آسیب‌پذیری‌های حیاتی هفته اول مردادماه

این هفته آسیب‌پذیری‌های بسیاری در سیستم‌عامل اندروید و مرورگر محبوب کروم شرکت Google گزارش و وصله‌های نظیر آن‌ها عرضه شد. همچنین در محصولات شرکت‌های IBM، Adobe، Python، Citrix، D-Link، Juniper، Apache و کرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت که وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شده است. امّا از مهم‌ترین آسیب‌پذیری‌های هفته، آسیب‌پذیری‌ دو محصول امنیت شبکه Cisco بود که بلافاصله پس از انتشار از آن در چندین حمله سوءاستفاده شد.

لیست این آسیب‌پذیری‌ها به همراه لینک وصله‌ها و به‌روزرسانی‌های ارائه‌شده در جدول زیر آمده است.

رفع آسیب‌پذیری	ارزش روز صفر	نوع آسیب‌پذیری	محصول آسیب‌پذیر	امتیاز مبنا	شناسه آسیب‌پذیری
Not Defined	$۱k-$2k	Privilege Escalation	۳۶۰ Total Security DLL	۷.۸	CVE-2020-15722
Not Defined	$۱k-$2k	Privilege Escalation	۳۶۰ Total Security DLL GameChrome.exe	۷.۸	CVE-2020-15723
Not Defined	$۱k-$2k	Privilege Escalation	۳۶۰ Total Security Gamefolde GameChrome.exe	۷.۸	CVE-2020-15724
Official Fix	$۵k-$10k	Memory Corruption	Adobe Bridge Out-of-Bounds	۸.۸	CVE-2020-9676
Official Fix	$۵k-$10k	Memory Corruption	Adobe Bridge Out-of-Bounds	۸.۸	CVE-2020-9675
Official Fix	$۵k-$10k	Memory Corruption	Adobe Bridge Out-of-Bounds	۸.۸	CVE-2020-9674
Official Fix	$۵k-$10k	Privilege Escalation	Adobe ColdFusion Search	۷.۸	CVE-2020-9673
Official Fix	$۵k-$10k	Privilege Escalation	Adobe ColdFusion Search	۷.۸	CVE-2020-9672
Official Fix	$۵k-$10k	Privilege Escalation	Adobe Creative Cloud Desktop Application	۹.۸	CVE-2020-9669
Official Fix	$۵k-$10k	Privilege Escalation	Adobe Creative Cloud Desktop Application File Permission	۹.۸	CVE-2020-9671
Official Fix	$۵k-$10k	Privilege Escalation	Adobe Creative Cloud Desktop Application Symlink	۹.۸	CVE-2020-9682
Official Fix	$۵k-$10k	Privilege Escalation	Adobe Creative Cloud Desktop Application Symlink	۹.۸	CVE-2020-9670
Official Fix	$۵k-$10k	Command Injection	Adobe Download Manager	۷.۸	CVE-2020-9688
Official Fix	$۲k-$5k	Information Disclosure	Adobe Media Encoder Out-of-Bounds	۵.۵	CVE-2020-9649
Official Fix	$۵k-$10k	Memory Corruption	Adobe Media Encoder Out-of-Bounds	۷.۸	CVE-2020-9650
Official Fix	$۵k-$10k	Memory Corruption	Adobe Media Encoder Out-of-Bounds	۷.۸	CVE-2020-9646
Official Fix	$۵k-$10k	Memory Corruption	Adobe Photoshop Out-of-Bounds	۶.۵	CVE-2020-9686
Official Fix	$۵k-$10k	Memory Corruption	Adobe Photoshop Out-of-Bounds	۸.۸	CVE-2020-9687
Official Fix	$۵k-$10k	Memory Corruption	Adobe Photoshop Out-of-Bounds	۸.۸	CVE-2020-9685
Official Fix	$۵k-$10k	Memory Corruption	Adobe Photoshop Out-of-Bounds	۸.۸	CVE-2020-9684
Official Fix	$۵k-$10k	Memory Corruption	Adobe Photoshop Out-of-Bounds	۸.۸	CVE-2020-9683
Official Fix	$۵k-$10k	Memory Corruption	Adobe Prelude Out-of-Bounds	۶.۵	CVE-2020-9679
Official Fix	$۵k-$10k	Memory Corruption	Adobe Prelude Out-of-Bounds	۸.۸	CVE-2020-9680
Official Fix	$۵k-$10k	Memory Corruption	Adobe Prelude Out-of-Bounds	۸.۸	CVE-2020-9678
Official Fix	$۵k-$10k	Memory Corruption	Adobe Prelude Out-of-Bounds	۸.۸	CVE-2020-9677
