آسیبپذیریهای حیاتی هفته دوم تیرماه
این هفته چندین آسیبپذیری در محصولات شرکتهای Adobe و Apache گزارش شد. همچنین در محصولات شرکتهای IBM، NVIDIA، VmWare، FreeRDP، Qualcomm، Google و ... چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت که وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شده است. بعلاوه آسیبپذیریهایی با سطوح خطر «بالا» و «حیاتی» در افزونههای WordPress شناسایی شده است.
لیست این آسیبپذیریها به همراه لینک وصلهها و بهروزرسانیهای ارائهشده، امتیاز مبنا و ارزش روز صفر آنها در جدول زیر آمده است.
رفع آسیبپذیری |
ارزش روز صفر |
نوع آسیبپذیری |
محصول آسیبپذیر |
امتیاز مبنا |
شناسه آسیبپذیری |
$۵k-$10k |
Memory Corruption |
Adobe After Effects Heap-based |
۶.۳ |
CVE-2020-9638 |
|
$۵k-$10k |
Memory Corruption |
Adobe After Effects Heap-based |
۶.۳ |
CVE-2020-9637 |
|
$۲k-$5k |
Information Disclosure |
Adobe After Effects Out-of-Bounds |
۶.۳ |
CVE-2020-9661 |
|
$۵k-$10k |
Memory Corruption |
Adobe After Effects Out-of-Bounds |
۶.۳ |
CVE-2020-9662 |
|
$۵k-$10k |
Memory Corruption |
Adobe After Effects Out-of-Bounds |
۶.۳ |
CVE-2020-9660 |
|
$۲k-$5k |
Information Disclosure |
Adobe Audition Out-of-Bounds |
۴.۳ |
CVE-2020-9618 |
|
$۵k-$10k |
Memory Corruption |
Adobe Audition Out-of-Bounds |
۶.۳ |
CVE-2020-9659 |
|
$۵k-$10k |
Memory Corruption |
Adobe Audition Out-of-Bounds |
۶.۳ |
CVE-2020-9658 |
|
$۲k-$5k |
Information Disclosure |
Adobe Campaign Classic Out-of-Bounds |
۴.۳ |
CVE-2020-9666 |
|
$۵k-$10k |
Memory Corruption |
Adobe Illustrator Code Execution |
۶.۳ |
CVE-2020-9642 |
|
$۵k-$10k |
Memory Corruption |
Adobe Illustrator Code Execution |
۶.۳ |
CVE-2020-9641 |
|
$۵k-$10k |
Memory Corruption |
Adobe Illustrator Code Execution |
۶.۳ |
CVE-2020-9640 |
|
$۵k-$10k |
Memory Corruption |
Adobe Illustrator Code Execution |
۶.۳ |
CVE-2020-9639 |
|
$۵k-$10k |
Memory Corruption |
Adobe Illustrator Code Execution |
۶.۳ |
CVE-2020-9575 |
|
$۲k-$5k |
Information Disclosure |
Adobe Premiere Pro Out-of-Bounds |
۶.۳ |
CVE-2020-9652 |
|
$۵k-$10k |
Memory Corruption |
Adobe Premiere Pro Out-of-Bounds |
۶.۳ |
CVE-2020-9654 |
|
$۵k-$10k |
Memory Corruption |
Adobe Premiere Pro Out-of-Bounds |
۶.۳ |
CVE-2020-9653 |
|
$۵k-$10k |
Memory Corruption |
Adobe Premiere Rush Out-of-Bounds |
۶.۳ |
CVE-2020-9657 |
|
$۵k-$10k |
Memory Corruption |
Adobe Premiere Rush Out-of-Bounds |
۶.۳ |
CVE-2020-9656 |
|
$۵k-$10k |
Memory Corruption |
Adobe Premiere Rush Out-of-Bounds |
۶.۳ |
CVE-2020-9655 |
|
Not Defined |
$۰-$۱k |
DoS |
Alias Robotics MiR100 Apache Server |
۸.۲ |
CVE-2020-10280 |
Not Defined |
$۰-$۱k |
Weak Authentication |
Alias Robotics MiR100 BIOS |
۶.۱ |
CVE-2020-10278 |
Not Defined |
$۱k-$2k |
Weak Authentication |
Alias Robotics MiR100 Default Credentials |
۹.۸ |
CVE-2020-10276 |
Not Defined |
$۱k-$2k |
Privilege Escalation |
Alias Robotics MiR100 Live Image Boot |
۶.۴ |
CVE-2020-10277 |
Not Defined |
$۱k-$2k |
Weak Authentication |
