آسیب‌پذیری‌های حیاتی هفته دوم تیر‌ماه

این هفته چندین آسیب‌پذیری در محصولات شرکت‌های Adobe و Apache گزارش شد. همچنین در محصولات شرکت‌های IBM، NVIDIA، VmWare، FreeRDP، Qualcomm، Google و ... چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت که وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شده است. بعلاوه آسیب‌پذیری‌هایی با سطوح خطر «بالا» و «حیاتی» در افزونه‌های WordPress شناسایی شده است.

لیست این آسیب‌پذیری‌ها به همراه لینک وصله‌ها و به‌روزرسانی‌های ارائه‌شده، امتیاز مبنا و ارزش روز صفر آن‌ها در جدول زیر آمده است.

رفع آسیب‌پذیری	ارزش روز صفر	نوع آسیب‌پذیری	محصول آسیب‌پذیر	امتیاز مبنا	شناسه آسیب‌پذیری
Official Fix	$۵k-$10k	Memory Corruption	Adobe After Effects Heap-based	۶.۳	CVE-2020-9638
Official Fix	$۵k-$10k	Memory Corruption	Adobe After Effects Heap-based	۶.۳	CVE-2020-9637
Official Fix	$۲k-$5k	Information Disclosure	Adobe After Effects Out-of-Bounds	۶.۳	CVE-2020-9661
Official Fix	$۵k-$10k	Memory Corruption	Adobe After Effects Out-of-Bounds	۶.۳	CVE-2020-9662
Official Fix	$۵k-$10k	Memory Corruption	Adobe After Effects Out-of-Bounds	۶.۳	CVE-2020-9660
Official Fix	$۲k-$5k	Information Disclosure	Adobe Audition Out-of-Bounds	۴.۳	CVE-2020-9618
Official Fix	$۵k-$10k	Memory Corruption	Adobe Audition Out-of-Bounds	۶.۳	CVE-2020-9659
Official Fix	$۵k-$10k	Memory Corruption	Adobe Audition Out-of-Bounds	۶.۳	CVE-2020-9658
Official Fix	$۲k-$5k	Information Disclosure	Adobe Campaign Classic Out-of-Bounds	۴.۳	CVE-2020-9666
Official Fix	$۵k-$10k	Memory Corruption	Adobe Illustrator Code Execution	۶.۳	CVE-2020-9642
Official Fix	$۵k-$10k	Memory Corruption	Adobe Illustrator Code Execution	۶.۳	CVE-2020-9641
Official Fix	$۵k-$10k	Memory Corruption	Adobe Illustrator Code Execution	۶.۳	CVE-2020-9640
Official Fix	$۵k-$10k	Memory Corruption	Adobe Illustrator Code Execution	۶.۳	CVE-2020-9639
Official Fix	$۵k-$10k	Memory Corruption	Adobe Illustrator Code Execution	۶.۳	CVE-2020-9575
Official Fix	$۲k-$5k	Information Disclosure	Adobe Premiere Pro Out-of-Bounds	۶.۳	CVE-2020-9652
Official Fix	$۵k-$10k	Memory Corruption	Adobe Premiere Pro Out-of-Bounds	۶.۳	CVE-2020-9654
Official Fix	$۵k-$10k	Memory Corruption	Adobe Premiere Pro Out-of-Bounds	۶.۳	CVE-2020-9653
Official Fix	$۵k-$10k	Memory Corruption	Adobe Premiere Rush Out-of-Bounds	۶.۳	CVE-2020-9657
Official Fix	$۵k-$10k	Memory Corruption	Adobe Premiere Rush Out-of-Bounds	۶.۳	CVE-2020-9656
Official Fix	$۵k-$10k	Memory Corruption	Adobe Premiere Rush Out-of-Bounds	۶.۳	CVE-2020-9655
Not Defined	$۰-$۱k	DoS	Alias Robotics MiR100 Apache Server	۸.۲	CVE-2020-10280
Not Defined	$۰-$۱k	Weak Authentication	Alias Robotics MiR100 BIOS	۶.۱	CVE-2020-10278
Not Defined	$۱k-$2k	Weak Authentication	Alias Robotics MiR100 Default Credentials	۹.۸	CVE-2020-10276
Not Defined	$۱k-$2k	Privilege Escalation	Alias Robotics MiR100 Live Image Boot	۶.۴	CVE-2020-10277