Official Fix	$۱۰k-$25k	Directory Traversal	Adobe Reader Mobile	۵.۳	CVE-2020-9663
Not Defined	$۲k-$5k	Memory Corruption	AMD Graphics Driver Pixel Shader rdvgm.exe	۹.۹	CVE-2020-6100
Not Defined	$۲k-$5k	Remote Code Execution	AMD Radeon DirectX 11 Driver Shader rdvgm.exe	۹.۹	CVE-2020-6103
Not Defined	$۲k-$5k	Remote Code Execution	AMD Radeon DirectX 11 Driver Shader rdvgm.exe	۹.۹	CVE-2020-6102
Not Defined	$۲k-$5k	Remote Code Execution	AMD Radeon DirectX 11 Driver Shader rdvgm.exe	۹.۹	CVE-2020-6101
Official Fix	$۵k-$10k	XSS	Apache ActiveMQ Artemis MQTT	۶.۵	CVE-2020-13932
Official Fix	$۱۰k-$25k	Command Injection	Apache Airflow	۸.۸	CVE-2020-11978
Official Fix	$۲k-$5k	XSS	Apache Airflow Admin Management Screen Stored	۵.۴	CVE-2020-11983
Official Fix	$۵k-$10k	XSS	Apache Airflow Classic UI Stored	۶.۱	CVE-2020-9485
Official Fix	$۱۰k-$25k	Command Injection	Apache RabbitMQ Redis/RabbitMQ	۹.۸	CVE-2020-11981
Official Fix	$۱۰k-$25k	Remote Code Execution	Apache RabbitMQ Redis/RabbitMQ	۹.۸	CVE-2020-11982
Official Fix	$۲k-$5k	SQL Injection	Artica Proxy CE	۷.۵	CVE-2020-15052
Official Fix	$۰-$۱k	XSS	Artica Proxy CE Reflected	۶.۱	CVE-2020-15053
Official Fix	$۲k-$5k	Code Execution	Asus ScreenPad2_Upgrade_Tool.msi AsusScreenXpertServicec.exe	۵.۵	CVE-2020-15009
Official Fix	$۱k-$2k	XSS	Atlassian Confluence Server/Data Center Macro	۴.۳	CVE-2020-14175
Not Defined	$۱k-$2k	Weak Authentication	AvertX HD438/HD838 Default Credentials	۳.۱	CVE-2020-11624
Not Defined	$۱k-$2k	Privilege Escalation	AvertX HD438/HD838 UART Interface	۶.۸	CVE-2020-11623
Not Defined	$۱k-$2k	Information Disclosure	AvertX HD438/HD838 Web UI User	۳.۵	CVE-2020-11625
Official Fix	$۱۰k-$25k	Directory Traversal	Cisco ASA/Firepower Threat Defense Web Services Interface	۷.۵	CVE-2020-3452
Official Fix	$۱۰k-$25k	Code Execution	Citrix Workspace App Automatic Updater Service	۵.۵	CVE-2020-8207
Official Fix	$۵k-$10k	DoS	ClamAV Antivirus EGG Archive Parser NULL Pointer Dereference	۷.۵	CVE-2020-3481
Not Defined	$۱k-$2k	Information Disclosure	C-More HMI EA9	۵.۹	CVE-2020-10919
Not Defined	$۱k-$2k	Weak Authentication	C-More HMI EA9	۷.۵	CVE-2020-10918
Not Defined	$۰-$۱k	DoS	C-More HMI EA9 EA-HTTP.exe	۷.۵	CVE-2020-10922
Not Defined	$۲k-$5k	Privilege Escalation	C-More HMI EA9 EA-HTTP.exe	۹.۸	CVE-2020-10921
Workaround	$۲k-$5k	Remote Code Execution	C-More HMI EA9 Service Port 9999	۹.۸	CVE-2020-10920
Official Fix	$۲k-$5k	Command Injection	codecov Package Upload	۹.۳	CVE-2020-15123
Official Fix	$۰-$۱k	DoS	CODESYS Control Runtime System Memory Exhaustion	۷.۵	CVE-2020-15806
Not Defined	$۱k-$2k	Memory Corruption	DaviewIndy Daview.exe	۷.۸	CVE-2020-7818
Official Fix	$۱۰k-$25k	Memory Corruption	D-Link DAP-1520 Web Interface apply.cgi	۵.۵	CVE-2020-15892
Official Fix	$۵k-$10k	Weak Authentication	D-Link DAP-1522 logout.php	۶.۳	CVE-2020-15896
Official Fix	$۱۰k-$25k	Privilege Escalation	D-Link DAP-1860 1.‎04B03_HOTFIX HNAP Service	۸.۰	CVE-2020-15631
Official Fix	$۵k-$10k	Information Disclosure	D-Link DIR-816L getcfg.php	۷.۵	CVE-2020-15894
Official Fix	$۵k-$10k	XSS	D-Link DIR-816L info.php	۶.۱	CVE-2020-15895
