آسیبپذیریهای حیاتی هفته سوم خردادماه
این هفته در محصولات بسیار مهم Cisco چندین آسیبپذیری حیاتی و پرخطر گزارش شده است. همچنین آسیبپذیریهای بسیاری با سطوح خطر «بالا» و «حیاتی» در سایر محصولات شرکتهای مهم از جمله IBM، Foxit، Fortinet، Qualcomm، D-Link، Linux Kernel و ... شناسایی شده است. بعلاوه مرورگر محبوب Google Chrome، دستگاههای همراه LG و SAMSUNG و چندین افزونه مهم WordPress و Jenkins نیز چندین آسیبپذیری خطرناک داشتند. امّا از آسیبپذیری خبرساز هفته، آسیبپذیریهای خطرناک و پرخطر Joomla بود.
لیست این آسیبپذیریها به همراه لینک وصلهها و بهروزرسانیهای ارائهشده در جدول زیر آمده است.
رفع آسیبپذیری |
نوع آسیبپذیری |
محصول آسیبپذیر |
امتیاز مبنا |
شناسه آسیبپذیری |
Not Defined |
Privilege Escalation |
Apache Ignite H2 Database |
۹.۱ |
CVE-2020-1963 |
Not Defined |
Code Execution |
Apache Unomi OGNL Scripting |
۵.۵ |
CVE-2020-11975 |
Not Defined |
Memory Corruption |
Asus Aura Sync IOCTL Ene.sys |
۷.۸ |
CVE-2019-17603 |
Privilege Escalation |
Atlassian Companion App File Download |
۷.۲ |
CVE-2020-4020 |
|
Privilege Escalation |
Atlassian Companion App File Edit |
۷.۸ |
CVE-2020-4019 |
|
Information Disclosure |
Atlassian FishEye/Crucible activeUserFinder.do |
۴.۳ |
CVE-2020-4015 |
|
CSRF |
Atlassian FishEye/Crucible |
۸.۸ |
CVE-2020-4018 |
|
Information Disclosure |
Atlassian FishEye/Crucible crucible-jira-ril Plugin applinks |
۵.۳ |
CVE-2020-4017 |
|
Information Disclosure |
Atlassian FishEye/Crucible crucible-jira-ril Plugin |
۵.۳ |
CVE-2020-4016 |
|
XSS |
Atlassian FishEye/Crucible Review |
۵.۴ |
CVE-2020-4023 |
|
XSS |
Atlassian FishEye/Crucible Review |
۵.۴ |
CVE-2020-4013 |
|
Privilege Escalation |
Atlassian FishEye/Crucible Watching Setting deleteWatch.do |
۵.۴ |
CVE-2020-4014 |
|
XSS |
Atlassian JIRA Server/Data Center XML Export View |
۵.۴ |
CVE-2020-4021 |
|
Information Disclosure |
Atlassian Navigator Links CustomAppsRestResource |
۴.۳ |
CVE-2020-4026 |
|
Privilege Escalation |
BitDefender Antivirus Free Symbolic Links |
۷.۲ |
CVE-2020-8103 |
|
Not Defined |
Privilege Escalation |
Castel NextGen DVR Authorization |
۵.۵ |
CVE-2020-11680 |
Not Defined |
Privilege Escalation |
Castel NextGen DVR |
۵.۵ |
CVE-2020-11679 |
Not Defined |
Weak Encryption |
Castel NextGen DVR SMTP Server Credentials |
۳.۵ |
CVE-2020-11681 |
Not Defined |
CSRF |
Castel NextGen DVR Web Interface __RequestVerificationToken |
۴.۳ |
CVE-2020-11682 |
Privilege Escalation |
Cisco Application Services Engine API |
۶.۳ |
CVE-2020-3333 |
|
Information Disclosure |
Cisco Application Services Engine Key Store |
۵.۵ |
CVE-2020-3335 |
|
DoS |
Cisco ASR 920 SNMP |
۶.۳ |
CVE-2020-3232 |
|
Privilege Escalation |
Cisco Catalyst 2960-L/Catalyst CDB-8P 802.1x |
۵.۹ |
CVE-2020-3231 |
|
Information Disclosure |
Cisco Digital Network Architecture Logging Cleartext |
۴.۳ |
CVE-2020-3281 |
|
DoS |
Cisco Identity Services Engine syslog Crash |
۵.۹ |
CVE-2020-3353 |
|
Command Injection |
Cisco IOS CLI Parser |
۶.۷ |
CVE-2020-3210 |
|
Privilege Escalation |
Cisco IOS Image Verification |
۶.۷ |
CVE-2020-3208 |
|
Privilege Escalation |
Cisco IOS Inter-VM Channel |
۸.۸ |
CVE-2020-3205 |
|
Privilege Escalation |
Cisco IOS IOx Application Environment |
۸.۱ |
CVE-2020-3257 |
|
Privilege Escalation |
Cisco IOS IOx Application Environment |
۸.۱ |
CVE-2020-3238 |
|
Privilege Escalation |
Cisco IOS IOx Application Environment |
۸.۱ |
CVE-2020-3199 |
|
