آسیبپذیریهای حیاتی هفته آخر تیرماه
این هفته آسیبپذیریهای بسیاری در مهمترین محصولات بزرگترین شرکتها از سراسر دنیا گزارش شد: از آسیبپذیریهای حیاتی و پرخطر در محصولات Microsoft و Apple، Cisco تا آسیبپذیریهای مهم سیستمهای کنترل صنعتی Siemens و Mitsubishi Electric. همچنین در محصولات Apache، Adobe، Joomla، Nextcloud، IBM و Citrix و کرنل لینوکس آسیبپذیریهایی شناسایی و وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شده است.
لیست این آسیبپذیریها به همراه ارزش روز صفر آنها و لینک وصلهها و بهروزرسانیهای ارائهشده در جدول زیر آمده است.
رفع آسیبپذیری |
ارزش روز صفر |
نوع آسیبپذیری |
محصول آسیبپذیر |
امتیاز مبنا |
شناسه آسیبپذیری |
$۵k-$10k |
Privilege Escalation |
Adobe ColdFusion Search |
۷.۳ |
CVE-2020-9673 |
|
$۵k-$10k |
Privilege Escalation |
Adobe ColdFusion Search |
۷.۳ |
CVE-2020-9672 |
|
$۵k-$10k |
Privilege Escalation |
Adobe Creative Cloud Desktop Application File Permission |
۶.۳ |
CVE-2020-9671 |
|
$۵k-$10k |
Privilege Escalation |
Adobe Creative Cloud Desktop Application |
۶.۳ |
CVE-2020-9669 |
|
$۵k-$10k |
Privilege Escalation |
Adobe Creative Cloud Desktop Application Symlink |
۵.۵ |
CVE-2020-9682 |
|
$۵k-$10k |
Privilege Escalation |
Adobe Creative Cloud Desktop Application Symlink |
۶.۳ |
CVE-2020-9670 |
|
$۵k-$10k |
Command Injection |
Adobe Download Manager |
۵.۵ |
CVE-2020-9688 |
|
$۲k-$5k |
Information Disclosure |
Adobe Media Encoder Out-of-Bounds |
۴.۳ |
CVE-2020-9649 |
|
$۵k-$10k |
Memory Corruption |
Adobe Media Encoder Out-of-Bounds |
۶.۳ |
CVE-2020-9650 |
|
$۵k-$10k |
Memory Corruption |
Adobe Media Encoder Out-of-Bounds |
۶.۳ |
CVE-2020-9646 |
|
Not Defined |
$۲k-$5k |
XSS |
Apache Airflow Admin Management Screen Stored |
۳.۵ |
CVE-2020-11983 |
Not Defined |
$۵k-$10k |
XSS |
Apache Airflow Classic UI Stored |
۳.۵ |
CVE-2020-9485 |
Not Defined |
$۱۰k-$25k |
Command Injection |
Apache Airflow |
۵.۵ |
CVE-2020-11978 |
Not Defined |
$۵k-$10k |
XSS |
Apache OFBiz Deserialization |
۳.۵ |
CVE-2020-9496 |
$۲۵k-$50k |
Unknown Vulnerability |
Apache OFBiz eCommerce |
۵.۵ |
CVE-2020-13923 |
|
Not Defined |
$۱۰k-$25k |
Code Execution |
Apache RabbitMQ Redis/RabbitMQ |
۵.۵ |
CVE-2020-11982 |
Not Defined |
$۱۰k-$25k |
Command Injection |
Apache RabbitMQ Redis/RabbitMQ |
۵.۵ |
CVE-2020-11981 |
Not Defined |
$۵k-$10k |
DoS |
Apache Tomcat h2c Direct Connection Memory Exhaustion |
۳.۵ |
CVE-2020-13934 |
Not Defined |
$۵k-$10k |
DoS |
Apache Tomcat WebSocket Frame Loop |
۳.۵ |
CVE-2020-13935 |
$۱۰۰k and more |
Memory Corruption |
Apple iOS/iPadOS Audio Out-of-Bounds |
۶.۳ |
CVE-2020-9889 |
|
$۱۰۰k and more |
Memory Corruption |
Apple iOS/iPadOS Audio Out-of-Bounds |
۶.۳ |
CVE-2020-9891 |
|
$۱۰۰k and more |
Memory Corruption |
Apple iOS/iPadOS Audio Out-of-Bounds |
۶.۳ |
CVE-2020-9890 |
|
$۱۰۰k and more |
Memory Corruption |
Apple iOS/iPadOS Audio Out-of-Bounds |
۶.۳ |
CVE-2020-9888 |
|
$۵۰k-$100k |
Memory Corruption |
Apple iOS/iPadOS AVEVideoEncoder |
۸.۸ |
CVE-2020-9907 |
|
$۲۵k-$50k |
DoS |
Apple iOS/iPadOS Bluetooth |
۵.۳ |
CVE-2020-9931 |
|
$۱۰k-$25k |
Information Disclosure |
