آسیب‌پذیری‌های حیاتی هفته سوم خرداد‌ماه

این هفته در محصولات بسیار مهم Cisco چندین آسیب‌پذیری حیاتی و پرخطر گزارش شده است. همچنین آسیب‌پذیری‌های بسیاری با سطوح خطر «بالا» و «حیاتی» در سایر محصولات شرکت‌های مهم از جمله IBM، Foxit، Fortinet، Qualcomm، D-Link، Linux Kernel و ... شناسایی شده است. بعلاوه مرورگر محبوب Google Chrome، دستگاه‌های همراه LG و SAMSUNG و چندین افزونه مهم WordPress و Jenkins نیز چندین آسیب‌پذیری خطرناک داشتند. امّا از آسیب‌پذیری‌ خبرساز هفته، آسیب‌پذیری‌های خطرناک و پرخطر Joomla بود.

لیست این آسیب‌پذیری‌ها به همراه لینک وصله‌ها و به‌روزرسانی‌های ارائه‌شده در جدول زیر آمده است.

رفع آسیب‌پذیری	نوع آسیب‌پذیری	محصول آسیب‌پذیر	امتیاز مبنا	شناسه آسیب‌پذیری
Not Defined	Privilege Escalation	Apache Ignite H2 Database	۹.۱	CVE-2020-1963
Not Defined	Code Execution	Apache Unomi OGNL Scripting	۵.۵	CVE-2020-11975
Not Defined	Memory Corruption	Asus Aura Sync IOCTL Ene.sys	۷.۸	CVE-2019-17603
Official Fix	Privilege Escalation	Atlassian Companion App File Download	۷.۲	CVE-2020-4020
Official Fix	Privilege Escalation	Atlassian Companion App File Edit	۷.۸	CVE-2020-4019
Official Fix	Information Disclosure	Atlassian FishEye/Crucible activeUserFinder.do	۴.۳	CVE-2020-4015
Official Fix	CSRF	Atlassian FishEye/Crucible	۸.۸	CVE-2020-4018
Official Fix	Information Disclosure	Atlassian FishEye/Crucible crucible-jira-ril Plugin applinks	۵.۳	CVE-2020-4017
Official Fix	Information Disclosure	Atlassian FishEye/Crucible crucible-jira-ril Plugin	۵.۳	CVE-2020-4016
Official Fix	XSS	Atlassian FishEye/Crucible Review	۵.۴	CVE-2020-4023
Official Fix	XSS	Atlassian FishEye/Crucible Review	۵.۴	CVE-2020-4013
Official Fix	Privilege Escalation	Atlassian FishEye/Crucible Watching Setting deleteWatch.do	۵.۴	CVE-2020-4014
Official Fix	XSS	Atlassian JIRA Server/Data Center XML Export View	۵.۴	CVE-2020-4021
Official Fix	Information Disclosure	Atlassian Navigator Links CustomAppsRestResource	۴.۳	CVE-2020-4026
Official Fix	Privilege Escalation	BitDefender Antivirus Free Symbolic Links	۷.۲	CVE-2020-8103
Not Defined	Privilege Escalation	Castel NextGen DVR Authorization	۵.۵	CVE-2020-11680
Not Defined	Privilege Escalation	Castel NextGen DVR	۵.۵	CVE-2020-11679
Not Defined	Weak Encryption	Castel NextGen DVR SMTP Server Credentials	۳.۵	CVE-2020-11681
Not Defined	CSRF	Castel NextGen DVR Web Interface __RequestVerificationToken	۴.۳	CVE-2020-11682
Official Fix	Privilege Escalation	Cisco Application Services Engine API	۶.۳	CVE-2020-3333
Official Fix	Information Disclosure	Cisco Application Services Engine Key Store	۵.۵	CVE-2020-3335
Official Fix	DoS	Cisco ASR 920 SNMP	۶.۳	CVE-2020-3232
Official Fix	Privilege Escalation	Cisco Catalyst 2960-L/Catalyst CDB-8P 802.‎1x	۵.۹	CVE-2020-3231
Official Fix	Information Disclosure	Cisco Digital Network Architecture Logging Cleartext	۴.۳	CVE-2020-3281
Official Fix	DoS	Cisco Identity Services Engine syslog Crash	۵.۹	CVE-2020-3353
Official Fix	Command Injection	Cisco IOS CLI Parser	۶.۷	CVE-2020-3210
Official Fix	Privilege Escalation	Cisco IOS Image Verification	۶.۷	CVE-2020-3208
Official Fix	Privilege Escalation	Cisco IOS Inter-VM Channel	۸.۸	CVE-2020-3205
Official Fix	Privilege Escalation	Cisco IOS IOx Application Environment	۸.۱	CVE-2020-3257
Official Fix	Privilege Escalation	Cisco IOS IOx Application Environment	۸.۱	CVE-2020-3238
