آسیبپذیریهای حیاتی هفته چهارم تیرماه
این هفته چندین آسیبپذیری در یکی از مهمترین محصولات شرکت Adobe یعنی َAdobe Acrobatگزارش شد. همچنین در مرورگر محبوب موزیلا فایرفاکس چندین آسیبپذیری خطرناک شناسایی شد. بیشتر آن که محصولات شرکتهای IBM، NVIDIA، McAfee، Huawei، Dell، سامسونگ و ... چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت که وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شده است.
لیست این آسیبپذیریها به همراه لینک وصلهها و بهروزرسانیهای ارائهشده در جدول زیر آمده است.
رفع آسیبپذیری |
ارزش روز صفر |
نوع آسیبپذیری |
محصول آسیبپذیر |
امتیاز مبنا |
شناسه آسیبپذیری |
$۲۵k-$50k |
Memory Corruption |
Adobe Acrobat Reader Heap-based |
۶.۳ |
CVE-2019-8066 |
|
$۱۰k-$25k |
Information Disclosure |
Adobe Acrobat Reader Type Confusion |
۴.۳ |
CVE-2019-8252 |
|
$۲۵k-$50k |
Memory Corruption |
Adobe Acrobat Reader Type Confusion |
۶.۳ |
CVE-2019-8251 |
|
$۲۵k-$50k |
Memory Corruption |
Adobe Acrobat Reader Type Confusion |
۶.۳ |
CVE-2019-8250 |
|
$۲۵k-$50k |
Memory Corruption |
Adobe Acrobat Reader Type Confusion |
۶.۳ |
CVE-2019-8249 |
|
$۱۰k-$25k |
Privilege Escalation |
Apache Tomcat Camel Templating Injection |
۵.۵ |
CVE-2020-11994 |
|
$۰-$۱k |
Weak Encryption |
Atlassian Bitbucket Server Man-in-the-Middle |
۳.۷ |
CVE-2020-14171 |
|
$۲k-$5k |
Server-Side Request Forgery |
Atlassian Bitbucket Server Webhooks |
۶.۳ |
CVE-2020-14170 |
|
$۲k-$5k |
Privilege Escalation |
Atlassian JIRA Server/Data Center DLL |
۷.۸ |
CVE-2019-20419 |
|
$۱k-$2k |
XSS |
Atlassian JIRA Server/Data Center File Upload |
۵.۴ |
CVE-2020-14173 |
|
$۲k-$5k |
Privilege Escalation |
Atlassian JIRA Server/Data Center Web Resources Manager Injection |
۹.۸ |
CVE-2020-14172 |
|
$۰-$۱k |
DoS |
Atlassian JIRA Server/Data Center wiki |
۶.۵ |
CVE-2019-20418 |
|
$۰-$۱k |
DoS |
ChangXiang 8 Plus Base Station |
۳.۵ |
CVE-2020-1837 |
|
Not Defined |
$۱k-$2k |
Code Execution |
Code42 Email Invite |
۵.۳ |
CVE-2020-12736 |
Not Defined |
$۲k-$5k |
SQL Injection |
DataTables Records.php |
۹.۸ |
CVE-2020-8521 |
Not Defined |
$۲k-$5k |
SQL Injection |
DataTables Records.php |
۹.۸ |
CVE-2020-8520 |
Not Defined |
$۲k-$5k |
SQL Injection |
DataTables Records.php |
۹.۸ |
CVE-2020-8519 |
Not Defined |
$۱۰k-$25k |
Command Injection Privilege Escalation |
Dell EMC Data Protection Advisor OS |
۸.۸ |
CVE-2020-5352 |
Not Defined |
$۵k-$10k |
Information Disclosure |
Dell EMC EMC VxRail |
۹.۸ |
CVE-2020-5368 |
$۱۰k-$25k |
Directory Traversal |
Dell EMC iDRAC9 |
۷.۱ |
CVE-2020-5366 |
|
Not Defined |
$۱۰k-$25k |
Privilege Escalation |
Dell EMC Isilon OneFS/EMC PowerScale File Permission |
۸.۰ |
CVE-2020-5371 |
$۵k-$10k |
DoS |
Dell EMC PowerStore Test Interface |