Not Defined	$۱k-$2k	Weak Authentication	Alias Robotics MiR100 REST API Default Credentials	۷.۱	CVE-2020-10274
Not Defined	$۱k-$2k	Weak Authentication	Alias Robotics MiR100 REST API Default Credentials	۹.۸	CVE-2020-10275
Not Defined	$۲k-$5k	Privilege Escalation	Alias Robotics MiR100 Ubuntu	۱۰.۰	CVE-2020-10279
Official Fix	$۱k-$2k	Information Disclosure	Alias Robotics MiR100/MiR200/MiR250/MiR500/MiR1000 Artifact Installation	۷.۵	CVE-2020-10273
Not Defined	$۲k-$5k	Privilege Escalation	Alias Robotics MiR100/MiR200/MiR250/MiR500/MiR1000 Computational Graph	۱۰.۰	CVE-2020-10271
Not Defined	$۱k-$2k	Weak Authentication	Alias Robotics MiR100/MiR200/MiR250/MiR500/MiR1000 Computational Graph	۱۰.۰	CVE-2020-10272
Not Defined	$۱k-$2k	Weak Authentication	Alias Robotics MiR100/MiR200/MiR250/MiR500/MiR1000 Interfaces	۹.۸	CVE-2020-10270
Not Defined	$۱k-$2k	Weak Authentication	Alias Robotics MiR100/MiR200/MiR250/MiR500/MiR1000 Wireless Interface Default Credentials	۹.۸	CVE-2020-10269
Official Fix	$۱۰k-$25k	Privilege Escalation	Apache Archiva LDAP LDAP injection	۵.۵	CVE-2020-9495
Official Fix	$۱۰k-$25k	Weak Authentication	Apache Shiro Spring Dynamic Controller	۹.۸	CVE-2020-11989
Not Defined	$۱۰k-$25k	Weak Authentication	Apache Spark RPC	۵.۵	CVE-2020-9480
Not Defined	$۵k-$10k	DoS	Apache Traffic Server HTTP2 Memory Consumption	۳.۵	CVE-2020-9494
Official Fix	$۲k-$5k	Memory Corruption	APNSwift APNSwiftSigner.sign	۶.۳	CVE-2020-4068
Official Fix	$۲k-$5k	Directory Traversal	Artica Proxy fw.progrss.details.php	۵.۵	CVE-2020-13158
Official Fix	$۲k-$5k	Privilege Escalation	Artica Proxy NetBIOS OS	۵.۵	CVE-2020-13159
Official Fix	$۱k-$2k	Information Disclosure	Atlassian JIRA Error Message	۴.۳	CVE-2020-4028
Official Fix	$۲k-$5k	Remote Code Execution	Atlassian JIRA Server/Data Center Template	۶.۳	CVE-2019-20409
Official Fix	$۲k-$5k	Privilege Escalation	BitDefender Total Security 2020 Safepay Browser	۸.۸	CVE-2020-8102
Not Defined	$۲k-$5k	Server-Side Request Forgery	Bitrix24	۵.۵	CVE-2020-13484
Not Defined	$۰-$۱k	XSS	Bitrix24 Web Application Firewall	۳.۵	CVE-2020-13483
Not Defined	$۰-$۱k	XSS	Bludit logo-upload.php	۳.۵	CVE-2020-15006
Not Defined	$۲k-$5k	Directory Traversal	Bludit plugin-backup-download	۵.۵	CVE-2020-15026
Not Defined	$۰-$۱k	XSS	BooleBox Secure File Sharing Utility Account.aspx	۳.۵	CVE-2020-13248
Not Defined	$۲k-$5k	Privilege Escalation	BooleBox Secure File Sharing Utility Export CSV Injection	۵.۵	CVE-2020-13247
Official Fix	$۱k-$2k	Privilege Escalation	Ceph ceph-mon/ceph-mgr	۸.۰	CVE-2020-10736
Not Defined	$۱k-$2k	Remote Code Execution	CloudForms Management Engine NFS Schedule Backup	۸.۰	CVE-2019-14894
Official Fix	$۲k-$5k	Privilege Escalation	CyberArk Conjur OSS Helm Chart Role-Based Access Control	۹.۰	CVE-2020-4062
