weak Authentication |
BIOTRONIK CardioMessenger II Reuse |
۳.۱ |
CVE-2019-18252 |
|
Not Defined |
$۱k-$2k |
Weak Authentication |
BIOTRONIK CardioMessenger II |
۵.۵ |
CVE-2019-18246 |
|
Not Defined |
$۰-$۱k |
Weak Encryption |
BIOTRONIK CardioMessenger II |
۳.۷ |
CVE-2019-18248 |
|
Not Defined |
$۰-$۱k |
Weak Encryption |
BIOTRONIK CardioMessenger II |
۴.۶ |
CVE-2019-18254 |
|
$۲k-$5k |
Privilege Escalation |
Brocade Network Advisor JBoss Administration Interface Default Credentials |
۸.۸ |
CVE-2018-6446 |
|
|
$۵k-$10k |
Information Disclosure |
Cisco Digital Network Architecture |
۶.۵ |
CVE-2020-3391 |
|
|
$۵k-$10k |
XSS |
Cisco Identity Services Engine Web-based Management Interface |
۴.۸ |
CVE-2020-3340 |
|
|
$۱۰k-$25k |
Privilege Escalation |
Cisco Small Business Smart Management Interface |
۸.۱ |
CVE-2020-3297 |
|
|
$۵k-$10k |
XSS |
Cisco Unified Communications Manager Web-based Management Interface |
۶.۱ |
CVE-2020-3282 |
|
|
$۵k-$10k |
Information Disclosure |
Cisco Unified Customer Voice Portal RMI Interface |
۵.۳ |
CVE-2020-3402 |
|
|
$۲k-$5k |
SQL Injection |
CodePeople Payment Form for PayPal Pro Plugin |
۶.۳ |
CVE-2020-14092 |
|
|
Not Defined |
$۰-$۱k |
Weak Encryption |
ControlEdge PLC/RTU Password |
۳.۷ |
CVE-2020-10628 |
|
Not Defined |
$۱k-$2k |
Information Disclosure |
ControlEdge PLC/RTU Session Token |
۳.۱ |
CVE-2020-10624 |
|
$۱k-$2k |
Information Disclosure |
coTURN STUN/TURN |
۷.۰ |
CVE-2020-4067 |
|
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Cybozu Garoon Access Restriction |
۶.۳ |
CVE-2020-5583 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Cybozu Garoon Access Restriction |
۶.۳ |
CVE-2020-5582 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Cybozu Garoon Access Restriction |
۶.۳ |
CVE-2020-5580 |
|
Not Defined |
$۰-$۱k |
XSS |
Cybozu Garoon |
۳.۵ |
CVE-2020-5586 |
|
Not Defined |
$۰-$۱k |
XSS |
Cybozu Garoon |
۳.۵ |
CVE-2020-5585 |
|
Not Defined |
$۱k-$2k |
Directory Traversal |
Cybozu Garoon |
۳.۵ |
CVE-2020-5588 |
|
Not Defined |
$۱k-$2k |
Directory Traversal |
Cybozu Garoon |
۴.۳ |
CVE-2020-5581 |
|
Not Defined |
$۱k-$2k |
Information Disclosure |
Cybozu Garoon |
۴.۳ |
CVE-2020-5587 |
|
Not Defined |
$۱k-$2k |
Information Disclosure |
Cybozu Garoon |
۴.۳ |
CVE-2020-5584 |
|
$۲k-$5k |
Privilege Escalation |
DrayTek Vigor3900/Vigor2960/Vigor300B cvmcfgupload |
۹.۸ |
CVE-2020-15415 |
|
|
Not Defined |
$۲k-$5k |
Memory Corruption |
Envoy File Descriptor |
۵.۵ |
CVE-2020-8663 |
|
Not Defined |
$۰-$۱k |
DoS |
Envoy HTTP 1.1 Memory Exhaustion |