Official Fix	$۱۰k-$25k	Command Injection	D-Link DIR-816L UPnP	۹.۸	CVE-2020-15893
Official Fix	$۱۰k-$25k	Code Execution	D-Link DIR-842 HNAP	۸.۸	CVE-2020-15632
Official Fix	$۵k-$10k	Weak Authentication	D-Link DIR-867/DIR-878/DIR-882	۸.۸	CVE-2020-15633
Not Defined	$۱۰k-$25k	Command Injection	D-Link DSL-7740C	۶.۷	CVE-2020-12774
Official Fix	$۰-$۱k	XSS	docsify	۶.۱	CVE-2020-7680
Not Defined	$۰-$۱k	Weak Encryption	DuoConnect Client	۵.۷	CVE-2020-3442
Not Defined	$۱k-$2k	Information Disclosure	Easergy Builder Cleartext Storage Credentials	۳.۵	CVE-2020-7517
Not Defined	$۱k-$2k	Information Disclosure	Easergy Builder Cleartext Storage Credentials	۳.۵	CVE-2020-7516
Not Defined	$۱k-$2k	Weak Encryption	Easergy Builder Credentials	۳.۵	CVE-2020-7514
Not Defined	$۱k-$2k	Weak Encryption	Easergy Builder Key	۳.۵	CVE-2020-7515
Not Defined	$۱k-$2k	Weak Authentication	Easergy Builder Password Requirements	۳.۱	CVE-2020-7519
Not Defined	$۲k-$5k	Privilege Escalation	Easergy Builder Project Configuration File	۵.۵	CVE-2020-7518
Not Defined	$۲k-$5k	Privilege Escalation	evolution-data-server STARTTLS Buffer	۵.۹	CVE-2020-14928
Not Defined	$۲k-$5k	Remote Code Execution	EyeSurfer BflyInstallerX.ocx	۹.۸	CVE-2020-7826
Not Defined	$۲k-$5k	Directory Traversal	fast-http index.js fs.readFile	۷.۵	CVE-2020-7687
Official Fix	$۲k-$5k	Privilege Escalation	Fiber c.Attachment()‎	۴.۶	CVE-2020-15111
Official Fix	$۱k-$2k	SQL Injection	GLPI Clone	۷.۱	CVE-2020-15108
Official Fix	$۰-$۱k	DoS	GNU LibreDWG NULL Pointer Dereference	۶.۵	CVE-2020-15807
Official Fix	$۱۰۰k and more	Information Disclosure	Google Android	۷.۵	CVE-2020-0228
Official Fix	$۵۰k-$100k	Memory Corruption	Google Android a2dp_vendor_ldac_decoder.cc a2dp_vendor_ldac_decoder_decode_packet	۹.۸	CVE-2020-0225
Official Fix	$۲۵k-$50k	Privilege Escalation	Google Android AndroidManifest.xml	۶.۷	CVE-2020-0122
Official Fix	$۵۰k-$100k	Memory Corruption	Google Android char_dev.c cdev_get	۶.۴	CVE-2020-0305
Official Fix	$۲۵k-$50k	Memory Corruption	Google Android Client.cpp createWithSurfaceParent	۷.۸	CVE-2020-0226
Official Fix	$۲۵k-$50k	Privilege Escalation	Google Android CompanionDeviceManagerService.java onCommand	۷.۸	CVE-2020-0227
Official Fix	$۵۰k-$100k	Memory Corruption	Google Android keys.cc GetKeysSlow	۹.۸	CVE-2020-0224
Official Fix	$۵۰k-$100k	Memory Corruption	Google Android Out-of-Bounds	۹.۸	CVE-2020-0231
Official Fix	$۵۰k-$100k	Memory Corruption	Google Android Out-of-Bounds	۹.۸	CVE-2020-0230
Official Fix	$۱۰k-$25k	Information Disclosure	Google Android PhoneInterfaceManager.java getUiccCardsInfo	۵.۵	CVE-2020-0107
Official Fix	$۰-$۱k	Memory Corruption	Google Android QCamera3HWI.cpp notifyErrorForPendingRequests	۷.۸	CVE-2020-0120
Official Fix	$۲۵k-$50k	Information Disclosure	Google Chrome Autofill Side-Channel	۶.۵	CVE-2020-6521
Official Fix	$۵۰k-$100k	Memory Corruption	Google Chrome Background Fetch Heap-based	۷.۸	CVE-2020-6510
Official Fix	$۵۰k-$100k	Privilege Escalation	Google Chrome Content Security Policy	۴.۳	CVE-2020-6527
