آسیبپذیریهای حیاتی هفته دوم مهرماه
این هفته آسیبپذیریهای «حیاتی» و «پرخطر» بسیاری در محصولات مهم Cisco و مرورگر Google Chrome گزارش و وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شد. همچنین در محصولات شرکتهای IBM، HPE، Apple، VMware، Lenovo وکرنل لینوکس و افزونههای Jenkinsچندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت.
لیست این آسیبپذیریها به همراه لینک وصلهها و بهروزرسانیهای ارائهشده در جدول زیر آمده است.
|
شناسه آسیبپذیری |
امتیاز مبنا |
محصول آسیبپذیر |
نوع آسیبپذیری |
ارزش روز صفر |
CTI |
رفع آسیبپذیری |
|
CVE-2020-9952 |
۴.۳ |
Apple iCloud WebKit Universal |
XSS |
$۵k-$10k |
۰.۶۰ |
Not Defined |
|
CVE-2020-9961 |
۶.۳ |
Apple macOS ImageIO Out-of-Bounds |
Memory Corruption |
$۱۰k-$25k |
۰.۶۲ |
|
|
CVE-2020-9941 |
۶.۳ |
Apple macOS Mail |
Privilege Escalation |
$۱۰k-$25k |
۰.۵۴ |
|
|
CVE-2020-9973 |
۶.۳ |
Apple macOS Model IO Out-of-Bounds |
Memory Corruption |
$۱۰k-$25k |
۰.۳۷ |
|
|
CVE-2020-9968 |
۵.۵ |
Apple macOS Sandbox |
Privilege Escalation |
$۱۰k-$25k |
۰.۵۰ |
|
|
CVE-2020-24333 |
۳.۵ |
Arista CloudVision Portal Configlet Management File Download |
Information Disclosure |
$۱k-$2k |
۰.۲۶ |
|
|
CVE-2020-7122 |
۳.۳ |
Aruba CX Switch Cisco Discovery Protocol |
DoS |
$۰-$۱k |
۰.۰۸ |
|
|
CVE-2020-7121 |
۳.۳ |
Aruba CX Switch Link Layer Discovery Protocol |
DoS |
$۰-$۱k |
۰.۳۷ |
|
|
CVE-2020-14179 |
۵.۳ |
Atlassian JIRA Server/Data Center QueryComponent!Default.jspa |
Information Disclosure |
$۱k-$2k |
۰.۲۱ |
|
|
CVE-2020-14177 |
۴.۳ |
Atlassian JIRA Server/Data Center ReDoS |
DoS |
$۰-$۱k |
۰.۲۵ |
|
|
CVE-2020-14180 |
۴.۳ |
Atlassian Jira Service Desk Server/Data Center Project Request Type |
Information Disclosure |
$۱k-$2k |
۰.۰۸ |
|
|
CVE-2020-13521 |
۷.۳ |
AVEVA eDNA Enterprise Data Historian SOAP ednareporting.asmx |
SQL Injection |
$۲k-$5k |
۰.۸۱ |
Not Defined |
|
CVE-2020-13505 |
۷.۳ |
AVEVA eDNA Enterprise Data Historian SOAP ednareporting.asmx |
SQL Injection |
$۲k-$5k |
۰.۳۲ |
Not Defined |
|
CVE-2020-13504 |
۷.۳ |
AVEVA eDNA Enterprise Data Historian SOAP ednareporting.asmx |
SQL Injection |
$۲k-$5k |
۰.۴۴ |
Not Defined |
|
CVE-2020-13503 |
۷.۳ |
AVEVA eDNA Enterprise Data Historian SOAP ednareporting.asmx |
SQL Injection |
$۲k-$5k |
۰.۰۹ |
Not Defined |
|
CVE-2020-6153 |
۷.۳ |
AVEVA eDNA Enterprise Data Historian SOAP FavoritesService.asmx |
SQL Injection |
$۲k-$5k |
۰.۷۲ |
Not Defined |
|
CVE-2020-13508 |
۷.۳ |
AVEVA eDNA Enterprise Data Historian Web Service Alias.asmx |
SQL Injection |
$۲k-$5k |
۰.۶۴ |
Not Defined |
|
CVE-2020-13507 |
۷.۳ |
AVEVA eDNA Enterprise Data Historian Web Service Alias.asmx |
SQL Injection |
$۲k-$5k |
۰.۰۰ |
Not Defined |
|
CVE-2020-13502 |
۷.۳ |
AVEVA eDNA Enterprise Data Historian Web Service DNAPoints.asmx |
SQL Injection |
$۲k-$5k |
۰.۳۲ |
Not Defined |
|
CVE-2020-15371 |
۵.۵ |
Brocade Fabric OS Code Injection |
Privilege Escalation |
$۲k-$5k |
۰.۸۳ |
|
|
CVE-2020-15372 |
۵.۳ |
Brocade Fabric OS Command-Line Interface |
Privilege Escalation |
$۱k-$2k |
۰.۵۷ |
|
|
CVE-2018-6449 |
۶.۳ |
Brocade Fabric OS HTTP Management Interface Header Injection |
Privilege Escalation |
$۲k-$5k |
۰.۳۸ |
|
|
CVE-2018-6447 |
۳.۵ |
Brocade Fabric OS HTTP Management Interface Reflected |
XSS |
$۰-$۱k |
۰.۴۵ |
|
|
CVE-2020-15370 |
۴.۳ |
Brocade Fabric OS Log File Password |
Information Disclosure |
$۱k-$2k |
۰.۴۱ |
|
|
CVE-2018-6448 |
۴.۳ |
Brocade Fabric OS Management Interface |
DoS |
$۰-$۱k |
۰.۴۱ |
|
|
CVE-2020-15373 |
۷.۳ |
Brocade Fabric OS REST API |
Memory Corruption |
$۲k-$5k |
۰.۴۹ |
|
|
CVE-2020-15374 |
۳.۵ |
Brocade Fabric OS REST API Reflected |
XSS |
$۰-$۱k |
۰.۳۳ |
|
|
CVE-2020-15369 |
۳.۵ |
Brocade Fabric OS Supportlink CLI Credentials |
Information Disclosure |
$۱k-$2k |
۰.۴۵ |
|
|
CVE-2019-16212 |
۶.۳ |
Brocade SANnav LDAP injection |
Privilege Escalation |
$۲k-$5k |
۰.۴۹ |
|
|
CVE-2019-16211 |
۳.۵ |
Brocade SANnav Password Storage Plaintext |
Weak Encryption |
$۱k-$2k |
۰.۴۹ |
|
|
CVE-2020-7734 |
۸.۲ |
cabot Package Endpoint Column |
XSS |
$۰-$۱k |
۰.۶۳ |
Not Defined |
|
CVE-2020-3559 |
۶.۸ |
Cisco Aironet Access Point |
DoS |
$۵k-$10k |
۰.۰۴ |
|
|
CVE-2020-3552 |
۷.۴ |
Cisco Aironet Access Point |
DoS |
$۲k-$5k |
۰.۰۸ |
|
|
CVE-2019-16007 |
۵.۹ |
Cisco AnyConnect Secure Mobility Client |
Privilege Escalation |
$۰-$۱k |
۰.۶۰ |
|
|
CVE-2019-15992 |
۷.۲ |
Cisco ASA/Firepower Threat Defense Lua Interpreter |
Privilege Escalation |
$۲۵k-$50k |
۰.۵۲ |
|
|
CVE-2020-3527 |
۸.۶ |
Cisco Catalyst 9200 Polaris Kernel Crash |
DoS |
$۵k-$10k |
۰.۱۳ |
|
|
CVE-2020-3133 |
۵.۸ |
Cisco Cisco Email Security Appliance Content Filter |