Apple iOS/iPadOS CoreFoundation |
۳.۳ |
CVE-2020-9934 |
|
$۲۵k-$50k |
Memory Corruption |
Apple iOS/iPadOS Crash Reporter |
۵.۳ |
CVE-2020-9865 |
|
$۱۰k-$25k |
Information Disclosure |
Apple iOS/iPadOS GeoServices |
۳.۳ |
CVE-2020-9933 |
|
$۵۰k-$100k |
Memory Corruption |
Apple iOS/iPadOS iAP |
۵.۵ |
CVE-2020-9914 |
|
$۱۰۰k and more |
Memory Corruption |
Apple iOS/iPadOS ImageIO Out-of-Bounds |
۶.۳ |
CVE-2020-9936 |
|
$۵۰k-$100k |
Memory Corruption |
Apple iOS/iPadOS Kernel |
۸.۸ |
CVE-2020-9923 |
|
$۵۰k-$100k |
Privilege Escalation |
Apple iOS/iPadOS Kernel |
۷.۰ |
CVE-2020-9909 |
|
$۵۰k-$100k |
Privilege Escalation |
Apple iOS/iPadOS Kernel |
۶.۳ |
CVE-2019-14899 |
|
$۲۵k-$50k |
DoS |
Apple iOS/iPadOS Mail Out-of-Bounds |
۴.۳ |
CVE-2019-19906 |
|
$۵۰k-$100k |
Weak Authentication |
Apple iOS/iPadOS Messages |
۵.۶ |
CVE-2020-9885 |
|
$۱۰۰k and more |
Memory Corruption |
Apple iOS/iPadOS Model I/O |
۵.۵ |
CVE-2020-9878 |
|
$۲۵k-$50k |
Information Disclosure |
Apple iOS/iPadOS Safari Login AutoFill |
۴.۳ |
CVE-2020-9903 |
|
$۵۰k-$100k |
Privilege Escalation |
Apple iOS/iPadOS Safari Reader Same-Origin Policy |
۶.۳ |
CVE-2020-9911 |
|
$۱۰۰k and more |
Memory Corruption |
Apple iOS/iPadOS WebKit Out-of-Bounds |
۶.۳ |
CVE-2020-9894 |
|
$۲۵k-$50k |
Spoofing |
Apple iOS/iPadOS WebKit Page Loading |
۶.۳ |
CVE-2020-9916 |
|
$۵۰k-$100k |
Privilege Escalation |
Apple iOS/iPadOS WebKit |
۶.۳ |
CVE-2020-9910 |
|
$۵۰k-$100k |
Privilege Escalation |
Apple iOS/iPadOS WebKit |
۶.۳ |
CVE-2020-9915 |
|
$۲۵k-$50k |
XSS |
Apple iOS/iPadOS WebKit Universal |
۴.۳ |
CVE-2020-9925 |
|
$۱۰۰k and more |
Memory Corruption |
Apple iOS/iPadOS WebKit Use-After-Free |
۶.۳ |
CVE-2020-9895 |
|
$۱۰۰k and more |
Memory Corruption |
Apple iOS/iPadOS WebKit Use-After-Free |
۶.۳ |
CVE-2020-9893 |
|
$۲۵k-$50k |
Command Injection |
Apple iOS/iPadOS WebKit Web Inspector |
۴.۸ |
CVE-2020-9862 |
|
$۲۵k-$50k |
DoS |
Apple iOS/iPadOS WiFi |
۴.۳ |
CVE-2020-9917 |
|
$۱۰۰k and more |
Memory Corruption |
Apple iOS/iPadOS Wi-Fi Out-of-Bounds |
۹.۹ |
CVE-2020-9918 |
|
$۱۰k-$25k |
Memory Corruption |
Apple macOS Audio Out-of-Bounds |
۶.۳ |
CVE-2020-9891 |
|
$۱۰k-$25k |
Memory Corruption |
Apple macOS Audio Out-of-Bounds |
۶.۳ |
CVE-2020-9890 |
|
$۱۰k-$25k |
Memory Corruption |
Apple macOS Audio Out-of-Bounds |
۶.۳ |
CVE-2020-9888 |
|
$۱۰k-$25k |
Memory Corruption |
Apple macOS Audio Out-of-Bounds |
۶.۳ |
CVE-2020-9889 |
|
$۱۰k-$25k |
Memory Corruption |
Apple macOS Audio Out-of-Bounds |
۶.۳ |
CVE-2020-9884 |
|
$۱۰k-$25k |
Privilege Escalation |
Apple macOS Clang |
۵.۵ |
CVE-2020-9870 |
|
$۱۰k-$25k |
Memory Corruption |
Apple macOS CoreAudio |
۵.۵ |
CVE-2020-9866 |
|
$۲k-$5k |
Information Disclosure |
Apple macOS CoreFoundation |
۳.۳ |
CVE-2020-9934 |
|
$۵k-$10k |
Memory Corruption |
Apple macOS Crash Reporter |
۵.۳ |
CVE-2020-9865 |
|
$۱۰k-$25k |
Memory Corruption |
Apple macOS Graphics Drivers Out-of-Bounds |
۸.۸ |
CVE-2020-9799 |
|
$۲k-$5k |
Information Disclosure |
Apple macOS Heimdal |
۳.۳ |
CVE-2020-9913 |
|
$۱۰k-$25k |
Memory Corruption |
Apple macOS ImageIO Out-of-Bounds |