Official Fix	$۱۰k-$25k	Privilege Escalation	Dell EMC Unisphere for PowerMax Authorization Command	۶.۴	CVE-2020-5345
Official Fix	$۵k-$10k	Weak Authentication	Dell EMC Unisphere for PowerMax/PowerMax OS Certificate Validation Man-in-the-Middle	۷.۴	CVE-2020-5367
Not Defined	$۲k-$5k	Memory Corruption	DMitry Whois nic_format_buff	۹.۸	CVE-2020-14931
Official Fix	$۲k-$5k	Memory Corruption	DrayTek Vigor2960/Vigor3900/Vigor300B mainfunction.cgi	۶.۳	CVE-2020-14993
Official Fix	$۲k-$5k	Privilege Escalation	DrayTek Vigor3900/Vigor2960/Vigor300B execution	۶.۳	CVE-2020-14472
Official Fix	$۲k-$5k	Memory Corruption	DrayTek Vigor3900/Vigor2960/Vigor300B Stack-based	۵.۵	CVE-2020-14473
Official Fix	$۱k-$2k	XSS	Easy Testimonials Plugin post.php	۵.۴	CVE-2020-14959
Official Fix	$۱k-$2k	XSS	Final Tiles Gallery Plugin admin-ajax.php	۵.۴	CVE-2020-14962
Not Defined	$۱k-$2k	Weak Authentication	Fortinet FortiDeceptor Session Expiration	۳.۷	CVE-2020-6644
Not Defined	$۰-$۱k	XSS	Fortinet FortiWLC ESS Profile/Radius Profile Stored	۵.۴	CVE-2020-9288
Not Defined	$۲k-$5k	Memory Corruption	FreedroidRPG map.c	۵.۵	CVE-2020-14938
Not Defined	$۲k-$5k	Code Execution	FreedroidRPG Save Game File savestruct_internal.c	۵.۵	CVE-2020-14939
Official Fix	$۲k-$5k	Memory Corruption	FreeRDP Compatibility Mode relax-order-checks gdi_SelectObject	۳.۵	CVE-2020-4031
Official Fix	$۲k-$5k	Memory Corruption	FreeRDP glyph_cache_put	۳.۵	CVE-2020-11098
Official Fix	$۲k-$5k	Memory Corruption	FreeRDP license_read_new_or_upgrade_license_packet	۳.۵	CVE-2020-11099
Official Fix	$۲k-$5k	Memory Corruption	FreeRDP	۳.۵	CVE-2020-11095
Official Fix	$۲k-$5k	Memory Corruption	FreeRDP Out-of-Bounds	۳.۱	CVE-2020-4033
Official Fix	$۲k-$5k	Memory Corruption	FreeRDP Out-of-Bounds	۳.۵	CVE-2020-11097
Official Fix	$۲k-$5k	Memory Corruption	FreeRDP relax-order-checks update_recv_secondary_order	۳.۱	CVE-2020-4032
Official Fix	$۲k-$5k	Memory Corruption	FreeRDP TrioParse Integer Overflow	۳.۵	CVE-2020-4030
Official Fix	$۲k-$5k	Memory Corruption	FreeRDP update_read_cache_bitmap_v3_order	۳.۵	CVE-2020-11096
Not Defined	$۲k-$5k	Privilege Escalation	F-Secure SAFE XPC Service	۴.۶	CVE-2020-14978
Not Defined	$۲k-$5k	Privilege Escalation	F-Secure SAFE XPC Service	۴.۶	CVE-2020-14977
Not Defined	$۲k-$5k	Privilege Escalation	generator-jhipster-kotlin Password Reset Log	۶.۳	CVE-2020-4072
Official Fix	$۲k-$5k	Privilege Escalation	GitHub Community Edition/Enterprise Edition OAuth	۸.۸	CVE-2020-13272
Official Fix	$۰-$۱k	DoS	GitLab Community Edition/Enterprise Edition	۷.۵	CVE-2020-13273
Official Fix	$۲k-$5k	Privilege Escalation	GitLab Community Edition/Enterprise Edition Email Verification	۵.۳	CVE-2020-13265
Official Fix	$۱k-$2k	Information Disclosure	GitLab Community Edition/Enterprise Edition HTML Source Code Credentials	۵.۳	CVE-2020-13261