Privilege Escalation |
$۲۵k-$50k |
۰.۰۷ |
|
|
CVE-2019-1983 |
۷.۵ |
Cisco Email Security Appliance Advanced Malware Protection Crash |
DoS |
$۱۰k-$25k |
۰.۳۱ |
|
|
CVE-2019-1947 |
۸.۶ |
Cisco Email Security Appliance Email Message Filter CPU Exhaustion |
DoS |
$۱۰k-$25k |
۰.۵۲ |
|
|
CVE-2019-16025 |
۵.۵ |
Cisco Emergency Responder Web-based Management Interface |
XSS |
$۵k-$10k |
۰.۵۴ |
|
|
CVE-2019-16028 |
۹.۸ |
Cisco FirePOWER Management Center Web-based Management Interface |
Weak Authentication |
$۱۰k-$25k |
۰.۰۰ |
|
|
CVE-2020-3124 |
۶.۵ |
Cisco Hosted Collaboration Mediation Fulfillment Web-based Interface |
CSRF |
$۵k-$10k |
۰.۵۰ |
|
|
CVE-2020-3426 |
۷.۵ |
Cisco IOS LPWA Subsystem |
Privilege Escalation |
$۲۵k-$50k |
۰.۰۴ |
|
|
CVE-2020-3407 |
۸.۶ |
Cisco IOS XE Access Control List |
DoS |
$۱۰k-$25k |
۰.۳۳ |
|
|
CVE-2020-3508 |
۷.۴ |
Cisco IOS XE Aggregation Services |
DoS |
$۵k-$10k |
۰.۰۴ |
|
|
CVE-2020-3513 |
۶.۷ |
Cisco IOS XE Aggregation Services |
Privilege Escalation |
$۲۵k-$50k |
۰.۰۴ |
|
|
CVE-2020-3403 |
۶.۷ |
Cisco IOS XE CLI OS Command Injection |
Privilege Escalation |
$۲۵k-$50k |
۰.۲۱ |
|
|
CVE-2020-3476 |
۴.۴ |
Cisco IOS XE CLI |
Privilege Escalation |
$۱۰k-$25k |
۰.۸۱ |
|
|
CVE-2020-3497 |
۷.۴ |
Cisco IOS XE Control and Provisioning Crash |
DoS |
$۵k-$10k |
۰.۱۷ |
|
|
CVE-2020-3494 |
۷.۴ |
Cisco IOS XE Control and Provisioning Crash |
DoS |
$۵k-$10k |
۰.۰۸ |
|
|
CVE-2020-3493 |
۷.۴ |
Cisco IOS XE Control and Provisioning Crash |
DoS |
$۵k-$10k |
۰.۰۰ |
|
|
CVE-2020-3489 |
۷.۴ |
Cisco IOS XE Control and Provisioning Crash |
DoS |
$۵k-$10k |
۰.۰۰ |
|
|
CVE-2020-3488 |
۷.۴ |
Cisco IOS XE Control and Provisioning Crash |
DoS |
$۵k-$10k |
۰.۰۸ |
|
|
CVE-2020-3487 |
۷.۴ |
Cisco IOS XE Control and Provisioning Crash |
DoS |
$۵k-$10k |
۰.۰۰ |
|
|
CVE-2020-3486 |
۷.۴ |
Cisco IOS XE Control and Provisioning Crash |
DoS |
$۵k-$10k |
۰.۰۸ |
|
|
CVE-2020-3399 |
۸.۶ |
Cisco IOS XE Control and Provisioning Crash |
DoS |
$۱۰k-$25k |
۰.۱۲ |
|
|
CVE-2020-3526 |
۸.۶ |
Cisco IOS XE COPS Engine Crash |
DoS |
$۱۰k-$25k |
۰.۰۴ |
|
|
CVE-2020-3465 |
۷.۴ |
Cisco IOS XE |
DoS |
$۵k-$10k |
۰.۰۸ |
|
|
CVE-2020-3509 |
۸.۶ |
Cisco IOS XE DHCP Message Crash |
DoS |
$۱۰k-$25k |
۰.۱۲ |
|
|
CVE-2020-3503 |
۶.۰ |
Cisco IOS XE File System Permission |
Privilege Escalation |
$۱۰k-$25k |
۰.۲۱ |
|
|
CVE-2020-3418 |
۴.۷ |
Cisco IOS XE ICMPv6 Traffic |
Privilege Escalation |
$۲۵k-$50k |
۰.۲۵ |
|
|
CVE-2020-3422 |
۸.۶ |
Cisco IOS XE IP SLA Responder |
DoS |
$۱۰k-$25k |
۰.۲۱ |
|
|
CVE-2020-3414 |
۸.۶ |
Cisco IOS XE IPv4/IPv6 |
DoS |
$۱۰k-$25k |
۰.۲۵ |
|
|
CVE-2020-3423 |
۵.۱ |
Cisco IOS XE Lua Interpreter |
Privilege Escalation |
$۲۵k-$50k |
۰.۷۳ |
|
|
CVE-2020-3359 |
۸.۶ |
Cisco IOS XE mDNS |
DoS |
$۱۰k-$25k |
۰.۱۲ |
|
|
CVE-2020-3393 |
۶.۰ |
Cisco IOS XE Role-Based Access Control |
Privilege Escalation |
$۲۵k-$50k |
۰.۰۴ |
|
|
CVE-2020-3524 |
۶.۴ |
Cisco IOS XE ROM Monitor |
Privilege Escalation |
$۱۰k-$25k |
۰.۱۲ |
|
|
CVE-2020-3417 |
۶.۸ |
Cisco IOS XE ROM Monitor |
Privilege Escalation |
$۲۵k-$50k |
۰.۳۳ |
|
|
CVE-2020-3416 |
۶.۷ |
Cisco IOS XE RSP3 |
Privilege Escalation |
$۲۵k-$50k |
۰.۳۳ |
|
|
CVE-2020-3390 |
۷.۴ |
Cisco IOS XE SNMP Trap |
DoS |
$۵k-$10k |
۰.۰۸ |
|
|
CVE-2020-3404 |
۶.۷ |
Cisco IOS XE Telnet/SSH |
Privilege Escalation |
$۲۵k-$50k |
۰.۲۹ |
|
|
CVE-2020-3510 |
۸.۶ |
Cisco IOS XE Umbrella Connector Crash |
DoS |
$۱۰k-$25k |
۰.۰۴ |
|
|
CVE-2020-3396 |
۶.۸ |
Cisco IOS XE USB 3.0 SSD |
Privilege Escalation |
$۱k-$2k |
۰.۰۴ |
|
|
CVE-2020-3475 |
۴.۳ |
Cisco IOS XE Web Management Framework |
Privilege Escalation |
$۲۵k-$50k |
۰.۸۳ |
|
|
CVE-2020-3474 |
۴.۳ |
Cisco IOS XE Web Management Framework |
Privilege Escalation |
$۲۵k-$50k |
۰.۱۲ |
|
|
CVE-2020-3425 |
۸.۸ |
Cisco IOS XE Web Management Framework |
Privilege Escalation |
$۲۵k-$50k |
۰.۰۸ |
|
|
CVE-2020-3141 |
۸.۸ |
Cisco IOS XE Web Management |
Privilege Escalation |
$۲۵k-$50k |
۰.۶۲ |
|
|
CVE-2020-3516 |
۴.۳ |
Cisco IOS XE Web Server Authentication Crash |
DoS |
$۵k-$10k |
۰.۷۷ |
|
|
CVE-2020-3400 |
۸.۸ |
Cisco IOS XE Web UI |
Privilege Escalation |
$۲۵k-$50k |
۰.۱۲ |
|
|
CVE-2020-3428 |
۷.۴ |
Cisco IOS XE WLAN Local Profiling |
DoS |
$۵k-$10k |
۰.۰۴ |
|
|
CVE-2020-3429 |
۷.۴ |
Cisco IOS XE WPA2/WPA3 |
DoS |
$۵k-$10k |
۰.۱۷ |
|
|
CVE-2020-3480 |
۸.۶ |
Cisco IOS XE Zone-Based Firewall |
DoS |
$۱۰k-$25k |
۰.۰۴ |
|
|
CVE-2020-3421 |
۸.۶ |
Cisco IOS XE Zone-Based Firewall |
DoS |
$۱۰k-$25k |
۰.۱۷ |
|
|
CVE-2020-3492 |
۸.۶ |
Cisco IOS XE/AireOS Control and Provisioning Crash |
DoS |
$۱۰k-$25k |
۰.۱۲ |
|
|
CVE-2019-16023 |
۸.۶ |
Cisco IOS XR Border Gateway Protocol Restart |