Official Fix	$۵۰k-$100k	Privilege Escalation	Google Chrome Content Security Policy	۶.۵	CVE-2020-6519
Official Fix	$۲۵k-$50k	Information Disclosure	Google Chrome Content Security Policy Cross-Origin	۴.۳	CVE-2020-6511
Official Fix	$۵۰k-$100k	Memory Corruption	Google Chrome Developer Tools Out-of-Bounds	۵.۰	CVE-2020-6530
Official Fix	$۵۰k-$100k	Memory Corruption	Google Chrome Developer Tools Use-After-Free	۸.۸	CVE-2020-6518
Official Fix	$۵۰k-$100k	Memory Corruption	Google Chrome Extensions Use-After-Free	۹.۶	CVE-2020-6509
Official Fix	$۵۰k-$100k	Memory Corruption	Google Chrome History Heap-based	۶.۳	CVE-2020-6517
Official Fix	$۵۰k-$100k	Memory Corruption	Google Chrome PDFium Heap-based	۸.۸	CVE-2020-6513
Official Fix	$۲۵k-$50k	Information Disclosure	Google Chrome Policy Cross-Origin	۴.۳	CVE-2020-6516
Official Fix	$۵۰k-$100k	Privilege Escalation	Google Chrome Protocol	۶.۳	CVE-2020-6522
Official Fix	$۵۰k-$100k	Privilege Escalation	Google Chrome Sandbox	۶.۵	CVE-2020-6526
Official Fix	$۵۰k-$100k	Memory Corruption	Google Chrome Sandbox Use-After-Free	۹.۶	CVE-2020-6505
Official Fix	$۲۵k-$50k	Information Disclosure	Google Chrome Scroll Side-Channel	۴.۳	CVE-2020-6531
Official Fix	$۲۵k-$50k	Spoofing	Google Chrome Security UI spoofing	۴.۳	CVE-2020-6536
Official Fix	$۲۵k-$50k	Spoofing	Google Chrome Security UI spoofing	۴.۳	CVE-2020-6528
Official Fix	$۵۰k-$100k	Memory Corruption	Google Chrome Skia Heap-based	۸.۸	CVE-2020-6525
Official Fix	$۵۰k-$100k	Memory Corruption	Google Chrome Skia Heap-based	۸.۸	CVE-2020-6520
Official Fix	$۵۰k-$100k	Memory Corruption	Google Chrome Skia Out-of-Bounds	۶.۳	CVE-2020-6523
Official Fix	$۵۰k-$100k	Memory Corruption	Google Chrome Tab Strip Use-After-Free	۸.۸	CVE-2020-6515
Official Fix	$۵۰k-$100k	Memory Corruption	Google Chrome v8 Heap-based	۶.۳	CVE-2020-6533
Official Fix	$۵۰k-$100k	Memory Corruption	Google Chrome v8 Heap-based	۶.۳	CVE-2020-6512
Official Fix	$۵۰k-$100k	Memory Corruption	Google Chrome v8 Out-of-Bounds	۸.۸	CVE-2020-6507
Official Fix	$۵۰k-$100k	Memory Corruption	Google Chrome WebAudio Heap-based	۸.۸	CVE-2020-6524
Official Fix	$۲۵k-$50k	Information Disclosure	Google Chrome WebRTC Cross-Origin	۴.۳	CVE-2020-6529
Official Fix	$۵۰k-$100k	Memory Corruption	Google Chrome WebRTC Heap-based	۶.۳	CVE-2020-6534
Official Fix	$۵۰k-$100k	Memory Corruption	Google Chrome WebRTC Heap-based	۶.۳	CVE-2020-6514
Official Fix	$۱۰k-$25k	XSS	Google Chrome WebUI	۴.۳	CVE-2020-6535
Official Fix	$۵۰k-$100k	Privilege Escalation	Google Chrome WebView	۶.۳	CVE-2020-6506
Official Fix	$۲۵k-$50k	Race Condition	Google Go Proxy httputil.ReverseProxy race condition	۵.۹	CVE-2020-15586
Official Fix	$۱۰k-$25k	Weak Authentication	Google Go X.‎509 Certificate Verification Certificate.Verify	۵.۳	CVE-2020-14039
Not Defined	$۲k-$5k	Privilege Escalation	Grandstream GWN7000 API	۸.۸	CVE-2020-5756
Not Defined	$۲k-$5k	Privilege Escalation	Grandstream UCM6200 HTTPS API OS Command Injection	۸.۸	CVE-2020-5758
Not Defined	$۲k-$5k	Privilege Escalation	Grandstream UCM6200 HTTPS API OS Command Injection	۹.۸	CVE-2020-5757