۳.۵ |
CVE-2020-12605 |
|
Not Defined |
$۰-$۱k |
DoS |
Envoy HTTP2 |
۳.۵ |
CVE-2020-12604 |
|
Not Defined |
$۰-$۱k |
DoS |
Envoy HTTP2 Memory Exhaustion |
۳.۵ |
CVE-2020-12603 |
|
$۱۰k-$25k |
Privilege Escalation |
F5 BIG-IP Access Control |
۵.۵ |
CVE-2020-5906 |
|
|
$۵k-$10k |
Information Disclosure |
F5 BIG-IP APM Edge Client for Linux Log |
۳.۵ |
CVE-2020-5908 |
|
|
$۵k-$10k |
XSS |
F5 BIG-IP Configuration Utility |
۳.۵ |
CVE-2020-5903 |
|
|
$۲۵k-$50k |
Unknown Vulnerability |
F5 BIG-IP Configuration Utility |
۵.۵ |
CVE-2020-5905 |
|
|
$۱۰k-$25k |
Privilege Escalation |
F5 BIG-IP TMOS Shell |
۵.۵ |
CVE-2020-5907 |
|
|
$۵k-$10k |
CSRF |
F5 BIG-IP Traffic Management User Interface |
۴.۳ |
CVE-2020-5904 |
|
|
$۲۵k-$50k |
Code Execution |
F5 BIG-IP Traffic Management User Interface |
۹.۸ |
CVE-2020-5902 |
|
|
Not Defined |
$۰-$۱k |
XSS |
Form Builder |
۴.۸ |
CVE-2020-13423 |
|
Not Defined |
$۰-$۱k |
CSRF |
Fortify on Demand Plugin Demand Endpoint |
۴.۳ |
CVE-2020-2203 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Fortify on Demand Plugin Demand Endpoint |
۵.۵ |
CVE-2020-2204 |
|
Not Defined |
$۱k-$2k |
Information Disclosure |
Fortify on Demand Plugin Permission Check Credentials |
۳.۵ |
CVE-2020-2202 |
|
Not Defined |
$۱k-$2k |
Weak Encryption |
GitHub Coverage Reporter Plugin Global Configuration |
۳.۵ |
CVE-2020-2212 |
|
$۰-$۱k |
DoS |
GitHub Flavored Markdown Table Extension |
۶.۵ |
CVE-2020-5238 |
|
|
Not Defined |
$۱k-$2k |
Weak Encryption |
HP ALM Quality Center Plugin Global Configuration |
۳.۵ |
CVE-2020-2218 |
|
Not Defined |
$۲k-$5k |
Race Condition & Privilege Escalation |
HylaFAX+/HylaFAX Enterprise faxsetup Utility |
۷.۸ |
CVE-2020-15396 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
HylaFAX+/HylaFAX Enterprise hylafax |
۵.۵ |
CVE-2020-15397 |
|
$۵k-$10k |
Weak Encryption |
IBM API Connect |
۷.۵ |
CVE-2020-4452 |
|
|
$۵k-$10k |
XSS |
IBM Business Automation Workflow Web UI |
۵.۴ |
CVE-2020-4557 |
|
|
$۵k-$10k |
DoS |
IBM DB2 |
۷.۵ |
CVE-2020-4420 |
|
|
$۵k-$10k |
Memory Corruption |
IBM DB2 |
۸.۴ |
CVE-2020-4363 |
|
|
$۲k-$5k |
Race Condition & Information Disclosure |
IBM DB2 |
۶.۲ |
CVE-2020-4387 |
|
|
$۲k-$5k |
Race Condition Information Disclosure |
IBM DB2 |
۶.۲ |
CVE-2020-4386 |
|
|
$۵k-$10k |
Privilege Escalation |
IBM DB2 Shared Memory |
۵.۱ |
CVE-2020-4414 |
|
|
$۵k-$10k |
DoS |
IBM DB2 SSL Renegotiation |
۵.۳ |
CVE-2020-4355 |
|
|
$۱۰k-$25k |
SQL Injection |
IBM Maximo Asset Management Back-End Database |
۶.۳ |
CVE-2019-4650 |
|