XSS |
Cisco IOS IOx Application Environment Stored |
۶.۴ |
CVE-2020-3233 |
|
Privilege Escalation |
Cisco IOS |
۹.۸ |
CVE-2020-3258 |
|
Code Execution |
Cisco IOS |
۹.۸ |
CVE-2020-3198 |
|
Weak Authentication |
Cisco IOS Virtual Console Default Credentials |
۸.۸ |
CVE-2020-3234 |
|
Command Injection |
Cisco IOS XE bootp |
۶.۷ |
CVE-2020-3207 |
|
DoS |
Cisco IOS XE Flexible NetFlow Processor Loop |
۶.۹ |
CVE-2020-3221 |
|
DoS |
Cisco IOS XE Hardware Crypto Driver |
۶.۸ |
CVE-2020-3220 |
|
DoS |
Cisco IOS XE IEEE 802.11w Protected Management Frame |
۴.۷ |
CVE-2020-3206 |
|
Privilege Escalation |
Cisco IOS XE Image Verification |
۶.۸ |
CVE-2020-3209 |
|
Privilege Escalation |
Cisco IOS XE IOx Application Hosting Infrastructure Command |
۹.۸ |
CVE-2020-3227 |
|
Privilege Escalation |
Cisco IOS XE Linux Shell |
۸.۰ |
CVE-2020-3218 |
|
DoS |
Cisco IOS XE LSC Memory Leak |
۸.۶ |
CVE-2020-3203 |
|
Privilege Escalation & Command Injection |
Cisco IOS XE Operating System OS |
۸.۰ |
CVE-2020-3212 |
|
Privilege Escalation & Command Injection |
Cisco IOS XE Operating System OS |
۸.۰ |
CVE-2020-3211 |
|
Privilege Escalation |
Cisco IOS XE Operating System |
۷.۳ |
CVE-2020-3213 |
|
Privilege Escalation |
Cisco IOS XE Privileges |
۷.۳ |
CVE-2020-3215 |
|
Privilege Escalation |
Cisco IOS XE Privileges |
۷.۳ |
CVE-2020-3214 |
|
Privilege Escalation |
Cisco IOS XE Role Based Access Control |
۸.۸ |
CVE-2020-3229 |
|
Privilege Escalation |
Cisco IOS XE SD-WAN |
۶.۸ |
CVE-2020-3216 |
|
Privilege Escalation & Command Injection |
Cisco IOS XE Web UI OS |
۸.۸ |
CVE-2020-3219 |
|
Directory Traversal |
Cisco IOS XE Web-based User Interface |
۴.۵ |
CVE-2020-3223 |
|
Privilege Escalation & Command Injection |
Cisco IOS XE Web-based User Interface OS |
۸.۸ |
CVE-2020-3224 |
|
Privilege Escalation |
Cisco IOS XE Web-based User Interface |
۵.۳ |
CVE-2020-3222 |
|
DoS |
Cisco IOS/IOS XE CIP |
۸.۶ |
CVE-2020-3225 |
|
DoS |
Cisco IOS/IOS XE IKEv2 |
۷.۵ |
CVE-2020-3230 |
|
DoS |
Cisco IOS/IOS XE Secure Shell |
۷.۷ |
CVE-2020-3200 |
|
DoS |
Cisco IOS/IOS XE Session Initiation Protocol |
۸.۶ |
CVE-2020-3226 |
|
DoS |
Cisco IOS/IOS XE SNMP Subsystem |
۷.۷ |
CVE-2020-3235 |
|
DoS |
Cisco IOS/IOS XE Tcl Interpreter |
۶.۰ |
CVE-2020-3201 |
|
Privilege Escalation & Command Injection |
Cisco IOS/IOS XE Tcl Interpreter OS |
۷.۳ |
CVE-2020-3204 |
|
Memory Corruption |
Cisco IOS/IOS XE/IOS XR Stack-based |
۸.۸ |
CVE-2020-3217 |
|
DoS |
Cisco IOS/IOS XE/NX-OS SXP |
۶.۸ |
CVE-2020-3228 |
|
Privilege Escalation |
Cisco ISO IOx Application Environment |
۶.۳ |
CVE-2020-3237 |
|
SQL Injection |
Cisco Prime Infrastructure Web-based Management Interface |
۵.۹ |
CVE-2020-3339 |
|
Privilege Escalation |
Cisco Unified Contact Center Express API Subsystem |
۵.۹ |
CVE-2020-3267 |
|
Not Defined |
DoS |
Cisco WebEx Network Recording Player/Webex Player ARF File |
۳.۸ |
CVE-2020-3322 |
Not Defined |
DoS |
Cisco WebEx Network Recording Player/Webex Player ARF File |
۳.۸ |
CVE-2020-3321 |
Not Defined |
DoS |
Cisco WebEx Network Recording Player/Webex Player ARF File |
۳.۸ |
CVE-2020-3319 |
Weak Authentication |
ClearPass Policy Manager Web Interface |
۹.۸ |
CVE-2020-7115 |
|
Privilege Escalation |
ClearPass Policy Manager Web UI Administrative Interface Command |
۷.۲ |
CVE-2020-7117 |
|
Privilege Escalation |
ClearPass Policy Manager Web UI Administrative Interface Command |