Not Defined	$۲k-$5k	Privilege Escalation	Grandstream UCM6200 SSH OS Command Injection	۹.۸	CVE-2020-5759
Official Fix	$۱k-$2k	Weak Authentication	Graylog SSL Certificate Validator	۸.۱	CVE-2020-15813
Not Defined	$۲k-$5k	Privilege Escalation	Grundfos CIM 500 Password Storage	۷.۵	CVE-2020-10605
Not Defined	$۰-$۱k	XSS	HCL BigFix WebUI Software Module Stored	۵.۴	CVE-2020-4104
Not Defined	$۰-$۱k	XSS	HCL Campaign	۵.۴	CVE-2019-4090
Not Defined	$۱k-$2k	Information Disclosure	HCL Marketing Operations File Download	۸.۱	CVE-2020-4125
Not Defined	$۰-$۱k	XSS	HCL Marketing Platform Dashboard	۵.۴	CVE-2019-4091
Official Fix	$۱۰k-$25k	Privilege Escalation	HPE MSE Msg Gw application E-LTU HTTPS	۶.۶	CVE-2019-12000
Not Defined	$۲k-$5k	Information Disclosure	Huawei CloudEngine 7800	۳.۳	CVE-2020-9102
Official Fix	$۵k-$10k	DoS	Huawei Honor 10	۵.۵	CVE-2020-9255
Official Fix	$۵k-$10k	Information Disclosure	Huawei Honor V30	۶.۵	CVE-2020-9259
Official Fix	$۱۰k-$25k	Directory Traversal	Huawei Mate 20/Mate 20 X/Mate 20 RS/Honor Magic2	۲.۳	CVE-2020-9252
Official Fix	$۵k-$10k	DoS	Huawei Mate 30 Pro System Service	۶.۵	CVE-2020-9256
Official Fix	$۱۰k-$25k	Code Execution	Huawei P30 Pro	۸.۸	CVE-2020-9257
Official Fix	$۱۰k-$25k	Remote Code Execution	Huawei P30 Pro	۷.۸	CVE-2020-9254
Not Defined	$۱۰k-$25k	Memory Corruption	Huawei Secospace USG6600 Out-of-Bounds	۶.۵	CVE-2020-9101
Official Fix	$۱k-$2k	DoS	Huawei Smart Phones Moana-AL00B	۵.۵	CVE-2020-9227
Official Fix	$۵k-$10k	XSS	IBM FileNet Content Manager Web UI	۵.۴	CVE-2020-4447
Official Fix	$۲k-$5k	DoS	IBM MQ for HPE NonStop Queue	۶.۵	CVE-2020-4466
Official Fix	$۵k-$10k	Information Disclosure	IBM Planning Analytics IP Address	۴.۳	CVE-2020-4361
Official Fix	$۵k-$10k	Weak Encryption	IBM Planning Analytics Session Cookie HSTS	۵.۹	CVE-2020-4527
Official Fix	$۲k-$5k	DoS	IBM Verify Gateway	۶.۵	CVE-2020-4399
Official Fix	$۵k-$10k	Weak Authentication	IBM Verify Gateway Account Lockout Brute Force	۷.۵	CVE-2020-4400
Official Fix	$۲k-$5k	Weak Encryption	IBM Verify Gateway Cleartext	۵.۵	CVE-2020-4369
Official Fix	$۲k-$5k	Weak Encryption	IBM Verify Gateway Credentials	۷.۸	CVE-2020-4372
Official Fix	$۲k-$5k	Information Disclosure	IBM Verify Gateway Debug Code	۳.۳	CVE-2020-4371
Official Fix	$۵k-$10k	Weak Authentication	IBM Verify Gateway Default Credentials	۹.۸	CVE-2020-4385
Official Fix	$۵k-$10k	Weak Encryption	IBM Verify Gateway Man-in-the-Middle	۵.۹	CVE-2020-4397
Official Fix	$۲۵k-$50k	Privilege Escalation	IBM WebSphere Application Server SOAP Connector Deserialization	۸.۸	CVE-2020-4464
Not Defined	$۱k-$2k	SQL Injection	Icegram Email Subscribers & Newsletters Plugin	۴.۹	CVE-2020-5768
Not Defined	$۱k-$2k	CSRF	Icegram Email Subscribers & Newsletters Plugin	۶.۵	CVE-2020-5767
Workaround	$۲k-$5k	Directory Traversal	INNEO Startup TOOLS Service Port 85 sut_srv.exe	۶.۳	CVE-2020-15492
Official Fix	$۱k-$2k	Information Disclosure	Intranda Goobi Viewer Core Application Server	۹.۶	CVE-2020-15124
Official Fix	$۱k-$2k	DoS	Juniper Junos CLI Crash	۵.۵	CVE-2020-1643