DoS |
$۱۰k-$25k |
۰.۸۹ |
|
|
CVE-2019-16021 |
۸.۶ |
Cisco IOS XR Border Gateway Protocol Restart |
DoS |
$۱۰k-$25k |
۰.۳۵ |
|
|
CVE-2019-16019 |
۸.۶ |
Cisco IOS XR Border Gateway Protocol Restart |
DoS |
$۱۰k-$25k |
۰.۹۰ |
|
|
CVE-2020-3569 |
۸.۶ |
Cisco IOS XR DVMRP Memory Consumption |
DoS |
$۱۰k-$25k |
۰.۰۰ |
|
|
CVE-2020-3479 |
۶.۱ |
Cisco IOS/IOS XE Border Gateway Protocol Crash |
DoS |
$۱۰k-$25k |
۰.۸۳ |
|
|
CVE-2020-3477 |
۵.۵ |
Cisco IOS/IOS XE CLI Parser |
Information Disclosure |
$۵k-$10k |
۰.۰۴ |
|
|
CVE-2020-3511 |
۷.۴ |
Cisco IOS/IOS XE ISDN Subsystem Crash |
DoS |
$۵k-$10k |
۰.۰۴ |
|
|
CVE-2020-3512 |
۷.۴ |
Cisco IOS/IOS XE Link Layer Discovery Protocol Crash |
DoS |
$۵k-$10k |
۰.۰۴ |
|
|
CVE-2020-3409 |
۷.۴ |
Cisco IOS/IOS XE PROFINET Crash |
DoS |
$۵k-$10k |
۰.۲۹ |
|
|
CVE-2020-3408 |
۸.۶ |
Cisco IOS/IOS XE Split DNS |
DoS |
$۱۰k-$25k |
۰.۲۱ |
|
|
CVE-2019-16009 |
۸.۸ |
Cisco IOS/IOS XE Web UI |
CSRF |
$۱۰k-$25k |
۰.۶۸ |
|
|
CVE-2019-15974 |
۴.۷ |
Cisco Managed Services Accelerator Web Interface |
Open Redirect |
$۱۰k-$25k |
۰.۳۵ |
|
|
CVE-2019-16017 |
۶.۸ |
Cisco OAMP OpsConsole Server |
Privilege Escalation |
$۱۰k-$25k |
۰.۵۱ |
|
|
CVE-2019-15957 |
۷.۲ |
Cisco Small Business RV Series Router Web-based Management Interface OS Command Injection |
Privilege Escalation |
$۱۰k-$25k |
۰.۴۳ |
|
|
CVE-2019-15959 |
۶.۶ |
Cisco Small Business SPA500 Testing Script Command |
Privilege Escalation |
$۰-$۱k |
۰.۵۲ |
|
|
CVE-2019-15993 |
۷.۵ |
Cisco Small Business Switches Web UI |
Information Disclosure |
$۵k-$10k |
۰.۴۳ |
|
|
CVE-2020-3143 |
۸.۸ |
Cisco TelePresence Collaboration Endpoint Video Endpoint API |
Directory Traversal |
$۱۰k-$25k |
۰.۳۸ |
|
|
CVE-2019-15289 |
۷.۵ |
Cisco TelePresence Collaboration Endpoint/RoomOS Crash |
DoS |
$۵k-$10k |
۰.۶۹ |
|
|
CVE-2019-1736 |
۶.۲ |
Cisco UCS C-Series Rack Servers Signature Validation |
Privilege Escalation |
$۲k-$5k |
۰.۰۴ |
|
|
CVE-2019-16000 |
۴.۴ |
Cisco Umbrella Roaming Client Installer |
Privilege Escalation |
$۵k-$10k |
۰.۹۸ |
|
|
CVE-2020-3135 |
۶.۵ |
Cisco Unified Communications Manager Web-based Management Interface |
CSRF |
$۵k-$10k |
۰.۳۱ |
|
|
CVE-2019-15963 |
۴.۳ |
Cisco Unified Communications Manager Web-based Management Interface |
Information Disclosure |
$۵k-$10k |
۰.۴۳ |
|
|
CVE-2019-1888 |
۷.۲ |
Cisco Unified Contact Center Express Administration Web Interface OS Command Injection |
Privilege Escalation |
$۱۰k-$25k |
۰.۰۰ |
|
|
CVE-2020-3130 |
۵.۹ |
Cisco Unity Connection Web Management Interface |
Directory Traversal |
$۵k-$10k |
۰.۳۱ |
|
|
CVE-2019-16004 |
۶.۵ |
Cisco Vision Dynamic Signage Director REST API Endpoint |
Weak Authentication |
$۱۰k-$25k |
۰.۸۹ |
|
|
CVE-2020-3117 |
۴.۷ |
Cisco Web Security Appliance API Framework Header Injection |
Privilege Escalation |
$۲۵k-$50k |
۰.۳۱ |
|
|
CVE-2019-15969 |
۶.۱ |
Cisco Web Security Appliance Web-based Management Interface |
XSS |
$۱۰k-$25k |
۰.۴۳ |
|
|
CVE-2019-15287 |
۷.۸ |
Cisco WebEx Network Recording Player/Webex Player ARF File |
Memory Corruption |
$۱۰k-$25k |
۰.۶۹ |
|
|
CVE-2019-15285 |
۷.۸ |
Cisco WebEx Network Recording Player/Webex Player ARF File |
Memory Corruption |
$۱۰k-$25k |
۰.۳۸ |
|
|
CVE-2019-15283 |
۷.۸ |
Cisco WebEx Network Recording Player/Webex Player ARF File |
Memory Corruption |
$۱۰k-$25k |
۰.۶۰ |
|
|
CVE-2020-3116 |
۵.۵ |
Cisco WebEx UCF File |
DoS |
$۵k-$10k |
۰.۷۷ |
|
|
CVE-2020-3560 |
۸.۶ |
Cisco Wireless LAN Controller |
DoS |
$۵k-$10k |
۰.۲۹ |
|
|
CVE-2020-26102 |
۵.۵ |
cPanel Auth Policy API |
Privilege Escalation |
$۲k-$5k |
۰.۲۵ |
|
|
CVE-2020-26105 |
۵.۵ |
cPanel chkservd Test Credential |
Unknown Vulnerability |
$۲k-$5k |
۰.۲۰ |
|
|
CVE-2020-26115 |
۶.۱ |
cPanel Cron Editor Interface |
XSS |
$۰-$۱k |
۰.۳۳ |
|
|
CVE-2020-26114 |
۶.۱ |
cPanel Cron Jobs interface |
XSS |
$۰-$۱k |
۰.۴۱ |
|
|
CVE-2020-26100 |
۵.۵ |
cPanel csh Jail |
Privilege Escalation |
$۲k-$5k |
۰.۲۱ |
|
|
CVE-2020-26110 |
۳.۵ |
cPanel DNS Zone Manager DNSSEC Interface |
XSS |
$۰-$۱k |
۰.۴۱ |
|
|
CVE-2020-26112 |
۵.۵ |
cPanel Email Quota Cache |
Privilege Escalation |
$۲k-$5k |
۰.۳۷ |
|
|
CVE-2020-26098 |
۶.۳ |
cPanel Exim Filter |
Remote Code Execution |
$۲k-$5k |
۰.۷۹ |
|
|
CVE-2020-26108 |
۶.۳ |
cPanel File Extension |
Remote Code Execution |
$۲k-$5k |
۰.۳۷ |
|
|
CVE-2020-26103 |
۵.۵ |
cPanel mailman |
Weak Authentication |
$۱k-$2k |
۰.۶۶ |
|
|
CVE-2020-26106 |
۵.۵ |
cPanel Permission |
Privilege Escalation |
$۲k-$5k |
۰.۲۹ |
|
|
CVE-2020-26107 |
۳.۱ |
cPanel PowerDNS API Key |
Weak Authentication |
$۱k-$2k |
۰.۳۳ |
|
|
CVE-2020-26099 |
۵.۵ |