Official Fix	Privilege Escalation	Cisco IOS IOx Application Environment	۸.۱	CVE-2020-3199
Official Fix	XSS	Cisco IOS IOx Application Environment Stored	۶.۴	CVE-2020-3233
Official Fix	Privilege Escalation	Cisco IOS	۹.۸	CVE-2020-3258
Official Fix	Code Execution	Cisco IOS	۹.۸	CVE-2020-3198
Official Fix	Weak Authentication	Cisco IOS Virtual Console Default Credentials	۸.۸	CVE-2020-3234
Official Fix	Command Injection	Cisco IOS XE bootp	۶.۷	CVE-2020-3207
Official Fix	DoS	Cisco IOS XE Flexible NetFlow Processor Loop	۶.۹	CVE-2020-3221
Official Fix	DoS	Cisco IOS XE Hardware Crypto Driver	۶.۸	CVE-2020-3220
Official Fix	DoS	Cisco IOS XE IEEE 802.‎11w Protected Management Frame	۴.۷	CVE-2020-3206
Official Fix	Privilege Escalation	Cisco IOS XE Image Verification	۶.۸	CVE-2020-3209
Official Fix	Privilege Escalation	Cisco IOS XE IOx Application Hosting Infrastructure Command	۹.۸	CVE-2020-3227
Official Fix	Privilege Escalation	Cisco IOS XE Linux Shell	۸.۰	CVE-2020-3218
Official Fix	DoS	Cisco IOS XE LSC Memory Leak	۸.۶	CVE-2020-3203
Official Fix	Privilege Escalation & Command Injection	Cisco IOS XE Operating System OS	۸.۰	CVE-2020-3212
Official Fix	Privilege Escalation & Command Injection	Cisco IOS XE Operating System OS	۸.۰	CVE-2020-3211
Official Fix	Privilege Escalation	Cisco IOS XE Operating System	۷.۳	CVE-2020-3213
Official Fix	Privilege Escalation	Cisco IOS XE Privileges	۷.۳	CVE-2020-3215
Official Fix	Privilege Escalation	Cisco IOS XE Privileges	۷.۳	CVE-2020-3214
Official Fix	Privilege Escalation	Cisco IOS XE Role Based Access Control	۸.۸	CVE-2020-3229
Official Fix	Privilege Escalation	Cisco IOS XE SD-WAN	۶.۸	CVE-2020-3216
Official Fix	Privilege Escalation & Command Injection	Cisco IOS XE Web UI OS	۸.۸	CVE-2020-3219
Official Fix	Directory Traversal	Cisco IOS XE Web-based User Interface	۴.۵	CVE-2020-3223
Official Fix	Privilege Escalation & Command Injection	Cisco IOS XE Web-based User Interface OS	۸.۸	CVE-2020-3224
Official Fix	Privilege Escalation	Cisco IOS XE Web-based User Interface	۵.۳	CVE-2020-3222
Official Fix	DoS	Cisco IOS/IOS XE CIP	۸.۶	CVE-2020-3225
Official Fix	DoS	Cisco IOS/IOS XE IKEv2	۷.۵	CVE-2020-3230
Official Fix	DoS	Cisco IOS/IOS XE Secure Shell	۷.۷	CVE-2020-3200
Official Fix	DoS	Cisco IOS/IOS XE Session Initiation Protocol	۸.۶	CVE-2020-3226
Official Fix	DoS	Cisco IOS/IOS XE SNMP Subsystem	۷.۷	CVE-2020-3235
Official Fix	DoS	Cisco IOS/IOS XE Tcl Interpreter	۶.۰	CVE-2020-3201
Official Fix	Privilege Escalation & Command Injection	Cisco IOS/IOS XE Tcl Interpreter OS	۷.۳	CVE-2020-3204
Official Fix	Memory Corruption	Cisco IOS/IOS XE/IOS XR Stack-based	۸.۸	CVE-2020-3217
Official Fix	DoS	Cisco IOS/IOS XE/NX-OS SXP	۶.۸	CVE-2020-3228
Official Fix	Privilege Escalation	Cisco ISO IOx Application Environment	۶.۳	CVE-2020-3237
Official Fix	SQL Injection	Cisco Prime Infrastructure Web-based Management Interface	۵.۹	CVE-2020-3339
Official Fix	Privilege Escalation	Cisco Unified Contact Center Express API Subsystem	۵.۹	CVE-2020-3267
Not Defined	DoS	Cisco WebEx Network Recording Player/Webex Player ARF File	۳.۸	CVE-2020-3322
Not Defined	DoS	Cisco WebEx Network Recording Player/Webex Player ARF File	۳.۸	CVE-2020-3321
Not Defined	DoS	Cisco WebEx Network Recording Player/Webex Player ARF File	۳.۸	CVE-2020-3319
Official Fix	Weak Authentication	ClearPass Policy Manager Web Interface	۹.۸	CVE-2020-7115
