info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته چهارم خرداد‌ماه

 

مایکروسافت سه‌شنبه به‌روز‌رسانی‌های خود را عرضه نمود؛ این به‌روز‌رسانی‌ها آسیب‌پذیری‌های ویندوز و دیگر محصولات مایکروسافت را برطرف می‌سازد. همچنین در سیستم‌عامل محبوب Google Android،  نیز چندین آسیب‌پذیری حیاتی و پرخطر شناسایی و وصله‌هایی برای رفع آن ارائه شد. بعلاوه آسیب‌پذیری‌های بسیاری با سطوح خطر «بالا» و «حیاتی» در سایر محصولات محبوب و مهم IBM، Simens، Citrix، SQLite، D-Link، Zoom و ضدبدافزار McAfee شناسایی شده است.

لیست این آسیب‌پذیری‌ها به همراه لینک وصله‌ها و به‌روزرسانی‌های ارائه‌شده در جدول زیر آمده است.

رفع آسیب‌پذیری

نوع آسیب‌پذیری

محصول آسیب‌پذیر

امتیاز مبنا

شناسه آسیب‌پذیری

Not Defined

Privilege Escalation

Artica Pandora FMS Event Command

۸.۸

CVE-2020-13851

Not Defined

Privilege Escalation

Artica Pandora FMS File Manager File Upload

۷.۲

CVE-2020-13852

Not Defined

Privilege Escalation

Artica Pandora FMS File Repository Manager File Upload

۷.۲

CVE-2020-13855

Not Defined

XSS

Artica Pandora FMS Message Persistent

۵.۴

CVE-2020-13853

Not Defined

Privilege Escalation

Artica Pandora FMS

۹.۸

CVE-2020-13854

Not Defined

Privilege Escalation

Artica Pandora FMS Web Folder

۷.۵

CVE-2020-13850

Official Fix

CSRF

Bolt CMS cross site request forgery

۸.۶

CVE-2020-4040

Official Fix

XSS

Bolt CMS File Upload Stored

۷.۴

CVE-2020-4041

Not Defined

Weak Authentication

CipherMail Community Gateway Virtual Appliance Man-in-the-Middle

۳.۵

CVE-2020-12714

Not Defined

Privilege Escalation

CipherMail Community Gateway Web Interface

۸.۰

CVE-2020-12713

Official Fix

Privilege Escalation

Citrix Workspace App Privileges citrix.exe

۷.۸

CVE-2020-13884

Official Fix

Privilege Escalation

Citrix Workspace App Privileges webio.dll

۷.۸

CVE-2020-13885

Not Defined

Information Disclosure

Citrix XenApp 2FA User

۵.۳

CVE-2020-13998

Official Fix

Weak Authentication

Couchbase Server Java SDK Hostname Verification

۷.۵

CVE-2020-9040

Not Defined

CSRF

Couchbase Server REST API cross site request forgery

۸.۸

CVE-2020-9042

Not Defined

DoS

Couchbase Server/Couchbase Sync Gateway Slowloris

۷.۵

CVE-2020-9041

Official Fix

Weak Authentication

Crypt::Perl ECDSA Signature Validation

۵.۶

CVE-2020-13895

Not Defined

Privilege Escalation

Dell Client Consumer and Commercial Platform Management Interface

۷.۱

CVE-2020-5362

Not Defined

Privilege Escalation

Dell Client Consumer and Commercial Platform Management Interface

۸.۶

CVE-2020-5363

Not Defined

Privilege Escalation

D-Link DSL 2730-U/DIR-600M DNS Resolver

۷.۵

CVE-2020-13960

Official Fix

Privilege Escalation &

Code Execution

File Upload PHP

۹.۸

CVE-2020-12800

Official Fix

Privilege Escalation

FreeBSD USB

۵.۵

CVE-2020-7456

Not Defined

Weak Authentication

GeoVision Door Access Control Default Admin Password

۸.۸

CVE-2020-3928

Not Defined

Information Disclosure

GeoVision Door Access Control Log

۴.۰

CVE-2020-3930

Not Defined

Weak Encryption

GeoVision Door Access Control SSH/HTTPS Default Key

۵.۹

CVE-2020-3929

Not Defined

Privilege Escalation

GitLab Community Edition/Enterprise Edition API

۷.۵

CVE-2020-13270

Not Defined

XSS

GitLab Community Edition/Enterprise Edition Blobs API Stored

۶.۱

CVE-2020-13271

Not Defined

Information Disclosure

GitLab Community Edition/Enterprise Edition Object Storage Services

۵.۳

CVE-2020-13268

Not Defined

Privilege Escalation

GitLab Community Edition/Enterprise Edition Project Deploy Key

۴.۳

CVE-2020-13266

Not Defined

XSS

GitLab Community Edition/Enterprise Edition Static Site Editor Reflected

۶.۱

CVE-2020-13269

Not Defined

XSS

GitLab Community Edition/Enterprise Edition Stored

۶.۱

CVE-2020-13267

Official Fix

Privilege Escalation

Google Android AccountManager.java

۷.۸

CVE-2020-0209

Official Fix

Privilege Escalation

Google Android AccountManager.java

۷.۸

CVE-2020-0208

Official Fix

Privilege Escalation

Google Android AccountManager.java removeSharedAccountAsUser

۷.۸

CVE-2020-0210

Official Fix

Information Disclosure

Google Android AMPEG4ElementaryAssembler addPacket

۷.۵

CVE-2020-0128

Official Fix

Information Disclosure

Google Android AppOpsService.java updateUidProcState

۵.۵

CVE-2020-0121

Official Fix

Information Disclosure

Google Android AudioGroup.cpp decode

۴.۳

CVE-2020-0127

Official Fix

Information Disclosure

Google Android avb_vbmeta_image.c avb_vbmeta_image_verify

۴.۴

CVE-2020-0152

Official Fix

Information Disclosure

Google Android avb_vbmeta_image.c avb_vbmeta_image_verify

۴.۴

CVE-2020-0151

Official Fix

Information Disclosure