Alias Robotics MiR100 REST API Default Credentials |
۷.۱ |
CVE-2020-10274 |
Not Defined |
$۱k-$2k |
Weak Authentication |
Alias Robotics MiR100 REST API Default Credentials |
۹.۸ |
CVE-2020-10275 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Alias Robotics MiR100 Ubuntu |
۱۰.۰ |
CVE-2020-10279 |
$۱k-$2k |
Information Disclosure |
Alias Robotics MiR100/MiR200/MiR250/MiR500/MiR1000 Artifact Installation |
۷.۵ |
CVE-2020-10273 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Alias Robotics MiR100/MiR200/MiR250/MiR500/MiR1000 Computational Graph |
۱۰.۰ |
CVE-2020-10271 |
Not Defined |
$۱k-$2k |
Weak Authentication |
Alias Robotics MiR100/MiR200/MiR250/MiR500/MiR1000 Computational Graph |
۱۰.۰ |
CVE-2020-10272 |
Not Defined |
$۱k-$2k |
Weak Authentication |
Alias Robotics MiR100/MiR200/MiR250/MiR500/MiR1000 Interfaces |
۹.۸ |
CVE-2020-10270 |
Not Defined |
$۱k-$2k |
Weak Authentication |
Alias Robotics MiR100/MiR200/MiR250/MiR500/MiR1000 Wireless Interface Default Credentials |
۹.۸ |
CVE-2020-10269 |
$۱۰k-$25k |
Privilege Escalation |
Apache Archiva LDAP LDAP injection |
۵.۵ |
CVE-2020-9495 |
|
$۱۰k-$25k |
Weak Authentication |
Apache Shiro Spring Dynamic Controller |
۹.۸ |
CVE-2020-11989 |
|
Not Defined |
$۱۰k-$25k |
Weak Authentication |
Apache Spark RPC |
۵.۵ |
CVE-2020-9480 |
Not Defined |
$۵k-$10k |
DoS |
Apache Traffic Server HTTP2 Memory Consumption |
۳.۵ |
CVE-2020-9494 |
$۲k-$5k |
Memory Corruption |
APNSwift APNSwiftSigner.sign |
۶.۳ |
CVE-2020-4068 |
|
$۲k-$5k |
Directory Traversal |
Artica Proxy fw.progrss.details.php |
۵.۵ |
CVE-2020-13158 |
|
$۲k-$5k |
Privilege Escalation |
Artica Proxy NetBIOS OS |
۵.۵ |
CVE-2020-13159 |
|
$۱k-$2k |
Information Disclosure |
Atlassian JIRA Error Message |
۴.۳ |
CVE-2020-4028 |
|
$۲k-$5k |
Remote Code Execution |
Atlassian JIRA Server/Data Center Template |
۶.۳ |
CVE-2019-20409 |
|
$۲k-$5k |
Privilege Escalation |
BitDefender Total Security 2020 Safepay Browser |
۸.۸ |
CVE-2020-8102 |
|
Not Defined |
$۲k-$5k |
Server-Side Request Forgery |
Bitrix24 |
۵.۵ |
CVE-2020-13484 |
Not Defined |
$۰-$۱k |
XSS |
Bitrix24 Web Application Firewall |
۳.۵ |
CVE-2020-13483 |
Not Defined |
$۰-$۱k |
XSS |
Bludit logo-upload.php |
۳.۵ |
CVE-2020-15006 |
Not Defined |
$۲k-$5k |
Directory Traversal |
Bludit plugin-backup-download |
۵.۵ |
CVE-2020-15026 |
Not Defined |
$۰-$۱k |
XSS |
BooleBox Secure File Sharing Utility Account.aspx |
۳.۵ |
CVE-2020-13248 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
BooleBox Secure File Sharing Utility Export CSV Injection |
۵.۵ |
CVE-2020-13247 |
$۱k-$2k |
Privilege Escalation |
Ceph ceph-mon/ceph-mgr |
۸.۰ |
CVE-2020-10736 |
|
Not Defined |
$۱k-$2k |
Remote Code Execution |
CloudForms Management Engine NFS Schedule Backup |
۸.۰ |
CVE-2019-14894 |
$۲k-$5k |
Privilege Escalation |
CyberArk Conjur OSS Helm Chart Role-Based Access Control |