۷.۲ |
CVE-2020-7116 |
|
XSS |
Combodo iTop Essential/iTop Professional Dashboard Reflected |
۳.۵ |
CVE-2020-11697 |
|
XSS |
Combodo iTop Essential/iTop Professional Menu Shortcut Name Stored |
۳.۵ |
CVE-2020-11696 |
|
XSS |
Comments Plugin Asset Volume Name Stored |
۳.۵ |
CVE-2020-13870 |
|
CSRF |
Comments Plugin Comment |
۴.۳ |
CVE-2020-13868 |
|
XSS |
Comments Plugin Guest Name Stored |
۳.۵ |
CVE-2020-13869 |
|
Not Defined |
Directory Traversal |
Cybele Thinfinity VirtualUI |
۵.۵ |
CVE-2019-16384 |
Not Defined |
XSS |
Cybele Thinfinity VirtualUI example.pdf |
۳.۵ |
CVE-2019-16385 |
XSS |
Django |
۶.۱ |
CVE-2020-13596 |
|
Privilege Escalation |
Django Memcached Backend |
۷.۵ |
CVE-2020-13254 |
|
Not Defined |
Information Disclosure |
D-Link DIR-865L Ax Cleartext Storage |
۷.۵ |
CVE-2020-13783 |
Not Defined |
Weak Encryption |
D-Link DIR-865L Ax Cleartext |
۷.۵ |
CVE-2020-13787 |
Not Defined |
Command Injection |
D-Link DIR-865L Ax |
۹.۸ |
CVE-2020-13782 |
Not Defined |
CSRF |
D-Link DIR-865L Ax |
۸.۸ |
CVE-2020-13786 |
Not Defined |
Weak Encryption |
D-Link DIR-865L Ax Random Number Generator PRNG |
۷.۵ |
CVE-2020-13784 |
Not Defined |
Weak Encryption |
D-Link DIR-865L |
۷.۵ |
CVE-2020-13785 |
Not Defined |
Privilege Escalation |
Docker Desktop |
۷.۸ |
CVE-2020-11492 |
Information Disclosure |
Docker Engine IPv6 |
۹.۸ |
CVE-2020-13401 |
|
Not Defined |
XSS |
ECharts API Plugin Stored |
۵.۴ |
CVE-2020-2193 |
Not Defined |
XSS |
ECharts API Plugin Trend Chart Stored |
۵.۴ |
CVE-2020-2194 |
XSS |
Elastic App Search Reference UI |
۶.۱ |
CVE-2020-7011 |
|
Weak Authentication |
Elastic Cloud on Kubernetes Random Number Generator |
۷.۵ |
CVE-2020-7010 |
|
Not Defined |
Privilege Escalation |
Elasticsearch Incomplete Fix CVE-2020-7009 |
۵.۵ |
CVE-2020-7014 |
Weak Authentication |
fastecdsa NIST P-256 Curve |
۷.۵ |
CVE-2020-12607 |
|
Not Defined |
XSS |
Fortinet FortiAnalyzer Admin Profile Stored |
۴.۳ |
CVE-2020-6640 |
Not Defined |
Privilege Escalation |
Fortinet FortiAP-S-W2/FortiAP-U CLI Admin Console |
۶.۵ |
CVE-2019-15709 |
Weak Encryption |
Fortinet FortiClient Configuration Backup Key |
۳.۳ |
CVE-2019-16150 |
|
Not Defined |
Privilege Escalation |
Fortinet FortiClient Temporary File Name |
۷.۸ |
CVE-2020-9291 |
Not Defined |
Privilege Escalation |
Fortinet FortiSIEM Windows Agent AoWinAgt |
۵.۳ |
CVE-2020-9292 |
Weak Authentication |
Foxit E-Mail Advertising System Interspire Email Marketer |
۴.۳ |
CVE-2018-21235 |
|
DoS |
Foxit PhantomPDF ArrayBuffer |
۴.۳ |
CVE-2018-21238 |
|
Unknown Vulnerability |
Foxit PhantomPDF Cloud Credential |
۵.۵ |
CVE-2019-20833 |
|
Unknown Vulnerability |
Foxit PhantomPDF COM Object |
۵.۵ |
CVE-2018-21243 |
|
Privilege Escalation |
Foxit PhantomPDF DLL |
۵.۳ |
CVE-2018-21241 |
|
Memory Corruption |
Foxit PhantomPDF Field AP |
۶.۳ |
CVE-2019-20823 |
|
DoS |
Foxit PhantomPDF FXSYS_wcslen |
۴.۳ |
CVE-2019-20824 |
|
Information Disclosure |
Foxit PhantomPDF GoToE/GoToR Credentials |
۳.۵ |
CVE-2018-21237 |
|
Code Execution |
Foxit PhantomPDF GoToE/GoToR |
۶.۳ |
CVE-2018-21242 |
|
Unknown Vulnerability |
Foxit PhantomPDF Homograph |
۵.۵ |
CVE-2019-20832 |
|
DoS |
Foxit PhantomPDF Memory Consumption |
۳.۵ |
CVE-2019-20818 |
|
DoS |
Foxit PhantomPDF Memory Consumption |
۳.۵ |
CVE-2019-20814 |
|
DoS |
Foxit PhantomPDF NULL Pointer Dereference |
۳.۵ |