|
$۵k-$10k |
XSS |
IBM Maximo Asset Management Web UI |
۵.۴ |
CVE-2020-4223 |
|
|
$۲k-$5k |
DoS |
IBM MQ/MQ Appliance/MQ for HPE NonStop pubsub |
۵.۳ |
CVE-2020-4376 |
|
|
$۵k-$10k |
Weak Encryption |
IBM Security Identity Manager Virtual Appliance Cookie HSTS |
۴.۳ |
CVE-2019-4704 |
|
|
$۱k-$2k |
Weak Encryption |
IBM Security Identity Manager Virtual Appliance Credentials |
۷.۸ |
CVE-2019-4676 |
|
|
$۵k-$10k |
Information Disclosure |
IBM Security Identity Manager Virtual Appliance |
۲.۷ |
CVE-2019-4705 |
|
|
$۵k-$10k |
Information Disclosure |
IBM Security Identity Manager Virtual Appliance Log File |
۲.۷ |
CVE-2019-4706 |
|
|
$۵k-$10k |
Weak Encryption |
IBM Spectrum Protect Plus |
۵.۹ |
CVE-2020-4565 |
|
|
$۲k-$5k |
Privilege Escalation |
IDrive Folder Permission IDriveWindows |
۷.۸ |
CVE-2020-15351 |
|
|
$۱k-$2k |
Information Disclosure |
Jenkins TestComplete Support Plugin config.xml |
۳.۵ |
CVE-2020-2209 |
|
|
$۲k-$5k |
Memory Corruption |
LibRaw exif_gps.cpp parse_exif() |
۵.۵ |
CVE-2020-15365 |
|
|
$۲k-$5k |
Memory Corruption |
LibRaw unpack_thumb.cpp |
۵.۵ |
CVE-2020-15503 |
|
|
Not Defined |
$۲k-$5k |
Code Execution |
Linkplay Firmware |
۸.۰ |
CVE-2019-15310 |
|
$۵k-$10k |
DoS |
Linux Kernel usbtest.c usbtest_disconnect |
۵.۵ |
CVE-2020-15393 |
|
|
$۲k-$5k |
Privilege Escalation |
Magento Admin Panel |
۷.۵ |
CVE-2020-9591 |
|
|
$۲k-$5k |
Privilege Escalation |
Magento Authorization |
۷.۵ |
CVE-2020-9587 |
|
|
$۲k-$5k |
Privilege Escalation |
Magento Business Logic |
۹.۸ |
CVE-2020-9630 |
|
|
$۲k-$5k |
Command Injection |
Magento |
۹.۸ |
CVE-2020-9583 |
|
|
$۲k-$5k |
Command Injection |
Magento |
۹.۸ |
CVE-2020-9582 |
|
|
$۲k-$5k |
Command Injection |
Magento |
۹.۸ |
CVE-2020-9578 |
|
|
$۲k-$5k |
Command Injection |
Magento |
۹.۸ |
CVE-2020-9576 |
|
|
$۲k-$5k |
Code Execution |
Magento |
۹.۸ |
CVE-2020-9632 |
|
|
$۲k-$5k |
Code Execution |
Magento |
۹.۸ |
CVE-2020-9631 |
|
|
$۲k-$5k |
Code Execution |
Magento |
۹.۸ |
CVE-2020-9585 |
|
|
$۲k-$5k |
Code Execution |
Magento |
۹.۸ |
CVE-2020-9580 |
|
|
$۲k-$5k |
Code Execution |
Magento |
۹.۸ |
CVE-2020-9579 |
|
|
$۱k-$2k |
Weak Authentication |
Magento Signature Validation Timing |
۷.۲ |
CVE-2020-9588 |
|
|
$۰-$۱k |
XSS |
Magento Stored |
۵.۴ |
CVE-2020-9584 |
|
|
$۰-$۱k |
XSS |
Magento Stored |
۶.۱ |
CVE-2020-9581 |
|
|
$۰-$۱k |
XSS |
Magento Stored |
۶.۱ |
CVE-2020-9577 |
|
|
$۱k-$2k |
Information Disclosure |
Mattermost Mobile App Token |
۷.۵ |
CVE-2020-13891 |
|
|
Not Defined |
$۱k-$2k |
Weak Authentication |
MAVLink |