Official Fix	$۱k-$2k	Information Disclosure	GitLab Community Edition/Enterprise Edition Kubernetes Cluster Token	۵.۳	CVE-2020-13264
Official Fix	$۰-$۱k	DoS	GitLab Community Edition/Enterprise Edition Memory Exhaustion	۷.۵	CVE-2020-13274
Official Fix	$۲k-$5k	Privilege Escalation	GitLab Community Edition/Enterprise Edition Mermaid Payload	۶.۶	CVE-2020-13262
Official Fix	$۱k-$2k	Information Disclosure	GitLab Community Edition/Enterprise Edition Mirror	۶.۳	CVE-2020-13277
Official Fix	$۲k-$5k	Privilege Escalation	GitLab Community Edition/Enterprise Edition Notification	۷.۴	CVE-2020-13276
Official Fix	$۲k-$5k	Privilege Escalation	GitLab Enterprise Edition Group	۸.۱	CVE-2020-13275
Official Fix	$۲k-$5k	Privilege Escalation	GitLab Enterprise Edition Project Maintainer Impersonation	۷.۵	CVE-2020-13263
Official Fix	$۱k-$2k	Code Execution	GitLab-vscode-extension	۷.۳	CVE-2020-13279
Not Defined	$۲k-$5k	Privilege Escalation	Global RADAR BSA Radar	۵.۵	CVE-2020-14945
Not Defined	$۲k-$5k	Privilege Escalation	Global RADAR BSA Radar	۵.۵	CVE-2020-14944
Not Defined	$۲k-$5k	Directory Traversal	Global RADAR BSA Radar Surveillance Module downloadFile.ashx	۵.۵	CVE-2020-14946
Not Defined	$۰-$۱k	XSS	Global RADAR BSA Radar Update User Profile Stored	۳.۵	CVE-2020-14943
Not Defined	$۰-$۱k	Information Disclosure	GNS3 ubridge Configuration File	۳.۳	CVE-2020-14976
Official Fix	$۲k-$5k	Privilege Escalation	GNU Mailman Private Archive Login Page private.py	۵.۵	CVE-2020-15011
Official Fix	$۱۰k-$25k	Privilege Escalation	Google Cloud Platform guest-oslogin compute.osLogin	۶.۷	CVE-2020-8903
Official Fix	$۱۰k-$25k	Privilege Escalation	Google Cloud Platform guest-oslogin compute.osLogin	۷.۸	CVE-2020-8933
Official Fix	$۱۰k-$25k	Privilege Escalation	Google Cloud Platform guest-oslogin compute.osLogin	۷.۸	CVE-2020-8907
Not Defined	$۱۰k-$25k	Directory Traversal	Google Go ExtractTo	۷.۵	CVE-2020-7668
Not Defined	$۱۰k-$25k	Directory Traversal	Google Go ExtractTo	۷.۵	CVE-2020-7664
Official Fix	$۵k-$10k	Information Disclosure	IBM Security Guardium PRNG	۵.۳	CVE-2020-4188
Official Fix	$۱۰k-$25k	Privilege Escalation	IBM Security Secret Server Clickjacking	۴.۳	CVE-2020-4322
Official Fix	$۵k-$10k	Information Disclosure	IBM Security Secret Server Error Message	۲.۷	CVE-2020-4341
Official Fix	$۵k-$10k	Information Disclosure	IBM Security Secret Server Error Message	۲.۷	CVE-2020-4327
Official Fix	$۵k-$10k	Information Disclosure	IBM Security Secret Server HSTS	۵.۹	CVE-2020-4413
Official Fix	$۵k-$10k	Information Disclosure	IBM Security Secret Server Installation File	۵.۳	CVE-2020-4342
Official Fix	$۵k-$10k	XSS	IBM Security Secret Server Web UI	۶.۱	CVE-2020-4323
Not Defined	$۰-$۱k	DoS	IObit Advanced SystemCare Free Clean & Optimize	۴.۴	CVE-2020-14990
Not Defined	$۰-$۱k	DoS	IObit Unlocker Driver	۳.۵	CVE-2020-14974