cPanel Protect SMTP Greylist |
Privilege Escalation |
$۲k-$5k |
۰.۲۵ |
|
|
CVE-2020-26109 |
۵.۵ |
cPanel Protection Mechanism |
Privilege Escalation |
$۲k-$5k |
۰.۴۱ |
|
|
CVE-2020-26101 |
۵.۵ |
cPanel RNDC |
Unknown Vulnerability |
$۲k-$5k |
۰.۱۶ |
|
|
CVE-2020-26104 |
۵.۵ |
cPanel SRS Secret |
Unknown Vulnerability |
$۲k-$5k |
۰.۶۷ |
|
|
CVE-2020-26111 |
۳.۵ |
cPanel WHM Edit DNS Zone Interface |
XSS |
$۰-$۱k |
۰.۹۴ |
|
|
CVE-2020-26113 |
۳.۵ |
cPanel WHM Manage API Tokens Interface |
XSS |
$۰-$۱k |
۰.۷۸ |
|
|
CVE-2020-25786 |
۳.۵ |
D-Link DIR-816L/DIR-803 URL Encoding info.php |
XSS |
$۵k-$10k |
۰.۰۷ |
|
|
CVE-2020-5929 |
۷.۴ |
F5 BIG-IP Plaintext |
Weak Encryption |
$۵k-$10k |
۰.۳۷ |
|
|
CVE-2020-5930 |
۳.۷ |
F5 BIG-IP/BIG-IQ |
DoS |
$۵k-$10k |
۰.۵۴ |
Not Defined |
|
CVE-2020-12817 |
۴.۳ |
Fortinet FortiAnalyzer |
XSS |
$۰-$۱k |
۰.۳۸ |
|
|
CVE-2020-12818 |
۴.۳ |
Fortinet FortiGate Log |
Privilege Escalation |
$۲k-$5k |
۰.۰۴ |
|
|
CVE-2020-12811 |
۳.۵ |
Fortinet FortiManager/FortiAnalyzer |
XSS |
$۰-$۱k |
۰.۰۸ |
Not Defined |
|
CVE-2020-12816 |
۴.۳ |
Fortinet FortiNAC Stored |
XSS |
$۰-$۱k |
۰.۳۱ |
|
|
CVE-2020-12815 |
۴.۳ |
Fortinet FortiTester |
XSS |
$۰-$۱k |
۰.۰۸ |
|
|
CVE-2020-25203 |
۵.۵ |
Framer Preview App |
Privilege Escalation |
$۲k-$5k |
۱.۹۲ |
Not Defined |
|
CVE-2020-16244 |
۲.۶ |
GE Digital APM Classic Hash |
Weak Encryption |
$۰-$۱k |
۰.۶۹ |
Not Defined |
|
CVE-2020-16240 |
۳.۵ |
GE Digital APM Classic JSON Download |
Information Disclosure |
$۱k-$2k |
۰.۸۷ |
Not Defined |
|
CVE-2020-16242 |
۳.۵ |
GE Reason S20 Ethernet Switch |
XSS |
$۰-$۱k |
۱.۴۷ |
Not Defined |
|
CVE-2020-24365 |
۸.۰ |
Gemtek WRTM-127ACN/WRTM-127x9 Monitor Diagnostic Network Page |
Privilege Escalation |
$۲k-$5k |
۰.۶۲ |
Not Defined |
|
CVE-2020-11031 |
۷.۸ |
GLPI |
Weak Encryption |
$۰-$۱k |
۰.۶۲ |
|
|
CVE-2020-6560 |
۴.۳ |
Google Chrome Autofill Cross-Origin |
Information Disclosure |
$۲۵k-$50k |
۰.۰۹ |
|
|
CVE-2020-6562 |
۶.۵ |
Google Chrome Blink Cross-Origin |
Information Disclosure |
$۲۵k-$50k |
۰.۰۹ |
|
|
CVE-2020-6567 |
۶.۳ |
Google Chrome Command Line |
Privilege Escalation |
$۵۰k-$100k |
۰.۹۴ |
|
|
CVE-2020-6561 |
۴.۳ |
Google Chrome Content Security Policy Cross-Origin |
Information Disclosure |
$۲۵k-$50k |
۰.۰۸ |
|
|
CVE-2020-6539 |
۸.۸ |
Google Chrome CSS Use-After-Free |
Memory Corruption |
$۵۰k-$100k |
۰.۰۹ |
|
|
CVE-2020-15961 |
۹.۶ |
Google Chrome Extension Policy Validator Sandbox |
Privilege Escalation |
$۵۰k-$100k |
۰.۰۹ |
|
|
CVE-2020-6563 |
۴.۳ |
Google Chrome Intent |
Information Disclosure |
$۲۵k-$50k |
۰.۰۷ |
|
|
CVE-2020-6558 |
۶.۵ |
Google Chrome iOSWeb |
Privilege Escalation |
$۵۰k-$100k |
۰.۰۷ |
|
|
CVE-2020-6566 |
۴.۳ |
Google Chrome Media Cross-Origin |
Information Disclosure |
$۲۵k-$50k |
۰.۶۸ |
|
|
CVE-2020-15964 |
۸.۸ |
Google Chrome Media Heap-based |
Memory Corruption |
$۵۰k-$100k |
۰.۱۷ |
|
|
CVE-2020-6576 |
۶.۳ |
Google Chrome Offscreen Canvas Use-After-Free |
Memory Corruption |
$۵۰k-$100k |
۰.۰۷ |
|
|
CVE-2020-6571 |
۴.۳ |
Google Chrome Omnibox Domain |
Spoofing |
$۲۵k-$50k |
۰.۴۸ |
|
|
CVE-2020-6565 |
۶.۳ |
Google Chrome Omnibox |
Spoofing |
$۲۵k-$50k |
۰.۴۶ |
|
|
CVE-2020-6564 |
۶.۳ |
Google Chrome Permission Dialog |
Spoofing |
$۲۵k-$50k |
۰.۷۵ |
|
|
CVE-2020-15966 |
۴.۳ |
Google Chrome Policy Enforcement |
Information Disclosure |
$۲۵k-$50k |
۰.۳۵ |
|
|
CVE-2020-6568 |
۶.۳ |
Google Chrome Policy Enforcement |
Privilege Escalation |
$۵۰k-$100k |
۰.۰۰ |
|
|
CVE-2020-15963 |
۹.۶ |
Google Chrome Policy Enforcement Sandbox |
Privilege Escalation |
$۵۰k-$100k |
۰.۱۷ |
|
|
CVE-2020-6559 |
۶.۳ |
Google Chrome Presentation API Use-After-Free |
Memory Corruption |
$۵۰k-$100k |
۰.۰۹ |
|
|
CVE-2020-6532 |
۸.۸ |
Google Chrome SCTP Use-After-Free |
Memory Corruption |
$۵۰k-$100k |
۰.۰۹ |
|
|
CVE-2020-15962 |
۸.۸ |
Google Chrome Serial Policy Validator Out-of-Bounds |
Memory Corruption |
$۵۰k-$100k |
۰.۱۷ |
|
|
CVE-2020-6540 |
۸.۸ |
Google Chrome Skia Heap-based |
Memory Corruption |
$۵۰k-$100k |
۰.۱۷ |
|
|
CVE-2020-15960 |
۸.۸ |
Google Chrome Storage Out-of-Bounds |
Memory Corruption |
$۵۰k-$100k |
۰.۰۶ |
|
|
CVE-2020-6556 |
۸.۸ |
Google Chrome Swiftshader Heap-based |
Memory Corruption |
$۵۰k-$100k |
۰.۱۷ |
|
|
CVE-2020-15965 |
۸.۸ |
Google Chrome v8 Out-of-Bounds |
Memory Corruption |
$۵۰k-$100k |
۰.۱۷ |
|
|
CVE-2020-6537 |
۸.۸ |
Google Chrome v8 Type Confusion |
Memory Corruption |
$۵۰k-$100k |
۰.۰۹ |
|
|
CVE-2020-6570 |
۴.۳ |
Google Chrome WebRTC |
Information Disclosure |
$۲۵k-$50k |
۰.۰۴ |
|
|
CVE-2020-6569 |
۶.۳ |
Google Chrome WebUSB Integer Overflow |
Memory Corruption |