۹.۰ |
CVE-2020-4062 |
|
$۱۰k-$25k |
Privilege Escalation |
Dell EMC Unisphere for PowerMax Authorization Command |
۶.۴ |
CVE-2020-5345 |
|
$۵k-$10k |
Weak Authentication |
Dell EMC Unisphere for PowerMax/PowerMax OS Certificate Validation Man-in-the-Middle |
۷.۴ |
CVE-2020-5367 |
|
Not Defined |
$۲k-$5k |
Memory Corruption |
DMitry Whois nic_format_buff |
۹.۸ |
CVE-2020-14931 |
$۲k-$5k |
Memory Corruption |
DrayTek Vigor2960/Vigor3900/Vigor300B mainfunction.cgi |
۶.۳ |
CVE-2020-14993 |
|
$۲k-$5k |
Privilege Escalation |
DrayTek Vigor3900/Vigor2960/Vigor300B execution |
۶.۳ |
CVE-2020-14472 |
|
$۲k-$5k |
Memory Corruption |
DrayTek Vigor3900/Vigor2960/Vigor300B Stack-based |
۵.۵ |
CVE-2020-14473 |
|
$۱k-$2k |
XSS |
Easy Testimonials Plugin post.php |
۵.۴ |
CVE-2020-14959 |
|
$۱k-$2k |
XSS |
Final Tiles Gallery Plugin admin-ajax.php |
۵.۴ |
CVE-2020-14962 |
|
Not Defined |
$۱k-$2k |
Weak Authentication |
Fortinet FortiDeceptor Session Expiration |
۳.۷ |
CVE-2020-6644 |
Not Defined |
$۰-$۱k |
XSS |
Fortinet FortiWLC ESS Profile/Radius Profile Stored |
۵.۴ |
CVE-2020-9288 |
Not Defined |
$۲k-$5k |
Memory Corruption |
FreedroidRPG map.c |
۵.۵ |
CVE-2020-14938 |
Not Defined |
$۲k-$5k |
Code Execution |
FreedroidRPG Save Game File savestruct_internal.c |
۵.۵ |
CVE-2020-14939 |
$۲k-$5k |
Memory Corruption |
FreeRDP Compatibility Mode relax-order-checks gdi_SelectObject |
۳.۵ |
CVE-2020-4031 |
|
$۲k-$5k |
Memory Corruption |
FreeRDP glyph_cache_put |
۳.۵ |
CVE-2020-11098 |
|
$۲k-$5k |
Memory Corruption |
FreeRDP license_read_new_or_upgrade_license_packet |
۳.۵ |
CVE-2020-11099 |
|
$۲k-$5k |
Memory Corruption |
FreeRDP |
۳.۵ |
CVE-2020-11095 |
|
$۲k-$5k |
Memory Corruption |
FreeRDP Out-of-Bounds |
۳.۱ |
CVE-2020-4033 |
|
$۲k-$5k |
Memory Corruption |
FreeRDP Out-of-Bounds |
۳.۵ |
CVE-2020-11097 |
|
$۲k-$5k |
Memory Corruption |
FreeRDP relax-order-checks update_recv_secondary_order |
۳.۱ |
CVE-2020-4032 |
|
$۲k-$5k |
Memory Corruption |
FreeRDP TrioParse Integer Overflow |
۳.۵ |
CVE-2020-4030 |
|
$۲k-$5k |
Memory Corruption |
FreeRDP update_read_cache_bitmap_v3_order |
۳.۵ |
CVE-2020-11096 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
F-Secure SAFE XPC Service |
۴.۶ |
CVE-2020-14978 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
F-Secure SAFE XPC Service |
۴.۶ |
CVE-2020-14977 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
generator-jhipster-kotlin Password Reset Log |
۶.۳ |
CVE-2020-4072 |
$۲k-$5k |
Privilege Escalation |
GitHub Community Edition/Enterprise Edition OAuth |
۸.۸ |
CVE-2020-13272 |
|
$۰-$۱k |
DoS |
GitLab Community Edition/Enterprise Edition |
۷.۵ |
CVE-2020-13273 |
|
$۲k-$5k |
Privilege Escalation |
GitLab Community Edition/Enterprise Edition Email Verification |
۵.۳ |
CVE-2020-13265 |
|
$۱k-$2k |
Information Disclosure |
GitLab Community Edition/Enterprise Edition HTML Source Code Credentials |