۶.۳ |
CVE-2020-9936 |
|
$۱۰k-$25k |
Privilege Escalation |
Apple macOS Kernel Injection |
۶.۲ |
CVE-2019-14899 |
|
$۵k-$10k |
DoS |
Apple macOS Mail Out-of-Bounds |
۴.۳ |
CVE-2019-19906 |
|
$۱۰k-$25k |
Weak Authentication |
Apple macOS Messages |
۷.۳ |
CVE-2020-9885 |
|
$۱۰k-$25k |
Memory Corruption |
Apple macOS Model I/O |
۵.۵ |
CVE-2020-9878 |
|
$۱۰k-$25k |
Privilege Escalation |
Apple macOS Security |
۷.۸ |
CVE-2020-9864 |
|
$۱۰k-$25k |
Privilege Escalation |
Apple macOS Vim Code |
۵.۸ |
CVE-2019-20807 |
|
$۲۵k-$50k |
Memory Corruption |
Apple macOS Wi-Fi Out-of-Bounds |
۹.۹ |
CVE-2020-9918 |
|
$۲۵k-$50k |
Privilege Escalation |
Apple Safari Safari Downloads Origin |
۶.۳ |
CVE-2020-9912 |
|
$۱۰k-$25k |
Information Disclosure |
Apple Safari Safari Login AutoFill Credentials |
۴.۳ |
CVE-2020-9903 |
|
$۲۵k-$50k |
Privilege Escalation |
Apple Safari Safari Reader Same-Origin Policy |
۶.۳ |
CVE-2020-9911 |
|
$۲۵k-$50k |
Privilege Escalation |
Apple Safari WebKit CSP |
۶.۳ |
CVE-2020-9915 |
|
$۲۵k-$50k |
Memory Corruption |
Apple Safari WebKit Out-of-Bounds |
۶.۳ |
CVE-2020-9894 |
|
$۱۰k-$25k |
Spoofing |
Apple Safari WebKit Page Loading |
۶.۳ |
CVE-2020-9916 |
|
$۲۵k-$50k |
Privilege Escalation |
Apple Safari WebKit |
۶.۳ |
CVE-2020-9910 |
|
$۱۰k-$25k |
XSS |
Apple Safari WebKit Universal |
۴.۳ |
CVE-2020-9925 |
|
$۲۵k-$50k |
Memory Corruption |
Apple Safari WebKit Use-After-Free |
۶.۳ |
CVE-2020-9895 |
|
$۲۵k-$50k |
Memory Corruption |
Apple Safari WebKit Use-After-Free |
۶.۳ |
CVE-2020-9893 |
|
$۱۰k-$25k |
Command Injection |
Apple Safari WebKit Web Inspector |
۴.۸ |
CVE-2020-9862 |
|
$۵k-$10k |
Memory Corruption |
Apple tvOS Audio Out-of-Bounds |
۶.۳ |
CVE-2020-9891 |
|
$۵k-$10k |
Memory Corruption |
Apple tvOS Audio Out-of-Bounds |
۶.۳ |
CVE-2020-9890 |
|
$۵k-$10k |
Memory Corruption |
Apple tvOS Audio Out-of-Bounds |
۶.۳ |
CVE-2020-9888 |
|
$۵k-$10k |
Memory Corruption |
Apple tvOS Audio Out-of-Bounds |
۶.۳ |
CVE-2020-9889 |
|
$۵k-$10k |
Memory Corruption |
Apple tvOS AVEVideoEncoder |
۸.۸ |
CVE-2020-9907 |
|
$۲k-$5k |
Memory Corruption |
Apple tvOS Crash Reporter |
۵.۳ |
CVE-2020-9865 |
|
$۱k-$2k |
Information Disclosure |
Apple tvOS GeoServices |
۳.۳ |
CVE-2020-9933 |
|
$۵k-$10k |
Memory Corruption |
Apple tvOS iAP |
۶.۳ |
CVE-2020-9914 |
|
$۵k-$10k |
Memory Corruption |
Apple tvOS ImageIO Out-of-Bounds |
۶.۳ |
CVE-2020-9936 |
|
$۵k-$10k |
Privilege Escalation |
Apple tvOS Kernel Injection |
۵.۰ |
CVE-2019-14899 |
|
$۵k-$10k |
Memory Corruption |
Apple tvOS Kernel Out-of-Bounds |
۸.۸ |
CVE-2020-9909 |
|
$۵k-$10k |
Privilege Escalation |
Apple tvOS WebKit Content Security Policy |
۶.۳ |
CVE-2020-9915 |
|
$۵k-$10k |
Memory Corruption |
Apple tvOS WebKit Out-of-Bounds |
۶.۳ |
CVE-2020-9894 |
|
$۲k-$5k |
Spoofing |
Apple tvOS WebKit Page Loading |
۶.۳ |
CVE-2020-9916 |
|
$۵k-$10k |
Privilege Escalation |
Apple tvOS WebKit |
۶.۳ |
CVE-2020-9910 |
|
$۲k-$5k |
XSS |
Apple tvOS WebKit Universal |
۴.۳ |
CVE-2020-9925 |
|
$۵k-$10k |
Memory Corruption |
Apple tvOS WebKit Use-After-Free |
