آسیبپذیریهای حیاتی هفته اول مردادماه
این هفته آسیبپذیریهای بسیاری در سیستمعامل اندروید و مرورگر محبوب کروم شرکت Google گزارش و وصلههای نظیر آنها عرضه شد. همچنین در محصولات شرکتهای IBM، Adobe، Python، Citrix، D-Link، Juniper، Apache و کرنل لینوکس چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت که وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شده است. امّا از مهمترین آسیبپذیریهای هفته، آسیبپذیری دو محصول امنیت شبکه Cisco بود که بلافاصله پس از انتشار از آن در چندین حمله سوءاستفاده شد.
لیست این آسیبپذیریها به همراه لینک وصلهها و بهروزرسانیهای ارائهشده در جدول زیر آمده است.
رفع آسیبپذیری |
ارزش روز صفر |
نوع آسیبپذیری |
محصول آسیبپذیر |
امتیاز مبنا |
شناسه آسیبپذیری |
Not Defined |
$۱k-$2k |
Privilege Escalation |
۳۶۰ Total Security DLL |
۷.۸ |
CVE-2020-15722 |
Not Defined |
$۱k-$2k |
Privilege Escalation |
۳۶۰ Total Security DLL GameChrome.exe |
۷.۸ |
CVE-2020-15723 |
Not Defined |
$۱k-$2k |
Privilege Escalation |
۳۶۰ Total Security Gamefolde GameChrome.exe |
۷.۸ |
CVE-2020-15724 |
$۵k-$10k |
Memory Corruption |
Adobe Bridge Out-of-Bounds |
۸.۸ |
CVE-2020-9676 |
|
$۵k-$10k |
Memory Corruption |
Adobe Bridge Out-of-Bounds |
۸.۸ |
CVE-2020-9675 |
|
$۵k-$10k |
Memory Corruption |
Adobe Bridge Out-of-Bounds |
۸.۸ |
CVE-2020-9674 |
|
$۵k-$10k |
Privilege Escalation |
Adobe ColdFusion Search |
۷.۸ |
CVE-2020-9673 |
|
$۵k-$10k |
Privilege Escalation |
Adobe ColdFusion Search |
۷.۸ |
CVE-2020-9672 |
|
Official Fix |
$۵k-$10k |
Privilege Escalation |
Adobe Creative Cloud Desktop Application |
۹.۸ |
CVE-2020-9669 |
$۵k-$10k |
Privilege Escalation |
Adobe Creative Cloud Desktop Application File Permission |
۹.۸ |
CVE-2020-9671 |
|
$۵k-$10k |
Privilege Escalation |
Adobe Creative Cloud Desktop Application Symlink |
۹.۸ |
CVE-2020-9682 |
|
$۵k-$10k |
Privilege Escalation |
Adobe Creative Cloud Desktop Application Symlink |
۹.۸ |
CVE-2020-9670 |
|
$۵k-$10k |
Command Injection |
Adobe Download Manager |
۷.۸ |
CVE-2020-9688 |
|
$۲k-$5k |
Information Disclosure |
Adobe Media Encoder Out-of-Bounds |
۵.۵ |
CVE-2020-9649 |
|
$۵k-$10k |
Memory Corruption |
Adobe Media Encoder Out-of-Bounds |
۷.۸ |
CVE-2020-9650 |
|
$۵k-$10k |
Memory Corruption |
Adobe Media Encoder Out-of-Bounds |
۷.۸ |
CVE-2020-9646 |
|
$۵k-$10k |
Memory Corruption |
Adobe Photoshop Out-of-Bounds |
۶.۵ |
CVE-2020-9686 |
|
$۵k-$10k |
Memory Corruption |
Adobe Photoshop Out-of-Bounds |
۸.۸ |
CVE-2020-9687 |
|
$۵k-$10k |
Memory Corruption |
Adobe Photoshop Out-of-Bounds |
۸.۸ |
CVE-2020-9685 |
|
$۵k-$10k |
Memory Corruption |
Adobe Photoshop Out-of-Bounds |
۸.۸ |
CVE-2020-9684 |
|
$۵k-$10k |
Memory Corruption |
Adobe Photoshop Out-of-Bounds |
۸.۸ |
CVE-2020-9683 |
|
Official Fix |
$۵k-$10k |
Memory Corruption |
Adobe Prelude Out-of-Bounds |
۶.۵ |
CVE-2020-9679 |
$۵k-$10k |
Memory Corruption |
Adobe Prelude Out-of-Bounds |
۸.۸ |
CVE-2020-9680 |
|
$۵k-$10k |
Memory Corruption |
Adobe Prelude Out-of-Bounds |
۸.۸ |
CVE-2020-9678 |
|
$۵k-$10k |
Memory Corruption |
Adobe Prelude Out-of-Bounds |
۸.۸ |
CVE-2020-9677 |
|
$۱۰k-$25k |
Directory Traversal |
Adobe Reader Mobile |
۵.۳ |
CVE-2020-9663 |
|
Not Defined |
$۲k-$5k |
Memory Corruption |