۵.۳ |
CVE-2020-13261 |
|
$۱k-$2k |
Information Disclosure |
GitLab Community Edition/Enterprise Edition Kubernetes Cluster Token |
۵.۳ |
CVE-2020-13264 |
|
$۰-$۱k |
DoS |
GitLab Community Edition/Enterprise Edition Memory Exhaustion |
۷.۵ |
CVE-2020-13274 |
|
$۲k-$5k |
Privilege Escalation |
GitLab Community Edition/Enterprise Edition Mermaid Payload |
۶.۶ |
CVE-2020-13262 |
|
$۱k-$2k |
Information Disclosure |
GitLab Community Edition/Enterprise Edition Mirror |
۶.۳ |
CVE-2020-13277 |
|
$۲k-$5k |
Privilege Escalation |
GitLab Community Edition/Enterprise Edition Notification |
۷.۴ |
CVE-2020-13276 |
|
$۲k-$5k |
Privilege Escalation |
GitLab Enterprise Edition Group |
۸.۱ |
CVE-2020-13275 |
|
$۲k-$5k |
Privilege Escalation |
GitLab Enterprise Edition Project Maintainer Impersonation |
۷.۵ |
CVE-2020-13263 |
|
$۱k-$2k |
Code Execution |
GitLab-vscode-extension |
۷.۳ |
CVE-2020-13279 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Global RADAR BSA Radar |
۵.۵ |
CVE-2020-14945 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Global RADAR BSA Radar |
۵.۵ |
CVE-2020-14944 |
Not Defined |
$۲k-$5k |
Directory Traversal |
Global RADAR BSA Radar Surveillance Module downloadFile.ashx |
۵.۵ |
CVE-2020-14946 |
Not Defined |
$۰-$۱k |
XSS |
Global RADAR BSA Radar Update User Profile Stored |
۳.۵ |
CVE-2020-14943 |
Not Defined |
$۰-$۱k |
Information Disclosure |
GNS3 ubridge Configuration File |
۳.۳ |
CVE-2020-14976 |
$۲k-$5k |
Privilege Escalation |
GNU Mailman Private Archive Login Page private.py |
۵.۵ |
CVE-2020-15011 |
|
$۱۰k-$25k |
Privilege Escalation |
Google Cloud Platform guest-oslogin compute.osLogin |
۶.۷ |
CVE-2020-8903 |
|
$۱۰k-$25k |
Privilege Escalation |
Google Cloud Platform guest-oslogin compute.osLogin |
۷.۸ |
CVE-2020-8933 |
|
$۱۰k-$25k |
Privilege Escalation |
Google Cloud Platform guest-oslogin compute.osLogin |
۷.۸ |
CVE-2020-8907 |
|
Not Defined |
$۱۰k-$25k |
Directory Traversal |
Google Go ExtractTo |
۷.۵ |
CVE-2020-7668 |
Not Defined |
$۱۰k-$25k |
Directory Traversal |
Google Go ExtractTo |
۷.۵ |
CVE-2020-7664 |
$۵k-$10k |
Information Disclosure |
IBM Security Guardium PRNG |
۵.۳ |
CVE-2020-4188 |
|
$۱۰k-$25k |
Privilege Escalation |
IBM Security Secret Server Clickjacking |
۴.۳ |
CVE-2020-4322 |
|
$۵k-$10k |
Information Disclosure |
IBM Security Secret Server Error Message |
۲.۷ |
CVE-2020-4341 |
|
$۵k-$10k |
Information Disclosure |
IBM Security Secret Server Error Message |
۲.۷ |
CVE-2020-4327 |
|
$۵k-$10k |
Information Disclosure |
IBM Security Secret Server HSTS |
۵.۹ |
CVE-2020-4413 |
|
$۵k-$10k |
Information Disclosure |
IBM Security Secret Server Installation File |
۵.۳ |
CVE-2020-4342 |
|
$۵k-$10k |
XSS |
IBM Security Secret Server Web UI |
۶.۱ |
CVE-2020-4323 |
|
Not Defined |
$۰-$۱k |
DoS |
IObit Advanced SystemCare Free Clean & Optimize |
۴.۴ |
CVE-2020-14990 |
Not Defined |
$۰-$۱k |