۹.۸ |
CVE-2020-10282 |
|
Not Defined |
$۰-$۱k |
Weak Encryption |
MAVLink |
۷.۵ |
CVE-2020-10281 |
|
$۲k-$5k |
Information Disclosure |
McAfee Network Security Management Command Line Interface |
۸.۶ |
CVE-2020-7284 |
|
|
$۵k-$10k |
Privilege Escalation |
McAfee Total Protection Symbolic Link |
۷.۵ |
CVE-2020-7283 |
|
|
$۵k-$10k |
Privilege Escalation |
McAfee Total Protection Symbolic Link |
۷.۵ |
CVE-2020-7282 |
|
|
$۵k-$10k |
Privilege Escalation |
McAfee Total Protection Symbolic Link |
۷.۵ |
CVE-2020-7281 |
|
|
Not Defined |
$۲k-$5k |
Memory Corruption |
MediaArea MediaInfo MediaInfoLib File_MpegPs.cpp Streams_Fill_PerStream |
۷.۸ |
CVE-2020-15395 |
|
$۱۰۰k and more |
Memory Corruption |
Microsoft Windows Codecs Library |
۸.۱ |
CVE-2020-1457 |
|
|
$۱۰۰k and more |
Memory Corruption |
Microsoft Windows Codecs Library |
۸.۱ |
CVE-2020-1425 |
|
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
MISP ACL Check AttributesController.php |
۵.۵ |
CVE-2020-15411 |
|
$۲k-$5k |
Privilege Escalation |
MISP ACL Check EventsController.php |
۵.۵ |
CVE-2020-15412 |
|
|
Not Defined |
$۰-$۱k |
DoS |
Mitsubishi Engineering Software |
۳.۵ |
CVE-2020-5603 |
|
Not Defined |
$۲k-$5k |
XML External Entity |
Mitsubishi Engineering Software |
۵.۵ |
CVE-2020-5602 |
|
Not Defined |
$۲k-$5k |
SQL Injection |
MK-AUTH arp.php |
۶.۸ |
CVE-2020-14069 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
MK-AUTH auth |
۹.۸ |
CVE-2020-14072 |
|
Not Defined |
$۰-$۱k |
XSS |
MK-AUTH |
۶.۱ |
CVE-2020-14071 |
|
Not Defined |
$۲k-$5k |
SQL Injection |
MK-AUTH Web Login executar_login.php |
۹.۸ |
CVE-2020-14068 |
|
Not Defined |
$۱k-$2k |
Weak Authentication |
MK-AUTH Web Login executar_login.php |
۹.۸ |
CVE-2020-14070 |
|
Not Defined |
$۲k-$5k |
Code Execution |
Monsta FTP |
۵.۵ |
CVE-2020-14057 |
|
Not Defined |
$۰-$۱k |
XSS |
Monsta FTP Language Setting Stored |
۳.۵ |
CVE-2020-14055 |
|
Not Defined |
$۲k-$5k |
Server-Side Request Forgery |
Monsta FTP |
۵.۵ |
CVE-2020-14056 |
|
Not Defined |
$۲k-$5k |
Memory Corruption |
nDPI H.323 Dissector h323.c ndpi_search_h323 |
۵.۵ |
CVE-2020-15472 |
|
Not Defined |
$۲k-$5k |
Memory Corruption |
nDPI ndpi_main.c ndpi_parse_packet_line_info |
۵.۵ |
CVE-2020-15471 |
|
Not Defined |
$۲k-$5k |
Memory Corruption |
nDPI ndpi_main.c ndpi_reset_packet_line_info |
۵.۵ |
CVE-2020-15475 |
|
Not Defined |
$۲k-$5k |
Memory Corruption |
nDPI OpenVPN Dissector openvpn.c ndpi_search_openvpn |
۵.۵ |
CVE-2020-15473 |
|
Not Defined |
$۲k-$5k |
Memory Corruption |