۶.۳ |
CVE-2020-9895 |
|
$۵k-$10k |
Memory Corruption |
Apple tvOS WebKit Use-After-Free |
۶.۳ |
CVE-2020-9893 |
|
$۲k-$5k |
Command Injection |
Apple tvOS WebKit Web Inspector |
۴.۸ |
CVE-2020-9862 |
|
$۱۰k-$25k |
Memory Corruption |
Apple tvOS Wi-Fi Out-of-Bounds |
۹.۶ |
CVE-2020-9918 |
|
$۵k-$10k |
Memory Corruption |
Apple watchOS Audio Out-of-Bounds |
۶.۳ |
CVE-2020-9891 |
|
$۵k-$10k |
Memory Corruption |
Apple watchOS Audio Out-of-Bounds |
۶.۳ |
CVE-2020-9890 |
|
$۵k-$10k |
Memory Corruption |
Apple watchOS Audio Out-of-Bounds |
۶.۳ |
CVE-2020-9888 |
|
$۵k-$10k |
Memory Corruption |
Apple watchOS Audio Out-of-Bounds |
۶.۳ |
CVE-2020-9889 |
|
$۲k-$5k |
Memory Corruption |
Apple watchOS Crash Reporter |
۵.۳ |
CVE-2020-9865 |
|
$۱k-$2k |
Information Disclosure |
Apple watchOS GeoServices |
۳.۳ |
CVE-2020-9933 |
|
$۵k-$10k |
Memory Corruption |
Apple watchOS ImageIO Out-of-Bounds |
۶.۳ |
CVE-2020-9936 |
|
$۵k-$10k |
Memory Corruption |
Apple watchOS Kernel |
۸.۸ |
CVE-2020-9923 |
|
$۵k-$10k |
Memory Corruption |
Apple watchOS Kernel Out-of-Bounds |
۸.۸ |
CVE-2020-9909 |
|
$۲k-$5k |
Weak Authentication |
Apple watchOS Messages |
۵.۶ |
CVE-2020-9885 |
|
$۵k-$10k |
Privilege Escalation |
Apple watchOS WebKit Content Security Policy |
۶.۳ |
CVE-2020-9915 |
|
$۵k-$10k |
Memory Corruption |
Apple watchOS WebKit Out-of-Bounds |
۶.۳ |
CVE-2020-9894 |
|
$۲k-$5k |
Spoofing |
Apple watchOS WebKit Page Loading |
۶.۳ |
CVE-2020-9916 |
|
$۵k-$10k |
Privilege Escalation |
Apple watchOS WebKit |
۵.۵ |
CVE-2020-9910 |
|
$۲k-$5k |
XSS |
Apple watchOS WebKit Universal |
۴.۳ |
CVE-2020-9925 |
|
$۵k-$10k |
Memory Corruption |
Apple watchOS WebKit Use-After-Free |
۶.۳ |
CVE-2020-9895 |
|
$۵k-$10k |
Memory Corruption |
Apple watchOS WebKit Use-After-Free |
۶.۳ |
CVE-2020-9893 |
|
$۲k-$5k |
Command Injection |
Apple watchOS WebKit Web Inspector |
۴.۸ |
CVE-2020-9862 |
|
$۱۰k-$25k |
Memory Corruption |
Apple watchOS Wi-Fi Out-of-Bounds |
۹.۹ |
CVE-2020-9918 |
|
$۲k-$5k |
Open Redirect |
Atlassian JIRA Server login.jsp |
۶.۱ |
CVE-2019-20901 |
|
$۱k-$2k |
XSS |
Atlassian JIRA Server/Data Center Add Field Module |
۴.۸ |
CVE-2019-20900 |
|
$۰-$۱k |
DoS |
Atlassian JIRA Server/Data Center Avatar Upload |
۶.۵ |
CVE-2019-20897 |
|
$۰-$۱k |
DoS |
Atlassian JIRA Server/Data Center Gadget API Flooding |
۵.۳ |
CVE-2019-20899 |
|
$۱k-$2k |
Information Disclosure |
Atlassian JIRA Server/Data Center Global Permissions Screen |
۷.۵ |
CVE-2019-20898 |
|
$۱k-$2k |
Information Disclosure |
Atlassian JIRA Server/Data Center Private Object |
۴.۳ |
CVE-2020-14174 |
|
$۲k-$5k |
Memory Corruption |
Bareos Director Job Verification Heap-based |
۷.۴ |
CVE-2020-11061 |
|
$۱k-$2k |
Weak Authentication |
Bareos |
۶.۶ |
CVE-2020-4042 |
|
$۱۰k-$25k |
Privilege Escalation |
Cisco Content Security Management Appliance URL Filter |
۴.۰ |
CVE-2020-3370 |
|
$۱۰k-$25k |
Privilege Escalation |
Cisco Data Center Network Manager CLI |
۷.۸ |
CVE-2020-3380 |
|
$۵k-$10k |
XSS |
Cisco Data Center Network Manager Web-based Management Interface |
۴.۸ |
CVE-2020-3349 |