۸.۶ |
CVE-2020-5372 |
|
$۱۰k-$25k |
Privilege Escalation |
Dell PowerProtect Data Manager/PowerProtect X400 |
۷.۷ |
CVE-2020-5356 |
|
Workaround |
$۱۰k-$25k |
Privilege Escalation |
D-Link DIR-610 command.php |
۵.۵ |
CVE-2020-9377 |
Not Defined |
$۵k-$10k |
Information Disclosure |
D-Link DIR-610 getcfg.php |
۳.۵ |
CVE-2020-9376 |
Not Defined |
$۱k-$2k |
Information Disclosure |
Eclipse Jetty Long Request Memory |
۳.۷ |
CVE-2019-17638 |
$۲k-$5k |
Privilege Escalation |
Electron Context Isolation |
۶.۸ |
CVE-2020-15096 |
|
$۱k-$2k |
Information Disclosure |
Electron event.preventDefault() |
۶.۸ |
CVE-2020-4075 |
|
$۱k-$2k |
Privilege Escalation |
Electron Isolation |
۷.۸ |
CVE-2020-4076 |
|
$۲k-$5k |
Privilege Escalation |
Electron Isolation |
۷.۷ |
CVE-2020-4077 |
|
$۱۰k-$25k |
Privilege Escalation |
FreeBSD |
۵.۵ |
CVE-2020-7458 |
|
$۱۰k-$25k |
Code Execution Memory Corruption |
FreeBSD Synchronization |
۵.۵ |
CVE-2020-7457 |
|
Not Defined |
$۲k-$5k |
Memory Corruption |
GeoVision Door Access Control Command |
۹.۸ |
CVE-2020-3931 |
Not Defined |
$۱k-$2k |
Privilege Escalation |
GOG Galaxy File Permission |
۷.۸ |
CVE-2020-15529 |
Not Defined |
$۱k-$2k |
Privilege Escalation |
GOG Galaxy File Permission |
۷.۸ |
CVE-2020-15528 |
$۲k-$5k |
Privilege Escalation |
google-oauth-java-client PKCE |
۷.۴ |
CVE-2020-7692 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
HCL AppScan Enterprise API Documentation Clickjacking |
۵.۵ |
CVE-2019-4323 |
Not Defined |
$۰-$۱k |
XSS |
HCL AppScan Enterprise Test Policy Import |
۳.۵ |
CVE-2019-4324 |
$۲k-$5k |
SQL Injection |
Hibernate ORM JPA Criteria API |
۶.۳ |
CVE-2019-14900 |
|
Not Defined |
$۵k-$10k |
XSS |
HPE IceWall SSO Dfw/IceWall SSO Dgfw |
۴.۳ |
CVE-2020-7140 |
$۱۰k-$25k |
Code Execution |
Huawei Mate 30 |
۶.۳ |
CVE-2020-1839 |
|
$۰-$۱k |
Weak Authentication |
Huawei Mate 30 Pro |
۵.۵ |
CVE-2020-1838 |
|
$۱۰k-$25k |
Code Execution |
Huawei Mate 30 Remote |
۷.۸ |
CVE-2020-9261 |
|
$۱۰k-$25k |
Memory Corruption |
Huawei Mate 30 Use-After-Free |
۷.۸ |
CVE-2020-9262 |
|
$۱۰k-$25k |
Weak Authentication |
Huawei P30 Signature Validation |
۵.۵ |
CVE-2020-9226 |
|
$۵k-$10k |
Information Disclosure |
Huawei P30/P30 Pro WiFi |
۵.۳ |
CVE-2020-1836 |
|
Not Defined |
$۱۰k-$25k |
Memory Corruption |
Huawei Products SIP Module |
۶.۳ |
CVE-2019-19417 |
Not Defined |
$۱۰k-$25k |
Memory Corruption |
Huawei Products SIP Module |
۶.۳ |
CVE-2019-19416 |
Not Defined |
$۱۰k-$25k |
Memory Corruption |
Huawei Products SIP Module |
۶.۳ |
CVE-2019-19415 |
$۵k-$10k |
Information Disclosure |
IBM Guardium Activity Insights |
۳.۱ |
CVE-2020-4173 |
|
$۱۰k-$25k |