Official Fix	$۵k-$10k	DoS	Juniper Junos Inline IP Assembly	۵.۳	CVE-2020-1655
Official Fix	$۵k-$10k	DoS	Juniper Junos Inline IP Assembly	۷.۵	CVE-2020-1649
Official Fix	$۲k-$5k	DoS	Juniper Junos LLDP Crash	۶.۵	CVE-2020-1641
Official Fix	$۵k-$10k	DoS	Juniper Junos Multiservices PIC Management Daemon Crash	۸.۳	CVE-2020-1645
Official Fix	$۵k-$10k	DoS	Juniper Junos MX MS-PIC Crash	۷.۵	CVE-2020-1650
Official Fix	$۲k-$5k	DoS	Juniper Junos MX Packet Forwarding Engine Memory Leak	۶.۵	CVE-2020-1651
Official Fix	$۵k-$10k	DoS	Juniper Junos Routing Engine Crash	۷.۵	CVE-2020-1653
Official Fix	$۵k-$10k	DoS	Juniper Junos RPD Crash	۷.۵	CVE-2020-1644
Official Fix	$۵k-$10k	DoS	Juniper Junos RPD Crash	۷.۵	CVE-2020-1640
Official Fix	$۵k-$10k	DoS	Juniper Junos rpd Daemon Crash	۷.۵	CVE-2020-1648
Official Fix	$۵k-$10k	DoS	Juniper Junos rpd Daemon Crash	۷.۵	CVE-2020-1646
Workaround	$۱۰k-$25k	Privilege Escalation	Juniper Junos Space OpenNMS	۵.۶	CVE-2020-1652
Official Fix	$۱۰k-$25k	Remote Code Execution	Juniper Junos SRX ICAP Redirect Service	۹.۸	CVE-2020-1654
Official Fix	$۵k-$10k	DoS	Juniper Junos SRX ICAP Redirect Service Double-Free	۹.۸	CVE-2020-1647
Official Fix	$۲k-$5k	Privilege Escalation	jupyterhub-kubespawner Default Server	۸.۱	CVE-2020-15110
Official Fix	$۲k-$5k	Remote Code Execution	kramdown Gem Document	۹.۸	CVE-2020-14001
Official Fix	$۱k-$2k	Privilege Escalation	Kubernetes kube-apiserver	۶.۴	CVE-2020-8559
Not Defined	$۰-$۱k	Information Disclosure	Kubernetes kube-controller-manager Error Message Credentials	۵.۹	CVE-2019-11252
Not Defined	$۰-$۱k	DoS	Kubernetes kublet hosts	۵.۵	CVE-2020-8557
Official Fix	$۲k-$5k	Privilege Escalation	Lenovo Drivers Management	۷.۳	CVE-2020-8326
Official Fix	$۲k-$5k	Privilege Escalation	Lenovo Drivers Management DLL Loader	۷.۳	CVE-2020-8317
Official Fix	$۲k-$5k	Privilege Escalation	LibreNMS Access Control web.php	۸.۸	CVE-2020-15877
Official Fix	$۱k-$2k	SQL Injection	LibreNMS customoid.inc.php	۶.۵	CVE-2020-15873
Official Fix	$۲k-$5k	Privilege Escalation	Liferay Portal/Liferay DXP Deserialization	۸.۱	CVE-2020-15842
Official Fix	$۱k-$2k	Information Disclosure	Liferay Portal/Liferay DXP LDAP Server Connection Password	۸.۸	CVE-2020-15841
Not Defined	$۱۰k-$25k	Privilege Escalation	Linux Kernel	۷.۸	CVE-2020-15852
Not Defined	$۰-$۱k	DoS	Lua ldebug.c changedline	۳.۵	CVE-2020-15945
Official Fix	$۲k-$5k	Memory Corruption	Lua lgc.c youngcollection	۹.۸	CVE-2020-15889
Official Fix	$۲k-$5k	Memory Corruption	Lua Stack Resize Use-After-Free	۹.۸	CVE-2020-15888
Not Defined	$۱k-$2k	Information Disclosure	LuaJIT __gc	۷.۵	CVE-2020-15890
Not Defined	$۲k-$5k	Privilege Escalation	Magento PHP	۹.۸	CVE-2020-9664
Not Defined	$۰-$۱k	XSS	Magento Stored	۶.۱	CVE-2020-9665
Not Defined	$۲k-$5k	Directory Traversal	marked-tree index.js fs.readFile	۷.۵	CVE-2020-7682
Not Defined	$۲k-$5k	Directory Traversal	marscode index.js fs.readFile	۷.۵	CVE-2020-7681
Not Defined	$۲k-$5k	Directory Traversal	Mida eFramework	۶.۳	CVE-2020-15923
Not Defined	$۲k-$5k	Remote Code Execution	Mida eFramework	۸.۸	CVE-2020-15920