Google Android avdt_msg.cc avdt_msg_prs_rej

۷.۵

CVE-2020-0176

Official Fix

Information Disclosure

Google Android avrc_pars_tg.cc avrc_pars_browsing_cmd

۵.۵

CVE-2020-0185

Official Fix

Information Disclosure

Google Android BaseBlockCipher.java engineSetMode

۵.۵

CVE-2020-0187

Official Fix

Memory Corruption

Google Android Bluetooth Server aes_cmac.cc aes_cmac memory corruption

۹.۸

CVE-2020-0117

Official Fix

DoS

Google Android Bluetooth Service register_notification_packet.cc GetEvent

۴.۰

CVE-2020-0196

Official Fix

Privilege Escalation

Google Android BluetoothManagerService handleMessage

۵.۳

CVE-2020-0183

Official Fix

Memory Corruption

Google Android bluetoothtbd btif_rc.cc get_element_attr_rsp memory corruption

۷.۳

CVE-2020-0138

Official Fix

Memory Corruption

Google Android btm_ble_multi_adv.cc SetData memory corruption

۷.۸

CVE-2020-0129

Official Fix

Information Disclosure

Google Android btm_sec.cc btm_proc_sp_req_evt

۴.۴

CVE-2020-0144

Official Fix

Information Disclosure

Google Android btm_sec.cc btm_simple_pair_complete

۴.۴

CVE-2020-0145

Official Fix

Information Disclosure

Google Android btu_hcif.cc btu_hcif_esco_connection_chg_evt

۴.۴

CVE-2020-0147

Official Fix

Information Disclosure

Google Android btu_hcif.cc btu_hcif_hardware_error_evt

۴.۴

CVE-2020-0146

Official Fix

Information Disclosure

Google Android btu_hcif.cc btu_hcif_link_key_notification_evt

۴.۴

CVE-2020-0148

Official Fix

Information Disclosure

Google Android btu_hcif.cc btu_hcif_mode_change_evt

۴.۴

CVE-2020-0149

Official Fix

Information Disclosure

Google Android Camera3OutputUtils.cpp sendCaptureResult

۵.۵

CVE-2020-0113

Official Fix

Information Disclosure

Google Android CCodecBuffers.cpp realloc

۳.۷

CVE-2020-0141

Official Fix

Information Disclosure

Google Android ce_t4t.cc ce_t4t_process_select_file_cmd

۷.۵

CVE-2020-0214

Official Fix

Information Disclosure

Google Android ConfirmConnectActivity.java onCreate

۳.۳

CVE-2020-0215

Official Fix

Information Disclosure

Google Android convolve_neon.cc SumCompoundHorizontalTaps

۴.۳

CVE-2020-0211

Official Fix

Memory Corruption

Google Android DrmPlugin.cpp memory corruption

۸.۸

CVE-2020-0126

Official Fix

DoS

Google Android eas_imelody.c IMY_Event

۴.۳

CVE-2020-0170

Official Fix

DoS

Google Android eas_mdls.c Parse_art

۴.۳

CVE-2020-0172

Official Fix

DoS

Google Android eas_mdls.c Parse_lart

۴.۳

CVE-2020-0171

Official Fix

DoS

Google Android eas_mdls.c Parse_lins

۴.۳

CVE-2020-0173

Official Fix

DoS

Google Android eas_mdls.c Parse_ptbl

۴.۳

CVE-2020-0174

Official Fix

DoS

Google Android eas_rtttl.c RTTTL_Event

۴.۳

CVE-2020-0169

Official Fix

DoS

Google Android eas_xmf.c XMF_ReadNode

۴.۳

CVE-2020-0175

Not Defined

Information Disclosure

Google Android entropy_decoder.cc DaalaBitReader

۴.۳

CVE-2020-0205

Official Fix

DoS

Google Android exif-data.c exif_data_load_data_content

۵.۴

CVE-2020-0198

Official Fix

DoS

Google Android exif-data.c exif_data_load_data_thumbnail

۷.۵

CVE-2020-0181

Official Fix

Information Disclosure

Google Android exif-entry.c exif_entry_get_value

۵.۵

CVE-2020-0182

Official Fix

Privilege Escalation

Google Android GPS Location MockLocationAppPreferenceController.java

۵.۳

CVE-2020-0133

Official Fix

Memory Corruption

Google Android hal_fd.cc hal_fd_init memory corruption

۵.۳

CVE-2020-0186

Official Fix

Information Disclosure

Google Android IAAudioService.cpp onTransact

۵.۵

CVE-2020-0132

Official Fix

Memory Corruption

Google Android ideint_utils.c ideint_weave_blk memory corruption

۶.۳

CVE-2020-0190

Official Fix

Information Disclosure

Google Android IDrm.cpp onTransact

۵.۵

CVE-2020-0134

Official Fix

Information Disclosure

Google Android ih264d_dpb_mgr.c ih264d_update_default_index_list()‎

۶.۵

CVE-2020-0191

Official Fix

Information Disclosure

Google Android ih264d_thread_parse_decode.c ih264d_decode_slice_thread

۶.۵

CVE-2020-0192

Official Fix

Information Disclosure

Google Android ihevc_intra_pred_chroma_mode_3_to_9.s ihevc_intra_pred_chroma_mode_3_to_9_av8

۶.۵

CVE-2020-0193

Official Fix

DoS

Google Android ihevcd_decode.c ihevcd_decode()‎

۴.۳

CVE-2020-0189

Not Defined

Memory Corruption

Google Android ihevcd_fmt_conv_420sp_to_420sp.s hevcd_fmt_conv_420sp_to_420sp_av8 memory corruption

۶.۳

CVE-2020-0213

Official Fix

Information Disclosure

Google Android ihevcd_iquant_itrans_recon_ctb.c ihevcd_iquant_itrans_recon_ctb

۶.۵

CVE-2020-0195

Official Fix

Memory Corruption

Google Android ihevcd_parse_slice_header.c ihevcd_parse_slice_header memory corruption