DoS |
IObit Unlocker Driver |
۳.۵ |
CVE-2020-14974 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
IObit Unlocker Driver |
۵.۵ |
CVE-2020-14975 |
Not Defined |
$۲k-$5k |
Memory Corruption |
jsrsasign Package ECDSA Signature Integer |
۵.۵ |
CVE-2020-14966 |
$۱k-$2k |
Weak Authentication |
jsrsasign Package RSA PKCS1 |
۴.۸ |
CVE-2020-14967 |
|
$۱k-$2k |
Weak Authentication |
jsrsasign Package RSASSA-PSS |
۴.۲ |
CVE-2020-14968 |
|
$۲k-$5k |
Privilege Escalation |
KeyCloak Authorization URL |
۶.۴ |
CVE-2020-1727 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Kordil EDMS documents_add.php |
۶.۳ |
CVE-2020-13887 |
Not Defined |
$۰-$۱k |
XSS |
Kordil EDMS users_edit.php |
۳.۵ |
CVE-2020-13888 |
$۲k-$5k |
Memory Corruption |
LoRa Basics Station Use-After-Free |
۵.۳ |
CVE-2020-4060 |
|
$۲k-$5k |
Memory Corruption |
LoRaMac-node |
۵.۷ |
CVE-2020-11068 |
|
$۲k-$5k |
Information Disclosure |
McAfee Advanced Threat Defense Access Control |
۵.۳ |
CVE-2020-7262 |
|
Not Defined |
$۱k-$2k |
Weak Encryption |
Mitsubishi Electric MELSEC iQ-R Cleartext |
۳.۵ |
CVE-2020-5594 |
$۲k-$5k |
Unknown Vulnerability |
Mutt/NeoMutt STARTTLS Injection |
۵.۹ |
CVE-2020-14954 |
|
Not Defined |
$۰-$۱k |
XSS |
Navigate CMS Edit User Page Stored |
۳.۵ |
CVE-2020-14018 |
Not Defined |
$۰-$۱k |
XSS |
Navigate CMS navigate.php |
۳.۵ |
CVE-2020-14014 |
Not Defined |
$۱k-$2k |
Information Disclosure |
Navigate CMS Password Reset User |
۴.۳ |
CVE-2020-14016 |
Not Defined |
$۱k-$2k |
Weak Authentication |
Navigate CMS Password Reset |
۳.۵ |
CVE-2020-14015 |
Not Defined |
$۰-$۱k |
Information Disclosure |
Navigate CMS sessions |
۲.۶ |
CVE-2020-14017 |
$۱۰k-$25k |
Memory Corruption |
net-snmp SNMPv3 GetBulk Request snmpusm.c usm_free_usmStateReference |
۵.۵ |
CVE-2019-20892 |
|
$۰-$۱k |
DoS |
ntp ntpd Memory Consumption |
۴.۴ |
CVE-2020-15025 |
|
Not Defined |
$۰-$۱k |
CSRF |
NukeViet add_user.php |
۴.۳ |
CVE-2020-13156 |
Not Defined |
$۰-$۱k |
CSRF |
NukeViet clearsystem.php |
۴.۳ |
CVE-2020-13155 |
Not Defined |
$۰-$۱k |
CSRF |
NukeViet edit.php |
۴.۳ |
CVE-2020-13157 |
$۰-$۱k |
DoS |
NVIDIA Linux GPU Display Driver UVM Driver |
۳.۵ |
CVE-2020-5967 |
|
$۱k-$2k |
Privilege Escalation |
NVIDIA Windows GPU Display Driver Control Panel |
۴.۴ |
CVE-2020-5962 |
|
$۰-$۱k |
DoS |
NVIDIA Windows GPU Display Driver DirectX 11 User Mode Driver x.dll |
۳.۵ |
CVE-2020-5965 |
|
$۲k-$5k |
Code Execution |
NVIDIA Windows GPU Display Driver Inter Process Communication API |
۵.۵ |
CVE-2020-5963 |
|
$۰-$۱k |
DoS |
NVIDIA Windows GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape |
۳.۵ |
CVE-2020-5966 |
|
$۲k-$5k |
Code Execution |
NVIDIA Windows GPU Display Driver Service Host |
۵.۵ |
CVE-2020-5964 |
|
$۲k-$5k |
Memory Corruption |
OpenEXR ImfDeepScanLineInputFile.cpp DeepScanLineInputFile() |
۵.۵ |
CVE-2020-15305 |
|
$۲k-$5k |
Memory Corruption |