AMD Graphics Driver Pixel Shader rdvgm.exe |
۹.۹ |
CVE-2020-6100 |
Not Defined |
$۲k-$5k |
Remote Code Execution |
AMD Radeon DirectX 11 Driver Shader rdvgm.exe |
۹.۹ |
CVE-2020-6103 |
Not Defined |
$۲k-$5k |
Remote Code Execution |
AMD Radeon DirectX 11 Driver Shader rdvgm.exe |
۹.۹ |
CVE-2020-6102 |
Not Defined |
$۲k-$5k |
Remote Code Execution |
AMD Radeon DirectX 11 Driver Shader rdvgm.exe |
۹.۹ |
CVE-2020-6101 |
$۵k-$10k |
XSS |
Apache ActiveMQ Artemis MQTT |
۶.۵ |
CVE-2020-13932 |
|
$۱۰k-$25k |
Command Injection |
Apache Airflow |
۸.۸ |
CVE-2020-11978 |
|
$۲k-$5k |
XSS |
Apache Airflow Admin Management Screen Stored |
۵.۴ |
CVE-2020-11983 |
|
$۵k-$10k |
XSS |
Apache Airflow Classic UI Stored |
۶.۱ |
CVE-2020-9485 |
|
$۱۰k-$25k |
Command Injection |
Apache RabbitMQ Redis/RabbitMQ |
۹.۸ |
CVE-2020-11981 |
|
$۱۰k-$25k |
Remote Code Execution |
Apache RabbitMQ Redis/RabbitMQ |
۹.۸ |
CVE-2020-11982 |
|
$۲k-$5k |
SQL Injection |
Artica Proxy CE |
۷.۵ |
CVE-2020-15052 |
|
$۰-$۱k |
XSS |
Artica Proxy CE Reflected |
۶.۱ |
CVE-2020-15053 |
|
$۲k-$5k |
Code Execution |
Asus ScreenPad2_Upgrade_Tool.msi AsusScreenXpertServicec.exe |
۵.۵ |
CVE-2020-15009 |
|
$۱k-$2k |
XSS |
Atlassian Confluence Server/Data Center Macro |
۴.۳ |
CVE-2020-14175 |
|
Not Defined |
$۱k-$2k |
Weak Authentication |
AvertX HD438/HD838 Default Credentials |
۳.۱ |
CVE-2020-11624 |
Not Defined |
$۱k-$2k |
Privilege Escalation |
AvertX HD438/HD838 UART Interface |
۶.۸ |
CVE-2020-11623 |
Not Defined |
$۱k-$2k |
Information Disclosure |
AvertX HD438/HD838 Web UI User |
۳.۵ |
CVE-2020-11625 |
$۱۰k-$25k |
Directory Traversal |
Cisco ASA/Firepower Threat Defense Web Services Interface |
۷.۵ |
CVE-2020-3452 |
|
$۱۰k-$25k |
Code Execution |
Citrix Workspace App Automatic Updater Service |
۵.۵ |
CVE-2020-8207 |
|
$۵k-$10k |
DoS |
ClamAV Antivirus EGG Archive Parser NULL Pointer Dereference |
۷.۵ |
CVE-2020-3481 |
|
Not Defined |
$۱k-$2k |
Information Disclosure |
C-More HMI EA9 |
۵.۹ |
CVE-2020-10919 |
Not Defined |
$۱k-$2k |
Weak Authentication |
C-More HMI EA9 |
۷.۵ |
CVE-2020-10918 |
Not Defined |
$۰-$۱k |
DoS |
C-More HMI EA9 EA-HTTP.exe |
۷.۵ |
CVE-2020-10922 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
C-More HMI EA9 EA-HTTP.exe |
۹.۸ |
CVE-2020-10921 |
$۲k-$5k |
Remote Code Execution |
C-More HMI EA9 Service Port 9999 |
۹.۸ |
CVE-2020-10920 |
|
$۲k-$5k |
Command Injection |
codecov Package Upload |
۹.۳ |
CVE-2020-15123 |
|
$۰-$۱k |
DoS |
CODESYS Control Runtime System Memory Exhaustion |
۷.۵ |
CVE-2020-15806 |
|
Not Defined |
$۱k-$2k |
Memory Corruption |
DaviewIndy Daview.exe |
۷.۸ |
CVE-2020-7818 |
$۱۰k-$25k |
Memory Corruption |
D-Link DAP-1520 Web Interface apply.cgi |
۵.۵ |
CVE-2020-15892 |
|
$۵k-$10k |
Weak Authentication |
D-Link DAP-1522 logout.php |
۶.۳ |
CVE-2020-15896 |
|
$۱۰k-$25k |
Privilege Escalation |
D-Link DAP-1860 1.04B03_HOTFIX HNAP Service |
۸.۰ |
CVE-2020-15631 |
|
$۵k-$10k |
Information Disclosure |
D-Link DIR-816L getcfg.php |
۷.۵ |
CVE-2020-15894 |
|
$۵k-$10k |
XSS |
D-Link DIR-816L info.php |
۶.۱ |
CVE-2020-15895 |
|
$۱۰k-$25k |
Command Injection |
D-Link DIR-816L UPnP |
۹.۸ |
CVE-2020-15893 |