Not Defined	$۲k-$5k	Privilege Escalation	IObit Unlocker Driver	۵.۵	CVE-2020-14975
Not Defined	$۲k-$5k	Memory Corruption	jsrsasign Package ECDSA Signature Integer	۵.۵	CVE-2020-14966
Official Fix	$۱k-$2k	Weak Authentication	jsrsasign Package RSA PKCS1	۴.۸	CVE-2020-14967
Official Fix	$۱k-$2k	Weak Authentication	jsrsasign Package RSASSA-PSS	۴.۲	CVE-2020-14968
Official Fix	$۲k-$5k	Privilege Escalation	KeyCloak Authorization URL	۶.۴	CVE-2020-1727
Not Defined	$۲k-$5k	Privilege Escalation	Kordil EDMS documents_add.php	۶.۳	CVE-2020-13887
Not Defined	$۰-$۱k	XSS	Kordil EDMS users_edit.php	۳.۵	CVE-2020-13888
Official Fix	$۲k-$5k	Memory Corruption	LoRa Basics Station Use-After-Free	۵.۳	CVE-2020-4060
Official Fix	$۲k-$5k	Memory Corruption	LoRaMac-node	۵.۷	CVE-2020-11068
Official Fix	$۲k-$5k	Information Disclosure	McAfee Advanced Threat Defense Access Control	۵.۳	CVE-2020-7262
Not Defined	$۱k-$2k	Weak Encryption	Mitsubishi Electric MELSEC iQ-R Cleartext	۳.۵	CVE-2020-5594
Official Fix	$۲k-$5k	Unknown Vulnerability	Mutt/NeoMutt STARTTLS Injection	۵.۹	CVE-2020-14954
Not Defined	$۰-$۱k	XSS	Navigate CMS Edit User Page Stored	۳.۵	CVE-2020-14018
Not Defined	$۰-$۱k	XSS	Navigate CMS navigate.php	۳.۵	CVE-2020-14014
Not Defined	$۱k-$2k	Information Disclosure	Navigate CMS Password Reset User	۴.۳	CVE-2020-14016
Not Defined	$۱k-$2k	Weak Authentication	Navigate CMS Password Reset	۳.۵	CVE-2020-14015
Not Defined	$۰-$۱k	Information Disclosure	Navigate CMS sessions	۲.۶	CVE-2020-14017
Official Fix	$۱۰k-$25k	Memory Corruption	net-snmp SNMPv3 GetBulk Request snmpusm.c usm_free_usmStateReference	۵.۵	CVE-2019-20892
Official Fix	$۰-$۱k	DoS	ntp ntpd Memory Consumption	۴.۴	CVE-2020-15025
Not Defined	$۰-$۱k	CSRF	NukeViet add_user.php	۴.۳	CVE-2020-13156
Not Defined	$۰-$۱k	CSRF	NukeViet clearsystem.php	۴.۳	CVE-2020-13155
Not Defined	$۰-$۱k	CSRF	NukeViet edit.php	۴.۳	CVE-2020-13157
Official Fix	$۰-$۱k	DoS	NVIDIA Linux GPU Display Driver UVM Driver	۳.۵	CVE-2020-5967
Official Fix	$۱k-$2k	Privilege Escalation	NVIDIA Windows GPU Display Driver Control Panel	۴.۴	CVE-2020-5962
Official Fix	$۰-$۱k	DoS	NVIDIA Windows GPU Display Driver DirectX 11 User Mode Driver x.dll	۳.۵	CVE-2020-5965
Official Fix	$۲k-$5k	Code Execution	NVIDIA Windows GPU Display Driver Inter Process Communication API	۵.۵	CVE-2020-5963
Official Fix	$۰-$۱k	DoS	NVIDIA Windows GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape	۳.۵	CVE-2020-5966
Official Fix	$۲k-$5k	Code Execution	NVIDIA Windows GPU Display Driver Service Host	۵.۵	CVE-2020-5964
Official Fix	$۲k-$5k	Memory Corruption	OpenEXR ImfDeepScanLineInputFile.cpp DeepScanLineInputFile()‎	۵.۵	CVE-2020-15305
Official Fix	$۲k-$5k	Memory Corruption	OpenEXR ImfMisc.cpp getChunkOffsetTableSize()‎	۵.۵	CVE-2020-15306
Official Fix	$۰-$۱k	DoS	OpenEXR ImfTiledInputFile.cpp TiledInputFile()‎	۳.۵	CVE-2020-15304