OpenEXR ImfMisc.cpp getChunkOffsetTableSize() |
۵.۵ |
CVE-2020-15306 |
|
$۰-$۱k |
DoS |
OpenEXR ImfTiledInputFile.cpp TiledInputFile() |
۳.۵ |
CVE-2020-15304 |
|
Not Defined |
$۲k-$5k |
Command Injection |
Openfind MailGates Email |
۹.۸ |
CVE-2020-12782 |
Not Defined |
$۲k-$5k |
SQL Injection |
php-fusion comments.php |
۷.۲ |
CVE-2020-14960 |
Not Defined |
$۰-$۱k |
XSS |
php-fusion site_links.php |
۳.۵ |
CVE-2020-15041 |
$۱k-$2k |
Information Disclosure |
Pillow FliDecode.c |
۳.۵ |
CVE-2020-10177 |
|
$۲k-$5k |
Memory Corruption |
Pillow JP2 File Jpeg2KDecode.c |
۵.۵ |
CVE-2020-10994 |
|
$۲k-$5k |
Memory Corruption |
Pillow PCX File PcxDecode.c |
۵.۵ |
CVE-2020-10378 |
|
Not Defined |
$۲k-$5k |
Memory Corruption |
Pillow SGI Image File SgiRleDecode.c |
۵.۵ |
CVE-2020-11538 |
$۲k-$5k |
Memory Corruption |
Pillow TiffDecode.c |
۵.۵ |
CVE-2020-10379 |
|
$۲۵k-$50k |
Privilege Escalation |
Qualcomm Snapdragon Auto API |
۷.۸ |
CVE-2020-3626 |
|
$۱۰k-$25k |
Memory Corruption |
Qualcomm Snapdragon Auto Diag Command Integer Overflow |
۷.۸ |
CVE-2019-14094 |
|
$۱۰k-$25k |
Memory Corruption |
Qualcomm Snapdragon Auto eac3 Header |
۹.۸ |
CVE-2020-3662 |
|
$۲۵k-$50k |
Unknown Vulnerability |
Qualcomm Snapdragon Auto IPA Driver |
۷.۸ |
CVE-2019-14047 |
|
$۲۵k-$50k |
Memory Corruption |
Qualcomm Snapdragon Auto Kernel |
۹.۰ |
CVE-2019-10597 |
|
$۱۰k-$25k |
Memory Corruption |
Qualcomm Snapdragon Auto |
۷.۸ |
CVE-2020-3676 |
|
$۱۰k-$25k |
Memory Corruption |
Qualcomm Snapdragon Auto |
۷.۸ |
CVE-2020-3665 |
|
$۱۰k-$25k |
Memory Corruption |
Qualcomm Snapdragon Auto |
۹.۸ |
CVE-2020-3663 |
|
$۱۰k-$25k |
Memory Corruption |
Qualcomm Snapdragon Auto MP4 File |
۹.۸ |
CVE-2020-3661 |
|
$۵k-$10k |
DoS |
Qualcomm Snapdragon Auto MP4 File NULL Pointer Dereference |
۹.۱ |
CVE-2020-3658 |
|
$۵k-$10k |
DoS |
Qualcomm Snapdragon Auto MP4 File NULL Pointer Dereference |
۹.۸ |
CVE-2020-3660 |
|
$۱۰k-$25k |
Memory Corruption |
Qualcomm Snapdragon Auto NPU Double-Free |
۷.۸ |
CVE-2019-14091 |
|
$۱۰k-$25k |
Memory Corruption |
Qualcomm Snapdragon Auto Payload Pointer |
۵.۵ |
CVE-2019-10626 |
|
$۱۰k-$25k |
Memory Corruption |
Qualcomm Snapdragon Auto RTCP Message Stack-based |
۹.۸ |
CVE-2019-14073 |
|
$۱۰k-$25k |
Memory Corruption |
Qualcomm Snapdragon Auto SDP Out-of-Bounds |
۹.۸ |
CVE-2019-14080 |
|
$۱۰k-$25k |
Memory Corruption |
Qualcomm Snapdragon Auto Setup Message Decoding |
۹.۸ |
CVE-2019-14062 |
|
$۱۰k-$25k |
Memory Corruption |
Qualcomm Snapdragon Auto Stack-based |
۷.۸ |
CVE-2020-3635 |
|
$۱۰k-$25k |
Memory Corruption |
Qualcomm Snapdragon Auto Subsample Data |
۷.۸ |
CVE-2019-14076 |
|
$۱۰k-$25k |
Memory Corruption |
Qualcomm Snapdragon Compute |
۹.۸ |
CVE-2020-3614 |
|
$۱۰k-$25k |
Memory Corruption |
Qualcomm Snapdragon Compute Protection Mechanism Double-Free |
۷.۸ |
CVE-2020-3613 |
|
$۱۰k-$25k |
Privilege Escalation |
Qualcomm Snapdragon Consumer IOT/Snapdragon Mobile Logging Application |