|
$۱۰k-$25k |
Code Execution |
D-Link DIR-842 HNAP |
۸.۸ |
CVE-2020-15632 |
|
$۵k-$10k |
Weak Authentication |
D-Link DIR-867/DIR-878/DIR-882 |
۸.۸ |
CVE-2020-15633 |
|
Not Defined |
$۱۰k-$25k |
Command Injection |
D-Link DSL-7740C |
۶.۷ |
CVE-2020-12774 |
$۰-$۱k |
XSS |
docsify |
۶.۱ |
CVE-2020-7680 |
|
Not Defined |
$۰-$۱k |
Weak Encryption |
DuoConnect Client |
۵.۷ |
CVE-2020-3442 |
Not Defined |
$۱k-$2k |
Information Disclosure |
Easergy Builder Cleartext Storage Credentials |
۳.۵ |
CVE-2020-7517 |
Not Defined |
$۱k-$2k |
Information Disclosure |
Easergy Builder Cleartext Storage Credentials |
۳.۵ |
CVE-2020-7516 |
Not Defined |
$۱k-$2k |
Weak Encryption |
Easergy Builder Credentials |
۳.۵ |
CVE-2020-7514 |
Not Defined |
$۱k-$2k |
Weak Encryption |
Easergy Builder Key |
۳.۵ |
CVE-2020-7515 |
Not Defined |
$۱k-$2k |
Weak Authentication |
Easergy Builder Password Requirements |
۳.۱ |
CVE-2020-7519 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Easergy Builder Project Configuration File |
۵.۵ |
CVE-2020-7518 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
evolution-data-server STARTTLS Buffer |
۵.۹ |
CVE-2020-14928 |
Not Defined |
$۲k-$5k |
Remote Code Execution |
EyeSurfer BflyInstallerX.ocx |
۹.۸ |
CVE-2020-7826 |
Not Defined |
$۲k-$5k |
Directory Traversal |
fast-http index.js fs.readFile |
۷.۵ |
CVE-2020-7687 |
$۲k-$5k |
Privilege Escalation |
Fiber c.Attachment() |
۴.۶ |
CVE-2020-15111 |
|
$۱k-$2k |
SQL Injection |
GLPI Clone |
۷.۱ |
CVE-2020-15108 |
|
$۰-$۱k |
DoS |
GNU LibreDWG NULL Pointer Dereference |
۶.۵ |
CVE-2020-15807 |
|
$۱۰۰k and more |
Information Disclosure |
Google Android |
۷.۵ |
CVE-2020-0228 |
|
$۵۰k-$100k |
Memory Corruption |
Google Android a2dp_vendor_ldac_decoder.cc a2dp_vendor_ldac_decoder_decode_packet |
۹.۸ |
CVE-2020-0225 |
|
$۲۵k-$50k |
Privilege Escalation |
Google Android AndroidManifest.xml |
۶.۷ |
CVE-2020-0122 |
|
$۵۰k-$100k |
Memory Corruption |
Google Android char_dev.c cdev_get |
۶.۴ |
CVE-2020-0305 |
|
$۲۵k-$50k |
Memory Corruption |
Google Android Client.cpp createWithSurfaceParent |
۷.۸ |
CVE-2020-0226 |
|
$۲۵k-$50k |
Privilege Escalation |
Google Android CompanionDeviceManagerService.java onCommand |
۷.۸ |
CVE-2020-0227 |
|
$۵۰k-$100k |
Memory Corruption |
Google Android keys.cc GetKeysSlow |
۹.۸ |
CVE-2020-0224 |
|
$۵۰k-$100k |
Memory Corruption |
Google Android Out-of-Bounds |
۹.۸ |
CVE-2020-0231 |
|
$۵۰k-$100k |
Memory Corruption |
Google Android Out-of-Bounds |
۹.۸ |
CVE-2020-0230 |
|
$۱۰k-$25k |
Information Disclosure |
Google Android PhoneInterfaceManager.java getUiccCardsInfo |
۵.۵ |
CVE-2020-0107 |
|
$۰-$۱k |
Memory Corruption |
Google Android QCamera3HWI.cpp notifyErrorForPendingRequests |
۷.۸ |
CVE-2020-0120 |
|
$۲۵k-$50k |
Information Disclosure |
Google Chrome Autofill Side-Channel |
۶.۵ |
CVE-2020-6521 |
|
$۵۰k-$100k |
Memory Corruption |
Google Chrome Background Fetch Heap-based |
۷.۸ |
CVE-2020-6510 |
|
$۵۰k-$100k |
Privilege Escalation |
Google Chrome Content Security Policy |
۴.۳ |
CVE-2020-6527 |
|
$۵۰k-$100k |
Privilege Escalation |
Google Chrome Content Security Policy |
۶.۵ |
CVE-2020-6519 |
|
$۲۵k-$50k |