۶.۳

CVE-2020-0194

Official Fix

DoS

Google Android ihevcd_ref_list.c ihevcd_ref_list()‎

۴.۳

CVE-2020-0184

Official Fix

Memory Corruption

Google Android impeg2_format_conv.c impeg2_fmt_conv_yuv420p_to_yuv420sp_uv memory corruption

۶.۳

CVE-2020-0168

Official Fix

Information Disclosure

Google Android InitDataParser.cpp parsePssh

۵.۵

CVE-2020-0197

Official Fix

Information Disclosure

Google Android InputBufferManager.cpp _onBufferDestroyed

۴.۳

CVE-2020-0212

Official Fix

Memory Corruption

Google Android InstalldNativeService.cpp markBootComplete memory corruption

۸.۸

CVE-2020-0124

Official Fix

Information Disclosure

Google Android jdmarker.c next_marker

۷.۸

CVE-2020-0207

Official Fix

Privilege Escalation

Google Android KeyguardSliceProvider.java onCreateSliceProvider

۶.۵

CVE-2020-0114

Official Fix

Information Disclosure

Google Android LocationAccessPolicy.java checkSystemLocationAccess

۵.۵

CVE-2020-0116

Official Fix

Memory Corruption

Google Android main.cpp main memory corruption

۵.۳

CVE-2020-0233

Official Fix

DoS

Google Android MPEG4Extractor.cpp parseChunk

۶.۵

CVE-2020-0161

Official Fix

Memory Corruption

Google Android MPEG4Extractor.cpp parseChunk memory corruption

۶.۳

CVE-2020-0131

Official Fix

DoS

Google Android MPEG4Extractor.cpp parseSampleAuxiliaryInformationOffsets

۶.۵

CVE-2020-0162

Official Fix

DoS

Google Android MPEG4Extractor.cpp parseSampleAuxiliaryInformationSizes

۶.۵

CVE-2020-0163

Official Fix

Directory Traversal

Google Android MtpServer.cpp doSendObjectInfo

۵.۳

CVE-2020-0179

Official Fix

Information Disclosure

Google Android nci_hrcv.cc nci_proc_core_rsp

۴.۴

CVE-2020-0154

Official Fix

Information Disclosure

Google Android nfa_dm_ndef.c nfa_dm_ndef_find_next_handler

۴.۴

CVE-2020-0143

Official Fix

Information Disclosure

Google Android nfa_hci_main.cc nfa_hci_conn_cback

۴.۹

CVE-2020-0157

Official Fix

Information Disclosure

Google Android NFC Tag ndef_utils.c NDEF_MsgValidate

۴.۴

CVE-2020-0139

Official Fix

Information Disclosure

Google Android nfc_ncif.cc nfc_ncif_proc_t3t_polling_ntf

۴.۴

CVE-2020-0158

Official Fix

Information Disclosure

Google Android NxpNfc.cpp ioctl

۵.۵

CVE-2020-0156

Official Fix

Information Disclosure

Google Android OpusHeader.cpp GetOpusHeaderBuffers()‎

۶.۵

CVE-2020-0180

Official Fix

Privilege Escalation

Google Android package.cpp InstallPackage

۵.۳

CVE-2020-0204

Official Fix

Privilege Escalation

Google Android PackageManagerService.java verifyIntentFiltersIfNeeded

۷.۸

CVE-2020-0115

Official Fix

Privilege Escalation

Google Android PanService.java connect()‎

۵.۵

CVE-2020-0177

Official Fix

Memory Corruption

Google Android Parcel.cpp memory corruption

۸.۸

CVE-2020-0136

Official Fix

Privilege Escalation

Google Android Permission Check MainActivity.java onStart

۵.۳

CVE-2020-0202

Official Fix

Privilege Escalation

Google Android Permission Check NetworkManagementService.java setIPv6AddrGenMode

۷.۸

CVE-2020-0137

Official Fix

Information Disclosure

Google Android Permission Check RollbackManagerServiceImpl.java dump

۴.۴

CVE-2020-0135

Official Fix

Information Disclosure

Google Android Permission Check SettingsProvider.cpp getAllConfigFlags

۵.۵

CVE-2020-0178

Official Fix

Memory Corruption

Google Android phNxpExtns_MifareStd.cpp phNciNfc_RecvMfResp memory corruption

۵.۳

CVE-2020-0216

Official Fix

Memory Corruption

Google Android phNxpNciHal_ext.cc phNxpNciHal_send_ese_hal_cmd memory corruption

۷.۸

CVE-2020-0155

Official Fix

Memory Corruption

Google Android phNxpNciHal_ext.cc phNxpNciHal_write_ext memory corruption

۶.۷

CVE-2020-0153

Official Fix

Information Disclosure

Google Android phNxpNciHal_NfcDepSWPrio.cc phNxpNciHal_NfcDep_cmd_ext

۴.۴

CVE-2020-0164

Official Fix

Memory Corruption

Google Android phNxpNciHal_NfcDepSWPrio.cc phNxpNciHal_NfcDep_cmd_ext memory corruption