۹.۸ |
CVE-2020-3628 |
|
$۱۰k-$25k |
Memory Corruption |
Qualcomm Snapdragon Consumer IOT/Snapdragon Mobile Use-After-Free |
۷.۸ |
CVE-2020-3642 |
|
$۵k-$10k |
Information Disclosure |
Qualcomm Snapdragon Industrial IOT/Snapdragon Mobile System Service |
۵.۵ |
CVE-2019-14092 |
|
$۰-$۱k |
XSS |
Rapid7 Metasploit Pro Scan Asset |
۶.۱ |
CVE-2020-7355 |
|
$۰-$۱k |
XSS |
Rapid7 Metasploit Pro Scan Asset |
۶.۱ |
CVE-2020-7354 |
|
$۲k-$5k |
Privilege Escalation |
Ruby on Rails MemCacheStore/RedisCacheStore Deserialization |
۹.۸ |
CVE-2020-8165 |
|
Not Defined |
$۰-$۱k |
CSRF |
Ruby on Rails rails-ujs Module |
۶.۵ |
CVE-2020-8167 |
$۲k-$5k |
Memory Corruption |
Sane Backend Heap-based |
۵.۵ |
CVE-2020-12865 |
|
$۲k-$5k |
Memory Corruption |
Sane Backend Heap-based |
۵.۵ |
CVE-2020-12861 |
|
$۰-$۱k |
DoS |
Sane Backend NULL Pointer Dereference |
۳.۵ |
CVE-2020-12866 |
|
$۱k-$2k |
Information Disclosure |
Sane Backend Out-of-Bounds |
۳.۵ |
CVE-2020-12864 |
|
$۱k-$2k |
Information Disclosure |
Sane Backend Out-of-Bounds |
۳.۵ |
CVE-2020-12863 |
|
$۱k-$2k |
Information Disclosure |
Sane Backend Out-of-Bounds |
۳.۵ |
CVE-2020-12862 |
|
Not Defined |
$۲k-$5k |
Directory Traversal |
SAS Software go-rpmutils CPIO Extraction |
۷.۵ |
CVE-2020-7667 |
$۰-$۱k |
XSS |
SeedProd coming-soon Plugin |
۳.۵ |
CVE-2020-15038 |
|
Not Defined |
$۰-$۱k |
XSS |
Solarwinds Orion Alert |
۳.۵ |
CVE-2020-14007 |
Not Defined |
$۲k-$5k |
Remote Code Execution |
Solarwinds Orion Event |
۶.۳ |
CVE-2020-14005 |
Not Defined |
$۰-$۱k |
XSS |
Solarwinds Orion Responsible Team |
۳.۵ |
CVE-2020-14006 |
Not Defined |
$۱k-$2k |
Weak Authentication |
Sophos Secure Email App SSL Certificate Validator |
۵.۹ |
CVE-2020-14980 |
Not Defined |
$۲k-$5k |
Unknown Vulnerability |
SquirrelMail compose.php Serialized |
۹.۸ |
CVE-2020-14933 |
Not Defined |
$۲k-$5k |
Unknown Vulnerability |
SquirrelMail compose.php Serialized |
۹.۸ |
CVE-2020-14932 |
$۱k-$2k |
CSRF |
Supermicro X10DRH-iT Web Interface config_user.cgi |
۵.۳ |
CVE-2020-15046 |
|
Not Defined |
$۰-$۱k |
DoS |
Tenda PA6 Wi-Fi Powerline Extender homeplugd |
۳.۵ |
CVE-2019-19506 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Tenda PA6 Wi-Fi Powerline Extender |
۶.۳ |
CVE-2019-16213 |
Not Defined |
$۲k-$5k |
Memory Corruption |
Tenda PA6 Wi-Fi Powerline Extender Web UI Stack-based |
۶.۳ |
CVE-2019-19505 |
$۱k-$2k |
Weak Authentication |
Tinxy Door Lock Replay |
۵.۰ |
CVE-2020-9438 |
|
Not Defined |
$۰-$۱k |
CSRF |
TP-LINK L-WR740N v4/TL-WR740ND v4 Admin Panel |
۴.۳ |
CVE-2020-14965 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
traceroute Package Child.exec() |
۹.۱ |
CVE-2018-21268 |
$۱۰k-$25k |
Memory Corruption |
VMware ESXi/Fusion/Workstation SVGA Device Off-By-One |
۸.۸ |
CVE-2020-3969 |
|
$۵k-$10k |
Information Disclosure |
VMware ESXi/Workstation/Fusion EHCI USB Controller |