Information Disclosure |
Google Chrome Content Security Policy Cross-Origin |
۴.۳ |
CVE-2020-6511 |
|
$۵۰k-$100k |
Memory Corruption |
Google Chrome Developer Tools Out-of-Bounds |
۵.۰ |
CVE-2020-6530 |
|
$۵۰k-$100k |
Memory Corruption |
Google Chrome Developer Tools Use-After-Free |
۸.۸ |
CVE-2020-6518 |
|
$۵۰k-$100k |
Memory Corruption |
Google Chrome Extensions Use-After-Free |
۹.۶ |
CVE-2020-6509 |
|
$۵۰k-$100k |
Memory Corruption |
Google Chrome History Heap-based |
۶.۳ |
CVE-2020-6517 |
|
$۵۰k-$100k |
Memory Corruption |
Google Chrome PDFium Heap-based |
۸.۸ |
CVE-2020-6513 |
|
$۲۵k-$50k |
Information Disclosure |
Google Chrome Policy Cross-Origin |
۴.۳ |
CVE-2020-6516 |
|
$۵۰k-$100k |
Privilege Escalation |
Google Chrome Protocol |
۶.۳ |
CVE-2020-6522 |
|
$۵۰k-$100k |
Privilege Escalation |
Google Chrome Sandbox |
۶.۵ |
CVE-2020-6526 |
|
$۵۰k-$100k |
Memory Corruption |
Google Chrome Sandbox Use-After-Free |
۹.۶ |
CVE-2020-6505 |
|
$۲۵k-$50k |
Information Disclosure |
Google Chrome Scroll Side-Channel |
۴.۳ |
CVE-2020-6531 |
|
$۲۵k-$50k |
Spoofing |
Google Chrome Security UI spoofing |
۴.۳ |
CVE-2020-6536 |
|
$۲۵k-$50k |
Spoofing |
Google Chrome Security UI spoofing |
۴.۳ |
CVE-2020-6528 |
|
$۵۰k-$100k |
Memory Corruption |
Google Chrome Skia Heap-based |
۸.۸ |
CVE-2020-6525 |
|
$۵۰k-$100k |
Memory Corruption |
Google Chrome Skia Heap-based |
۸.۸ |
CVE-2020-6520 |
|
$۵۰k-$100k |
Memory Corruption |
Google Chrome Skia Out-of-Bounds |
۶.۳ |
CVE-2020-6523 |
|
$۵۰k-$100k |
Memory Corruption |
Google Chrome Tab Strip Use-After-Free |
۸.۸ |
CVE-2020-6515 |
|
$۵۰k-$100k |
Memory Corruption |
Google Chrome v8 Heap-based |
۶.۳ |
CVE-2020-6533 |
|
$۵۰k-$100k |
Memory Corruption |
Google Chrome v8 Heap-based |
۶.۳ |
CVE-2020-6512 |
|
$۵۰k-$100k |
Memory Corruption |
Google Chrome v8 Out-of-Bounds |
۸.۸ |
CVE-2020-6507 |
|
$۵۰k-$100k |
Memory Corruption |
Google Chrome WebAudio Heap-based |
۸.۸ |
CVE-2020-6524 |
|
$۲۵k-$50k |
Information Disclosure |
Google Chrome WebRTC Cross-Origin |
۴.۳ |
CVE-2020-6529 |
|
$۵۰k-$100k |
Memory Corruption |
Google Chrome WebRTC Heap-based |
۶.۳ |
CVE-2020-6534 |
|
$۵۰k-$100k |
Memory Corruption |
Google Chrome WebRTC Heap-based |
۶.۳ |
CVE-2020-6514 |
|
$۱۰k-$25k |
XSS |
Google Chrome WebUI |
۴.۳ |
CVE-2020-6535 |
|
$۵۰k-$100k |
Privilege Escalation |
Google Chrome WebView |
۶.۳ |
CVE-2020-6506 |
|
$۲۵k-$50k |
Race Condition |
Google Go Proxy httputil.ReverseProxy race condition |
۵.۹ |
CVE-2020-15586 |
|
$۱۰k-$25k |
Weak Authentication |
Google Go X.509 Certificate Verification Certificate.Verify |
۵.۳ |
CVE-2020-14039 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Grandstream GWN7000 API |
۸.۸ |
CVE-2020-5756 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Grandstream UCM6200 HTTPS API OS Command Injection |
۸.۸ |
CVE-2020-5758 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Grandstream UCM6200 HTTPS API OS Command Injection |
۹.۸ |
CVE-2020-5757 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Grandstream UCM6200 SSH OS Command Injection |
۹.۸ |
CVE-2020-5759 |
$۱k-$2k |
Weak Authentication |
Graylog SSL Certificate Validator |
۸.۱ |