Official Fix	Privilege Escalation	ClearPass Policy Manager Web UI Administrative Interface Command	۷.۲	CVE-2020-7117
Official Fix	Privilege Escalation	ClearPass Policy Manager Web UI Administrative Interface Command	۷.۲	CVE-2020-7116
Official Fix	XSS	Combodo iTop Essential/iTop Professional Dashboard Reflected	۳.۵	CVE-2020-11697
Official Fix	XSS	Combodo iTop Essential/iTop Professional Menu Shortcut Name Stored	۳.۵	CVE-2020-11696
Official Fix	XSS	Comments Plugin Asset Volume Name Stored	۳.۵	CVE-2020-13870
Official Fix	CSRF	Comments Plugin Comment	۴.۳	CVE-2020-13868
Official Fix	XSS	Comments Plugin Guest Name Stored	۳.۵	CVE-2020-13869
Not Defined	Directory Traversal	Cybele Thinfinity VirtualUI	۵.۵	CVE-2019-16384
Not Defined	XSS	Cybele Thinfinity VirtualUI example.pdf	۳.۵	CVE-2019-16385
Official Fix	XSS	Django	۶.۱	CVE-2020-13596
Official Fix	Privilege Escalation	Django Memcached Backend	۷.۵	CVE-2020-13254
Not Defined	Information Disclosure	D-Link DIR-865L Ax Cleartext Storage	۷.۵	CVE-2020-13783
Not Defined	Weak Encryption	D-Link DIR-865L Ax Cleartext	۷.۵	CVE-2020-13787
Not Defined	Command Injection	D-Link DIR-865L Ax	۹.۸	CVE-2020-13782
Not Defined	CSRF	D-Link DIR-865L Ax	۸.۸	CVE-2020-13786
Not Defined	Weak Encryption	D-Link DIR-865L Ax Random Number Generator PRNG	۷.۵	CVE-2020-13784
Not Defined	Weak Encryption	D-Link DIR-865L	۷.۵	CVE-2020-13785
Not Defined	Privilege Escalation	Docker Desktop	۷.۸	CVE-2020-11492
Official Fix	Information Disclosure	Docker Engine IPv6	۹.۸	CVE-2020-13401
Not Defined	XSS	ECharts API Plugin Stored	۵.۴	CVE-2020-2193
Not Defined	XSS	ECharts API Plugin Trend Chart Stored	۵.۴	CVE-2020-2194
Official Fix	XSS	Elastic App Search Reference UI	۶.۱	CVE-2020-7011
Official Fix	Weak Authentication	Elastic Cloud on Kubernetes Random Number Generator	۷.۵	CVE-2020-7010
Not Defined	Privilege Escalation	Elasticsearch Incomplete Fix CVE-2020-7009	۵.۵	CVE-2020-7014
Official Fix	Weak Authentication	fastecdsa NIST P-256 Curve	۷.۵	CVE-2020-12607
Not Defined	XSS	Fortinet FortiAnalyzer Admin Profile Stored	۴.۳	CVE-2020-6640
Not Defined	Privilege Escalation	Fortinet FortiAP-S-W2/FortiAP-U CLI Admin Console	۶.۵	CVE-2019-15709
Official Fix	Weak Encryption	Fortinet FortiClient Configuration Backup Key	۳.۳	CVE-2019-16150
Not Defined	Privilege Escalation	Fortinet FortiClient Temporary File Name	۷.۸	CVE-2020-9291
Not Defined	Privilege Escalation	Fortinet FortiSIEM Windows Agent AoWinAgt	۵.۳	CVE-2020-9292
Official Fix	Weak Authentication	Foxit E-Mail Advertising System Interspire Email Marketer	۴.۳	CVE-2018-21235
Official Fix	DoS	Foxit PhantomPDF ArrayBuffer	۴.۳	CVE-2018-21238
Official Fix	Unknown Vulnerability	Foxit PhantomPDF Cloud Credential	۵.۵	CVE-2019-20833
Official Fix	Unknown Vulnerability	Foxit PhantomPDF COM Object	۵.۵	CVE-2018-21243
Official Fix	Privilege Escalation	Foxit PhantomPDF DLL	۵.۳	CVE-2018-21241
Official Fix	Memory Corruption	Foxit PhantomPDF Field AP	۶.۳	CVE-2019-20823
Official Fix	DoS	Foxit PhantomPDF FXSYS_wcslen	۴.۳	CVE-2019-20824
Official Fix	Information Disclosure	Foxit PhantomPDF GoToE/GoToR Credentials	۳.۵	CVE-2018-21237
Official Fix	Code Execution	Foxit PhantomPDF GoToE/GoToR	۶.۳	CVE-2018-21242
Official Fix	Unknown Vulnerability	Foxit PhantomPDF Homograph	۵.۵	CVE-2019-20832
Official Fix	DoS	Foxit PhantomPDF Memory Consumption	۳.۵	CVE-2019-20818