۶.۷

CVE-2020-0165

Official Fix

Privilege Escalation

Google Android ProcessList.java freeIsolatedUidLocked

۵.۳

CVE-2020-0203

Official Fix

Information Disclosure

Google Android raw_bit_reader.cc ReadLittleEndian

۴.۳

CVE-2020-0200

Official Fix

Memory Corruption

Google Android RegionSamplingThread.cpp addListener memory corruption

۷.۸

CVE-2020-0118

Official Fix

Information Disclosure

Google Android ResourceTypes.cpp

۵.۵

CVE-2020-0167

Official Fix

Information Disclosure

Google Android rw_i93.c rw_i93_sm_detect_ndef

۷.۵

CVE-2020-0140

Official Fix

Information Disclosure

Google Android rw_i93.c rw_i93_sm_format

۷.۵

CVE-2020-0142

Official Fix

Information Disclosure

Google Android rw_mfc.cc rw_mfc_writeBlock

۵.۵

CVE-2020-0159

Official Fix

Memory Corruption

Google Android rw_t3t.cc rw_t3t_message_set_block_list memory corruption

۷.۸

CVE-2020-0150

Official Fix

Memory Corruption

Google Android rw_t4t.cc RW_T4tPresenceCheck memory corruption

۹.۸

CVE-2020-0217

Official Fix

DoS

Google Android SampleTable.cpp setSyncSampleParams

۸.۸

CVE-2020-0160

Official Fix

DoS

Google Android Settings App Crash

۳.۳

CVE-2020-0206

Official Fix

Privilege Escalation

Google Android SettingsSliceProvider.java onCreatePermissionRequest

۵.۳

CVE-2020-0188

Official Fix

Privilege Escalation

Google Android SliceDeepLinkSpringBoard.java onCreate

۷.۸

CVE-2020-0219

Official Fix

Memory Corruption

Google Android SoundTriggerHwService.cpp loadSoundModel memory corruption

۵.۳

CVE-2020-0218

Official Fix

Information Disclosure

Google Android TimeCheck.cpp threadLoop

۳.۳

CVE-2020-0199

Official Fix

Privilege Escalation

Google Android URI.java

۷.۸

CVE-2020-0166

Official Fix

Privilege Escalation

Google Android WifiConfigController.java showSecurityFields

۷.۳

CVE-2020-0201

Official Fix

Information Disclosure

Google Android WifiConfigManager.java addOrUpdateNetworkInternal

۳.۷

CVE-2020-0119

Not Defined

Information Disclosure

Google/Apple Exposure Notification API Rolling Proximity Identifier

۱۰.۰

CVE-2020-13702

Official Fix

XSS

graphql-playground-html renderPlaygroundPage()‎

۷.۴

CVE-2020-4038

Official Fix

DoS

Hashicorp Consul/Consul Enterprise Crash

۳.۵

CVE-2020-12758

Official Fix

DoS

Hashicorp Consul/Consul Enterprise HTTP API

۳.۵

CVE-2020-13250

Official Fix

Unknown Vulnerability

Hashicorp Consul/Consul Enterprise Legacy ACL Token Rule

۵.۵

CVE-2020-12797

Official Fix

Unknown Vulnerability

Hashicorp Consul/Consul Enterprise Local Token

۵.۵

CVE-2020-13170

Official Fix

Privilege Escalation

Hashicorp Vault/Vault Enterprise Access Control

۵.۵

CVE-2020-12757

Official Fix

Information Disclosure

Hashicorp Vault/Vault Enterprise Log File

۳.۵

CVE-2020-13223

Not Defined

Server-Side Request Forgery

HCL Digital Experience

۵.۵

CVE-2020-4101

Official Fix

Privilege Escalation

Huawei Mobile Phone Factory Reset Protection

۸.۰

CVE-2019-19412

Not Defined

Weak Authentication

Huawei Secospace USG9500

۹.۸

CVE-2020-9099

Official Fix

Memory Corruption

IBM Aspera HTTP Fallback Service memory corruption

۷.۵

CVE-2020-4435

Official Fix

Memory Corruption

IBM Aspera HTTP Fallback Service memory corruption

۷.۵

CVE-2020-4434

Official Fix

Memory Corruption

IBM Aspera memory corruption

۸.۸

CVE-2020-4436

Official Fix

command injection

IBM Aspera SOAP API

۷.۵

CVE-2020-4432

Official Fix

Memory Corruption

IBM Aspera Stack-based memory corruption

۸.۲

CVE-2020-4433

Official Fix

Server-Side Request Forgery

IBM Maximo Asset Management

۷.۴

CVE-2020-4529

Official Fix

Weak Authentication

IBM QRadar Network Packet Capture

۵.۹

CVE-2019-4576

Official Fix

XSS

IBM Workload Scheduler Web UI

۵.۴

CVE-2020-4380

Official Fix

Information Disclosure

Ignition 8 Gateway Deserialization

۳.۵

CVE-2020-12000

Official Fix

Information Disclosure

Ignition 8 Gateway Deserialization

۳.۵

CVE-2020-10644

Official Fix

Information Disclosure

Ignition 8 Gateway

۳.۵

CVE-2020-12004

Official Fix

Unknown Vulnerability

Ignition Page

۹.۸

CVE-2020-13909

Not Defined

Memory Corruption

ImageMagick string.c BlobToStringInfo memory corruption

۷.۱

CVE-2020-13902

Official Fix

DoS

Indy Node TAA Resource Exhaustion

۷.۵

CVE-2020-11090

Not Defined

Memory Corruption

IrfanView memory corruption

۵.۵

CVE-2020-13906

Not Defined

Memory Corruption

IrfanView memory corruption

۵.۵

CVE-2020-13905

Official Fix

SQL Injection

J2Store Plugin

۶.۳

CVE-2020-13996

Not Defined

Privilege Escalation

Jackson Deserialization

۵.۵

CVE-2020-5411

Not Defined

Information Disclosure

janus-gateway janus.c janus_process_incoming_request

۳.۵

CVE-2020-13899

Not Defined

Memory Corruption