CVE-2020-15813 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Grundfos CIM 500 Password Storage |
۷.۵ |
CVE-2020-10605 |
Not Defined |
$۰-$۱k |
XSS |
HCL BigFix WebUI Software Module Stored |
۵.۴ |
CVE-2020-4104 |
Not Defined |
$۰-$۱k |
XSS |
HCL Campaign |
۵.۴ |
CVE-2019-4090 |
Not Defined |
$۱k-$2k |
Information Disclosure |
HCL Marketing Operations File Download |
۸.۱ |
CVE-2020-4125 |
Not Defined |
$۰-$۱k |
XSS |
HCL Marketing Platform Dashboard |
۵.۴ |
CVE-2019-4091 |
$۱۰k-$25k |
Privilege Escalation |
HPE MSE Msg Gw application E-LTU HTTPS |
۶.۶ |
CVE-2019-12000 |
|
Not Defined |
$۲k-$5k |
Information Disclosure |
Huawei CloudEngine 7800 |
۳.۳ |
CVE-2020-9102 |
$۵k-$10k |
DoS |
Huawei Honor 10 |
۵.۵ |
CVE-2020-9255 |
|
$۵k-$10k |
Information Disclosure |
Huawei Honor V30 |
۶.۵ |
CVE-2020-9259 |
|
$۱۰k-$25k |
Directory Traversal |
Huawei Mate 20/Mate 20 X/Mate 20 RS/Honor Magic2 |
۲.۳ |
CVE-2020-9252 |
|
$۵k-$10k |
DoS |
Huawei Mate 30 Pro System Service |
۶.۵ |
CVE-2020-9256 |
|
$۱۰k-$25k |
Code Execution |
Huawei P30 Pro |
۸.۸ |
CVE-2020-9257 |
|
$۱۰k-$25k |
Remote Code Execution |
Huawei P30 Pro |
۷.۸ |
CVE-2020-9254 |
|
Not Defined |
$۱۰k-$25k |
Memory Corruption |
Huawei Secospace USG6600 Out-of-Bounds |
۶.۵ |
CVE-2020-9101 |
$۱k-$2k |
DoS |
Huawei Smart Phones Moana-AL00B |
۵.۵ |
CVE-2020-9227 |
|
$۵k-$10k |
XSS |
IBM FileNet Content Manager Web UI |
۵.۴ |
CVE-2020-4447 |
|
$۲k-$5k |
DoS |
IBM MQ for HPE NonStop Queue |
۶.۵ |
CVE-2020-4466 |
|
$۵k-$10k |
Information Disclosure |
IBM Planning Analytics IP Address |
۴.۳ |
CVE-2020-4361 |
|
$۵k-$10k |
Weak Encryption |
IBM Planning Analytics Session Cookie HSTS |
۵.۹ |
CVE-2020-4527 |
|
$۲k-$5k |
DoS |
IBM Verify Gateway |
۶.۵ |
CVE-2020-4399 |
|
$۵k-$10k |
Weak Authentication |
IBM Verify Gateway Account Lockout Brute Force |
۷.۵ |
CVE-2020-4400 |
|
$۲k-$5k |
Weak Encryption |
IBM Verify Gateway Cleartext |
۵.۵ |
CVE-2020-4369 |
|
$۲k-$5k |
Weak Encryption |
IBM Verify Gateway Credentials |
۷.۸ |
CVE-2020-4372 |
|
$۲k-$5k |
Information Disclosure |
IBM Verify Gateway Debug Code |
۳.۳ |
CVE-2020-4371 |
|
$۵k-$10k |
Weak Authentication |
IBM Verify Gateway Default Credentials |
۹.۸ |
CVE-2020-4385 |
|
$۵k-$10k |
Weak Encryption |
IBM Verify Gateway Man-in-the-Middle |
۵.۹ |
CVE-2020-4397 |
|
$۲۵k-$50k |
Privilege Escalation |
IBM WebSphere Application Server SOAP Connector Deserialization |
۸.۸ |
CVE-2020-4464 |
|
Not Defined |
$۱k-$2k |
SQL Injection |
Icegram Email Subscribers & Newsletters Plugin |
۴.۹ |
CVE-2020-5768 |
Not Defined |
$۱k-$2k |
CSRF |
Icegram Email Subscribers & Newsletters Plugin |
۶.۵ |
CVE-2020-5767 |
Workaround |
$۲k-$5k |
Directory Traversal |
INNEO Startup TOOLS Service Port 85 sut_srv.exe |
۶.۳ |
CVE-2020-15492 |
$۱k-$2k |
Information Disclosure |
Intranda Goobi Viewer Core Application Server |
۹.۶ |
CVE-2020-15124 |
|
$۱k-$2k |
DoS |
Juniper Junos CLI Crash |
۵.۵ |
CVE-2020-1643 |
|
$۵k-$10k |
DoS |
Juniper Junos Inline IP Assembly |
۵.۳ |
CVE-2020-1655 |
|
$۵k-$10k |
DoS |
Juniper Junos Inline IP Assembly |
۷.۵ |
CVE-2020-1649 |
|
$۲k-$5k |
DoS |
Juniper Junos LLDP Crash |
۶.۵ |
CVE-2020-1641 |
|
$۵k-$10k |