۳.۵ |
CVE-2020-3964 |
|
$۱۰k-$25k |
Memory Corruption |
VMware ESXi/Workstation/Fusion PVNVRAM Use-After-Free |
۵.۳ |
CVE-2020-3963 |
|
$۵k-$10k |
DoS |
VMware ESXi/Workstation/Fusion Shader Out-of-Bounds |
۳.۵ |
CVE-2020-3970 |
|
$۱۰k-$25k |
Memory Corruption |
VMware ESXi/Workstation/Fusion SVGA Device Use-After-Free |
۸.۸ |
CVE-2020-3962 |
|
$۱۰k-$25k |
Memory Corruption |
VMware ESXi/Workstation/Fusion USB 2.0 Controller Heap-based |
۵.۵ |
CVE-2020-3967 |
|
$۵k-$10k |
Memory Corruption |
VMware ESXi/Workstation/Fusion USB 2.0 Controller Heap-based |
۵.۳ |
CVE-2020-3966 |
|
$۱۰k-$25k |
Memory Corruption |
VMware ESXi/Workstation/Fusion USB 3.0 Controller Out-of-Bounds |
۷.۸ |
CVE-2020-3968 |
|
$۲k-$5k |
Information Disclosure |
VMware ESXi/Workstation/Fusion vmxnet3 Virtual Network Adapter Heap-based |
۳.۳ |
CVE-2020-3971 |
|
$۲k-$5k |
Information Disclosure |
VMware ESXi/Workstation/Fusion XHCI USB Controller |
۳.۳ |
CVE-2020-3965 |
|
$۵k-$10k |
DoS |
VMware Tools HGFS |
۳.۵ |
CVE-2020-3972 |
|
Not Defined |
$۰-$۱k |
XSS |
WebFOCUS Business Intelligence |
۶.۱ |
CVE-2020-14202 |
Not Defined |
$۰-$۱k |
CSRF |
WebFOCUS Business Intelligence WFServlet(.ibfs) |
۸.۸ |
CVE-2020-14203 |
Not Defined |
$۲k-$5k |
XML External Entity |
WebFOCUS Business Intelligence WFServlet.cfg |
۸.۲ |
CVE-2020-14204 |
Not Defined |
$۰-$۱k |
XSS |
webTareas login.php loginForm |
۶.۱ |
CVE-2020-14973 |
$۱k-$2k |
Privilege Escalation |
WildFly Deserialization |
۶.۶ |
CVE-2020-10740 |
|
Not Defined |
$۲k-$5k |
Memory Corruption |
WinMagic SecureDoc IOCTL Dispatcher SDDisk2k.sys |
۷.۸ |
CVE-2020-11520 |
Not Defined |
$۱k-$2k |
Code Execution |
WinMagic SecureDoc SDDisk2k.sys |
۵.۳ |
CVE-2020-11519 |
$۲k-$5k |
Privilege Escalation |
Xiaomi Mi Jia Ink-Jet Printer Web Management Command |
۵.۵ |
CVE-2020-10561 |
|
$۲k-$5k |
Privilege Escalation |
Xiaomi R3600 Backup File tmp |
۴.۳ |
CVE-2020-11960 |
|
$۱k-$2k |
Information Disclosure |
Xiaomi R3600 Configuration |
۳.۵ |
CVE-2020-11959 |
|
$۱k-$2k |
Information Disclosure |
Xiaomi R3600 get_config_result |
۴.۳ |
CVE-2020-11961 |
|
$۲k-$5k |
Memory Corruption |
Xiaomi R3600 Web Interface Stack-based |
۶.۳ |
CVE-2020-14095 |
|
$۲k-$5k |
Memory Corruption |
Xiaomi R3600 Web Interface Stack-based |
۶.۳ |
CVE-2020-14094 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
ZTE U31R20 FTP Server |
۵.۵ |
CVE-2020-6870 |
Not Defined |
$۵k-$10k |
Directory Traversal |
ZyXEL Armor X1 WAP6806 |
۸.۶ |
CVE-2020-14461 |
سطح خطر حدود ۲۸% آسیبپذیریهای هفته، «پرخطر» و «حیاتی» برآورد شده است که بسیار قابلتوجّه است.
ارزش روز صفر بیش از ۶۷% آسیبپذیریهای هفته بالای ۲۰۰۰ دلار برآورد شده است.
خوشبختانه برای ۶۶% آسیبپذیریهای هفته، بهروزرسانیها و یا وصلههایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده از آسیبپذیریها بهتر است سریعاً اعمال شوند.
همچنین با ۶۹ مورد، اکثر آسیبپذیریهای هفته (۳۱%) از نوع «تخریب حافظه» بودند.