Privilege Escalation |
IBM InfoSphere Information Server Deserialization |
۸.۱ |
CVE-2020-4305 |
|
Not Defined |
$۱k-$2k |
XSS |
kingcomposer Plugin Reflected |
۴.۳ |
CVE-2020-15299 |
Not Defined |
$۱k-$2k |
Weak Authentication |
MAVLink |
۹.۸ |
CVE-2020-10282 |
Not Defined |
$۰-$۱k |
Weak Encryption |
MAVLink |
۷.۵ |
CVE-2020-10281 |
$۲k-$5k |
Information Disclosure |
McAfee Network Security Management Command Line Interface |
۸.۶ |
CVE-2020-7284 |
|
$۵k-$10k |
Privilege Escalation |
McAfee Total Protection Symbolic Link |
۷.۵ |
CVE-2020-7283 |
|
$۵k-$10k |
Privilege Escalation |
McAfee Total Protection Symbolic Link |
۷.۵ |
CVE-2020-7282 |
|
$۵k-$10k |
Privilege Escalation |
McAfee Total Protection Symbolic Link |
۷.۵ |
CVE-2020-7281 |
|
Not Defined |
$۲k-$5k |
Command Injection |
Mitsubishi Electric GOT2000 TCP/IP |
۶.۳ |
CVE-2020-5599 |
Not Defined |
$۲k-$5k |
Memory Corruption |
Mitsubishi Electric GOT2000 TCP/IP |
۶.۳ |
CVE-2020-5595 |
Not Defined |
$۲k-$5k |
Memory Corruption |
Mitsubishi Electric GOT2000 TCP/IP NULL Pointer Dereference |
۶.۳ |
CVE-2020-5597 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Mitsubishi Electric GOT2000 TCP/IP |
۶.۳ |
CVE-2020-5600 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Mitsubishi Electric GOT2000 TCP/IP |
۶.۳ |
CVE-2020-5598 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Mitsubishi Electric GOT2000 TCP/IP |
۶.۳ |
CVE-2020-5596 |
$۱k-$2k |
Information Disclosure |
MobileIron Core/Connector |
۷.۵ |
CVE-2020-15507 |
|
$۲k-$5k |
Privilege Escalation |
MobileIron Core/Connector |
۹.۸ |
CVE-2020-15505 |
|
$۱k-$2k |
Weak Authentication |
MobileIron Core/Connector |
۹.۸ |
CVE-2020-15506 |
|
Not Defined |
$۲k-$5k |
Code Execution |
Mods for HESK Access Control |
۶.۳ |
CVE-2020-13994 |
Not Defined |
$۰-$۱k |
XSS |
Mods for HESK Stored |
۶.۱ |
CVE-2020-13992 |
Not Defined |
$۲k-$5k |
SQL Injection |
Mods for HESK Time-Based |
۷.۳ |
CVE-2020-13993 |
$۲۵k-$50k |
Privilege Escalation |
Mozilla Firefox Address Bar |
۵.۵ |
CVE-2020-12408 |
|
$۵۰k-$100k |
Unknown Vulnerability |
Mozilla Firefox AppCache unknown vulnerability |
۵.۵ |
CVE-2020-12415 |
|
$۱۰k-$25k |
Information Disclosure |
Mozilla Firefox Date.parse() |
۴.۳ |
CVE-2020-12425 |
|
$۱۰k-$25k |
Spoofing |
Mozilla Firefox History API |
۴.۳ |
CVE-2020-12412 |
|
$۲۵k-$50k |
Memory Corruption |
Mozilla Firefox |
۶.۳ |
CVE-2020-12426 |
|
$۲۵k-$50k |
Memory Corruption |
Mozilla Firefox |
۶.۳ |
CVE-2020-12411 |
|
$۱۰k-$25k |
Information Disclosure |
Mozilla Firefox Native-to-JS Bridging |
۳.۵ |
CVE-2020-12404 |
|
$۲۵k-$50k |
Memory Corruption |
Mozilla Firefox Out-of-Bounds |
۶.۳ |
CVE-2020-12422 |
|