|
$۵k-$10k |
XSS |
Cisco Data Center Network Manager Web-based Management Interface |
۴.۸ |
CVE-2020-3348 |
|
$۵k-$10k |
Information Disclosure |
Cisco Meetings App API Subsystem |
۴.۳ |
CVE-2020-3197 |
|
$۱۰k-$25k |
Privilege Escalation |
Cisco Prime License Manager Web Management Interface |
۹.۸ |
CVE-2020-3140 |
|
$۵۰k-$100k |
Weak Authentication |
Cisco RV110W Telnet Service Default Admin Password |
۹.۸ |
CVE-2020-3330 |
|
$۱۰k-$25k |
Command Injection |
Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface |
۸.۱ |
CVE-2020-3332 |
|
$۱۰k-$25k |
Privilege Escalation |
Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface |
۸.۸ |
CVE-2020-3146 |
|
$۱۰k-$25k |
Privilege Escalation |
Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface |
۸.۸ |
CVE-2020-3145 |
|
$۱۰k-$25k |
Code Execution |
Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface Remote |
۹.۸ |
CVE-2020-3323 |
|
$۱۰k-$25k |
Weak Authentication |
Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface |
۹.۸ |
CVE-2020-3144 |
|
$۵k-$10k |
Information Disclosure |
Cisco RV110W/RV215W Web-based Management Interface |
۵.۹ |
CVE-2020-3150 |
|
$۱۰k-$25k |
Code Execution |
Cisco RV110W/RV215W Web-based Management Interface Remote |
۹.۸ |
CVE-2020-3331 |
|
$۱۰k-$25k |
Privilege Escalation |
Cisco RV340/RV340W/RV345/RV345P SSL VPN |
۹.۸ |
CVE-2020-3357 |
|
$۵k-$10k |
DoS |
Cisco SD-WAN Solution |
۸.۶ |
CVE-2020-3351 |
|
$۵k-$10k |
Privilege Escalation |
Cisco SD-WAN Solution Operating System |
۵.۳ |
CVE-2020-3379 |
|
$۵k-$10k |
Weak Authentication |
Cisco SD-WAN Solution |
۸.۴ |
CVE-2020-3180 |
|
$۲k-$5k |
DoS |
Cisco SD-WAN vEdge Router Deep Packet Inspection |
۷.۴ |
CVE-2020-3385 |
|
$۵k-$10k |
DoS |
Cisco SD-WAN vEdge Router Deep Ppacket Inspection |
۸.۶ |
CVE-2020-3369 |
|
$۱۰k-$25k |
Command Injection |
Cisco SD-WAN vManage CLI |
۷.۸ |
CVE-2020-3388 |
|
$۱۰k-$25k |
Privilege Escalation |
Cisco SD-WAN vManage |
۷.۵ |
CVE-2020-3387 |
|
$۱۰k-$25k |
Directory Traversal |
Cisco SD-WAN vManage Web Management Interface |
۸.۸ |
CVE-2020-3381 |
|
$۱۰k-$25k |
XML External Entity |
Cisco SD-WAN vManage Web UI |
۶.۵ |
CVE-2020-3405 |
|
$۵k-$10k |
XSS |
Cisco SD-WAN vManage Web-based Management Interface |
۶.۴ |
CVE-2020-3406 |
|
$۱۰k-$25k |
Directory Traversal |
Cisco SD-WAN vManage Web-based Management Interface |
۶.۵ |
CVE-2020-3401 |
|
$۵k-$10k |
Information Disclosure |
Cisco SD-WAN vManage Web-based Management Interface |
۶.۵ |
CVE-2020-3437 |
|
$۲k-$5k |
DoS |
Cisco SD-WAN vManage Web-based Management Interface Memory Exhaustion |
۶.۵ |
CVE-2020-3372 |
|
$۱۰k-$25k |
SQL Injection |
Cisco SD-WAN vManage Web-based Management Interface |
۵.۴ |
CVE-2020-3468 |
|
$۱۰k-$25k |
SQL Injection |
Cisco SD-WAN vManage Web-based Management Interface |
۴.۳ |
CVE-2020-3378 |
|
$۵k-$10k |
DoS |
Cisco Small Business RV VPN Router SSL VPN Restart |
۸.۶ |
CVE-2020-3358 |
|
$۱۰k-$25k |
SQL Injection |
Cisco Vision Dynamic Signage Director Web-based Management Interface |
۴.۹ |
CVE-2020-3450 |
|
$۵k-$10k |
XSS |
Cisco Webex Meetings/WebEx Meetings Server |