Not Defined	$۲k-$5k	Command Injection	Openfind MailGates Email	۹.۸	CVE-2020-12782
Not Defined	$۲k-$5k	SQL Injection	php-fusion comments.php	۷.۲	CVE-2020-14960
Not Defined	$۰-$۱k	XSS	php-fusion site_links.php	۳.۵	CVE-2020-15041
Official Fix	$۱k-$2k	Information Disclosure	Pillow FliDecode.c	۳.۵	CVE-2020-10177
Official Fix	$۲k-$5k	Memory Corruption	Pillow JP2 File Jpeg2KDecode.c	۵.۵	CVE-2020-10994
Official Fix	$۲k-$5k	Memory Corruption	Pillow PCX File PcxDecode.c	۵.۵	CVE-2020-10378
Not Defined	$۲k-$5k	Memory Corruption	Pillow SGI Image File SgiRleDecode.c	۵.۵	CVE-2020-11538
Official Fix	$۲k-$5k	Memory Corruption	Pillow TiffDecode.c	۵.۵	CVE-2020-10379
Official Fix	$۲۵k-$50k	Privilege Escalation	Qualcomm Snapdragon Auto API	۷.۸	CVE-2020-3626
Official Fix	$۱۰k-$25k	Memory Corruption	Qualcomm Snapdragon Auto Diag Command Integer Overflow	۷.۸	CVE-2019-14094
Official Fix	$۱۰k-$25k	Memory Corruption	Qualcomm Snapdragon Auto eac3 Header	۹.۸	CVE-2020-3662
Official Fix	$۲۵k-$50k	Unknown Vulnerability	Qualcomm Snapdragon Auto IPA Driver	۷.۸	CVE-2019-14047
Official Fix	$۲۵k-$50k	Memory Corruption	Qualcomm Snapdragon Auto Kernel	۹.۰	CVE-2019-10597
Official Fix	$۱۰k-$25k	Memory Corruption	Qualcomm Snapdragon Auto	۷.۸	CVE-2020-3676
Official Fix	$۱۰k-$25k	Memory Corruption	Qualcomm Snapdragon Auto	۷.۸	CVE-2020-3665
Official Fix	$۱۰k-$25k	Memory Corruption	Qualcomm Snapdragon Auto	۹.۸	CVE-2020-3663
Official Fix	$۱۰k-$25k	Memory Corruption	Qualcomm Snapdragon Auto MP4 File	۹.۸	CVE-2020-3661
Official Fix	$۵k-$10k	DoS	Qualcomm Snapdragon Auto MP4 File NULL Pointer Dereference	۹.۱	CVE-2020-3658
Official Fix	$۵k-$10k	DoS	Qualcomm Snapdragon Auto MP4 File NULL Pointer Dereference	۹.۸	CVE-2020-3660
Official Fix	$۱۰k-$25k	Memory Corruption	Qualcomm Snapdragon Auto NPU Double-Free	۷.۸	CVE-2019-14091
Official Fix	$۱۰k-$25k	Memory Corruption	Qualcomm Snapdragon Auto Payload Pointer	۵.۵	CVE-2019-10626
Official Fix	$۱۰k-$25k	Memory Corruption	Qualcomm Snapdragon Auto RTCP Message Stack-based	۹.۸	CVE-2019-14073
Official Fix	$۱۰k-$25k	Memory Corruption	Qualcomm Snapdragon Auto SDP Out-of-Bounds	۹.۸	CVE-2019-14080
Official Fix	$۱۰k-$25k	Memory Corruption	Qualcomm Snapdragon Auto Setup Message Decoding	۹.۸	CVE-2019-14062
Official Fix	$۱۰k-$25k	Memory Corruption	Qualcomm Snapdragon Auto Stack-based	۷.۸	CVE-2020-3635
Official Fix	$۱۰k-$25k	Memory Corruption	Qualcomm Snapdragon Auto Subsample Data	۷.۸	CVE-2019-14076
Official Fix	$۱۰k-$25k	Memory Corruption	Qualcomm Snapdragon Compute	۹.۸	CVE-2020-3614
Official Fix	$۱۰k-$25k	Memory Corruption	Qualcomm Snapdragon Compute Protection Mechanism Double-Free	۷.۸	CVE-2020-3613
Official Fix	$۱۰k-$25k	Privilege Escalation	Qualcomm Snapdragon Consumer IOT/Snapdragon Mobile Logging Application	۹.۸	CVE-2020-3628