Official Fix	DoS	Foxit PhantomPDF Memory Consumption	۳.۵	CVE-2019-20814
Official Fix	DoS	Foxit PhantomPDF NULL Pointer Dereference	۳.۵	CVE-2019-20821
Official Fix	DoS	Foxit PhantomPDF NULL Pointer Dereference	۵.۹	CVE-2019-20820
Official Fix	DoS	Foxit PhantomPDF NULL Pointer Dereference	۵.۹	CVE-2019-20817
Official Fix	DoS	Foxit PhantomPDF NULL Pointer Dereference	۵.۹	CVE-2019-20816
Official Fix	DoS	Foxit PhantomPDF NULL Pointer Dereference	۵.۹	CVE-2019-20813
Official Fix	Memory Corruption	Foxit PhantomPDF Out-of-Bounds	۶.۳	CVE-2019-20825
Official Fix	Code Execution	Foxit PhantomPDF PDF Portfolio	۵.۵	CVE-2018-21244
Official Fix	Privilege Escalation	Foxit PhantomPDF Signature Validation	۵.۵	CVE-2019-20834
Official Fix	DoS	Foxit PhantomPDF XML Parser Memory Consumption	۳.۵	CVE-2019-20819
Official Fix	DoS	Foxit PhantomPDF XML Parser Memory Consumption	۳.۵	CVE-2019-20815
Official Fix	DoS	Foxit Reader NULL Pointer Dereference	۴.۳	CVE-2018-21236
Official Fix	DoS	Foxit Reader/PhantomPDF 3D Plugin Beta Crash	۳.۵	CVE-2019-20831
Official Fix	Memory Corruption	Foxit Reader/PhantomPDF 3D Plugin Beta Out-of-Bounds	۶.۳	CVE-2019-20822
Official Fix	DoS	Foxit Reader/PhantomPDF ArrayBuffer	۴.۳	CVE-2018-21240
Official Fix	Weak Authentication	Foxit Reader/PhantomPDF CAS Service Bruteforce	۷.۵	CVE-2020-13805
Official Fix	Information Disclosure	Foxit Reader/PhantomPDF Cloud Credential	۵.۵	CVE-2019-20836
Official Fix	Memory Corruption	Foxit Reader/PhantomPDF Dictionary Use-After-Free	۶.۳	CVE-2020-13814
Official Fix	Information Disclosure	Foxit Reader/PhantomPDF DocuSign Plugin Username	۷.۵	CVE-2020-13804
Official Fix	Memory Corruption	Foxit Reader/PhantomPDF Field AP Loop	۵.۵	CVE-2019-20828
Official Fix	DoS	Foxit Reader/PhantomPDF FXSYS_wcslen	۴.۳	CVE-2019-20829
Official Fix	Information Disclosure	Foxit Reader/PhantomPDF GoToE/GoToR Credentials	۳.۵	CVE-2018-21239
Official Fix	Unknown Vulnerability	Foxit Reader/PhantomPDF Homograph	۵.۵	CVE-2019-20835
Official Fix	Memory Corruption	Foxit Reader/PhantomPDF Javascript Use-After-Free	۶.۹	CVE-2020-13806
Official Fix	DoS	Foxit Reader/PhantomPDF Loop	۴.۳	CVE-2020-13815
Official Fix	DoS	Foxit Reader/PhantomPDF Loop	۵.۹	CVE-2020-13807
Official Fix	DoS	Foxit Reader/PhantomPDF Memory Consumption	۴.۳	CVE-2019-20827
Official Fix	DoS	Foxit Reader/PhantomPDF NULL Pointer Dereference	۴.۳	CVE-2019-20826
Official Fix	Memory Corruption	Foxit Reader/PhantomPDF Out-of-Bounds	۶.۳	CVE-2019-20830
Official Fix	DoS	Foxit Reader/PhantomPDF Resource Exhaustion	۳.۵	CVE-2020-13809
Official Fix	DoS	Foxit Reader/PhantomPDF Resource Exhaustion	۳.۵	CVE-2020-13808
Official Fix	Privilege Escalation	Foxit Reader/PhantomPDF Signature Validation	۵.۵	CVE-2019-20837
Official Fix	Privilege Escalation	Foxit Reader/PhantomPDF Signature Validation	۵.۵	CVE-2020-13810
Official Fix	Privilege Escalation	Foxit Reader/PhantomPDF Signature Validation	۵.۵	CVE-2020-13803
Official Fix	Privilege Escalation	Foxit Studio Photo DLL FoxitStudioPhoto366_3.‎6.‎6.‎916.exe	۵.۳	CVE-2020-13813
Official Fix	Privilege Escalation	Foxit Studio Photo DLL	۵.۳	CVE-2020-13812
Official Fix	Memory Corruption	Foxit Studio Photo Out-of-Bounds	۶.۳	CVE-2020-13811
Official Fix	SQL Injection	GESIO ERP	۱۰.۰	CVE-2020-8967
Official Fix	Privilege Escalation	GitHub Enterprise Server API	۹.۸	CVE-2020-10516