janus-gateway sdp.c janus_sdp_merge memory corruption

۵.۵

CVE-2020-13901

Not Defined

DoS

janus-gateway sdp.c janus_sdp_preparse

۳.۵

CVE-2020-13900

Not Defined

DoS

janus-gateway sdp.c janus_sdp_process

۳.۵

CVE-2020-13898

Official Fix

Code Execution

Kata Containers

۳.۸

CVE-2020-2023

Official Fix

Code Execution

Kata Containers Container Creation

۷.۸

CVE-2020-2026

Official Fix

Privilege Escalation

Lenovo Installation Package DLL

۶.۷

CVE-2019-6173

Official Fix

Privilege Escalation

Lenovo Installation Package

۶.۷

CVE-2019-6196

Not Defined

Code Execution

Lenovo Notebook/ThinkStation SMI Callback

۶.۴

CVE-2020-8321

Not Defined

Code Execution

Lenovo Notebook/ThinkStation USB Driver

۶.۴

CVE-2020-8322

Not Defined

Privilege Escalation

Lenovo ThinkPad A275 BIOS

۶.۱

CVE-2020-8334

Not Defined

Privilege Escalation

Lenovo ThinkSystem BIOS Configuration

۶.۴

CVE-2020-8331

Official Fix

Privilege Escalation

LibreOffice Form

۶.۵

CVE-2020-12803

Official Fix

Information Disclosure

LibreOffice Stealth Mode

۵.۳

CVE-2020-12802

Official Fix

Information Disclosure

Liferay Portal/Liferay DXP DDMDataProvider API Password

۴.۳

CVE-2020-13444

Official Fix

Privilege Escalation

Liferay Portal/Liferay DXP Template API

۶.۳

CVE-2020-13445

Not Defined

Privilege Escalation

Linux Kernel DAX Huge Page

۵.۳

CVE-2020-10757

Not Defined

Memory Corruption

Linux Kernel keyboard.c k_ascii memory corruption

۵.۵

CVE-2020-13974

Official Fix

Privilege Escalation

LinuxTV xawtv v4l-conf.c dev_open()‎

۵.۳

CVE-2020-13696

Official Fix

Privilege Escalation

McAfee Agent DLL

۵.۹

CVE-2019-3613

Official Fix

Privilege Escalation

McAfee Intrusion Prevention System DLL Loader

۴.۶

CVE-2020-7279

Official Fix

Privilege Escalation

McAfee Total Protection Temp File

۷.۵

CVE-2019-3617

Official Fix

Privilege Escalation

McAfee Virus Scan Enterprise DAT Update

۷.۸

CVE-2020-7280

Official Fix

Privilege Escalation

McAfee VirusScan Enterprise Microsoft Windows Client McTray.exe

۶.۳

CVE-2019-3588

Official Fix

Privilege Escalation

McAfee VirusScan Enterprise Microsoft Windows Client McTray.exe

۷.۰

CVE-2019-3585

Official Fix

Memory Corruption

Microsoft Edge/ChakraCore Scripting Engine memory corruption

۸.۱

CVE-2020-1073

Official Fix

Memory Corruption

Microsoft Excel memory corruption

۶.۳

CVE-2020-1225

Official Fix

Memory Corruption

Microsoft Excel memory corruption

۶.۳

CVE-2020-1226

Official Fix

Memory Corruption

Microsoft Internet Explorer VBScript memory corruption

۵.۳

CVE-2020-1260

Official Fix

Memory Corruption

Microsoft Internet Explorer VBScript memory corruption

۶.۹

CVE-2020-1230

Official Fix

Memory Corruption

Microsoft Internet Explorer VBScript memory corruption

۷.۵

CVE-2020-1213

Official Fix

Memory Corruption

Microsoft Internet Explorer VBScript memory corruption

۷.۵

CVE-2020-1216

Official Fix

Memory Corruption

Microsoft Internet Explorer VBScript memory corruption

۷.۵

CVE-2020-1214

Official Fix

Memory Corruption

Microsoft Internet Explorer VBScript memory corruption

۷.۵

CVE-2020-1215

Official Fix

Memory Corruption

Microsoft Office memory corruption

۶.۳

CVE-2020-1321

Official Fix

Privilege Escalation

Microsoft Office Outlook

۴.۳

CVE-2020-1229

Official Fix

Information Disclosure

Microsoft Project Out-of-Bounds

۴.۳

CVE-2020-1322

Official Fix

Code Execution

Microsoft SharePoint Foundation ASP.Net Web Control Remote

۸.۸

CVE-2020-1181

Official Fix

XSS

Microsoft SharePoint Foundation

۵.۴

CVE-2020-1320

Official Fix

XSS

Microsoft SharePoint Foundation

۵.۴

CVE-2020-1177

Official Fix

XSS

Microsoft SharePoint Foundation

۵.۴

CVE-2020-1297

Official Fix

XSS

Microsoft SharePoint Foundation

۵.۴

CVE-2020-1298

Official Fix

XSS

Microsoft SharePoint Foundation

۵.۴

CVE-2020-1318

Official Fix

XSS

Microsoft SharePoint Foundation

۵.۴

CVE-2020-1183

Official Fix

XSS

Microsoft SharePoint Foundation

۵.۴

CVE-2020-1148

Official Fix

XSS

Microsoft SharePoint Foundation

۵.۴

CVE-2020-1289

Official Fix

Open Redirect

Microsoft SharePoint Foundation

۴.۳

CVE-2020-1323

Official Fix

Privilege Escalation

Microsoft SharePoint Foundation

۶.۳

CVE-2020-1295

Official Fix

Server-Side Request Forgery

Microsoft SharePoint Foundation

۸.۸

CVE-2020-1178

Official Fix

XSS

Microsoft System Center Operations Manager

۳.۵

CVE-2020-1331

Official Fix

Weak Encryption

Microsoft Visual Studio Code Live Share Extension Token

۳.۵

CVE-2020-1343

Official Fix

Privilege Escalation

Microsoft Windows Background Intelligent Transfer Service File Upload

۸.۸

CVE-2020-1255

Official Fix

Privilege Escalation

Microsoft Windows Backup Service

۷.۰

CVE-2020-1271

Official Fix