CVE-2019-20821 |
|
DoS |
Foxit PhantomPDF NULL Pointer Dereference |
۵.۹ |
CVE-2019-20820 |
|
DoS |
Foxit PhantomPDF NULL Pointer Dereference |
۵.۹ |
CVE-2019-20817 |
|
DoS |
Foxit PhantomPDF NULL Pointer Dereference |
۵.۹ |
CVE-2019-20816 |
|
DoS |
Foxit PhantomPDF NULL Pointer Dereference |
۵.۹ |
CVE-2019-20813 |
|
Memory Corruption |
Foxit PhantomPDF Out-of-Bounds |
۶.۳ |
CVE-2019-20825 |
|
Code Execution |
Foxit PhantomPDF PDF Portfolio |
۵.۵ |
CVE-2018-21244 |
|
Privilege Escalation |
Foxit PhantomPDF Signature Validation |
۵.۵ |
CVE-2019-20834 |
|
DoS |
Foxit PhantomPDF XML Parser Memory Consumption |
۳.۵ |
CVE-2019-20819 |
|
DoS |
Foxit PhantomPDF XML Parser Memory Consumption |
۳.۵ |
CVE-2019-20815 |
|
DoS |
Foxit Reader NULL Pointer Dereference |
۴.۳ |
CVE-2018-21236 |
|
DoS |
Foxit Reader/PhantomPDF 3D Plugin Beta Crash |
۳.۵ |
CVE-2019-20831 |
|
Memory Corruption |
Foxit Reader/PhantomPDF 3D Plugin Beta Out-of-Bounds |
۶.۳ |
CVE-2019-20822 |
|
DoS |
Foxit Reader/PhantomPDF ArrayBuffer |
۴.۳ |
CVE-2018-21240 |
|
Weak Authentication |
Foxit Reader/PhantomPDF CAS Service Bruteforce |
۷.۵ |
CVE-2020-13805 |
|
Information Disclosure |
Foxit Reader/PhantomPDF Cloud Credential |
۵.۵ |
CVE-2019-20836 |
|
Memory Corruption |
Foxit Reader/PhantomPDF Dictionary Use-After-Free |
۶.۳ |
CVE-2020-13814 |
|
Information Disclosure |
Foxit Reader/PhantomPDF DocuSign Plugin Username |
۷.۵ |
CVE-2020-13804 |
|
Memory Corruption |
Foxit Reader/PhantomPDF Field AP Loop |
۵.۵ |
CVE-2019-20828 |
|
DoS |
Foxit Reader/PhantomPDF FXSYS_wcslen |
۴.۳ |
CVE-2019-20829 |
|
Information Disclosure |
Foxit Reader/PhantomPDF GoToE/GoToR Credentials |
۳.۵ |
CVE-2018-21239 |
|
Unknown Vulnerability |
Foxit Reader/PhantomPDF Homograph |
۵.۵ |
CVE-2019-20835 |
|
Memory Corruption |
Foxit Reader/PhantomPDF Javascript Use-After-Free |
۶.۹ |
CVE-2020-13806 |
|
DoS |
Foxit Reader/PhantomPDF Loop |
۴.۳ |
CVE-2020-13815 |
|
DoS |
Foxit Reader/PhantomPDF Loop |
۵.۹ |
CVE-2020-13807 |
|
DoS |
Foxit Reader/PhantomPDF Memory Consumption |
۴.۳ |
CVE-2019-20827 |
|
DoS |
Foxit Reader/PhantomPDF NULL Pointer Dereference |
۴.۳ |
CVE-2019-20826 |
|
Memory Corruption |
Foxit Reader/PhantomPDF Out-of-Bounds |
۶.۳ |
CVE-2019-20830 |
|
DoS |
Foxit Reader/PhantomPDF Resource Exhaustion |
۳.۵ |
CVE-2020-13809 |
|
DoS |
Foxit Reader/PhantomPDF Resource Exhaustion |
۳.۵ |
CVE-2020-13808 |
|
Privilege Escalation |
Foxit Reader/PhantomPDF Signature Validation |
۵.۵ |
CVE-2019-20837 |
|
Privilege Escalation |
Foxit Reader/PhantomPDF Signature Validation |
۵.۵ |
CVE-2020-13810 |
|
Privilege Escalation |
Foxit Reader/PhantomPDF Signature Validation |
۵.۵ |
CVE-2020-13803 |
|
Privilege Escalation |
Foxit Studio Photo DLL FoxitStudioPhoto366_3.6.6.916.exe |
۵.۳ |
CVE-2020-13813 |
|
Privilege Escalation |
Foxit Studio Photo DLL |
۵.۳ |
CVE-2020-13812 |
|
Memory Corruption |
Foxit Studio Photo Out-of-Bounds |
۶.۳ |
CVE-2020-13811 |
|
SQL Injection |
GESIO ERP |
۱۰.۰ |
CVE-2020-8967 |
|
Privilege Escalation |
GitHub Enterprise Server API |
۹.۸ |
CVE-2020-10516 |
|
Weak Encryption |
GnuTLS Session Ticket Key |
۲.۶ |
CVE-2020-13777 |
|
Privilege Escalation |
Google Chrome AppCache |
۶.۵ |
CVE-2020-6499 |
|
Privilege Escalation |
Google Chrome Content Security Policy |
۶.۵ |
CVE-2020-6501 |
|
Privilege Escalation |
Google Chrome Developer Tools Sandbox |
۶.۵ |