nDPI Oracle Protocol Dissector oracle.c ndpi_search_oracle |
۵.۵ |
CVE-2020-15476 |
|
Not Defined |
$۲k-$5k |
Memory Corruption |
nDPI tls.c extractRDNSequence |
۵.۵ |
CVE-2020-15474 |
|
Not Defined |
$۰-$۱k |
XSS |
NeDi Devices-Config.php |
۶.۱ |
CVE-2020-15017 |
|
Not Defined |
$۰-$۱k |
XSS |
NeDi libmisc.php sanitize() |
۳.۵ |
CVE-2020-14413 |
|
Not Defined |
$۰-$۱k |
XSS |
NeDi Other-Converter.php |
۶.۱ |
CVE-2020-15016 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
NeDi pwsec.php |
۷.۳ |
CVE-2020-14414 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
NeDi System-Snapshot.php |
۷.۳ |
CVE-2020-14412 |
|
$۲k-$5k |
Code Execution |
Nexacro14-17 ExtCommonApiV13 Library API |
۷.۸ |
CVE-2020-7820 |
|
|
$۲k-$5k |
Code Execution |
Nexacro14-17 ExtCommonApiV13 Registry |
۷.۸ |
CVE-2020-7821 |
|
|
Not Defined |
$۰-$۱k |
XSS |
Nexos Theme |
۶.۱ |
CVE-2020-15364 |
|
Not Defined |
$۲k-$5k |
SQL Injection |
Nexos Theme |
۹.۸ |
CVE-2020-15363 |
|
$۲k-$5k |
Privilege Escalation |
Nextcloud Deck Access Control Injection |
۵.۵ |
CVE-2020-8179 |
|
|
Not Defined |
$۰-$۱k |
XSS |
Nginx Controller API Endpoint Reflected |
۳.۵ |
CVE-2020-5901 |
|
$۰-$۱k |
Weak Encryption |
Nginx Controller Kubernetes Package Download HTTP |
۳.۷ |
CVE-2020-5911 |
|
|
$۱k-$2k |
Weak Authentication |
Nginx Controller NATS Messaging System |
۵.۵ |
CVE-2020-5910 |
|
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Nginx Controller |
۵.۵ |
CVE-2020-5899 |
|
Not Defined |
$۰-$۱k |
CSRF |
Nginx Controller User Interface |
۴.۳ |
CVE-2020-5900 |
|
$۱k-$2k |
Weak Authentication |
Nginx Controller User Interface |
۵.۵ |
CVE-2020-5909 |
|
|
$۰-$۱k |
XSS |
Nozomi Guardian Web Front End Stored |
۳.۵ |
CVE-2020-15307 |
|
|
$۲k-$5k |
Privilege Escalation |
Nozomi Networks OS |
۵.۵ |
CVE-2020-7049 |
|
|
$۲k-$5k |
Code Execution Memory Corruption |
NVIDIA Virtual GPU Manager vGPU Plugin |
۵.۵ |
CVE-2020-5971 |
|
|
$۲k-$5k |
Code Execution Memory Corruption |
NVIDIA Virtual GPU Manager vGPU Plugin |
۵.۵ |
CVE-2020-5968 |
|
|
$۰-$۱k |
DoS |
NVIDIA Virtual GPU Manager vGPU Plugin |
۳.۵ |
CVE-2020-5973 |
|
|
$۲k-$5k |
Memory Corruption |
NVIDIA Virtual GPU Manager vGPU Plugin |
۵.۵ |
CVE-2020-5972 |
|
|
$۲k-$5k |
Privilege Escalation |
NVIDIA Virtual GPU Manager vGPU Plugin |
۵.۵ |
CVE-2020-5970 |
|
|
$۱k-$2k |
Race Condition |
NVIDIA Virtual GPU Manager vGPU Plugin |
۵.۵ |
CVE-2020-5969 |
|
|
$۲k-$5k |
Open Redirect |
OAuth2 Proxy |
۵.۳ |
CVE-2020-4037 |
|
|
$۲k-$5k |
Memory Corruption |
OpenEXR ImfDeepScanLineInputFile.cpp DeepScanLineInputFile() |