$۵۰k-$100k |
۰.۲۶ |
|
|
CVE-2020-6541 |
۸.۸ |
Google Chrome WebUSB Use-After-Free |
Memory Corruption |
$۵۰k-$100k |
۰.۰۹ |
|
|
CVE-2020-6538 |
۶.۵ |
Google Chrome WebView Cross-Origin |
Information Disclosure |
$۲۵k-$50k |
۰.۱۷ |
|
|
CVE-2020-24625 |
۴.۳ |
HPE Pay Per Use Utility Computing Service Meter doGet() |
Directory Traversal |
$۱۰k-$25k |
۰.۴۹ |
|
|
CVE-2020-24626 |
۶.۳ |
HPE Pay Per Use Utility Computing Service Meter doPost() |
Directory Traversal |
$۱۰k-$25k |
۰.۱۴ |
|
|
CVE-2020-24624 |
۶.۳ |
HPE Pay Per Use Utility Computing Service Meter execute() |
Directory Traversal |
$۱۰k-$25k |
۰.۳۱ |
|
|
CVE-2020-4731 |
۶.۱ |
IBM Aspera Web Application Web UI |
XSS |
$۵k-$10k |
۰.۰۶ |
|
|
CVE-2020-4315 |
۴.۳ |
IBM Business Automation Content Analyzer on Cloud Authorization Token |
Weak Encryption |
$۵k-$10k |
۰.۰۶ |
|
|
CVE-2020-4531 |
۵.۳ |
IBM Business Automation Workflow Error Message |
Information Disclosure |
$۵k-$10k |
۰.۶۶ |
|
|
CVE-2020-4619 |
۶.۵ |
IBM Data Risk Manager Credential Storage Plaintext |
Weak Encryption |
$۵k-$10k |
۰.۰۴ |
|
|
CVE-2020-4617 |
۸.۱ |
IBM Data Risk Manager |
CSRF |
$۵k-$10k |
۰.۳۴ |
|
|
CVE-2020-4622 |
۷.۵ |
IBM Data Risk Manager Default Credentials |
Weak Authentication |
$۵k-$10k |
۰.۱۴ |
|
|
CVE-2020-4618 |
۴.۹ |
IBM Data Risk Manager |
DoS |
$۲k-$5k |
۰.۴۳ |
|
|
CVE-2020-4620 |
۸.۸ |
IBM Data Risk Manager Extension Code |
Privilege Escalation |
$۱۰k-$25k |
۰.۳۰ |
|
|
CVE-2020-4616 |
۵.۳ |
IBM Data Risk Manager |
Information Disclosure |
$۵k-$10k |
۰.۲۸ |
|
|
CVE-2020-4612 |
۶.۵ |
IBM Data Risk Manager |
Information Disclosure |
$۵k-$10k |
۰.۴۳ |
|
|
CVE-2020-4621 |
۸.۸ |
IBM Data Risk Manager |
Privilege Escalation |
$۱۰k-$25k |
۰.۵۵ |
|
|
CVE-2020-4611 |
۸.۸ |
IBM Data Risk Manager |
Privilege Escalation |
$۱۰k-$25k |
۰.۲۶ |
|
|
CVE-2020-4614 |
۷.۵ |
IBM Data Risk Manager |
Weak Encryption |
$۵k-$10k |
۰.۵۲ |
|
|
CVE-2020-4613 |
۷.۵ |
IBM Data Risk Manager |
Weak Encryption |
$۵k-$10k |
۰.۴۳ |
|
|
CVE-2020-4615 |
۵.۴ |
IBM Data Risk Manager Web UI |
XSS |
$۵k-$10k |
۰.۵۲ |
|
|
CVE-2020-4580 |
۷.۵ |
IBM DataPower Gateway |
DoS |
$۵k-$10k |
۰.۱۵ |
|
|
CVE-2020-4581 |
۷.۵ |
IBM DataPower Gateway HTTP2 Request |
DoS |
$۵k-$10k |
۰.۰۸ |
|
|
CVE-2020-4579 |
۷.۵ |
IBM DataPower Gateway HTTP2 Request |
DoS |
$۵k-$10k |
۰.۰۸ |
|
|
CVE-2020-4727 |
۶.۱ |
IBM InfoSphere Information Server Clickjacking |
Privilege Escalation |
$۱۰k-$25k |
۰.۳۸ |
|
|
CVE-2020-4324 |
۳.۵ |
IBM Security Secret Server |
Privilege Escalation |
$۱۰k-$25k |
۰.۷۹ |
|
|
CVE-2020-4340 |
۳.۱ |
IBM Security Secret Server SSL Certificate Validator |
Weak Authentication |
$۵k-$10k |
۰.۷۵ |
|
|
CVE-2020-4590 |
۵.۳ |
IBM WebSphere Application Server Liberty oAuth/openidConnectServer |
DoS |
$۵k-$10k |
۰.۰۷ |
|
|
CVE-2020-4643 |
۷.۵ |
IBM WebSphere Application Server XML Data |
XML External Entity |
$۲۵k-$50k |
۰.۳۷ |
|
|
CVE-2020-5783 |
۴.۳ |
IgniteNet HeliOS GLinq |
CSRF |
$۰-$۱k |
۰.۷۵ |
Not Defined |
|
CVE-2020-5782 |
۳.۵ |
IgniteNet HeliOS GLinq |
DoS |
$۰-$۱k |
۰.۷۵ |
Not Defined |
|
CVE-2020-5781 |
۳.۵ |
IgniteNet HeliOS GLinq Luci Configuration luci authenticator.htmlauth |
DoS |
$۰-$۱k |
۰.۸۸ |
Not Defined |
|
CVE-2020-12839 |
۹.۸ |
iSmartgate Pro checkExpirationDate.php PHP |
Privilege Escalation |
$۲k-$5k |
۰.۱۲ |
Not Defined |
|
CVE-2020-12842 |
۹.۸ |
iSmartgate Pro checkUserExpirationDate.php |
Privilege Escalation |
$۲k-$5k |
۰.۰۰ |
Not Defined |
|
CVE-2020-13119 |
۸.۱ |
iSmartgate Pro Clickjacking |
Privilege Escalation |
$۲k-$5k |
۰.۰۰ |
Not Defined |
|
CVE-2020-12843 |
۹.۸ |
iSmartgate Pro File Upload |
Privilege Escalation |
$۲k-$5k |
۰.۰۸ |
Not Defined |
|
CVE-2020-12837 |
۷.۵ |
iSmartgate Pro File Upload |
Privilege Escalation |
$۲k-$5k |
۰.۰۰ |
Not Defined |
|
CVE-2020-12841 |
۶.۵ |
iSmartgate Pro index.php |
CSRF |
$۱k-$2k |
۰.۱۵ |
Not Defined |
|
CVE-2020-12840 |
۶.۵ |
iSmartgate Pro index.php |
CSRF |
$۱k-$2k |
۰.۰۰ |
Not Defined |
|
CVE-2020-12282 |
۸.۸ |
iSmartgate Pro index.php |
CSRF |
$۰-$۱k |
۰.۰۴ |
Not Defined |
|
CVE-2020-12281 |
۶.۵ |
iSmartgate Pro index.php |
CSRF |
$۱k-$2k |
۰.۵۵ |
Not Defined |
|
CVE-2020-12838 |
۹.۸ |
iSmartgate Pro mailAdmin.php PHP |
Privilege Escalation |
$۲k-$5k |
۰.۰۸ |
Not Defined |
|
CVE-2020-12280 |
۶.۵ |
iSmartgate Pro opendoor.php |
CSRF |
$۱k-$2k |
۰.۰۰ |
Not Defined |
|
CVE-2020-19455 |
۷.۵ |
jdownloads categories.php order |
SQL Injection |
$۲k-$5k |
۰.۷۸ |
Not Defined |
|
CVE-2020-19450 |
۷.۵ |
jdownloads jdownloadshelper.php getUserLimits |
SQL Injection |
$۲k-$5k |
۰.۶۳ |
Not Defined |
|
CVE-2020-19451 |
۷.۵ |