Official Fix	Weak Encryption	GnuTLS Session Ticket Key	۲.۶	CVE-2020-13777
Official Fix	Privilege Escalation	Google Chrome AppCache	۶.۵	CVE-2020-6499
Official Fix	Privilege Escalation	Google Chrome Content Security Policy	۶.۵	CVE-2020-6501
Official Fix	Privilege Escalation	Google Chrome Developer Tools Sandbox	۶.۵	CVE-2020-6495
Official Fix	Information Disclosure	Google Chrome	۴.۳	CVE-2020-6503
Official Fix	Spoofing	Google Chrome interstitials Address	۶.۳	CVE-2020-6500
Official Fix	Privilege Escalation	Google Chrome Notification	۴.۳	CVE-2020-6504
Official Fix	Spoofing	Google Chrome Omnibox Domain	۶.۵	CVE-2020-6497
Official Fix	Memory Corruption	Google Chrome Payments Use-After-Free	۸.۸	CVE-2020-6496
Official Fix	Spoofing	Google Chrome Security UI Address	۶.۵	CVE-2020-6494
Official Fix	Spoofing	Google Chrome Security UI	۶.۵	CVE-2020-6502
Official Fix	Memory Corruption	Google Chrome Use-After-Free	۹.۶	CVE-2020-6493
Official Fix	Spoofing	Google Chrome User Interface Domain	۶.۵	CVE-2020-6498
Official Fix	Memory Corruption	Google Chrome v8 Heap-based	۸.۸	CVE-2020-6453
Official Fix	Memory Corruption	Google Chrome v8 Out-of-Bounds	۸.۸	CVE-2020-6419
Not Defined	Server-Side Request Forgery	Grafana Access Control	۵.۳	CVE-2020-13379
Not Defined	XSS	Grafana Incomplete Fix CVE-2018-12099	۶.۱	CVE-2018-18625
Not Defined	XSS	Grafana Incomplete Fix CVE-2018-12099	۶.۱	CVE-2018-18624
Not Defined	XSS	Grafana Incomplete Fix CVE-2018-12099	۶.۱	CVE-2018-18623
Not Defined	Memory Corruption	Huawei AR120-S Out-of-Bounds	۶.۵	CVE-2020-9071
Not Defined	Privilege Escalation	Huawei Honor 20/Honor 20 Pro/View 20	۵.۵	CVE-2020-9074
Not Defined	DoS	Huawei NIP6800/Secospace USG6600/Secospace USG9500 Memory Leak	۳.۵	CVE-2020-1883
Not Defined	Weak Encryption	IBM Planning Analytics	۷.۵	CVE-2020-4367
Not Defined	XSS	IBM Planning Analytics Web UI	۵.۴	CVE-2020-4431
Not Defined	XSS	IBM Planning Analytics Web UI	۵.۴	CVE-2020-4360
Not Defined	XSS	IBM Planning Analytics Web UI	۶.۱	CVE-2020-4503
Not Defined	XSS	IBM Planning Analytics Web UI	۶.۱	CVE-2020-4366
Not Defined	XML External Entity	IBM QRadar SIEM XML Data	۷.۶	CVE-2020-4509
Not Defined	Weak Authentication	IBM Security Guardium Account Lockout Bruteforce	۹.۸	CVE-2020-4193
Not Defined	Privilege Escalation	IBM Security Guardium Command	۸.۸	CVE-2020-4180
Not Defined	Weak Encryption	IBM Security Guardium Default Key	۶.۷	CVE-2020-4190
Not Defined	Weak Encryption	IBM Security Guardium Default Key	۹.۸	CVE-2020-4177
Not Defined	Information Disclosure	IBM Security Guardium Login Page	۵.۳	CVE-2020-4187
Not Defined	DoS	IBM Security Guardium Solr Dashboard	۶.۵	CVE-2020-4307
Not Defined	Weak Encryption	IBM Security Guardium	۴.۴	CVE-2020-4191
Not Defined	XSS	IBM Security Guardium Web UI	۶.۱	CVE-2020-4183
Not Defined	XSS	IBM Security Guardium Web UI	۶.۱	CVE-2020-4182
Not Defined	Information Disclosure	IBM WebSphere Application Server	۷.۵	CVE-2020-4449
Not Defined	Code Execution & Memory Corruption	IBM WebSphere Application Server Network Deployment	۹.۸	CVE-2020-4448
Not Defined	Code Execution	IBM WebSphere Application Server	۹.۸	CVE-2020-4450
Not Defined	Privilege Escalation	IBM Worklight/MobileFoundation Session Cookie	۵.۶	CVE-2020-4229
Not Defined	Privilege Escalation	IP Encapsulation within IP	۵.۳	CVE-2020-10136