۴.۳ |
CVE-2020-3345 |
|
$۱۰k-$25k |
Privilege Escalation |
Citrix ADC Linux Client/Gateway Linux Client |
۷.۸ |
CVE-2020-8199 |
|
$۱۰k-$25k |
Privilege Escalation |
Citrix ADC/Gateway Command |
۸.۸ |
CVE-2020-8197 |
|
$۵k-$10k |
DoS |
Citrix ADC/Gateway |
۷.۵ |
CVE-2020-8187 |
|
$۱۰k-$25k |
Privilege Escalation |
Citrix ADC/Gateway File Permission |
۷.۵ |
CVE-2020-8190 |
|
$۵k-$10k |
Information Disclosure |
Citrix ADC/Gateway/SDWAN WAN-OP Access Control |
۴.۳ |
CVE-2020-8196 |
|
$۱۰k-$25k |
Privilege Escalation |
Citrix ADC/Gateway/SDWAN WAN-OP Access Control |
۶.۵ |
CVE-2020-8193 |
|
$۱۰k-$25k |
Privilege Escalation |
Citrix ADC/Gateway/SDWAN WAN-OP File Download Code Injection |
۶.۵ |
CVE-2020-8194 |
|
$۵k-$10k |
Information Disclosure |
Citrix ADC/Gateway/SDWAN WAN-OP |
۶.۵ |
CVE-2020-8195 |
|
$۵k-$10k |
XSS |
Citrix ADC/Gateway/SDWAN WAN-OP Reflected |
۶.۱ |
CVE-2020-8191 |
|
$۵k-$10k |
XSS |
Citrix ADC/Gateway/SDWAN WAN-OP Stored |
۶.۱ |
CVE-2020-8198 |
|
$۵k-$10k |
Weak Encryption |
Dell EMC OpenManage Integration Default Key |
۸.۸ |
CVE-2020-5374 |
|
$۵k-$10k |
Weak Authentication |
Dell EMC OpenManage Integration |
۶.۵ |
CVE-2020-5373 |
|
$۱k-$2k |
Weak Authentication |
Dogtag PKI pki.client.PKIConnection |
۸.۱ |
CVE-2020-15720 |
|
$۱k-$2k |
Weak Authentication |
Envoy |
۴.۶ |
CVE-2020-15104 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Gitlab Authentication Plugin |
۵.۵ |
CVE-2020-2228 |
Not Defined |
$۰-$۱k |
DoS |
GNU LibreDWG bits.c bit_calc_CRC |
۳.۵ |
CVE-2019-20911 |
Not Defined |
$۲k-$5k |
Memory Corruption |
GNU LibreDWG bits.c bit_read_TF |
۵.۵ |
CVE-2019-20912 |
Not Defined |
$۲k-$5k |
Memory Corruption |
GNU LibreDWG bits.c bit_write_TF |
۵.۵ |
CVE-2019-20915 |
Not Defined |
$۲k-$5k |
Memory Corruption |
GNU LibreDWG common_entity_data.spec dwg_encode_entity |
۵.۵ |
CVE-2019-20913 |
Not Defined |
$۰-$۱k |
DoS |
GNU LibreDWG common_entity_handle_data.spec dwg_encode_common_entity_handle_data |
۳.۵ |
CVE-2019-20914 |
Not Defined |
$۲k-$5k |
Memory Corruption |
GNU LibreDWG decode.c decode_R13_R2000 |
۵.۵ |
CVE-2019-20910 |
Not Defined |
$۰-$۱k |
DoS |
GNU LibreDWG dwg.spec dwg_encode_LWPOLYLINE |
۳.۵ |
CVE-2019-20909 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
HCL Verse Code Loading |
۵.۵ |
CVE-2020-4100 |
$۵k-$10k |
Privilege Escalation |
Huawei P30 |
۵.۵ |
CVE-2020-9258 |
|
$۵k-$10k |
Information Disclosure |
Huawei P30/P30 Pro WiFi |
۶.۵ |
CVE-2020-9260 |
|
Not Defined |
$۱k-$2k |
Weak Encryption |
IBM BigFix Platform Credentials |
۲.۵ |
CVE-2020-4095 |
$۵k-$10k |
XSS |
IBM Jazz Team Server Web UI |
۵.۴ |
CVE-2019-4748 |
|
$۵k-$10k |
Privilege Escalation |
IBM Maximo Asset Management Logout |
۵.۶ |
CVE-2019-4591 |
|
$۵k-$10k |
Weak Encryption |
IBM Publishing Engine Cookie |
۴.۳ |
CVE-2020-4316 |
|
$۱۰k-$25k |
Privilege Escalation |
IBM QRadar SIEM Command |
۹.۱ |
CVE-2020-4512 |
|
$۲k-$5k |
DoS |
IBM QRadar SIEM qflow |
۶.۵ |
CVE-2020-4511 |
|
$۵k-$10k |
XSS |
IBM QRadar SIEM Web UI |
۶.۱ |
CVE-2020-4513 |
|
$۵k-$10k |
XSS |
IBM QRadar SIEM Web UI |