Official Fix	$۱۰k-$25k	Memory Corruption	Qualcomm Snapdragon Consumer IOT/Snapdragon Mobile Use-After-Free	۷.۸	CVE-2020-3642
Official Fix	$۵k-$10k	Information Disclosure	Qualcomm Snapdragon Industrial IOT/Snapdragon Mobile System Service	۵.۵	CVE-2019-14092
Official Fix	$۰-$۱k	XSS	Rapid7 Metasploit Pro Scan Asset	۶.۱	CVE-2020-7355
Official Fix	$۰-$۱k	XSS	Rapid7 Metasploit Pro Scan Asset	۶.۱	CVE-2020-7354
Official Fix	$۲k-$5k	Privilege Escalation	Ruby on Rails MemCacheStore/RedisCacheStore Deserialization	۹.۸	CVE-2020-8165
Not Defined	$۰-$۱k	CSRF	Ruby on Rails rails-ujs Module	۶.۵	CVE-2020-8167
Official Fix	$۲k-$5k	Memory Corruption	Sane Backend Heap-based	۵.۵	CVE-2020-12865
Official Fix	$۲k-$5k	Memory Corruption	Sane Backend Heap-based	۵.۵	CVE-2020-12861
Official Fix	$۰-$۱k	DoS	Sane Backend NULL Pointer Dereference	۳.۵	CVE-2020-12866
Official Fix	$۱k-$2k	Information Disclosure	Sane Backend Out-of-Bounds	۳.۵	CVE-2020-12864
Official Fix	$۱k-$2k	Information Disclosure	Sane Backend Out-of-Bounds	۳.۵	CVE-2020-12863
Official Fix	$۱k-$2k	Information Disclosure	Sane Backend Out-of-Bounds	۳.۵	CVE-2020-12862
Not Defined	$۲k-$5k	Directory Traversal	SAS Software go-rpmutils CPIO Extraction	۷.۵	CVE-2020-7667
Official Fix	$۰-$۱k	XSS	SeedProd coming-soon Plugin	۳.۵	CVE-2020-15038
Not Defined	$۰-$۱k	XSS	Solarwinds Orion Alert	۳.۵	CVE-2020-14007
Not Defined	$۲k-$5k	Remote Code Execution	Solarwinds Orion Event	۶.۳	CVE-2020-14005
Not Defined	$۰-$۱k	XSS	Solarwinds Orion Responsible Team	۳.۵	CVE-2020-14006
Not Defined	$۱k-$2k	Weak Authentication	Sophos Secure Email App SSL Certificate Validator	۵.۹	CVE-2020-14980
Not Defined	$۲k-$5k	Unknown Vulnerability	SquirrelMail compose.php Serialized	۹.۸	CVE-2020-14933
Not Defined	$۲k-$5k	Unknown Vulnerability	SquirrelMail compose.php Serialized	۹.۸	CVE-2020-14932
Official Fix	$۱k-$2k	CSRF	Supermicro X10DRH-iT Web Interface config_user.cgi	۵.۳	CVE-2020-15046
Not Defined	$۰-$۱k	DoS	Tenda PA6 Wi-Fi Powerline Extender homeplugd	۳.۵	CVE-2019-19506
Not Defined	$۲k-$5k	Privilege Escalation	Tenda PA6 Wi-Fi Powerline Extender	۶.۳	CVE-2019-16213
Not Defined	$۲k-$5k	Memory Corruption	Tenda PA6 Wi-Fi Powerline Extender Web UI Stack-based	۶.۳	CVE-2019-19505
Official Fix	$۱k-$2k	Weak Authentication	Tinxy Door Lock Replay	۵.۰	CVE-2020-9438
Not Defined	$۰-$۱k	CSRF	TP-LINK L-WR740N v4/TL-WR740ND v4 Admin Panel	۴.۳	CVE-2020-14965
Not Defined	$۲k-$5k	Privilege Escalation	traceroute Package Child.exec()‎	۹.۱	CVE-2018-21268
Official Fix	$۱۰k-$25k	Memory Corruption	VMware ESXi/Fusion/Workstation SVGA Device Off-By-One	۸.۸	CVE-2020-3969
Official Fix	$۵k-$10k	Information Disclosure	VMware ESXi/Workstation/Fusion EHCI USB Controller	۳.۵	CVE-2020-3964
Official Fix	$۱۰k-$25k	Memory Corruption	VMware ESXi/Workstation/Fusion PVNVRAM Use-After-Free	۵.۳	CVE-2020-3963