$۵k-$10k |
Information Disclosure |
Mozilla Firefox Private Browsing |
۳.۳ |
CVE-2020-12414 |
|
$۱۰k-$25k |
Information Disclosure |
Mozilla Firefox RSA Key Generation Side-Channel |
۳.۷ |
CVE-2020-12402 |
|
$۱۰k-$25k |
Spoofing |
Mozilla Firefox URL |
۴.۳ |
CVE-2020-12409 |
|
$۲۵k-$50k |
Memory Corruption |
Mozilla Firefox VideoStreamEncoder AddOrUpdateSink |
۶.۳ |
CVE-2020-12416 |
|
$۲۵k-$50k |
Code Execution |
Mozilla Firefox webauthn.dll |
۵.۵ |
CVE-2020-12423 |
|
$۵k-$10k |
Information Disclosure |
Mozilla Firefox WebRender |
۳.۳ |
CVE-2020-12407 |
|
$۲۵k-$50k |
Privilege Escalation |
Mozilla Firefox WebRTC |
۵.۵ |
CVE-2020-12424 |
|
$۲۵k-$50k |
Privilege Escalation |
Mozilla Firefox/Firefox ESR/Thunderbird Addon Update |
۵.۶ |
CVE-2020-12421 |
|
$۲۵k-$50k |
Memory Corruption |
Mozilla Firefox/Firefox ESR/Thunderbird Callback Use-After-Free |
۶.۳ |
CVE-2020-12419 |
|
$۲۵k-$50k |
Memory Corruption |
Mozilla Firefox/Firefox ESR/Thunderbird |
۶.۳ |
CVE-2020-12410 |
|
$۲۵k-$50k |
Memory Corruption |
Mozilla Firefox/Firefox ESR/Thunderbird |
۶.۳ |
CVE-2020-12406 |
|
$۱۰k-$25k |
Information Disclosure |
Mozilla Firefox/Firefox ESR/Thunderbird NSS Timing |
۳.۷ |
CVE-2020-12399 |
|
$۱۰k-$25k |
DoS |
Mozilla Firefox/Firefox ESR/Thunderbird SharedWorkerService Crash |
۴.۳ |
CVE-2020-12405 |
|
$۲۵k-$50k |
Memory Corruption |
Mozilla Firefox/Firefox ESR/Thunderbird STUN Server Use-After-Free |
۵.۵ |
CVE-2020-12420 |
|
$۲۵k-$50k |
Memory Corruption |
Mozilla Firefox/Firefox ESR/Thunderbird URL Out-of-Bounds |
۶.۳ |
CVE-2020-12418 |
|
$۲۵k-$50k |
Memory Corruption |
Mozilla Firefox/Firefox ESR/Thunderbird ValueTags |
۶.۳ |
CVE-2020-12417 |
|
$۱۰k-$25k |
Weak Encryption |
Mozilla Thunderbird STARTTLS |
۳.۷ |
CVE-2020-12398 |
|
Not Defined |
$۰-$۱k |
XSS |
MrRio jsPDF Filter |
۶.۳ |
CVE-2020-7691 |
Not Defined |
$۰-$۱k |
XSS |
MrRio jsPDF html |
۶.۳ |
CVE-2020-7690 |
$۱k-$2k |
Directory Traversal Code Execution |
MX Player App MX Transfer |
۴.۹ |
CVE-2020-5764 |
|
$۰-$۱k |
XSS |
NeDi Assets-Management.php |
۵.۴ |
CVE-2020-15031 |
|
$۰-$۱k |
XSS |
NeDi Assets-Management.php |
۵.۴ |
CVE-2020-15029 |
|
$۰-$۱k |
XSS |
NeDi Monitoring-Incidents.php |
۵.۴ |
CVE-2020-15032 |
|
$۰-$۱k |
XSS |
NeDi Monitoring-Map.php |
۵.۴ |
CVE-2020-15035 |
|
$۰-$۱k |
XSS |
NeDi Monitoring-Setup.php |
۵.۴ |
CVE-2020-15034 |
|
$۰-$۱k |
XSS |
NeDi Reports-Devices.php |
۵.۴ |
CVE-2020-15037 |
|
$۰-$۱k |
XSS |
NeDi snmpget.php |
۵.۴ |
CVE-2020-15033 |
|
$۰-$۱k |
XSS |
NeDi Topology-Linked.php |
۵.۴ |
CVE-2020-15036 |
|
$۰-$۱k |
XSS |
NeDi Topology-Map.php |
۵.۴ |
CVE-2020-15028 |
|
$۰-$۱k |
XSS |
NeDi Topology-Routes.php |
۵.۴ |
CVE-2020-15030 |