۵.۴ |
CVE-2020-4364 |
|
$۱۰k-$25k |
XML External Entity |
IBM QRadar SIEM XML Data |
۷.۶ |
CVE-2020-4510 |
|
$۱۰k-$25k |
XML External Entity |
IBM Sterling External Authentication Server |
۸.۲ |
CVE-2020-4462 |
|
$۵k-$10k |
XSS |
IBM Team Concert Web UI |
۵.۴ |
CVE-2019-4747 |
|
$۲۵k-$50k |
Privilege Escalation |
IBM WebSphere Application Server SOAP Connector Deserialization |
۸.۸ |
CVE-2020-4464 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Icewarp Email Server Access Control |
۵.۵ |
CVE-2020-14064 |
Not Defined |
$۱k-$2k |
XSS |
Icewarp Email Server |
۴.۳ |
CVE-2020-14066 |
Not Defined |
$۰-$۱k |
DoS |
Icewarp Email Server File Upload |
۴.۳ |
CVE-2020-14065 |
$۰-$۱k |
XSS |
Jenkins Agent Name Stored |
۸.۱ |
CVE-2020-2220 |
|
$۰-$۱k |
XSS |
Jenkins Job Name Stored |
۸.۱ |
CVE-2020-2222 |
|
$۰-$۱k |
XSS |
Jenkins Stored |
۸.۱ |
CVE-2020-2223 |
|
$۰-$۱k |
XSS |
Jenkins Upstram Job Stored |
۸.۱ |
CVE-2020-2221 |
|
$۲k-$5k |
Privilege Escalation |
jison OS |
۵.۵ |
CVE-2020-8178 |
|
$۵k-$10k |
CSRF |
Joomla CMS com_installer |
۶.۳ |
CVE-2020-15700 |
|
$۵k-$10k |
CSRF |
Joomla CMS com_privacy |
۶.۳ |
CVE-2020-15695 |
|
$۵k-$10k |
Information Disclosure |
Joomla CMS Filter Credentials |
۵.۳ |
CVE-2020-15698 |
|
$۵k-$10k |
XSS |
Joomla CMS mod_random_image |
۵.۴ |
CVE-2020-15696 |
|
$۱۰k-$25k |
Privilege Escalation |
Joomla CMS |
۵.۳ |
CVE-2020-15697 |
|
$۵k-$10k |
DoS |
Joomla CMS Validation |
۵.۳ |
CVE-2020-15699 |
|
$۲k-$5k |
Code Execution |
kramdown Gem Document |
۵.۵ |
CVE-2020-14001 |
|
Not Defined |
$۲k-$5k |
SQL Injection |
Kronos WebTA com.threeis.webta.H352premPayRequest Blind |
۶.۳ |
CVE-2020-14982 |
Not Defined |
$۲k-$5k |
SQL Injection |
Kylin Hyve SQL |
۶.۳ |
CVE-2020-13926 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Kylin Restful API OS |
۵.۵ |
CVE-2020-13925 |
Not Defined |
$۰-$۱k |
CSRF |
LibreHealth EMR |
۴.۳ |
CVE-2020-11438 |
$۰-$۱k |
XSS |
LibreHealth EMR |
۳.۵ |
CVE-2020-11436 |
|
$۲k-$5k |
Privilege Escalation |
LibreHealth EMR Local File Inclusion |
۵.۵ |
CVE-2020-11439 |
|
Not Defined |
$۲k-$5k |
SQL Injection |
LibreHealth EMR |
۶.۳ |
CVE-2020-11437 |
Not Defined |
$۱۰k-$25k |
Privilege Escalation |
Linux Kernel ACPI Table acpi_configfs.c |
۵.۵ |
CVE-2020-15780 |
Not Defined |
$۲k-$5k |
Information Disclosure |
Linux Kernel Speculative Execution |
۵.۱ |
CVE-2019-19338 |
$۲k-$5k |
Privilege Escalation |
lodash _.zipObjectDeep |
۵.۵ |
CVE-2020-8203 |
|
$۰-$۱k |
XSS |
Matrix Authorization Strategy Plugin Stored |
۳.۵ |
CVE-2020-2226 |
|
$۰-$۱k |
XSS |
Matrix Project Plugin Overview Page Stored |
۳.۵ |
CVE-2020-2225 |
|
$۰-$۱k |
XSS |
Matrix Project Plugin Overview Page Stored |
۳.۵ |
CVE-2020-2224 |
|
$۱۰k-$25k |
Open Redirect |
McAfee Web Gateway |
۵.۸ |
CVE-2020-7292 |
|
$۵k-$10k |
DoS |
Microsoft Bond |
۳.۵ |
CVE-2020-1469 |
|
$۲۵k-$50k |
Privilege Escalation |
Microsoft Lync/Skype for Business Server/SharePoint OAuth Token |
۵.۵ |
CVE-2020-1025 |
|
$۱۰k-$25k |
Privilege Escalation |
Microsoft Visual Studio Code ESLint Extension |
۶.۳ |
CVE-2020-1481 |
|
$۵k-$10k |