CVE-2020-6495 |
|
Information Disclosure |
Google Chrome |
۴.۳ |
CVE-2020-6503 |
|
Spoofing |
Google Chrome interstitials Address |
۶.۳ |
CVE-2020-6500 |
|
Privilege Escalation |
Google Chrome Notification |
۴.۳ |
CVE-2020-6504 |
|
Spoofing |
Google Chrome Omnibox Domain |
۶.۵ |
CVE-2020-6497 |
|
Memory Corruption |
Google Chrome Payments Use-After-Free |
۸.۸ |
CVE-2020-6496 |
|
Spoofing |
Google Chrome Security UI Address |
۶.۵ |
CVE-2020-6494 |
|
Spoofing |
Google Chrome Security UI |
۶.۵ |
CVE-2020-6502 |
|
Memory Corruption |
Google Chrome Use-After-Free |
۹.۶ |
CVE-2020-6493 |
|
Spoofing |
Google Chrome User Interface Domain |
۶.۵ |
CVE-2020-6498 |
|
Memory Corruption |
Google Chrome v8 Heap-based |
۸.۸ |
CVE-2020-6453 |
|
Memory Corruption |
Google Chrome v8 Out-of-Bounds |
۸.۸ |
CVE-2020-6419 |
|
Not Defined |
Server-Side Request Forgery |
Grafana Access Control |
۵.۳ |
CVE-2020-13379 |
Not Defined |
XSS |
Grafana Incomplete Fix CVE-2018-12099 |
۶.۱ |
CVE-2018-18625 |
Not Defined |
XSS |
Grafana Incomplete Fix CVE-2018-12099 |
۶.۱ |
CVE-2018-18624 |
Not Defined |
XSS |
Grafana Incomplete Fix CVE-2018-12099 |
۶.۱ |
CVE-2018-18623 |
Not Defined |
Memory Corruption |
Huawei AR120-S Out-of-Bounds |
۶.۵ |
CVE-2020-9071 |
Not Defined |
Privilege Escalation |
Huawei Honor 20/Honor 20 Pro/View 20 |
۵.۵ |
CVE-2020-9074 |
Not Defined |
DoS |
Huawei NIP6800/Secospace USG6600/Secospace USG9500 Memory Leak |
۳.۵ |
CVE-2020-1883 |
Not Defined |
Weak Encryption |
IBM Planning Analytics |
۷.۵ |
CVE-2020-4367 |
Not Defined |
XSS |
IBM Planning Analytics Web UI |
۵.۴ |
CVE-2020-4431 |
Not Defined |
XSS |
IBM Planning Analytics Web UI |
۵.۴ |
CVE-2020-4360 |
Not Defined |
XSS |
IBM Planning Analytics Web UI |
۶.۱ |
CVE-2020-4503 |
Not Defined |
XSS |
IBM Planning Analytics Web UI |
۶.۱ |
CVE-2020-4366 |
Not Defined |
XML External Entity |
IBM QRadar SIEM XML Data |
۷.۶ |
CVE-2020-4509 |
Not Defined |
Weak Authentication |
IBM Security Guardium Account Lockout Bruteforce |
۹.۸ |
CVE-2020-4193 |
Not Defined |
Privilege Escalation |
IBM Security Guardium Command |
۸.۸ |
CVE-2020-4180 |
Not Defined |
Weak Encryption |
IBM Security Guardium Default Key |
۶.۷ |
CVE-2020-4190 |
Not Defined |
Weak Encryption |
IBM Security Guardium Default Key |
۹.۸ |
CVE-2020-4177 |
Not Defined |
Information Disclosure |
IBM Security Guardium Login Page |
۵.۳ |
CVE-2020-4187 |
Not Defined |
DoS |
IBM Security Guardium Solr Dashboard |
۶.۵ |
CVE-2020-4307 |
Not Defined |
Weak Encryption |
IBM Security Guardium |
۴.۴ |
CVE-2020-4191 |
Not Defined |
XSS |
IBM Security Guardium Web UI |
۶.۱ |
CVE-2020-4183 |
Not Defined |
XSS |
IBM Security Guardium Web UI |
۶.۱ |
CVE-2020-4182 |
Not Defined |
Information Disclosure |
IBM WebSphere Application Server |
۷.۵ |
CVE-2020-4449 |
Not Defined |
Code Execution & Memory Corruption |
IBM WebSphere Application Server Network Deployment |
۹.۸ |
CVE-2020-4448 |
Not Defined |
Code Execution |
IBM WebSphere Application Server |
۹.۸ |
CVE-2020-4450 |
Not Defined |
Privilege Escalation |
IBM Worklight/MobileFoundation Session Cookie |
۵.۶ |
CVE-2020-4229 |
Not Defined |
Privilege Escalation |
IP Encapsulation within IP |
۵.۳ |
CVE-2020-10136 |
XSS |
Joomla CMS Articles |
۶.۱ |
CVE-2020-13761 |
|
XSS |
Joomla CMS com_modules |
۶.۱ |
CVE-2020-13762 |
|
CSRF |
Joomla CMS com_postinstall |
۸.۸ |