Official Fix	XSS	Joomla CMS Articles	۶.۱	CVE-2020-13761
Official Fix	XSS	Joomla CMS com_modules	۶.۱	CVE-2020-13762
Official Fix	CSRF	Joomla CMS com_postinstall	۸.۸	CVE-2020-13760
Official Fix	XSS	Joomla CMS Textfilter	۷.۵	CVE-2020-13763
Official Fix	Privilege Escalation	Kibana TSVB Prototype	۸.۸	CVE-2020-7013
Official Fix	XSS	Kibana TSVB Visualization Stored	۵.۴	CVE-2020-7015
Not Defined	Privilege Escalation	Kibana Upgrade Assistant Code	۸.۸	CVE-2020-7012
Not Defined	Privilege Escalation	LG Mobile Devices Access Restriction	۵.۵	CVE-2020-13841
Not Defined	Code Execution & Memory Corruption	LG Mobile Devices Command	۵.۵	CVE-2020-13840
Not Defined	Code Execution & Memory Corruption	LG Mobile Devices Command	۵.۵	CVE-2020-13839
Not Defined	Privilege Escalation	LG Mobile Devices	۵.۵	CVE-2020-13842
Not Defined	DoS	LG Mobile Devices Userdata Partition	۳.۳	CVE-2020-13843
Not Defined	Memory Corruption	libjpeg-turbo/MozJPEG PPM File rdppm.c get_rgb_row()‎	۸.۱	CVE-2020-13790
Not Defined	DoS	libvirt API NULL Pointer Dereference	۶.۵	CVE-2020-10703
Official Fix	DoS	Linux Kernel af_packet.c prb_calc_retire_blk_tmo()‎	۵.۵	CVE-2019-20812
Official Fix	Unknown Vulnerability	Linux Kernel net-sysfs.c rx_queue_add_kobject()‎	۵.۵	CVE-2019-20811
Official Fix	DoS	Linux Kernel snd-go7007.c go7007_snd_init	۳.۵	CVE-2019-20810
Official Fix	XSS	MailPoet Plugin Reflected	۶.۱	CVE-2019-11843
Not Defined	XSS	Navigate CMS feed.class.php	۶.۱	CVE-2020-13798
Not Defined	XSS	Navigate CMS structure.class.php	۶.۱	CVE-2020-13796
Not Defined	Directory Traversal	Navigate CMS template.class.php	۵.۳	CVE-2020-13795
Not Defined	XSS	Navigate CMS website.class.php	۶.۱	CVE-2020-13797
Official Fix	Information Disclosure	OctoberCMS debugbar Plugin Log	۶.۱	CVE-2020-11094
Not Defined	Privilege Escalation	OctoberCMS ImportExportController CSV Injection	۴.۶	CVE-2020-5299
Official Fix	XSS	OctoberCMS ImportExportController Reflected	۴.۸	CVE-2020-5298
Official Fix	DoS	OctoberCMS Permission	۶.۲	CVE-2020-5296
Official Fix	Privilege Escalation	OctoberCMS Permission File Upload	۲.۷	CVE-2020-5297
Official Fix	Information Disclosure	OctoberCMS Permission	۴.۹	CVE-2020-5295
Not Defined	Privilege Escalation	OpenSSH scp Client	۷.۵	CVE-2020-12062
Official Fix	Memory Corruption	Perl Regular Expression Integer Overflow	۷.۳	CVE-2020-10878
Official Fix	Memory Corruption	Perl Regular Expression Integer Overflow	۷.۳	CVE-2020-10543
Official Fix	Memory Corruption	Perl Regular Expression regcomp.c S_study_chunk	۷.۳	CVE-2020-12723
Official Fix	XSS	PHPList user.php	۶.۱	CVE-2020-13827
Not Defined	Privilege Escalation & Command Injection	Play Framework Plugin OS	۸.۸	CVE-2020-2200
Not Defined	Directory Traversal	PlayTube User Details	۴.۳	CVE-2020-13792
Not Defined	Information Disclosure	Project Inheritance Plugin API getConfigAsXML	۶.۵	CVE-2020-2198
Not Defined	Privilege Escalation	Project Inheritance Plugin Project Job Configuration	۵.۳	CVE-2020-2197
Not Defined	XSS	Pydio Cells	۳.۵	CVE-2020-12853
Not Defined	Privilege Escalation	Pydio Cells Profile Image Upload	۷.۳	CVE-2020-12849
Not Defined	Weak Authentication	Pydio Cells Public Link Default Credentials	۴.۳	CVE-2020-12848
Not Defined	Privilege Escalation	Pydio Cells Software Update	۵.۵	CVE-2020-12852
Not Defined	Directory Traversal	Pydio Cells Web Application	۵.۵	CVE-2020-12851