Not Defined	$۲k-$5k	SQL Injection	Mida eFramework	۷.۳	CVE-2020-15924
Not Defined	$۲k-$5k	Privilege Escalation	Mida eFramework Backdoor	۵.۵	CVE-2020-15921
Not Defined	$۲k-$5k	Privilege Escalation	Mida eFramework OS Command Injection	۸.۸	CVE-2020-15922
Not Defined	$۰-$۱k	XSS	Mida eFramework Reflected	۳.۵	CVE-2020-15919
Not Defined	$۰-$۱k	XSS	Mida eFramework Stored	۳.۵	CVE-2020-15918
Not Defined	$۲k-$5k	Privilege Escalation	MiPlatform ExtCommandApi.dll WinExec	۹.۸	CVE-2020-7825
Not Defined	$۲k-$5k	Memory Corruption	mruby VM Stack vm.c stack_copy	۹.۸	CVE-2020-15866
Official Fix	$۰-$۱k	CSRF	MunkiReport ‪{id}‬	۴.۳	CVE-2020-15882
Official Fix	$۲k-$5k	SQL Injection	MunkiReport TableQuery.php	۶.۳	CVE-2020-15884
Official Fix	$۲k-$5k	Privilege Escalation	Nagios XI cmdsubsys ajaxhelper.php	۶.۳	CVE-2020-15901
Official Fix	$۰-$۱k	XSS	Nagios XI Graph Explorer	۳.۵	CVE-2020-15902
Not Defined	$۲k-$5k	Privilege Escalation	nagios-plugins-hpilo PHP	۹.۸	CVE-2020-7206
Not Defined	$۲k-$5k	Privilege Escalation	NEC ESMPRO Manager Deserialization	۹.۸	CVE-2020-10917
Not Defined	$۲k-$5k	Privilege Escalation	OpenClinic GA Access Control	۹.۸	CVE-2020-14485
Not Defined	$۱k-$2k	Weak Authentication	OpenClinic GA Account Lockout Bruteforce	۹.۸	CVE-2020-14484
Not Defined	$۱k-$2k	Weak Authentication	OpenClinic GA Authentication Mechanism Bruteforce	۹.۸	CVE-2020-14494
Not Defined	$۲k-$5k	Privilege Escalation	OpenClinic GA Permission	۶.۵	CVE-2020-14491
Workaround	$۲۵k-$50k	command injection	OpenSSH scp scp.c	۵.۰	CVE-2020-15778
Not Defined	$۲k-$5k	DoS	Oracle MySQL Server Optimizer Crash	۴.۹	CVE-2020-14725
Not Defined	$۱k-$2k	Privilege Escalation	OSIsoft PI Asset Framework Client	۵.۳	CVE-2020-10610
Not Defined	$۱k-$2k	Privilege Escalation	OSIsoft PI Asset Framework Client	۵.۳	CVE-2020-10606
Not Defined	$۱k-$2k	Privilege Escalation	OSIsoft PI Asset Framework Client Integrity Check	۴.۸	CVE-2020-10608
Not Defined	$۰-$۱k	DoS	OSIsoft Product PI Data Archive Subsystem Crash	۴.۳	CVE-2020-10600
Not Defined	$۰-$۱k	DoS	OSIsoft Product PI Network Manager Crash	۴.۳	CVE-2020-10602
Not Defined	$۰-$۱k	DoS	OSIsoft Product PI Network Manager Crash	۵.۳	CVE-2020-10604
Not Defined	$۲k-$5k	Privilege Escalation	OSIsoft Product PI Vision Database Code Injection	۶.۳	CVE-2020-10614
Not Defined	$۲k-$5k	Privilege Escalation	OTRS Community Edition	۴.۳	CVE-2020-1776
Not Defined	$۲k-$5k	Remote Code Execution	Parallels Remote Application Server Web Application	۶.۳	CVE-2020-15860
Official Fix	$۱k-$2k	Information Disclosure	parser-server GraphQL	۶.۵	CVE-2020-15126
Not Defined	$۰-$۱k	Directory Traversal	Phoenix Contact PLCnext Engineer	۸.۲	CVE-2020-12499
Official Fix	$۲k-$5k	Privilege Escalation	PrestaShop Dashboard Productions Configuration	۶.۵	CVE-2020-15102
Not Defined	$۲k-$5k	Privilege Escalation	Python python38.‎_pth	۹.۸	CVE-2020-15801
Not Defined	$۱۰k-$25k	Memory Corruption	QEMU e1000e e1000e_core.c	۳.۳	CVE-2020-15859
Official Fix	$۲k-$5k	Privilege Escalation	radare2 PDB File Name OS Command Injection	۷.۴	CVE-2020-15121