jdownloads jdownloadshelper.php updateLog |
SQL Injection |
$۲k-$5k |
۰.۲۵ |
Not Defined |
|
CVE-2020-19447 |
۶.۳ |
jdownloads send.php |
SQL Injection |
$۲k-$5k |
۰.۴۸ |
Not Defined |
|
CVE-2020-2283 |
۵.۴ |
Jenkins Liquibase Runner Plugin Changeset Content Stored |
XSS |
$۰-$۱k |
۰.۵۶ |
Not Defined |
|
CVE-2020-2285 |
۵.۵ |
Jenkins Liquibase Runner Plugin Permission Check |
Privilege Escalation |
$۲k-$5k |
۰.۶۳ |
Not Defined |
|
CVE-2020-2284 |
۷.۱ |
Jenkins Liquibase Runner Plugin XML Parser |
XML External Entity |
$۲k-$5k |
۰.۵۰ |
Not Defined |
|
CVE-2020-2281 |
۵.۴ |
Jenkins Lockable Resources Plugin |
CSRF |
$۰-$۱k |
۰.۸۱ |
Not Defined |
|
CVE-2020-2279 |
۹.۹ |
Jenkins Script Security Plugin Sandbox |
Code Execution |
$۲k-$5k |
۰.۸۱ |
Not Defined |
|
CVE-2020-2280 |
۸.۸ |
Jenkins Warnings Plugin |
CSRF |
$۰-$۱k |
۰.۷۱ |
Not Defined |
|
CVE-2020-8333 |
۶.۴ |
Lenovo Desktop/ThinkStation SMI Callback |
Code Execution |
$۱k-$2k |
۰.۰۰ |
Not Defined |
|
CVE-2020-8348 |
۶.۱ |
Lenovo Enterprise Network Disk DOM-Based |
XSS |
$۰-$۱k |
۰.۰۴ |
|
|
CVE-2020-8347 |
۶.۱ |
Lenovo Enterprise Network Disk URL |
XSS |
$۰-$۱k |
۰.۰۴ |
|
|
CVE-2020-15840 |
۵.۵ |
Liferay Portal URL Encoding |
Privilege Escalation |
$۲k-$5k |
۰.۹۳ |
|
|
CVE-2020-15839 |
۴.۳ |
Liferay Portal/Liferay DXP Multipart Form |
DoS |
$۰-$۱k |
۰.۰۰ |
|
|
CVE-2020-26088 |
۵.۳ |
Linux Kernel NFC Socket rawsock.c |
Privilege Escalation |
$۵k-$10k |
۰.۰۴ |
|
|
CVE-2020-11857 |
۶.۳ |
Micro Focus Operation Bridge Reporter |
Privilege Escalation |
$۲k-$5k |
۰.۰۹ |
Not Defined |
|
CVE-2020-11855 |
۵.۳ |
Micro Focus Operation Bridge Reporter |
Privilege Escalation |
$۱k-$2k |
۰.۰۰ |
|
|
CVE-2020-11856 |
۶.۳ |
Micro Focus Operation Bridge Reporter |
Remote Code Execution |
$۲k-$5k |
۰.۰۰ |
|
|
CVE-2020-24594 |
۴.۳ |
Mitel MiCloud Management Portal |
XSS |
$۰-$۱k |
۰.۴۴ |
|
|
CVE-2020-24595 |
۳.۵ |
Mitel MiCloud Management Portal |
Information Disclosure |
$۱k-$2k |
۱.۰۵ |
|
|
CVE-2020-24592 |
۳.۵ |
Mitel MiCloud Management Portal |
Information Disclosure |
$۱k-$2k |
۰.۸۷ |
|
|
CVE-2020-24593 |
۶.۳ |
Mitel MiCloud Management Portal |
SQL Injection |
$۲k-$5k |
۱.۰۵ |
Official Fix |
|
CVE-2020-24692 |
۳.۵ |
Mitel MiContact Center Business Ignite Portal |
XSS |
$۰-$۱k |
۰.۲۱ |
Official Fix |
|
CVE-2020-15850 |
۷.۸ |
Nakivo Backup & Replication Director Director Web Interface |
Privilege Escalation |
$۲k-$5k |
۰.۰۰ |
Not Defined |
|
CVE-2020-15851 |
۶.۳ |
Nakivo Backup & Replication Transporter Access Control |
Privilege Escalation |
$۲k-$5k |
۰.۰۴ |
Not Defined |
|
CVE-2020-25130 |
۶.۳ |
Observium Professional/Enterprise/Community actions.php |
SQL Injection |
$۲k-$5k |
۰.۴۶ |
Not Defined |
|
CVE-2020-25142 |
۴.۳ |
Observium Professional/Enterprise/Community addsrv |
CSRF |
$۰-$۱k |
۲.۸۹ |
Not Defined |
|
CVE-2020-25137 |
۳.۵ |
Observium Professional/Enterprise/Community alert_check |
XSS |
$۰-$۱k |
۰.۳۴ |
Not Defined |
|
CVE-2020-25138 |
۳.۵ |
Observium Professional/Enterprise/Community alert_test_id |
XSS |
$۰-$۱k |
۰.۴۲ |
Not Defined |
|
CVE-2020-25147 |
۶.۳ |
Observium Professional/Enterprise/Community authenticate.inc.php |
SQL Injection |
$۲k-$5k |
۴.۰۶ |
Not Defined |
|
CVE-2020-25132 |
۶.۳ |
Observium Professional/Enterprise/Community authenticate.inc.php |
SQL Injection |
$۲k-$5k |
۰.۱۷ |
Not Defined |
|
CVE-2020-25149 |
۶.۳ |
Observium Professional/Enterprise/Community |
Directory Traversal |
$۲k-$5k |
۴.۵۳ |
Not Defined |
|
CVE-2020-25145 |
۵.۵ |
Observium Professional/Enterprise/Community |
Directory Traversal |
$۲k-$5k |
۳.۱۱ |
Not Defined |
|
CVE-2020-25144 |
۵.۵ |
Observium Professional/Enterprise/Community |
Directory Traversal |
$۲k-$5k |
۲.۲۴ |
Not Defined |
|
CVE-2020-25136 |
۵.۵ |
Observium Professional/Enterprise/Community |
Directory Traversal |
$۲k-$5k |
۰.۱۷ |
Not Defined |
|
CVE-2020-25140 |
۳.۵ |
Observium Professional/Enterprise/Community contacts.inc.php |
XSS |
$۰-$۱k |
۰.۴۲ |
Not Defined |
|
CVE-2020-25148 |
۳.۵ |
Observium Professional/Enterprise/Community |
XSS |
$۰-$۱k |
۳.۴۵ |
Not Defined |
|
CVE-2020-25135 |
۳.۵ |
Observium Professional/Enterprise/Community |
XSS |
$۰-$۱k |
۰.۲۵ |
Not Defined |
|
CVE-2020-25131 |
۳.۵ |
Observium Professional/Enterprise/Community |
XSS |
$۰-$۱k |
۰.۳۰ |
Not Defined |
|
CVE-2020-25134 |
۵.۵ |
Observium Professional/Enterprise/Community inc.php |
Directory Traversal |
$۲k-$5k |
۰.۲۵ |
Not Defined |
|
CVE-2020-25133 |
۵.۵ |
Observium Professional/Enterprise/Community inc.php |
Directory Traversal |
$۲k-$5k |
۰.۲۵ |
Not Defined |
|
CVE-2020-25143 |
۶.۳ |
Observium Professional/Enterprise/Community |