Not Defined	Privilege Escalation	Pydio Cells Web Application	۵.۵	CVE-2020-12847
Not Defined	Weak Encryption	Python-RSA Decryption	۷.۵	CVE-2020-13757
Not Defined	DoS	QEMU exec.c address_space_map	۷.۵	CVE-2020-13659
Not Defined	Memory Corruption	QEMU loader.c rom_copy()‎	۵.۵	CVE-2020-13765
Not Defined	Memory Corruption	QEMU MSI-X MMIO msix.c	۶.۷	CVE-2020-13754
Official Fix	Information Disclosure	QEMU PAuth Support	۵.۵	CVE-2020-10702
Not Defined	Memory Corruption	QEMU pci.c	۵.۵	CVE-2020-13791
Not Defined	DoS	QEMU Recursion ati.c ati_mm_write	۳.۵	CVE-2020-13800
Official Fix	Memory Corruption	Qualcomm HDR	۷.۸	CVE-2019-14087
Official Fix	Memory Corruption	Qualcomm Snapdragon Auto ADSP Parser	۷.۱	CVE-2019-14038
Official Fix	Memory Corruption	Qualcomm Snapdragon Auto drawobj Double-Free	۷.۸	CVE-2020-3610
Official Fix	Memory Corruption	Qualcomm Snapdragon Auto DSP Out-of-Bounds	۷.۸	CVE-2020-3625
Official Fix	Race Condition	Qualcomm Snapdragon Auto fastrpc Memory Mapping API race condition	۷.۰	CVE-2020-3680
Official Fix	Memory Corruption	Qualcomm Snapdragon Auto Feature ID Integer Overflow	۷.۸	CVE-2019-14066
Official Fix	Memory Corruption	Qualcomm Snapdragon Auto Fingerprint Out-of-Bounds	۷.۱	CVE-2019-14043
Official Fix	Memory Corruption	Qualcomm Snapdragon Auto Fingerprint Out-of-Bounds	۷.۱	CVE-2019-14042
Official Fix	Memory Corruption	Qualcomm Snapdragon Auto Integer Overflow	۹.۸	CVE-2020-3641
Official Fix	Memory Corruption	Qualcomm Snapdragon Auto	۹.۸	CVE-2020-3633
Official Fix	Memory Corruption	Qualcomm Snapdragon Auto Out-of-Bounds	۷.۱	CVE-2019-14039
Official Fix	Memory Corruption	Qualcomm Snapdragon Auto Out-of-Bounds	۷.۸	CVE-2019-14077
Official Fix	Memory Corruption	Qualcomm Snapdragon Auto qpay Out-of-Bounds	۷.۸	CVE-2019-14078
Official Fix	Unknown Vulnerability	Qualcomm Snapdragon Auto RMF Reachable Assertion	۹.۸	CVE-2020-3615
Official Fix	Information Disclosure	Qualcomm Snapdragon Auto Side-Channel	۵.۵	CVE-2019-14067
Official Fix	Memory Corruption	Qualcomm Snapdragon Auto strcpy	۷.۸	CVE-2020-3616
Official Fix	Memory Corruption	Qualcomm Snapdragon Auto Video Out-of-Bounds	۷.۸	CVE-2020-3630
Official Fix	Memory Corruption	Qualcomm Snapdragon Auto XFRM Policy Out-of-Bounds	۷.۱	CVE-2019-14053
Official Fix	Memory Corruption	Qualcomm Snapdragon Compute Event NULL Pointer Dereference	۷.۸	CVE-2020-3618
Official Fix	Privilege Escalation	Qualcomm Snapdragon Compute	۷.۸	CVE-2019-14054
Official Fix	DoS	Qualcomm Snapdragon Compute WLAN Assertion	۷.۵	CVE-2020-3645
Official Fix	Privilege Escalation	Qualcomm Snapdragon Mobile Kernel	۷.۸	CVE-2020-3623
Not Defined	Command Injection	QuickBox Community Edition/Pro Edition	۸.۸	CVE-2020-13448
Not Defined	Information Disclosure	QuickBox Community Edition/Pro Edition grep *.db	۷.۲	CVE-2020-13695
Not Defined	Privilege Escalation & Command Injection	QuickBox Community Edition/Pro Edition sudo OS	۸.۸	CVE-2020-13694
Not Defined	SQL Injection	rConfig compliancepolicies.inc.php	۹.۸	CVE-2020-10546
Not Defined	SQL Injection	rConfig compliancepolicyelements.inc.php	۹.۸	CVE-2020-10547
Not Defined	SQL Injection	rConfig devices.inc.php	۹.۸	CVE-2020-10548
Not Defined	SQL Injection	rConfig snippets.inc.php	۹.۸	CVE-2020-10549
Official Fix	Code Execution	Sabberworm PHP CSS Parser getSelectorsBySpecificity	۹.۸	CVE-2020-13756