Official Fix	$۵k-$10k	DoS	VMware ESXi/Workstation/Fusion Shader Out-of-Bounds	۳.۵	CVE-2020-3970
Official Fix	$۱۰k-$25k	Memory Corruption	VMware ESXi/Workstation/Fusion SVGA Device Use-After-Free	۸.۸	CVE-2020-3962
Official Fix	$۱۰k-$25k	Memory Corruption	VMware ESXi/Workstation/Fusion USB 2.‎0 Controller Heap-based	۵.۵	CVE-2020-3967
Official Fix	$۵k-$10k	Memory Corruption	VMware ESXi/Workstation/Fusion USB 2.‎0 Controller Heap-based	۵.۳	CVE-2020-3966
Official Fix	$۱۰k-$25k	Memory Corruption	VMware ESXi/Workstation/Fusion USB 3.‎0 Controller Out-of-Bounds	۷.۸	CVE-2020-3968
Official Fix	$۲k-$5k	Information Disclosure	VMware ESXi/Workstation/Fusion vmxnet3 Virtual Network Adapter Heap-based	۳.۳	CVE-2020-3971
Official Fix	$۲k-$5k	Information Disclosure	VMware ESXi/Workstation/Fusion XHCI USB Controller	۳.۳	CVE-2020-3965
Official Fix	$۵k-$10k	DoS	VMware Tools HGFS	۳.۵	CVE-2020-3972
Not Defined	$۰-$۱k	XSS	WebFOCUS Business Intelligence	۶.۱	CVE-2020-14202
Not Defined	$۰-$۱k	CSRF	WebFOCUS Business Intelligence WFServlet‪(.ibfs)‬	۸.۸	CVE-2020-14203
Not Defined	$۲k-$5k	XML External Entity	WebFOCUS Business Intelligence WFServlet.cfg	۸.۲	CVE-2020-14204
Not Defined	$۰-$۱k	XSS	webTareas login.php loginForm	۶.۱	CVE-2020-14973
Official Fix	$۱k-$2k	Privilege Escalation	WildFly Deserialization	۶.۶	CVE-2020-10740
Not Defined	$۲k-$5k	Memory Corruption	WinMagic SecureDoc IOCTL Dispatcher SDDisk2k.sys	۷.۸	CVE-2020-11520
Not Defined	$۱k-$2k	Code Execution	WinMagic SecureDoc SDDisk2k.sys	۵.۳	CVE-2020-11519
Official Fix	$۲k-$5k	Privilege Escalation	Xiaomi Mi Jia Ink-Jet Printer Web Management Command	۵.۵	CVE-2020-10561
Official Fix	$۲k-$5k	Privilege Escalation	Xiaomi R3600 Backup File tmp	۴.۳	CVE-2020-11960
Official Fix	$۱k-$2k	Information Disclosure	Xiaomi R3600 Configuration	۳.۵	CVE-2020-11959
Official Fix	$۱k-$2k	Information Disclosure	Xiaomi R3600 get_config_result	۴.۳	CVE-2020-11961
Official Fix	$۲k-$5k	Memory Corruption	Xiaomi R3600 Web Interface Stack-based	۶.۳	CVE-2020-14095
Official Fix	$۲k-$5k	Memory Corruption	Xiaomi R3600 Web Interface Stack-based	۶.۳	CVE-2020-14094
Not Defined	$۲k-$5k	Privilege Escalation	ZTE U31R20 FTP Server	۵.۵	CVE-2020-6870
Not Defined	$۵k-$10k	Directory Traversal	ZyXEL Armor X1 WAP6806	۸.۶	CVE-2020-14461

سطح خطر حدود ۲۸% آسیب‌پذیری‌های هفته، «پرخطر» و «حیاتی» برآورد شده است که بسیار قابل‌توجّه است.

ارزش روز صفر بیش از ۶۷% آسیب‌پذیری‌های هفته بالای ۲۰۰۰ دلار برآورد شده است.

خوشبختانه برای ۶۶% آسیب‌پذیری‌‌های هفته، به‌روزرسانی‌ها و یا وصله‌هایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده از آسیب‌پذیری‌ها بهتر است سریعاً اعمال شوند.

همچنین با ۶۹ مورد، اکثر آسیب‌پذیری‌های هفته (۳۱%) از نوع «تخریب حافظه» بودند.

خدمات آپا

سایر آسیب پذیری ها

آسیب‌پذیری‌های حیاتی هفته دوم تیر‌ماه