SQL Injection |
$۲k-$5k |
۲.۹۳ |
Not Defined |
|
CVE-2020-25146 |
۳.۵ |
Observium Professional/Enterprise/Community syslog_rules |
XSS |
$۰-$۱k |
۳.۴۵ |
Not Defined |
|
CVE-2020-25139 |
۳.۵ |
Observium Professional/Enterprise/Community syslog_rules |
XSS |
$۰-$۱k |
۰.۴۶ |
Not Defined |
|
CVE-2020-25141 |
۳.۵ |
Observium Professional/Enterprise/Community view |
XSS |
$۰-$۱k |
۱۰.۰۰ |
Not Defined |
|
CVE-2020-15223 |
۸.۰ |
ORY Fosite Storage Error |
Privilege Escalation |
$۲k-$5k |
۰.۰۸ |
|
|
CVE-2020-15222 |
۸.۱ |
ORY Fosite |
Weak Authentication |
$۱k-$2k |
۰.۳۵ |
|
|
CVE-2020-14028 |
۷.۲ |
Ozeki NG SMS Gateway Autoreply |
Directory Traversal |
$۲k-$5k |
۰.۸۱ |
Not Defined |
|
CVE-2020-14022 |
۸.۸ |
Ozeki NG SMS Gateway Bulk Import Command |
Privilege Escalation |
$۲k-$5k |
۰.۱۷ |
Not Defined |
|
CVE-2020-14025 |
۸.۸ |
Ozeki NG SMS Gateway |
CSRF |
$۰-$۱k |
۰.۰۹ |
Not Defined |
|
CVE-2020-14026 |
۸.۸ |
Ozeki NG SMS Gateway CSV Export CSV Injection |
Privilege Escalation |
$۲k-$5k |
۰.۲۶ |
Not Defined |
|
CVE-2020-14027 |
۵.۳ |
Ozeki NG SMS Gateway Database Connection |
Privilege Escalation |
$۲k-$5k |
۰.۱۷ |
Not Defined |
|
CVE-2020-14023 |
۴.۹ |
Ozeki NG SMS Gateway SMS WCF/RSS to SMS |
Server-Side Request Forgery |
$۲k-$5k |
۰.۳۴ |
Not Defined |
|
CVE-2020-14024 |
۶.۱ |
Ozeki NG SMS Gateway Stored |
XSS |
$۰-$۱k |
۰.۱۷ |
|
|
CVE-2020-14031 |
۷.۲ |
Ozeki NG SMS Gateway TXT File Module |
DoS |
$۰-$۱k |
۰.۰۹ |
|
|
CVE-2019-7177 |
۵.۵ |
Pexip Infinity Code Injection |
Privilege Escalation |
$۲k-$5k |
۰.۱۸ |
|
|
CVE-2020-13387 |
۳.۵ |
Pexip Infinity H.323 |
DoS |
$۰-$۱k |
۰.۱۶ |
|
|
CVE-2020-12824 |
۳.۵ |
Pexip Infinity RTP |
DoS |
$۰-$۱k |
۰.۳۵ |
|
|
CVE-2020-24615 |
۳.۵ |
Pexip Infinity SIP |
DoS |
$۰-$۱k |
۰.۲۰ |
|
|
CVE-2019-7178 |
۵.۵ |
Pexip Infinity System Backup Restore |
Privilege Escalation |
$۲k-$5k |
۰.۵۳ |
|
|
CVE-2018-10432 |
۳.۵ |
Pexip Infinity TLS Handshake |
DoS |
$۰-$۱k |
۰.۱۴ |
|
|
CVE-2018-10585 |
۳.۵ |
Pexip Infinity XML Parser |
DoS |
$۰-$۱k |
۰.۱۴ |
Official Fix |
|
CVE-2020-11805 |
۵.۵ |
Pexip Reverse Proxy and TURN Server UDP Access Control |
Privilege Escalation |
$۲k-$5k |
۰.۵۶ |
Official Fix |
|
CVE-2020-15162 |
۵.۴ |
PrestaShop Attachments |
XSS |
$۱k-$2k |
۰.۲۱ |
|
|
CVE-2020-15160 |
۶.۳ |
PrestaShop Catalog Product Edition Page Blind |
SQL Injection |
$۲k-$5k |
۰.۰۸ |
|
|
CVE-2020-15161 |
۵.۴ |
PrestaShop Contact Form |
XSS |
$۱k-$2k |
۰.۱۲ |
|
|
CVE-2020-25760 |
۶.۳ |
projectworlds Visitor Management System |
SQL Injection |
$۱k-$2k |
۳.۵۶- |
Not Defined |
|
CVE-2020-25761 |
۴.۳ |
projectworlds Visitor Management System Stored |
XSS |
$۰-$۱k |
۲.۷۸- |
Not Defined |
|
CVE-2020-25085 |
۵.۵ |
QEMU exec.c flatview_read_continue Heap-based |
Memory Corruption |
$۱۰k-$25k |
۰.۷۴ |
Not Defined |
|
CVE-2020-25084 |
۵.۵ |
QEMU hcd-xhci.c usb_packet_map Use-After-Free |
Memory Corruption |
$۱۰k-$25k |
۰.۲۵ |
Not Defined |
|
CVE-2020-25625 |
۳.۵ |
QEMU TD List hcd-ohci.c Loop |
DoS |
$۵k-$10k |
۰.۱۶ |
Not Defined |
|
CVE-2020-25748 |
۳.۷ |
Rubetek RV-3406/RV-3409/RV-3411 RTSP Server Cleartext |
Weak Encryption |
$۱k-$2k |
۰.۲۱ |
Not Defined |
|
CVE-2020-25749 |
۹.۸ |
Rubetek RV-3406/RV-3409/RV-3411 Telnet Service Default Admin Password |
Weak Authentication |
$۲k-$5k |
۱.۲۷ |
Not Defined |
|
CVE-2020-25747 |
۷.۳ |
Rubetek RV-3406/RV-3409/RV-3411 Telnet Service |
Weak Authentication |
$۱k-$2k |
۰.۲۱ |
Not Defined |
|
CVE-2020-25796 |
۷.۵ |
sized-chunks crate InlineArray |
Unknown Vulnerability |
$۲k-$5k |
۰.۰۹ |
Not Defined |
|
CVE-2020-25795 |
۷.۵ |
sized-chunks crate insert_from |
Memory Corruption |
$۲k-$5k |
۰.۰۹ |
Not Defined |
|
CVE-2020-25794 |
۷.۵ |
sized-chunks crate |
Memory Corruption |
$۲k-$5k |
۰.۰۹ |
Not Defined |
|
CVE-2020-25793 |
۷.۵ |
sized-chunks crate |
Memory Corruption |
$۲k-$5k |
۰.۱۳ |
Not Defined |
|
CVE-2020-25792 |
۷.۵ |
sized-chunks crate pair() |
Memory Corruption |
$۲k-$5k |
۰.۰۸ |
Not Defined |
|
CVE-2020-25791 |
۷.۵ |
sized-chunks crate unit() |
Memory Corruption |
$۲k-$5k |
۰.۳۸ |
Not Defined |
|
CVE-2020-25514 |
۵.۵ |
Sourcecodester Simple Library Management System Login Panel admin.php |
Privilege Escalation |
$۲k-$5k |
۰.۰۰ |
Not Defined |
|
CVE-2020-25515 |
۵.۵ |
Sourcecodester Simple Library Management System New Book |
Privilege Escalation |
$۲k-$5k |
۰.۲۶ |
Not Defined |
|
CVE-2020-5421 |
۸.۷ |
Spring Framework RFD |
Privilege Escalation |
$۲k-$5k |
۰.۰۵ |
Not Defined |
|
CVE-2020-16148 |
۹.۸ |
Telmat AccessLog Administration Panel Code Injection |
Privilege Escalation |
$۵۰k-$100k |
۰.۳۸ |
Not Defined |
|
CVE-2020-16147 |
۹.۸ |