DoS |
Juniper Junos Multiservices PIC Management Daemon Crash |
۸.۳ |
CVE-2020-1645 |
|
$۵k-$10k |
DoS |
Juniper Junos MX MS-PIC Crash |
۷.۵ |
CVE-2020-1650 |
|
$۲k-$5k |
DoS |
Juniper Junos MX Packet Forwarding Engine Memory Leak |
۶.۵ |
CVE-2020-1651 |
|
$۵k-$10k |
DoS |
Juniper Junos Routing Engine Crash |
۷.۵ |
CVE-2020-1653 |
|
$۵k-$10k |
DoS |
Juniper Junos RPD Crash |
۷.۵ |
CVE-2020-1644 |
|
$۵k-$10k |
DoS |
Juniper Junos RPD Crash |
۷.۵ |
CVE-2020-1640 |
|
$۵k-$10k |
DoS |
Juniper Junos rpd Daemon Crash |
۷.۵ |
CVE-2020-1648 |
|
$۵k-$10k |
DoS |
Juniper Junos rpd Daemon Crash |
۷.۵ |
CVE-2020-1646 |
|
Workaround |
$۱۰k-$25k |
Privilege Escalation |
Juniper Junos Space OpenNMS |
۵.۶ |
CVE-2020-1652 |
$۱۰k-$25k |
Remote Code Execution |
Juniper Junos SRX ICAP Redirect Service |
۹.۸ |
CVE-2020-1654 |
|
$۵k-$10k |
DoS |
Juniper Junos SRX ICAP Redirect Service Double-Free |
۹.۸ |
CVE-2020-1647 |
|
$۲k-$5k |
Privilege Escalation |
jupyterhub-kubespawner Default Server |
۸.۱ |
CVE-2020-15110 |
|
$۲k-$5k |
Remote Code Execution |
kramdown Gem Document |
۹.۸ |
CVE-2020-14001 |
|
$۱k-$2k |
Privilege Escalation |
Kubernetes kube-apiserver |
۶.۴ |
CVE-2020-8559 |
|
Not Defined |
$۰-$۱k |
Information Disclosure |
Kubernetes kube-controller-manager Error Message Credentials |
۵.۹ |
CVE-2019-11252 |
Not Defined |
$۰-$۱k |
DoS |
Kubernetes kublet hosts |
۵.۵ |
CVE-2020-8557 |
$۲k-$5k |
Privilege Escalation |
Lenovo Drivers Management |
۷.۳ |
CVE-2020-8326 |
|
$۲k-$5k |
Privilege Escalation |
Lenovo Drivers Management DLL Loader |
۷.۳ |
CVE-2020-8317 |
|
$۲k-$5k |
Privilege Escalation |
LibreNMS Access Control web.php |
۸.۸ |
CVE-2020-15877 |
|
$۱k-$2k |
SQL Injection |
LibreNMS customoid.inc.php |
۶.۵ |
CVE-2020-15873 |
|
$۲k-$5k |
Privilege Escalation |
Liferay Portal/Liferay DXP Deserialization |
۸.۱ |
CVE-2020-15842 |
|
$۱k-$2k |
Information Disclosure |
Liferay Portal/Liferay DXP LDAP Server Connection Password |
۸.۸ |
CVE-2020-15841 |
|
Not Defined |
$۱۰k-$25k |
Privilege Escalation |
Linux Kernel |
۷.۸ |
CVE-2020-15852 |
Not Defined |
$۰-$۱k |
DoS |
Lua ldebug.c changedline |
۳.۵ |
CVE-2020-15945 |
$۲k-$5k |
Memory Corruption |
Lua lgc.c youngcollection |
۹.۸ |
CVE-2020-15889 |
|
$۲k-$5k |
Memory Corruption |
Lua Stack Resize Use-After-Free |
۹.۸ |
CVE-2020-15888 |
|
Not Defined |
$۱k-$2k |
Information Disclosure |
LuaJIT __gc |
۷.۵ |
CVE-2020-15890 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Magento PHP |
۹.۸ |
CVE-2020-9664 |
Not Defined |
$۰-$۱k |
XSS |
Magento Stored |
۶.۱ |
CVE-2020-9665 |
Not Defined |
$۲k-$5k |
Directory Traversal |
marked-tree index.js fs.readFile |
۷.۵ |
CVE-2020-7682 |
Not Defined |
$۲k-$5k |
Directory Traversal |
marscode index.js fs.readFile |
۷.۵ |
CVE-2020-7681 |
Not Defined |
$۲k-$5k |
Directory Traversal |
Mida eFramework |
۶.۳ |
CVE-2020-15923 |
Not Defined |
$۲k-$5k |
Remote Code Execution |
Mida eFramework |
۸.۸ |
CVE-2020-15920 |
Not Defined |
$۲k-$5k |
SQL Injection |
Mida eFramework |
۷.۳ |
CVE-2020-15924 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Mida eFramework Backdoor |
۵.۵ |