۵.۵ |
CVE-2020-15305 |
|
|
$۲k-$5k |
Memory Corruption |
OpenEXR ImfMisc.cpp getChunkOffsetTableSize() |
۵.۵ |
CVE-2020-15306 |
|
|
$۰-$۱k |
DoS |
OpenEXR ImfTiledInputFile.cpp TiledInputFile() |
۵.۵ |
CVE-2020-15304 |
|
|
Not Defined |
$۲k-$5k |
Memory Corruption |
OpenJPEG opj_decompress.c opj_image_destroy |
۵.۵ |
CVE-2020-15389 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
openSIS Access Control |
۹.۱ |
CVE-2020-13382 |
|
Not Defined |
$۲k-$5k |
Directory Traversal |
openSIS |
۷.۵ |
CVE-2020-13383 |
|
Not Defined |
$۲k-$5k |
SQL Injection |
openSIS |
۹.۸ |
CVE-2020-13381 |
|
$۲k-$5k |
SQL Injection |
openSIS |
۹.۸ |
CVE-2020-13380 |
|
|
Not Defined |
$۱۰k-$25k |
Information Disclosure |
OpenSSH Algorithm Negotiation |
۳.۷ |
CVE-2020-14145 |
|
$۱k-$2k |
Privilege Escalation |
openSUSE Leap hylafax+ Package |
۵.۳ |
CVE-2020-8024 |
|
|
$۱k-$2k |
Privilege Escalation |
openSUSE Leap/Tumbleweed |
۷.۷ |
CVE-2020-8014 |
|
|
$۵۰k-$100k |
Weak Authentication |
Palo Alto PAN-OS SAML Authentication |
۱۰.۰ |
CVE-2020-2021 |
|
|
Not Defined |
$۲k-$5k |
SQL Injection |
Persian VIP Download Script cart_edit.php |
۶.۳ |
CVE-2020-15468 |
|
Not Defined |
$۲k-$5k |
Memory Corruption |
Phoenix Contact PC Worx/PC Worx Express mwe File Parser Out-of-Bounds |
۷.۸ |
CVE-2020-12498 |
|
Not Defined |
$۲k-$5k |
Memory Corruption |
Phoenix Contact PC Worx/PC Worx Express PLCopen XML File Parser Stack-based |
۷.۸ |
CVE-2020-12497 |
|
Not Defined |
$۰-$۱k |
Weak Encryption |
Phoenix Hemodialysis Delivery System |
۳.۷ |
CVE-2020-12048 |
|
$۲k-$5k |
Privilege Escalation |
PrestaShop Authentication Command |
۹.۸ |
CVE-2020-4074 |
|
|
$۲k-$5k |
Privilege Escalation |
PrestaShop Carrier Page/Module Manager/Module Positions |
۶.۴ |
CVE-2020-15079 |
|
|
$۲k-$5k |
Privilege Escalation |
PrestaShop Dashboard |
۸.۸ |
CVE-2020-15082 |
|
|
$۱k-$2k |
Information Disclosure |
PrestaShop index.php |
۵.۳ |
CVE-2020-15081 |
|
|
$۰-$۱k |
XSS |
PrestaShop Quick Access Item Name Stored |
۵.۴ |
CVE-2020-11074 |
|
|
$۰-$۱k |
XSS |
PrestaShop Reflected |
۶.۱ |
CVE-2020-15083 |
|
|
$۱k-$2k |
Information Disclosure |
PrestaShop Release Archive |
۵.۳ |
CVE-2020-15080 |
|
|
$۱k-$2k |
Weak Authentication |
Presto Internal API |
۷.۴ |
CVE-2020-15087 |
|
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
QNAP Helpdesk Kayako Service |
۹.۸ |
CVE-2020-2500 |
|
$۱۰k-$25k |
Privilege Escalation |
Red Hat Ceph Storage RadosGW CORS ExposeHeader Tag Header Injection |
۵.۴ |
CVE-2020-10753 |
|
|
$۵k-$10k |