Telmat AccessLog Login Page Code Injection |
Privilege Escalation |
$۵۰k-$100k |
۰.۵۸ |
Not Defined |
|
CVE-2020-15204 |
۵.۳ |
TensorFlow ctx->session_state() NULL Pointer Dereference |
DoS |
$۰-$۱k |
۱.۵۲ |
|
|
CVE-2020-15206 |
۹.۰ |
TensorFlow |
DoS |
$۰-$۱k |
۱.۷۷ |
|
|
CVE-2020-15191 |
۵.۳ |
TensorFlow dlpack.to_dlpack |
DoS |
$۰-$۱k |
۱.۲۳ |
|
|
CVE-2020-15192 |
۴.۳ |
TensorFlow dlpack.to_dlpack Memory Leak |
DoS |
$۰-$۱k |
۱.۳۱ |
|
|
CVE-2020-15193 |
۷.۱ |
TensorFlow dlpack.to_dlpack Uninitialized Memory |
Memory Corruption |
$۲k-$5k |
۱.۲۳ |
|
|
CVE-2020-15212 |
۸.۱ |
TensorFlow Heap-based |
Memory Corruption |
$۲k-$5k |
۱.۷۲ |
|
|
CVE-2020-15211 |
۴.۸ |
TensorFlow Heap-based |
Memory Corruption |
$۲k-$5k |
۱.۵۲ |
|
|
CVE-2020-15214 |
۸.۱ |
TensorFlow |
Memory Corruption |
$۲k-$5k |
۱.۵۹ |
|
|
CVE-2020-15213 |
۴.۰ |
TensorFlow Memory Exhaustion |
DoS |
$۰-$۱k |
۱.۵۱ |
|
|
CVE-2020-15208 |
۷.۴ |
TensorFlow Out-of-Bounds |
Memory Corruption |
$۲k-$5k |
۱.۷۳ |
|
|
CVE-2020-15199 |
۵.۹ |
TensorFlow RaggedCountSparseOutput |
DoS |
$۰-$۱k |
۱.۷۷ |
|
|
CVE-2020-15201 |
۴.۸ |
TensorFlow RaggedCountSparseOutput Heap-based |
Memory Corruption |
$۲k-$5k |
۱.۷۳ |
|
|
CVE-2020-15200 |
۵.۹ |
TensorFlow RaggedCountSparseOutput Heap-based |
Memory Corruption |
$۲k-$5k |
۱.۵۶ |
|
|
CVE-2020-15196 |
۸.۵ |
TensorFlow RaggedCountSparseOutput Heap-based |
Memory Corruption |
$۲k-$5k |
۱.۴۴ |
|
|
CVE-2020-15207 |
۸.۷ |
TensorFlow ResolveAxis Out-of-Bounds |
Memory Corruption |
$۲k-$5k |
۱.۶۱ |
|
|
CVE-2020-15202 |
۹.۰ |
TensorFlow Shard API Stack-based |
Memory Corruption |
$۲k-$5k |
۱.۷۳ |
|
|
CVE-2020-15197 |
۶.۳ |
TensorFlow SparseCountSparseOutput Assertion |
DoS |
$۰-$۱k |
۱.۶۱ |
|
|
CVE-2020-15198 |
۵.۴ |
TensorFlow SparseCountSparseOutput Heap-based |
Memory Corruption |
$۲k-$5k |
۱.۵۶ |
|
|
CVE-2020-15194 |
۵.۳ |
TensorFlow SparseFillEmptyRowsGrad Assertion |
DoS |
$۰-$۱k |
۱.۳۵ |
|
|
CVE-2020-15195 |
۸.۵ |
TensorFlow SparseFillEmptyRowsGrad Heap-based |
Memory Corruption |
$۲k-$5k |
۱.۴۸ |
|
|
CVE-2020-15205 |
۹.۰ |
TensorFlow tf.raw_ops.StringNGrams Stack-based |
Memory Corruption |
$۲k-$5k |
۱.۷۳ |
|
|
CVE-2020-15190 |
۵.۳ |
TensorFlow tf.raw_ops.Switch Segmentation Fault |
DoS |
$۰-$۱k |
۱.۱۴ |
|
|
CVE-2020-15203 |
۷.۵ |
TensorFlow tf.strings.as_string Segmentation Fault |
DoS |
$۰-$۱k |
۱.۹۹ |
|
|
CVE-2020-15209 |
۵.۹ |
TensorFlow TFLite Model NULL Pointer Dereference |
DoS |
$۰-$۱k |
۱.۴۸ |
|
|
CVE-2020-15210 |
۶.۵ |
TensorFlow TFLite Model Segmentation Fault |
Memory Corruption |
$۲k-$5k |
۱.۴۸ |
|
|
CVE-2020-25788 |
۵.۵ |
Tiny RSS Error Message init.php |
Unknown Vulnerability |
$۲k-$5k |
۰.۰۷ |
|
|
CVE-2020-25789 |
۵.۵ |
Tiny RSS |
Unknown Vulnerability |
$۲k-$5k |
۰.۰۸ |
|
|
CVE-2020-25787 |
۵.۵ |
Tiny RSS URL |
Unknown Vulnerability |
$۲k-$5k |
۰.۶۷ |
|
|
CVE-2020-24560 |
۵.۶ |
Trend Micro Security 2019 SSL Certificate Validator |
Weak Authentication |
$۱۰k-$25k |
۰.۲۷ |
Not Defined |
|
CVE-2020-15604 |
۵.۶ |
Trend Micro Security 2019 SSL Certificate Validator |
Weak Authentication |
$۱۰k-$25k |
۰.۱۲ |
Not Defined |
|
CVE-2020-3977 |
۶.۳ |
VMware Horizon DaaS Two-factor Authentication |
Weak Authentication |
$۵k-$10k |
۰.۱۹ |
|
|
CVE-2020-25597 |
۵.۷ |
Xen |
DoS |
$۵k-$10k |
۰.۶۹ |
|
|
CVE-2020-25602 |
۵.۷ |
Xen Error |
DoS |
$۵k-$10k |
۰.۳۲ |
|
|
CVE-2020-25600 |
۵.۷ |
Xen Event Channel |
DoS |
$۵k-$10k |
۰.۸۱ |
|
|
CVE-2020-25603 |
۵.۵ |
Xen Event Channel smp_*mb |
Memory Corruption |
$۱۰k-$25k |
۰.۶۹ |
|
|
CVE-2020-25599 |
۵.۵ |
Xen evtchn_reset() Out-of-Bounds |
Memory Corruption |
$۱۰k-$25k |
۰.۰۰ |
|
|
CVE-2020-25601 |
۳.۵ |
Xen FIFO Event Channel evtchn_destroy |
DoS |
$۵k-$10k |
۰.۵۰ |
|
|
CVE-2020-25595 |
۷.۱ |
Xen PCI Passthrough Backdoor |
Privilege Escalation |
$۱۰k-$25k |
۰.۸۱ |
|
|
CVE-2020-25598 |
۵.۷ |
Xen RCU |
DoS |
$۵k-$10k |
۰.۶۹ |
|
|
CVE-2020-25596 |
۵.۷ |
Xen SYSENTER Segmentation Fault |
DoS |
$۵k-$10k |
۰.۸۱ |
|
|
CVE-2020-25604 |
۵.۷ |
Xen Timer Migration |
DoS |
$۵k-$10k |
۰.۸۱ |
|
|
CVE-2020-15521 |
۳.۵ |
Zoho ManageEngine Applications Manager header.jsp |
XSS |
$۰-$۱k |
۰.۸۳ |
|
|
CVE-2020-15394 |
۷.۳ |
Zoho ManageEngine Applications Manager REST API |
SQL Injection |
$۲k-$5k |
۱.۷۰ |
سطح خطر حدود ۳۸% آسیبپذیریهای هفته، «پرخطر» و «حیاتی» برآورد شده است که بسیار قابل توجّه است.
ارزش روز صفرم ۷۴% آسیبپذیریهای هفته بیش از ۲۰۰۰ دلار بوده است.
خوشبختانه برای ۷۲% آسیبپذیریهای هفته، بهروزرسانیها و یا وصلههایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده ازآسیبپذیریها بهتر است سریعاً اعمال شوند.
همچنین با ۸۰ مورد، اکثر آسیبپذیریهای هفته (۲۳%) از نوع «DoS» بودند.