Official Fix	Weak Authentication	Samsung Mobile Devices DeX Lockscreen	۴.۳	CVE-2020-13838
Official Fix	Weak Authentication	Samsung Mobile Devices Gatekeeper Trustlet Bruteforce	۳.۱	CVE-2020-13835
Official Fix	Directory Traversal	Samsung Mobile Devices HWRResProvider	۳.۵	CVE-2020-13836
Official Fix	Weak Authentication	Samsung Mobile Devices Lockscreen	۴.۳	CVE-2020-13837
Official Fix	Information Disclosure	Samsung Mobile Devices One UI HOME Log	۳.۵	CVE-2020-13830
Official Fix	Privilege Escalation	Samsung Mobile Devices SEAndroid Protection Mechanism	۵.۵	CVE-2020-13829
Official Fix	Privilege Escalation	Samsung Mobile Devices Secure Folder	۵.۵	CVE-2020-13834
Official Fix	Privilege Escalation	Samsung Mobile Devices System Area Symlink	۵.۵	CVE-2020-13833
Official Fix	Code Execution & Memory Corruption	Samsung Mobile Devices TEEGRIS	۵.۵	CVE-2020-13832
Official Fix	Memory Corruption	Samsung Mobile Devices Trustonic Kinibi	۵.۵	CVE-2020-13831
Not Defined	XSS	Script Security Plugin In-process Script Approval Page Stored	۵.۴	CVE-2020-2190
Not Defined	CSRF	Selenium Plugin	۸.۰	CVE-2020-2196
Not Defined	Privilege Escalation	Self-Organizing Swarm Plug-in Modules Plugin API Endpoint	۴.۳	CVE-2020-2191
Not Defined	CSRF	Self-Organizing Swarm Plug-in Modules Plugin	۶.۵	CVE-2020-2192
Official Fix	Privilege Escalation	serialize-javascript index.js deleteFunctions	۹.۸	CVE-2020-7660
Official Fix	Directory Traversal	Spring Cloud Config spring-cloud-config-server	۷.۵	CVE-2020-5410
Not Defined	XSS	Subversion Partial Release Manager Plugin Error Message Reflected	۶.۱	CVE-2020-2199
Official Fix	Privilege Escalation	Synacor Zimbra Webmail Subsystem upload	۸.۰	CVE-2020-12846
Not Defined	Information Disclosure	Sysax Multi Server Protection Mechanism Username	۵.۳	CVE-2020-13227
Not Defined	XSS	Sysax Multi Server scgi	۶.۱	CVE-2020-13228
Not Defined	Weak Authentication	Sysax Multi Server scgi	۸.۸	CVE-2020-13229
Not Defined	Privilege Escalation	systemd Incomplete Fix CVE-2017-1000082	۹.۸	CVE-2020-13776
Official Fix	Memory Corruption	UPX Unpack p_lx_elf.cpp	۵.۵	CVE-2019-20805
Official Fix	DoS	websocket-extensions Regex ReDoS	۷.۵	CVE-2020-7663
Official Fix	DoS	websocket-extensions Regex ReDoS	۷.۵	CVE-2020-7662
Not Defined	DoS	zephyrproject-rtos Bluetooth Subsystem	۵.۱	CVE-2020-10068
Not Defined	DoS	zephyrproject-rtos CoAP	۶.۸	CVE-2020-10063
Not Defined	Code Execution & Memory Corruption	zephyrproject-rtos MQTT	۹.۰	CVE-2020-10070
Not Defined	Memory Corruption	zephyrproject-rtos MQTT Off-By-One	۹.۰	CVE-2020-10062
Not Defined	Code Execution & Memory Corruption	zephyrproject-rtos MQTT Parser	۹.۰	CVE-2020-10071
Not Defined	Memory Corruption	zephyrproject-rtos Zephyr Bluetooth	۸.۱	CVE-2020-10061
Official Fix	DoS	ZNC NULL Pointer Dereference	۷.۵	CVE-2020-13775
Not Defined	Directory Traversal	Zoho ManageEngine OpManager cachestart	۷.۵	CVE-2020-13818
Not Defined	Privilege Escalation	ZTE F680 Access Control	۶.۵	CVE-2020-6868

سطح خطر بیش از ۳۸% آسیب‌پذیری‌های هفته، «پرخطر» و «حیاتی» برآورد شده است که بسیار قابل‌توجّه است.

خوشبختانه برای ۶۵% آسیب‌پذیری‌‌های هفته، به‌روزرسانی‌ها و یا وصله‌هایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده از آسیب‌پذیری‌ها بهتر است سریعاً اعمال شوند.

همچنین با ۷۸ مورد، اکثر آسیب‌پذیری‌های هفته (۲۴%) از نوع «ارتقا امتیاز» بودند.

خدمات آپا

سایر آسیب پذیری ها

آسیب‌پذیری‌های حیاتی هفته سوم خرداد‌ماه