Not Defined	$۲k-$5k	Code Execution	RaspberryTortoise WebControl raspberryTortoise.js child_processexec	۵.۵	CVE-2020-15477
Not Defined	$۱k-$2k	Information Disclosure	react-native-fast-image Image Session	۵.۳	CVE-2020-7696
Not Defined	$۲k-$5k	DoS	Red Hat JBoss EAP Wildfly EJB	۶.۵	CVE-2020-14307
Not Defined	$۲k-$5k	DoS	Red Hat JBoss EAP Wildfly EJB Client	۶.۵	CVE-2020-14297
Not Defined	$۱k-$2k	Code Execution	Rockwell Automation FactoryTalk View SE	۷.۸	CVE-2020-12031
Not Defined	$۱k-$2k	Information Disclosure	Rockwell Automation FactoryTalk View SE	۴.۳	CVE-2020-12027
Not Defined	$۲k-$5k	Remote Code Execution	Rockwell Automation FactoryTalk View SE Project Directory	۹.۰	CVE-2020-12029
Not Defined	$۲k-$5k	Privilege Escalation	Rockwell Automation FactoryTalk View SEA	۸.۱	CVE-2020-12028
Not Defined	$۲k-$5k	Directory Traversal	rollup-plugin-dev-server readFileFromContentBase	۷.۵	CVE-2020-7686
Not Defined	$۲k-$5k	Directory Traversal	rollup-plugin-serve readFile	۹.۸	CVE-2020-7684
Not Defined	$۲k-$5k	Directory Traversal	rollup-plugin-serve readFileFromContentBase	۷.۵	CVE-2020-7683
Official Fix	$۰-$۱k	DoS	Sails.js sails-hook-sockets	۷.۵	CVE-2018-21036
Not Defined	$۲k-$5k	Open Redirect	Schneider Electric Software Update	۴.۹	CVE-2020-7520
Official Fix	$۱k-$2k	Directory Traversal	servey	۷.۵	CVE-2020-8214
Not Defined	$۲k-$5k	Privilege Escalation	SonicOS SSLVPN LDAP Login	۵.۳	CVE-2020-5130
Not Defined	$۱k-$2k	Privilege Escalation	SonicWALL NetExtender	۷.۸	CVE-2020-5131
Official Fix	$۱k-$2k	XSS	Subscriptions Plugin class-wcs-admin-post-types.php WCS_Admin_Post_Types	۶.۱	CVE-2019-18834
Official Fix	$۱k-$2k	Privilege Escalation	Synaptics VFS75xx External Flash	۴.۹	CVE-2019-18618
Not Defined	$۱k-$2k	Privilege Escalation	Synaptics WBF Driver synaTee	۴.۵	CVE-2019-18619
Official Fix	$۱k-$2k	XSS	TC Custom JavaScript Plugin Stored	۶.۱	CVE-2020-14063
Not Defined	$۰-$۱k	XSS	Teltonika Persistent	۵.۴	CVE-2020-5769
Official Fix	$۲k-$5k	Server-Side Request Forgery	uppy Package	۷.۵	CVE-2020-8205
Not Defined	$۰-$۱k	XSS	Vereign Collabora CODE WOPI API	۶.۱	CVE-2020-12432
Official Fix	$۰-$۱k	XSS	Wagtail wagtail.contrib.forms	۵.۷	CVE-2020-15118
Official Fix	$۲k-$5k	Privilege Escalation	Western Digital WD Discovery User Permission	۸.۸	CVE-2020-15816
Official Fix	$۰-$۱k	XSS	Zabbix URL Widget Stored	۶.۱	CVE-2020-15803
Not Defined	$۰-$۱k	XSS	ZTE R5300 G4/R5500 G4/R8500 G4 Server Management	۶.۱	CVE-2020-6872
Not Defined	$۱k-$2k	Weak Authentication	ZTE R5300 G4/R5500 G4/R8500 G4 Server Management Command	۹.۸	CVE-2020-6871

سطح خطر حدود ۵۰% آسیب‌پذیری‌های هفته، «پرخطر» و «حیاتی» برآورد شده است که بسیار قابل‌توجّه است.

ارزش روز صفرم ۷۲ % آسیب‌پذیری‌های هفته بیش از ۲۰۰۰ دلار بوده است.

خوشبختانه برای ۶۱% آسیب‌پذیری‌‌های هفته، به‌روزرسانی‌ها و یا وصله‌هایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده ازآسیب‌پذیری‌ها بهتر است سریعاً اعمال شوند.

همچنین با ۶۰ مورد، اکثر آسیب‌پذیری‌های هفته (۲۳%) از نوع «ارتقا امتیاز» بودند.

خدمات آپا

سایر آسیب پذیری ها

آسیب‌پذیری‌های حیاتی هفته اول مردادماه