Memory Corruption |
Red Hat Enterprise Linux Kernel authenc.c crypto_authenc_extractkeys |
۵.۳ |
CVE-2020-10769 |
|
|
$۰-$۱k |
CSRF |
Ruby on Rails |
۴.۳ |
CVE-2020-8166 |
|
|
$۰-$۱k |
DoS |
Ruby on Rails |
۳.۵ |
CVE-2020-8185 |
|
|
$۲k-$5k |
Privilege Escalation |
Ruby on Rails render |
۷.۳ |
CVE-2020-8163 |
|
|
Not Defined |
$۰-$۱k |
XSS |
Sonargraph Integration Plugin Stored |
۳.۵ |
CVE-2020-2201 |
|
$۵k-$10k |
Memory Corruption |
SQLite Query Optimizer select.c multiSelectOrderBy |
۹.۸ |
CVE-2020-15358 |
|
|
$۵k-$10k |
DoS |
Squid Web Proxy Certificate Validation Helper |
۳.۵ |
CVE-2020-14058 |
|
|
$۱۰k-$25k |
Privilege Escalation |
Squid Web Proxy ContentLengthInterpreter.cc |
۹.۹ |
CVE-2020-15049 |
|
|
$۵k-$10k |
DoS |
Squid Web Proxy Synchronization pop |
۳.۵ |
CVE-2020-14059 |
|
|
$۵k-$10k |
Privilege Escalation |
SuSE Enterprise Storage Tomcat Package |
۷.۷ |
CVE-2020-8022 |
|
|
$۵k-$10k |
Privilege Escalation |
SuSE Linux Enterprise Debuginfo Symlink |
۷.۷ |
CVE-2020-8019 |
|
|
$۱۰k-$25k |
Privilege Escalation |
SuSE osc |
۷.۵ |
CVE-2019-3681 |
|
|
$۰-$۱k |
DoS |
Tendermint Signature |
۶.۵ |
CVE-2020-15091 |
|
|
Not Defined |
$۱k-$2k |
Information Disclosure |
TIBCO Managed File Transfer Command Center MFT Admin Service |
۸.۸ |
CVE-2020-9414 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
TIBCO Managed File Transfer Command Center MFT Browser |
۶.۳ |
CVE-2020-9413 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
traceroute Package Child.exec() |
۱۰.۰ |
CVE-2018-21268 |
|
$۲k-$5k |
Privilege Escalation |
Veeam Availability Suite/Backup & Replication VeeamFSR.sys |
۵.۵ |
CVE-2020-15518 |
|
|
Not Defined |
$۰-$۱k |
XSS |
VncRecorder Plugin checkVncServ |
۳.۵ |
CVE-2020-2206 |
|
Not Defined |
$۰-$۱k |
XSS |
VncRecorder Plugin Validation Endpoint checkVncServ |
۳.۵ |
CVE-2020-2205 |
|
Not Defined |
$۰-$۱k |
XSS |
VncViewer Plugin checkVncServ |
۳.۵ |
CVE-2020-2207 |
|
Not Defined |
$۲k-$5k |
Code Execution |
WAVLINK WL-WN530HG4 CGI Script |
۸.۰ |
CVE-2020-15489 |
|
Not Defined |
$۲k-$5k |
Code Execution & Memory Corruption |
WAVLINK WL-WN530HG4 CGI Script |
۹.۰ |
CVE-2020-15490 |
|
$۰-$۱k |
XSS |
WebForms Pro M2 Extension |
۳.۵ |
CVE-2020-12635 |
|
|
Not Defined |
$۱k-$2k |
Memory Corruption |
Windows Cleaning Assistant Driver AtpKrnl.sys |
۶.۶ |
CVE-2020-14957 |
|
Not Defined |
$۱k-$2k |
Memory Corruption |
Windows Cleaning Assistant Driver AtpKrnl.sys |
۶.۶ |
CVE-2020-14956 |
|
$۰-$۱k |
DoS |
xrdp-sesman Service Service Port 3350 Crash |
۷.۵ |
CVE-2020-4044 |
|