CVE-2020-15921 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Mida eFramework OS Command Injection |
۸.۸ |
CVE-2020-15922 |
Not Defined |
$۰-$۱k |
XSS |
Mida eFramework Reflected |
۳.۵ |
CVE-2020-15919 |
Not Defined |
$۰-$۱k |
XSS |
Mida eFramework Stored |
۳.۵ |
CVE-2020-15918 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
MiPlatform ExtCommandApi.dll WinExec |
۹.۸ |
CVE-2020-7825 |
Not Defined |
$۲k-$5k |
Memory Corruption |
mruby VM Stack vm.c stack_copy |
۹.۸ |
CVE-2020-15866 |
$۰-$۱k |
CSRF |
MunkiReport {id} |
۴.۳ |
CVE-2020-15882 |
|
$۲k-$5k |
SQL Injection |
MunkiReport TableQuery.php |
۶.۳ |
CVE-2020-15884 |
|
$۲k-$5k |
Privilege Escalation |
Nagios XI cmdsubsys ajaxhelper.php |
۶.۳ |
CVE-2020-15901 |
|
$۰-$۱k |
XSS |
Nagios XI Graph Explorer |
۳.۵ |
CVE-2020-15902 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
nagios-plugins-hpilo PHP |
۹.۸ |
CVE-2020-7206 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
NEC ESMPRO Manager Deserialization |
۹.۸ |
CVE-2020-10917 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
OpenClinic GA Access Control |
۹.۸ |
CVE-2020-14485 |
Not Defined |
$۱k-$2k |
Weak Authentication |
OpenClinic GA Account Lockout Bruteforce |
۹.۸ |
CVE-2020-14484 |
Not Defined |
$۱k-$2k |
Weak Authentication |
OpenClinic GA Authentication Mechanism Bruteforce |
۹.۸ |
CVE-2020-14494 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
OpenClinic GA Permission |
۶.۵ |
CVE-2020-14491 |
Workaround |
$۲۵k-$50k |
command injection |
OpenSSH scp scp.c |
۵.۰ |
CVE-2020-15778 |
Not Defined |
$۲k-$5k |
DoS |
Oracle MySQL Server Optimizer Crash |
۴.۹ |
CVE-2020-14725 |
Not Defined |
$۱k-$2k |
Privilege Escalation |
OSIsoft PI Asset Framework Client |
۵.۳ |
CVE-2020-10610 |
Not Defined |
$۱k-$2k |
Privilege Escalation |
OSIsoft PI Asset Framework Client |
۵.۳ |
CVE-2020-10606 |
Not Defined |
$۱k-$2k |
Privilege Escalation |
OSIsoft PI Asset Framework Client Integrity Check |
۴.۸ |
CVE-2020-10608 |
Not Defined |
$۰-$۱k |
DoS |
OSIsoft Product PI Data Archive Subsystem Crash |
۴.۳ |
CVE-2020-10600 |
Not Defined |
$۰-$۱k |
DoS |
OSIsoft Product PI Network Manager Crash |
۴.۳ |
CVE-2020-10602 |
Not Defined |
$۰-$۱k |
DoS |
OSIsoft Product PI Network Manager Crash |
۵.۳ |
CVE-2020-10604 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
OSIsoft Product PI Vision Database Code Injection |
۶.۳ |
CVE-2020-10614 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
OTRS Community Edition |
۴.۳ |
CVE-2020-1776 |
Not Defined |
$۲k-$5k |
Remote Code Execution |
Parallels Remote Application Server Web Application |
۶.۳ |
CVE-2020-15860 |
$۱k-$2k |
Information Disclosure |
parser-server GraphQL |
۶.۵ |
CVE-2020-15126 |
|
Not Defined |
$۰-$۱k |
Directory Traversal |
Phoenix Contact PLCnext Engineer |
۸.۲ |
CVE-2020-12499 |
$۲k-$5k |
Privilege Escalation |
PrestaShop Dashboard Productions Configuration |
۶.۵ |
CVE-2020-15102 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Python python38._pth |
۹.۸ |
CVE-2020-15801 |
Not Defined |
$۱۰k-$25k |
Memory Corruption |
QEMU e1000e e1000e_core.c |
۳.۳ |
CVE-2020-15859 |
$۲k-$5k |
Privilege Escalation |
radare2 PDB File Name OS Command Injection |
۷.۴ |
CVE-2020-15121 |