Memory Corruption

Microsoft Windows Bluetooth Service memory corruption

۶.۵

CVE-2020-1280

Official Fix

Privilege Escalation

Microsoft Windows CAB File

۶.۶

CVE-2020-1300

Official Fix

Privilege Escalation

Microsoft Windows COM

۶.۵

CVE-2020-1311

Official Fix

Memory Corruption

Microsoft Windows Connected Devices Platform Service memory corruption

۷.۰

CVE-2020-1211

Official Fix

DoS

Microsoft Windows Connected User Experiences and Telemetry Service

۵.۵

CVE-2020-1120

Official Fix

DoS

Microsoft Windows Connected User Experiences and Telemetry Service

۷.۱

CVE-2020-1244

Official Fix

DoS

Microsoft Windows Defender

۷.۸

CVE-2020-1170

Official Fix

DoS

Microsoft Windows Defender

۷.۸

CVE-2020-1163

Official Fix

DoS

Microsoft Windows

۶.۵

CVE-2020-1283

Official Fix

Information Disclosure

Microsoft Windows Diagnostics and Feedback Settings App

۴.۲

CVE-2020-1296

Official Fix

Privilege Escalation

Microsoft Windows Diagnostics Hub Standard Collector

۷.۸

CVE-2020-1257

Official Fix

Privilege Escalation

Microsoft Windows Diagnostics Hub Standard Collector

۷.۸

CVE-2020-1293

Official Fix

Memory Corruption

Microsoft Windows DirectX memory corruption

۶.۸

CVE-2020-1258

Official Fix

Information Disclosure

Microsoft Windows Error Reporting

۴.۹

CVE-2020-1261

Official Fix

Information Disclosure

Microsoft Windows Error Reporting

۴.۹

CVE-2020-1263

Official Fix

Privilege Escalation

Microsoft Windows Error Reporting Manager

۷.۸

CVE-2020-1197

Official Fix

Memory Corruption

Microsoft Windows Error Reporting memory corruption

۷.۰

CVE-2020-1234

Official Fix

Information Disclosure

Microsoft Windows GDI

۴.۹

CVE-2020-1348

Official Fix

Memory Corruption

Microsoft Windows GDI memory corruption

۷.۸

CVE-2020-0916

Official Fix

Memory Corruption

Microsoft Windows GDI memory corruption

۷.۸

CVE-2020-0915

Official Fix

Memory Corruption

Microsoft Windows GDI+ memory corruption

۸.۸

CVE-2020-1248

Official Fix

Information Disclosure

Microsoft Windows Graphics Component

۵.۵

CVE-2020-1160

Official Fix

Privilege Escalation

Microsoft Windows Group Policy

۶.۳

CVE-2020-1317

Official Fix

Privilege Escalation

Microsoft Windows Host Guardian Service

۵.۳

CVE-2020-1259

Official Fix

Memory Corruption

Microsoft Windows JET Database Engine memory corruption

۷.۰

CVE-2020-1208

Official Fix

Memory Corruption

Microsoft Windows JET Database Engine memory corruption

۷.۰

CVE-2020-1236

Official Fix

Memory Corruption

Microsoft Windows Kernel memory corruption

۷.۸

CVE-2020-1237

Official Fix

Memory Corruption

Microsoft Windows Kernel memory corruption

۷.۸

CVE-2020-1246

Official Fix

Memory Corruption

Microsoft Windows Kernel memory corruption

۸.۳

CVE-2020-1264

Official Fix

Memory Corruption

Microsoft Windows Kernel memory corruption

۸.۳

CVE-2020-1269

Official Fix

Memory Corruption

Microsoft Windows Kernel memory corruption

۸.۳

CVE-2020-1266

Official Fix

Memory Corruption

Microsoft Windows Kernel memory corruption

۸.۳

CVE-2020-1262

Official Fix

Memory Corruption

Microsoft Windows Kernel memory corruption

۸.۳

CVE-2020-1274

Official Fix

Memory Corruption

Microsoft Windows Kernel memory corruption

۸.۳

CVE-2020-1275

Official Fix

Memory Corruption

Microsoft Windows Kernel memory corruption

۸.۳

CVE-2020-1273

Official Fix

Memory Corruption

Microsoft Windows Kernel memory corruption

۸.۳

CVE-2020-1307

Official Fix

Memory Corruption

Microsoft Windows Kernel memory corruption

۸.۵

CVE-2020-0986

Official Fix

Privilege Escalation

Microsoft Windows Kernel

۸.۳

CVE-2020-1276

Official Fix

Privilege Escalation

Microsoft Windows Kernel

۸.۳

CVE-2020-1316

Official Fix

Privilege Escalation

Microsoft Windows LNK

۶.۵

CVE-2020-1299

Official Fix

Privilege Escalation

Microsoft Windows Lockscreen Command

۶.۵

CVE-2020-1279

Official Fix

Information Disclosure

Microsoft Windows Media Foundation

۵.۴

CVE-2020-1232

Official Fix

Memory Corruption

Microsoft Windows Media Foundation memory corruption

۸.۸

CVE-2020-1239

Official Fix

Memory Corruption

Microsoft Windows Media Foundation memory corruption

۸.۸

CVE-2020-1238

Official Fix

Privilege Escalation

Microsoft Windows Mobile Device Management

۵.۶

CVE-2020-1204

Official Fix

Privilege Escalation

Microsoft Windows Modules Installer Service

۷.۸

CVE-2020-1254

Official Fix

Memory Corruption

Microsoft Windows Network Connections Service memory corruption

۶.۱

CVE-2020-1291

Official Fix

Privilege Escalation

Microsoft Windows Network List Service

۵.۷

CVE-2020-1209

Official Fix

Privilege Escalation

Microsoft Windows OLE Automation

۷.۰

CVE-2020-1212

Official Fix

Privilege Escalation