|
$۲k-$5k |
Privilege Escalation |
NVIDIA JetPack SDK Installation Script |
۵.۵ |
CVE-2020-5974 |
|
$۰-$۱k |
DoS |
Palo Alto PAN-OS dnsproxyd Integer Underflow |
۴.۹ |
CVE-2020-2031 |
|
$۲k-$5k |
Command Injection Privilege Escalation |
Palo Alto PAN-OS GlobalProtect Portal OS |
۸.۱ |
CVE-2020-2034 |
|
$۲k-$5k |
Command Injection Privilege Escalation |
Palo Alto PAN-OS Management Interface OS |
۷.۲ |
CVE-2020-2030 |
|
$۰-$۱k |
Weak Encryption |
Palo Alto PAN-OS |
۴.۸ |
CVE-2020-1982 |
|
Not Defined |
$۰-$۱k |
XSS |
PHPList Administrator Import |
۵.۴ |
CVE-2020-15073 |
Not Defined |
$۲k-$5k |
SQL Injection |
PHPList Administrator Import Error |
۸.۸ |
CVE-2020-15072 |
Not Defined |
$۱k-$2k |
Privilege Escalation |
Python python3.dll |
۵.۳ |
CVE-2020-15523 |
$۲k-$5k |
Memory Corruption |
Realtek RTL8195AM/RTL8711AM/RTL8711AF/RTL8710AF WPA2 Handshake Stack-based |
۵.۵ |
CVE-2020-9395 |
|
Not Defined |
$۱k-$2k |
Weak Authentication |
Redgate SQL Monitor TLS Certificate Validation |
۵.۵ |
CVE-2020-15526 |
$۰-$۱k |
DoS |
Samba AD DC NBT Server Crash |
۳.۵ |
CVE-2020-14303 |
|
$۲k-$5k |
Memory Corruption |
Samba AD LDAP Server Use-After-Free |
۵.۵ |
CVE-2020-10730 |
|
$۲k-$5k |
Memory Corruption |
Samba LDAP Server Use-After-Free |
۵.۵ |
CVE-2020-10760 |
|
$۰-$۱k |
DoS |
Samba NetBIOS over TCPIP CPU Exhaustion |
۴.۳ |
CVE-2020-10745 |
|
$۲k-$5k |
Memory Corruption |
Samsung Mobile Devices 4k Wallpaper ImageProcessHelper |
۵.۵ |
CVE-2020-15584 |
|
$۲k-$5k |
Memory Corruption |
Samsung Mobile Devices Bluetooth Low Energy |
۵.۵ |
CVE-2020-15582 |
|
$۲k-$5k |
Privilege Escalation |
Samsung Mobile Devices Cameralyzer |
۵.۵ |
CVE-2020-15577 |
|
$۲k-$5k |
Privilege Escalation |
Samsung Mobile Devices Factory Reset Protection |
۵.۵ |
CVE-2020-15580 |
|
$۲k-$5k |
Privilege Escalation |
Samsung Mobile Devices Factory Reset Protection |
۵.۵ |
CVE-2020-15579 |
|
$۲k-$5k |
Privilege Escalation |
Samsung Mobile Devices FactoryCamera |
۵.۵ |
CVE-2020-15578 |
|
$۱k-$2k |
Information Disclosure |
Samsung Mobile Devices Kernel Logging |
۵.۳ |
CVE-2020-15581 |
|
$۲k-$5k |
Directory Traversal |
Samsung Mobile Devices StickerProvider |
۵.۵ |
CVE-2020-15583 |
|
$۱k-$2k |
Information Disclosure |
Solarwinds Serv-U File Server Cookie |
۳.۵ |
CVE-2020-15574 |
|
$۰-$۱k |
XSS |
Solarwinds Serv-U File Server |
۳.۵ |
CVE-2020-15575 |
|
$۰-$۱k |
XSS |
Solarwinds Serv-U File Server |
۳.۵ |
CVE-2020-15573 |
|
$۱k-$2k |
Information Disclosure |
Solarwinds Serv-U File Server HTTP Response |
۳.۵ |
CVE-2020-15576 |
|
$۲k-$5k |
Unknown Vulnerability |
Solarwinds Serv-U FTP Server Argument Path unknown vulnerability |
۵.۵ |