CVE-2020-13760 |
|
XSS |
Joomla CMS Textfilter |
۷.۵ |
CVE-2020-13763 |
|
Privilege Escalation |
Kibana TSVB Prototype |
۸.۸ |
CVE-2020-7013 |
|
XSS |
Kibana TSVB Visualization Stored |
۵.۴ |
CVE-2020-7015 |
|
Not Defined |
Privilege Escalation |
Kibana Upgrade Assistant Code |
۸.۸ |
CVE-2020-7012 |
Not Defined |
Privilege Escalation |
LG Mobile Devices Access Restriction |
۵.۵ |
CVE-2020-13841 |
Not Defined |
Code Execution & Memory Corruption |
LG Mobile Devices Command |
۵.۵ |
CVE-2020-13840 |
Not Defined |
Code Execution & Memory Corruption |
LG Mobile Devices Command |
۵.۵ |
CVE-2020-13839 |
Not Defined |
Privilege Escalation |
LG Mobile Devices |
۵.۵ |
CVE-2020-13842 |
Not Defined |
DoS |
LG Mobile Devices Userdata Partition |
۳.۳ |
CVE-2020-13843 |
Not Defined |
Memory Corruption |
libjpeg-turbo/MozJPEG PPM File rdppm.c get_rgb_row() |
۸.۱ |
CVE-2020-13790 |
Not Defined |
DoS |
libvirt API NULL Pointer Dereference |
۶.۵ |
CVE-2020-10703 |
DoS |
Linux Kernel af_packet.c prb_calc_retire_blk_tmo() |
۵.۵ |
CVE-2019-20812 |
|
Unknown Vulnerability |
Linux Kernel net-sysfs.c rx_queue_add_kobject() |
۵.۵ |
CVE-2019-20811 |
|
DoS |
Linux Kernel snd-go7007.c go7007_snd_init |
۳.۵ |
CVE-2019-20810 |
|
XSS |
MailPoet Plugin Reflected |
۶.۱ |
CVE-2019-11843 |
|
Not Defined |
XSS |
Navigate CMS feed.class.php |
۶.۱ |
CVE-2020-13798 |
Not Defined |
XSS |
Navigate CMS structure.class.php |
۶.۱ |
CVE-2020-13796 |
Not Defined |
Directory Traversal |
Navigate CMS template.class.php |
۵.۳ |
CVE-2020-13795 |
Not Defined |
XSS |
Navigate CMS website.class.php |
۶.۱ |
CVE-2020-13797 |
Information Disclosure |
OctoberCMS debugbar Plugin Log |
۶.۱ |
CVE-2020-11094 |
|
Not Defined |
Privilege Escalation |
OctoberCMS ImportExportController CSV Injection |
۴.۶ |
CVE-2020-5299 |
XSS |
OctoberCMS ImportExportController Reflected |
۴.۸ |
CVE-2020-5298 |
|
DoS |
OctoberCMS Permission |
۶.۲ |
CVE-2020-5296 |
|
Privilege Escalation |
OctoberCMS Permission File Upload |
۲.۷ |
CVE-2020-5297 |
|
Information Disclosure |
OctoberCMS Permission |
۴.۹ |
CVE-2020-5295 |
|
Not Defined |
Privilege Escalation |
OpenSSH scp Client |
۷.۵ |
CVE-2020-12062 |
Memory Corruption |
Perl Regular Expression Integer Overflow |
۷.۳ |
CVE-2020-10878 |
|
Memory Corruption |
Perl Regular Expression Integer Overflow |
۷.۳ |
CVE-2020-10543 |
|
Memory Corruption |
Perl Regular Expression regcomp.c S_study_chunk |
۷.۳ |
CVE-2020-12723 |
|
XSS |
PHPList user.php |
۶.۱ |
CVE-2020-13827 |
|
Not Defined |
Privilege Escalation & Command Injection |
Play Framework Plugin OS |
۸.۸ |
CVE-2020-2200 |
Not Defined |
Directory Traversal |
PlayTube User Details |
۴.۳ |
CVE-2020-13792 |
Not Defined |
Information Disclosure |
Project Inheritance Plugin API getConfigAsXML |
۶.۵ |
CVE-2020-2198 |
Not Defined |
Privilege Escalation |
Project Inheritance Plugin Project Job Configuration |
۵.۳ |
CVE-2020-2197 |
Not Defined |
XSS |
Pydio Cells |
۳.۵ |
CVE-2020-12853 |
Not Defined |
Privilege Escalation |
Pydio Cells Profile Image Upload |
۷.۳ |
CVE-2020-12849 |
Not Defined |
Weak Authentication |
Pydio Cells Public Link Default Credentials |
۴.۳ |
CVE-2020-12848 |
Not Defined |
Privilege Escalation |
Pydio Cells Software Update |
۵.۵ |
CVE-2020-12852 |
Not Defined |
Directory Traversal |
Pydio Cells Web Application |
۵.۵ |
CVE-2020-12851 |
Not Defined |
Privilege Escalation |