Microsoft Windows OLE

۷.۰

CVE-2020-1281

Official Fix

Privilege Escalation

Microsoft Windows OpenSSH

۷.۱

CVE-2020-1292

Official Fix

Memory Corruption

Microsoft Windows printconfig.dll memory corruption

۶.۱

CVE-2020-1196

Official Fix

DoS

Microsoft Windows Registry

۵.۵

CVE-2020-1194

Official Fix

Privilege Escalation

Microsoft Windows Security Feature

۵.۳

CVE-2020-1241

Official Fix

Memory Corruption

Microsoft Windows Security Health Service memory corruption

۷.۰

CVE-2020-1162

Official Fix

Memory Corruption

Microsoft Windows Security Health Service memory corruption

۷.۰

CVE-2020-1324

Official Fix

Memory Corruption

Microsoft Windows Session Manager memory corruption

۷.۰

CVE-2020-1201

Official Fix

Privilege Escalation

Microsoft Windows SMBv1

۷.۵

CVE-2020-1301

Official Fix

DoS

Microsoft Windows SMBv3

۶.۵

CVE-2020-1284

Official Fix

Information Disclosure

Microsoft Windows SMBv3

۷.۵

CVE-2020-1206

Official Fix

Memory Corruption

Microsoft Windows State Repository Service memory corruption

۷.۰

CVE-2020-1305

Official Fix

Memory Corruption

Microsoft Windows Store Runtime memory corruption

۷.۰

CVE-2020-1309

Official Fix

Privilege Escalation

Microsoft Windows Store Runtime

۷.۰

CVE-2020-1222

Official Fix

Privilege Escalation

Microsoft Windows Text Service Framework

۶.۶

CVE-2020-1314

Official Fix

Privilege Escalation

Microsoft Windows Update Orchestrator Service

۶.۳

CVE-2020-1313

Official Fix

Memory Corruption

Microsoft Windows WalletService memory corruption

۶.۵

CVE-2020-1287

Official Fix

Memory Corruption

Microsoft Windows WalletService memory corruption

۶.۵

CVE-2020-1294

Official Fix

Information Disclosure

Microsoft Windows Win32k

۴.۹

CVE-2020-1290

Official Fix

Memory Corruption

Microsoft Windows Win32k memory corruption

۶.۸

CVE-2020-1310

Official Fix

Memory Corruption

Microsoft Windows Win32k memory corruption

۶.۸

CVE-2020-1253

Official Fix

Memory Corruption

Microsoft Windows Win32k memory corruption

۶.۸

CVE-2020-1251

Official Fix

Memory Corruption

Microsoft Windows Win32k memory corruption

۶.۸

CVE-2020-1207

Official Fix

Memory Corruption

Microsoft Windows Win32k memory corruption

۷.۹

CVE-2020-1247

Official Fix

Privilege Escalation

Microsoft Windows Windows Installer

۶.۳

CVE-2020-1312

Official Fix

Privilege Escalation

Microsoft Windows Windows Installer

۷.۰

CVE-2020-1277

Official Fix

Privilege Escalation

Microsoft Windows Windows Installer

۷.۰

CVE-2020-1302

Official Fix

Privilege Escalation

Microsoft Windows Windows Installer

۸.۳

CVE-2020-1272

Official Fix

Memory Corruption

Microsoft Windows Windows Runtime memory corruption

۶.۶

CVE-2020-1217

Official Fix

Memory Corruption

Microsoft Windows Windows Runtime memory corruption

۷.۰

CVE-2020-1265

Official Fix

Memory Corruption

Microsoft Windows Windows Runtime memory corruption

۷.۰

CVE-2020-1282

Official Fix

Memory Corruption

Microsoft Windows Windows Runtime memory corruption

۷.۰

CVE-2020-1231

Official Fix

Memory Corruption

Microsoft Windows Windows Runtime memory corruption

۷.۰

CVE-2020-1233

Official Fix

Memory Corruption

Microsoft Windows Windows Runtime memory corruption

۷.۰

CVE-2020-1306

Official Fix

Memory Corruption

Microsoft Windows Windows Runtime memory corruption

۷.۸

CVE-2020-1235

Official Fix

Privilege Escalation

Microsoft Windows Windows Runtime

۷.۰

CVE-2020-1304

Official Fix

Privilege Escalation

Microsoft Windows Windows Runtime

۷.۰

CVE-2020-1334

Official Fix

Information Disclosure

Microsoft Windows Windows Service

۴.۹

CVE-2020-1268

Official Fix

Privilege Escalation

Microsoft Windows Windows Shell

۷.۰

CVE-2020-1286

Official Fix

Memory Corruption

Microsoft Windows WLAN Service wlansvc.dll memory corruption

۶.۵

CVE-2020-1270

Not Defined

Privilege Escalation

Mids Reborn Hero Designer

۵.۵

CVE-2020-11613

Not Defined

Weak Encryption

Mids Reborn Hero Designer Update Man-in-the-Middle

۳.۷

CVE-2020-11614

Official Fix

Privilege Escalation

Nextcloud Talk Code Injection

۹.۹

CVE-2020-8180

Official Fix

Weak Authentication

Node.js Certificate Verification TLS

۷.۴

CVE-2020-8172

Not Defined

Code Execution

node-extend extend.js eval

۵.۵

CVE-2020-7673

Not Defined

Unknown Vulnerability

Open Connectivity Foundation UPnP Specification Subscription Request

۵.۵

CVE-2020-12695

Not Defined

XSS

OpenCart Incomplete Fix CVE-2020-10596

۴.۸

CVE-2020-13980

Not Defined

Privilege Escalation

OpenSearch Web Browser Scheme

۵.۵

CVE-2020-8954

Official Fix

Information Disclosure

openstack-cinder API Endpoint Credentials

۶.۵

CVE-2020-10755

Official Fix

Weak Encryption

Palo Alto GlobalProtect App Pre-Login Man-in-the-Middle