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
ZAP Pipeline Plugin CSP |
۵.۵ |
CVE-2020-2214 |
|
Not Defined |
$۰-$۱k |
CSRF |
Zephyr for JIRA Test Management Plugin |
۴.۳ |
CVE-2020-2215 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Zephyr for JIRA Test Management Plugin Permission Check |
۵.۵ |
CVE-2020-2216 |
|
Not Defined |
$۲k-$5k |
Weak Authentication |
ZyXEL CloudCNM SecuManager cnr |
۶.۳ |
CVE-2020-15336 |
|
Not Defined |
$۲k-$5k |
Weak Authentication |
ZyXEL CloudCNM SecuManager Default Credentials |
۳.۵ |
CVE-2020-15323 |
|
Not Defined |
$۲k-$5k |
Weak Authentication |
ZyXEL CloudCNM SecuManager Default Credentials |
۳.۵ |
CVE-2020-15322 |
|
Not Defined |
$۲k-$5k |
Weak Authentication |
ZyXEL CloudCNM SecuManager DSA SSH Key axess |
۳.۱ |
CVE-2020-15315 |
|
Not Defined |
$۲k-$5k |
Weak Authentication |
ZyXEL CloudCNM SecuManager DSA SSH Key mysql |
۲.۶ |
CVE-2020-15318 |
|
Not Defined |
$۲k-$5k |
Weak Encryption |
ZyXEL CloudCNM SecuManager DSA SSH Key |
۳.۷ |
CVE-2020-15312 |
|
Not Defined |
$۲k-$5k |
Weak Authentication |
ZyXEL CloudCNM SecuManager ECDSA SSH Key axess |
۲.۶ |
CVE-2020-15316 |
|
Not Defined |
$۲k-$5k |
Weak Encryption |
ZyXEL CloudCNM SecuManager ECDSA SSH Key |
۳.۷ |
CVE-2020-15313 |
|
Not Defined |
$۵k-$10k |
Privilege Escalation |
ZyXEL CloudCNM SecuManager |
۵.۵ |
CVE-2020-15348 |
|
Not Defined |
$۲k-$5k |
Weak Authentication |
ZyXEL CloudCNM SecuManager registerCpe |
۶.۳ |
CVE-2020-15335 |
|
Not Defined |
$۲k-$5k |
Weak Authentication |
ZyXEL CloudCNM SecuManager RSA SSH Key axess |
۲.۶ |
CVE-2020-15317 |
|
Not Defined |
$۲k-$5k |
Weak Authentication |
ZyXEL CloudCNM SecuManager RSA SSH Key mysql |
۲.۶ |
CVE-2020-15319 |
|
Not Defined |
$۲k-$5k |
Weak Authentication |
ZyXEL CloudCNM SecuManager RSA SSH Key |
۳.۱ |
CVE-2020-15314 |
|
Not Defined |
$۲k-$5k |
Weak Authentication |
ZyXEL CloudCNM SecuManager |
۳.۵ |
CVE-2020-15321 |
|
Not Defined |
$۲k-$5k |
Weak Authentication |
ZyXEL CloudCNM SecuManager |
۳.۵ |
CVE-2020-15320 |
|
Not Defined |
$۲k-$5k |
Information Disclosure |
ZyXEL CloudCNM SecuManager xmpp_config.py |
۷.۵ |
CVE-2020-15324 |
سطح خطر حدود ۳۳% آسیبپذیریهای هفته، «پرخطر» و «حیاتی» برآورد شده است که بسیار قابلتوجّه است.
ارزش روز صفرم ۶۵ % آسیبپذیریهای هفته بیش از ۲۰۰۰ دلار بوده است.
خوشبختانه برای ۶۰% آسیبپذیریهای هفته، بهروزرسانیها و یا وصلههایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده از آسیبپذیریها بهتر است سریعاً اعمال شوند.
همچنین با ۵۸ مورد، اکثر آسیبپذیریهای هفته (۱۶%) از نوع «ارتقا امتیاز» بودند.