CVE-2020-15543 |
|
$۲k-$5k |
Unknown Vulnerability |
Solarwinds Serv-U FTP Server CHMOD Command unknown vulnerability |
۵.۵ |
CVE-2020-15542 |
|
$۲k-$5k |
Privilege Escalation |
Solarwinds Serv-U FTP Server Command |
۶.۳ |
CVE-2020-15541 |
|
$۵k-$10k |
Information Disclosure |
Symantec Endpoint Detection and Response |
۳.۵ |
CVE-2020-5839 |
|
$۰-$۱k |
XSS |
TimelineJS Stored |
۷.۲ |
CVE-2020-15092 |
|
$۱k-$2k |
Weak Authentication |
tough Library Signature Validation |
۸.۶ |
CVE-2020-15093 |
|
$۲k-$5k |
Privilege Escalation |
typo3_forum Extension Access Control |
۵.۵ |
CVE-2020-15513 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Valve Steam Client Permission |
۷.۸ |
CVE-2020-15530 |
Not Defined |
$۱k-$2k |
Weak Authentication |
Venki Supravizio BPM Brute Force |
۳.۱ |
CVE-2020-15367 |
Not Defined |
$۱k-$2k |
Information Disclosure |
Venki Supravizio BPM Password Recovery Username |
۳.۵ |
CVE-2020-15392 |
Not Defined |
$۰-$۱k |
XSS |
We-com Municipality Portal CMS Search Bar |
۳.۵ |
CVE-2020-15538 |
Not Defined |
$۲k-$5k |
SQL Injection |
We-com Municipality Portal CMS |
۶.۳ |
CVE-2020-15539 |
Not Defined |
$۲k-$5k |
SQL Injection |
We-com OpenData CMS Administrator Login Page |
۶.۳ |
CVE-2020-15540 |
$۰-$۱k |
DoS |
Wireshark GVCP Dissector packet-gvcp.c |
۷.۵ |
CVE-2020-15466 |
|
Not Defined |
$۵k-$10k |
DoS |
Xen event-channel Port Allocation Crash |
۵.۷ |
CVE-2020-15566 |
Not Defined |
$۵k-$10k |
DoS |
Xen Hypervisor Crash |
۷.۵ |
CVE-2020-15564 |
Not Defined |
$۵k-$10k |
DoS |
Xen Hypervisor Crash |
۷.۵ |
CVE-2020-15563 |
Not Defined |
$۱۰k-$25k |
Privilege Escalation |
Xen Hypervisor |
۵.۵ |
CVE-2020-15567 |
Not Defined |
$۱۰k-$25k |
Privilege Escalation |
Xen |
۵.۵ |
CVE-2020-15565 |
Not Defined |
$۰-$۱k |
DoS |
Yubico libykpiv Error util.c ykpiv_util_generate_key |
۴.۳ |
CVE-2020-13132 |
$۰-$۱k |
Information Disclosure |
Yubico libykpiv RSA Key Generation util.c |
۴.۳ |
CVE-2020-13131 |
|
Not Defined |
$۱k-$2k |
Information Disclosure |
Yubico YubiKey OTP Application |
۳.۵ |
CVE-2020-15001 |
Not Defined |
$۱k-$2k |
Weak Authentication |
Yubico YubiKey PIN Management |
۴.۶ |
CVE-2020-15000 |
$۲k-$5k |
Privilege Escalation |
ZoneAlarm Firewall/Antivirus File Permission |
۵.۵ |
CVE-2020-6013 |
سطح خطر حدود ۲۴% آسیبپذیریهای هفته، «پرخطر» و «حیاتی» برآورد شده است که بسیار قابلتوجّه است.
ارزش روز صفرم بیش از ۶۶% آسیبپذیریهای هفته بالای ۲۰۰۰ دلار برآورد شده است.
خوشبختانه برای ۶۸% آسیبپذیریهای هفته، بهروزرسانیها و یا وصلههایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده از آسیبپذیریها بهتر است سریعاً اعمال شوند.
همچنین با ۴۰ مورد، اکثر آسیبپذیریهای هفته (۲۴%) از نوع «ارتقا امتیاز» بودند.