۵.۳

CVE-2020-2033

Official Fix

Privilege Escalation

Palo Alto GlobalProtect App

۷.۰

CVE-2020-2032

Official Fix

Memory Corruption

Palo Alto PAN-OS Management Server memory corruption

۷.۲

CVE-2020-2027

Official Fix

Privilege Escalation &

Command Injection

Palo Alto PAN-OS Management Server OS

۷.۲

CVE-2020-2028

Official Fix

Privilege Escalation &

Command Injection

Palo Alto PAN-OS Web Management Interface OS

۷.۲

CVE-2020-2029

Official Fix

Privilege Escalation

PHPMailer

۷.۵

CVE-2020-13625

Official Fix

Privilege Escalation

phpMussel PHP phar Wrapper Deserialization

۷.۷

CVE-2020-4043

Not Defined

Privilege Escalation

Pydio Cells Enterprise OVF Permission

۵.۳

CVE-2020-12850

Official Fix

DoS

QEMU NBD Server

۵.۰

CVE-2020-10761

Not Defined

Weak Authentication

Realtek ADSL PON Modem SoC SDK Default Credentials

۹.۶

CVE-2020-12773

Not Defined

Server-Side Request Forgery

Redash open-source JSON

۵.۵

CVE-2020-12725

Not Defined

Memory Corruption

rejetto HFS Virtual File memory corruption

۶.۳

CVE-2020-13432

Official Fix

Weak Authentication

Royal TS Tunnel Authentication

۸.۸

CVE-2020-13872

Not Defined

Information Disclosure

SAP Business Intelligence Platform

۴.۳

CVE-2020-6269

Not Defined

Information Disclosure

SAP Business One Backup Service

۴.۴

CVE-2020-6239

Not Defined

Privilege Escalation

SAP Commerce Default Admin Password

۹.۸

CVE-2020-6265

Not Defined

Information Disclosure

SAP Commerce

۸.۶

CVE-2020-6264

Not Defined

Privilege Escalation

SAP ERP

۵.۹

CVE-2020-6268

Not Defined

Open Redirect

SAP Fiori for SAP S-4HANA

۶.۰

CVE-2020-6266

Not Defined

Privilege Escalation

SAP NetWeaver AS ABAP Banking Services

۶.۴

CVE-2020-6270

Not Defined

XSS

SAP NetWeaver AS ABAP Business Server Pages Test Application Reflected

۶.۱

CVE-2020-6246

Not Defined

Server-Side Request Forgery

SAP NetWeaver AS ABAP Import/Export

۷.۶

CVE-2020-6275

Not Defined

Weak Authentication

SAP NetWeaver AS JAVA

۶.۹

CVE-2020-6263

Not Defined

DoS

SAP Solution Manager Problem Context Manager Crash

۸.۲

CVE-2020-6271

Not Defined

Privilege Escalation

SAP Solution Manager Trace Analysis XML

۶.۹

CVE-2020-6260

Not Defined

Privilege Escalation

SAP SuccessFactors Recruiting OData API

۸.۱

CVE-2020-6279

Official Fix

Privilege Escalation

Siemens LOGO!‎8 BM Service Port 135

۶.۳

CVE-2020-7589

Official Fix

Privilege Escalation

Siemens SIMATIC PCS 7 DLL

۵.۳

CVE-2020-7585

Official Fix

Memory Corruption

Siemens SIMATIC PCS 7 memory corruption

۵.۳

CVE-2020-7586

Official Fix

Privilege Escalation

Siemens SIMATIC/SINAMICS/SINEC/SINEMA/SINUMERIK

۸.۰

CVE-2020-7580

Official Fix

Privilege Escalation

Solarwinds Advanced Monitoring Agent

۷.۳

CVE-2020-13912

Official Fix

XSS

SportsPress Plugin

۵.۴

CVE-2020-13892

Not Defined

Memory Corruption

SQLite Parse Tree select.c resetAccumulator memory corruption

۷.۵

CVE-2020-13871

Not Defined

Information Disclosure

SSB-DB get()‎

۷.۵

CVE-2020-4045

Official Fix

Privilege Escalation

Synaptics Smart Audio UWP App Unquoted Search Path

۵.۵

CVE-2020-8337

Not Defined

Code Execution

ThinkPad Notebook/ThinkPad/ThinkStation SD Driver

۶.۴

CVE-2020-8323

Not Defined

Privilege Escalation

ThinkPad Product BIOS Image

۶.۴

CVE-2020-8320

Not Defined

Privilege Escalation

ThinkPad Product CSME Anti-Rollback ARB Protection

۶.۴

CVE-2020-8336

Not Defined

Privilege Escalation

TIBCO Managed File Transfer Command

۱۰.۰

CVE-2020-9412

Not Defined

Privilege Escalation

TIBCO Managed File Transfer

۱۰.۰

CVE-2020-9411

Official Fix

DoS

Undertow Header Memory Exhaustion

۳.۵

CVE-2020-10705

Not Defined

Memory Corruption

VideoLAN VLC Media Player H.‎264 Annex-B Video hxxx_nal.c hxxx_AnnexB_to_xVC memory corruption

۷.۸

CVE-2020-13428

Not Defined

Code Execution

WAGO PFC 200 Web-based Management

۵.۵

CVE-2020-6090

Official Fix

Privilege Escalation

WhiteSource Application Vulnerability Management Log login

۷.۵

CVE-2020-5304

Official Fix

XSS

ZenPhoto

۴.۳

CVE-2020-5592

Official Fix

Privilege Escalation

ZenPhoto PHP

۵.۵

CVE-2020-5593

Official Fix

Privilege Escalation

Zoho ManageEngine ServiceDesk Plus

۷.۳

CVE-2020-14048

Not Defined

Directory Traversal

Zoom Client Message

۹.۸

CVE-2020-6109

Not Defined

Code Execution

Zoom Client Shared Code Snippet

۸.۸

CVE-2020-6110

 

سطح خطر حدود ۳۴% آسیب‌پذیری‌های هفته، «پرخطر» و «حیاتی» برآورد شده است که بسیار قابل‌توجّه است.

 

خوشبختانه برای ۷۹% آسیب‌پذیری‌‌های هفته، به‌روزرسانی‌ها و یا وصله‌هایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده از آسیب‌پذیری‌ها بهتر است سریعاً اعمال شوند.

 

همچنین با ۱۰۷ مورد، اکثر آسیب‌پذیری‌های هفته (۲۹%) از نوع «ارتقا امتیاز» بودند.