|
Not Defined |
$۲k-$5k |
Code Execution |
RaspberryTortoise WebControl raspberryTortoise.js child_processexec |
۵.۵ |
CVE-2020-15477 |
Not Defined |
$۱k-$2k |
Information Disclosure |
react-native-fast-image Image Session |
۵.۳ |
CVE-2020-7696 |
Not Defined |
$۲k-$5k |
DoS |
Red Hat JBoss EAP Wildfly EJB |
۶.۵ |
CVE-2020-14307 |
Not Defined |
$۲k-$5k |
DoS |
Red Hat JBoss EAP Wildfly EJB Client |
۶.۵ |
CVE-2020-14297 |
Not Defined |
$۱k-$2k |
Code Execution |
Rockwell Automation FactoryTalk View SE |
۷.۸ |
CVE-2020-12031 |
Not Defined |
$۱k-$2k |
Information Disclosure |
Rockwell Automation FactoryTalk View SE |
۴.۳ |
CVE-2020-12027 |
Not Defined |
$۲k-$5k |
Remote Code Execution |
Rockwell Automation FactoryTalk View SE Project Directory |
۹.۰ |
CVE-2020-12029 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Rockwell Automation FactoryTalk View SEA |
۸.۱ |
CVE-2020-12028 |
Not Defined |
$۲k-$5k |
Directory Traversal |
rollup-plugin-dev-server readFileFromContentBase |
۷.۵ |
CVE-2020-7686 |
Not Defined |
$۲k-$5k |
Directory Traversal |
rollup-plugin-serve readFile |
۹.۸ |
CVE-2020-7684 |
Not Defined |
$۲k-$5k |
Directory Traversal |
rollup-plugin-serve readFileFromContentBase |
۷.۵ |
CVE-2020-7683 |
$۰-$۱k |
DoS |
Sails.js sails-hook-sockets |
۷.۵ |
CVE-2018-21036 |
|
Not Defined |
$۲k-$5k |
Open Redirect |
Schneider Electric Software Update |
۴.۹ |
CVE-2020-7520 |
$۱k-$2k |
Directory Traversal |
servey |
۷.۵ |
CVE-2020-8214 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
SonicOS SSLVPN LDAP Login |
۵.۳ |
CVE-2020-5130 |
Not Defined |
$۱k-$2k |
Privilege Escalation |
SonicWALL NetExtender |
۷.۸ |
CVE-2020-5131 |
$۱k-$2k |
XSS |
Subscriptions Plugin class-wcs-admin-post-types.php WCS_Admin_Post_Types |
۶.۱ |
CVE-2019-18834 |
|
$۱k-$2k |
Privilege Escalation |
Synaptics VFS75xx External Flash |
۴.۹ |
CVE-2019-18618 |
|
Not Defined |
$۱k-$2k |
Privilege Escalation |
Synaptics WBF Driver synaTee |
۴.۵ |
CVE-2019-18619 |
$۱k-$2k |
XSS |
TC Custom JavaScript Plugin Stored |
۶.۱ |
CVE-2020-14063 |
|
Not Defined |
$۰-$۱k |
XSS |
Teltonika Persistent |
۵.۴ |
CVE-2020-5769 |
$۲k-$5k |
Server-Side Request Forgery |
uppy Package |
۷.۵ |
CVE-2020-8205 |
|
Not Defined |
$۰-$۱k |
XSS |
Vereign Collabora CODE WOPI API |
۶.۱ |
CVE-2020-12432 |
$۰-$۱k |
XSS |
Wagtail wagtail.contrib.forms |
۵.۷ |
CVE-2020-15118 |
|
$۲k-$5k |
Privilege Escalation |
Western Digital WD Discovery User Permission |
۸.۸ |
CVE-2020-15816 |
|
$۰-$۱k |
XSS |
Zabbix URL Widget Stored |
۶.۱ |
CVE-2020-15803 |
|
Not Defined |
$۰-$۱k |
XSS |
ZTE R5300 G4/R5500 G4/R8500 G4 Server Management |
۶.۱ |
CVE-2020-6872 |
Not Defined |
$۱k-$2k |
Weak Authentication |
ZTE R5300 G4/R5500 G4/R8500 G4 Server Management Command |
۹.۸ |
CVE-2020-6871 |
سطح خطر حدود ۵۰% آسیبپذیریهای هفته، «پرخطر» و «حیاتی» برآورد شده است که بسیار قابلتوجّه است.
ارزش روز صفرم ۷۲ % آسیبپذیریهای هفته بیش از ۲۰۰۰ دلار بوده است.
خوشبختانه برای ۶۱% آسیبپذیریهای هفته، بهروزرسانیها و یا وصلههایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده ازآسیبپذیریها بهتر است سریعاً اعمال شوند.
همچنین با ۶۰ مورد، اکثر آسیبپذیریهای هفته (۲۳%) از نوع «ارتقا امتیاز» بودند.