Pydio Cells Web Application |
۵.۵ |
CVE-2020-12847 |
Not Defined |
Weak Encryption |
Python-RSA Decryption |
۷.۵ |
CVE-2020-13757 |
Not Defined |
DoS |
QEMU exec.c address_space_map |
۷.۵ |
CVE-2020-13659 |
Not Defined |
Memory Corruption |
QEMU loader.c rom_copy() |
۵.۵ |
CVE-2020-13765 |
Not Defined |
Memory Corruption |
QEMU MSI-X MMIO msix.c |
۶.۷ |
CVE-2020-13754 |
Information Disclosure |
QEMU PAuth Support |
۵.۵ |
CVE-2020-10702 |
|
Not Defined |
Memory Corruption |
QEMU pci.c |
۵.۵ |
CVE-2020-13791 |
Not Defined |
DoS |
QEMU Recursion ati.c ati_mm_write |
۳.۵ |
CVE-2020-13800 |
Memory Corruption |
Qualcomm HDR |
۷.۸ |
CVE-2019-14087 |
|
Memory Corruption |
Qualcomm Snapdragon Auto ADSP Parser |
۷.۱ |
CVE-2019-14038 |
|
Memory Corruption |
Qualcomm Snapdragon Auto drawobj Double-Free |
۷.۸ |
CVE-2020-3610 |
|
Memory Corruption |
Qualcomm Snapdragon Auto DSP Out-of-Bounds |
۷.۸ |
CVE-2020-3625 |
|
Race Condition |
Qualcomm Snapdragon Auto fastrpc Memory Mapping API race condition |
۷.۰ |
CVE-2020-3680 |
|
Memory Corruption |
Qualcomm Snapdragon Auto Feature ID Integer Overflow |
۷.۸ |
CVE-2019-14066 |
|
Memory Corruption |
Qualcomm Snapdragon Auto Fingerprint Out-of-Bounds |
۷.۱ |
CVE-2019-14043 |
|
Memory Corruption |
Qualcomm Snapdragon Auto Fingerprint Out-of-Bounds |
۷.۱ |
CVE-2019-14042 |
|
Memory Corruption |
Qualcomm Snapdragon Auto Integer Overflow |
۹.۸ |
CVE-2020-3641 |
|
Memory Corruption |
Qualcomm Snapdragon Auto |
۹.۸ |
CVE-2020-3633 |
|
Memory Corruption |
Qualcomm Snapdragon Auto Out-of-Bounds |
۷.۱ |
CVE-2019-14039 |
|
Memory Corruption |
Qualcomm Snapdragon Auto Out-of-Bounds |
۷.۸ |
CVE-2019-14077 |
|
Memory Corruption |
Qualcomm Snapdragon Auto qpay Out-of-Bounds |
۷.۸ |
CVE-2019-14078 |
|
Unknown Vulnerability |
Qualcomm Snapdragon Auto RMF Reachable Assertion |
۹.۸ |
CVE-2020-3615 |
|
Information Disclosure |
Qualcomm Snapdragon Auto Side-Channel |
۵.۵ |
CVE-2019-14067 |
|
Memory Corruption |
Qualcomm Snapdragon Auto strcpy |
۷.۸ |
CVE-2020-3616 |
|
Memory Corruption |
Qualcomm Snapdragon Auto Video Out-of-Bounds |
۷.۸ |
CVE-2020-3630 |
|
Memory Corruption |
Qualcomm Snapdragon Auto XFRM Policy Out-of-Bounds |
۷.۱ |
CVE-2019-14053 |
|
Memory Corruption |
Qualcomm Snapdragon Compute Event NULL Pointer Dereference |
۷.۸ |
CVE-2020-3618 |
|
Privilege Escalation |
Qualcomm Snapdragon Compute |
۷.۸ |
CVE-2019-14054 |
|
DoS |
Qualcomm Snapdragon Compute WLAN Assertion |
۷.۵ |
CVE-2020-3645 |
|
Privilege Escalation |
Qualcomm Snapdragon Mobile Kernel |
۷.۸ |
CVE-2020-3623 |
|
Not Defined |
Command Injection |
QuickBox Community Edition/Pro Edition |
۸.۸ |
CVE-2020-13448 |
Not Defined |
Information Disclosure |
QuickBox Community Edition/Pro Edition grep *.db |
۷.۲ |
CVE-2020-13695 |
Not Defined |
Privilege Escalation & Command Injection |
QuickBox Community Edition/Pro Edition sudo OS |
۸.۸ |
CVE-2020-13694 |
Not Defined |
SQL Injection |
rConfig compliancepolicies.inc.php |
۹.۸ |
CVE-2020-10546 |
Not Defined |
SQL Injection |
rConfig compliancepolicyelements.inc.php |
۹.۸ |
CVE-2020-10547 |
Not Defined |
SQL Injection |
rConfig devices.inc.php |
۹.۸ |
CVE-2020-10548 |
Not Defined |
SQL Injection |
rConfig snippets.inc.php |
۹.۸ |
CVE-2020-10549 |
Code Execution |
Sabberworm PHP CSS Parser getSelectorsBySpecificity |
۹.۸ |
CVE-2020-13756 |
|
Weak Authentication |
Samsung Mobile Devices DeX Lockscreen |
۴.۳ |
CVE-2020-13838 |
|
Weak Authentication |
Samsung Mobile Devices Gatekeeper Trustlet Bruteforce |
۳.۱ |
CVE-2020-13835 |
|
Directory Traversal |
Samsung Mobile Devices HWRResProvider |
۳.۵ |
CVE-2020-13836 |
|
Weak Authentication |
Samsung Mobile Devices Lockscreen |
۴.۳ |
CVE-2020-13837 |
|
Information Disclosure |
Samsung Mobile Devices One UI HOME Log |
۳.۵ |
CVE-2020-13830 |
|
Privilege Escalation |
Samsung Mobile Devices SEAndroid Protection Mechanism |
۵.۵ |
CVE-2020-13829 |
|
Privilege Escalation |
Samsung Mobile Devices Secure Folder |
۵.۵ |
CVE-2020-13834 |
|
Privilege Escalation |
Samsung Mobile Devices System Area Symlink |
۵.۵ |
CVE-2020-13833 |
|
Code Execution & Memory Corruption |
Samsung Mobile Devices TEEGRIS |
۵.۵ |
CVE-2020-13832 |
|
Memory Corruption |
Samsung Mobile Devices Trustonic Kinibi |
۵.۵ |
CVE-2020-13831 |
|
Not Defined |
XSS |
Script Security Plugin In-process Script Approval Page Stored |
۵.۴ |
CVE-2020-2190 |
Not Defined |
CSRF |
Selenium Plugin |
۸.۰ |
CVE-2020-2196 |
Not Defined |
Privilege Escalation |
Self-Organizing Swarm Plug-in Modules Plugin API Endpoint |
۴.۳ |
CVE-2020-2191 |
Not Defined |
CSRF |
Self-Organizing Swarm Plug-in Modules Plugin |
۶.۵ |
CVE-2020-2192 |
Privilege Escalation |
serialize-javascript index.js deleteFunctions |
۹.۸ |
CVE-2020-7660 |
|
Directory Traversal |
Spring Cloud Config spring-cloud-config-server |
۷.۵ |
CVE-2020-5410 |
|
Not Defined |
XSS |
Subversion Partial Release Manager Plugin Error Message Reflected |
۶.۱ |
CVE-2020-2199 |
Privilege Escalation |
Synacor Zimbra Webmail Subsystem upload |
۸.۰ |
CVE-2020-12846 |
|
Not Defined |
Information Disclosure |
Sysax Multi Server Protection Mechanism Username |
۵.۳ |
CVE-2020-13227 |
Not Defined |
XSS |
Sysax Multi Server scgi |
۶.۱ |
CVE-2020-13228 |
Not Defined |
Weak Authentication |
Sysax Multi Server scgi |
۸.۸ |
CVE-2020-13229 |
Not Defined |
Privilege Escalation |
systemd Incomplete Fix CVE-2017-1000082 |
۹.۸ |
CVE-2020-13776 |
Memory Corruption |
UPX Unpack p_lx_elf.cpp |
۵.۵ |
CVE-2019-20805 |
|
DoS |
websocket-extensions Regex ReDoS |
۷.۵ |
CVE-2020-7663 |
|
DoS |
websocket-extensions Regex ReDoS |
۷.۵ |
CVE-2020-7662 |
|
Not Defined |
DoS |
zephyrproject-rtos Bluetooth Subsystem |
۵.۱ |
CVE-2020-10068 |
Not Defined |
DoS |
zephyrproject-rtos CoAP |
۶.۸ |
CVE-2020-10063 |
Not Defined |
Code Execution & Memory Corruption |
zephyrproject-rtos MQTT |
۹.۰ |
CVE-2020-10070 |
Not Defined |
Memory Corruption |
zephyrproject-rtos MQTT Off-By-One |
۹.۰ |
CVE-2020-10062 |
Not Defined |
Code Execution & Memory Corruption |
zephyrproject-rtos MQTT Parser |
۹.۰ |
CVE-2020-10071 |
Not Defined |
Memory Corruption |
zephyrproject-rtos Zephyr Bluetooth |
۸.۱ |
CVE-2020-10061 |
DoS |
ZNC NULL Pointer Dereference |
۷.۵ |
CVE-2020-13775 |
|
Not Defined |
Directory Traversal |
Zoho ManageEngine OpManager cachestart |
۷.۵ |
CVE-2020-13818 |
Not Defined |
Privilege Escalation |
ZTE F680 Access Control |
۶.۵ |
CVE-2020-6868 |
سطح خطر بیش از ۳۸% آسیبپذیریهای هفته، «پرخطر» و «حیاتی» برآورد شده است که بسیار قابلتوجّه است.
خوشبختانه برای ۶۵% آسیبپذیریهای هفته، بهروزرسانیها و یا وصلههایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده از آسیبپذیریها بهتر است سریعاً اعمال شوند.
همچنین با ۷۸ مورد، اکثر آسیبپذیریهای هفته (۲۴%) از نوع «ارتقا امتیاز» بودند.