Privilege Escalation |
Microsoft Visual Studio Code Injection |
۴.۸ |
CVE-2020-1416 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows ActiveX Installer Service |
۷.۰ |
CVE-2020-1402 |
|
$۲۵k-$50k |
Information Disclosure |
Microsoft Windows Agent Activation Runtime |
۴.۹ |
CVE-2020-1391 |
|
$۵۰k-$100k |
Privilege Escalation |
Microsoft Windows ALPC |
۸.۳ |
CVE-2020-1396 |
|
$۵۰k-$100k |
Privilege Escalation |
Microsoft Windows AppX Deployment Extension |
۶.۷ |
CVE-2020-1431 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows CNG Key Isolation Service |
۶.۶ |
CVE-2020-1384 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows CNG Key Isolation Service |
۷.۰ |
CVE-2020-1359 |
|
$۲۵k-$50k |
Privilege Escalation |
Microsoft Windows COM Server |
۶.۵ |
CVE-2020-1375 |
|
$۲۵k-$50k |
Information Disclosure |
Microsoft Windows Connected User Experiences and Telemetry Service |
۴.۹ |
CVE-2020-1386 |
|
$۲۵k-$50k |
Memory Corruption |
Microsoft Windows Credential Enrollment Manager Service |
۶.۵ |
CVE-2020-1368 |
|
$۲۵k-$50k |
Memory Corruption |
Microsoft Windows Credential Picker |
۴.۹ |
CVE-2020-1385 |
|
$۵۰k-$100k |
Privilege Escalation |
Microsoft Windows Delivery Optimization Service |
۸.۳ |
CVE-2020-1392 |
|
$۵۰k-$100k |
Privilege Escalation |
Microsoft Windows Diagnostics Hub |
۷.۰ |
CVE-2020-1393 |
|
$۲۵k-$50k |
Privilege Escalation |
Microsoft Windows Diagnostics Hub |
۶.۵ |
CVE-2020-1418 |
|
$۲۵k-$50k |
Information Disclosure |
Microsoft Windows Error Reporting |
۴.۹ |
CVE-2020-1420 |
|
$۱۰k-$25k |
DoS |
Microsoft Windows Error Reporting Manager |
۶.۰ |
CVE-2020-1429 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows Event Logging |
۷.۰ |
CVE-2020-1371 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows Event Logging |
۷.۰ |
CVE-2020-1365 |
|
$۲۵k-$50k |
Memory Corruption |
Microsoft Windows Function Discovery Service |
۶.۵ |
CVE-2020-1085 |
|
$۲۵k-$50k |
Memory Corruption |
Microsoft Windows Geolocation Framework |
۶.۵ |
CVE-2020-1394 |
|
$۱۰k-$25k |
Privilege Escalation |
Microsoft Windows Group Policy Services Policy |
۵.۴ |
CVE-2020-1333 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows Hyper-V RemoteFX vGPU |
۸.۵ |
CVE-2020-1043 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows Hyper-V RemoteFX vGPU |
۸.۵ |
CVE-2020-1042 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows Hyper-V RemoteFX vGPU |
۸.۵ |
CVE-2020-1036 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows Hyper-V RemoteFX vGPU |
۸.۵ |
CVE-2020-1032 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows Hyper-V RemoteFX vGPU |
۸.۵ |
CVE-2020-1040 |
|
$۵۰k-$100k |
Privilege Escalation |
Microsoft Windows Hyper-V RemoteFX vGPU |
۸.۵ |
CVE-2020-1041 |
|
$۵۰k-$100k |
Privilege Escalation |
Microsoft Windows iSCSI Target Service |
۷.۸ |
CVE-2020-1356 |
|
$۲۵k-$50k |
Information Disclosure |
Microsoft Windows Kernel |
۵.۵ |
CVE-2020-1389 |
|
$۲۵k-$50k |
Information Disclosure |
Microsoft Windows Kernel |
۴.۹ |
CVE-2020-1426 |
|
$۲۵k-$50k |
Information Disclosure |
Microsoft Windows Kernel |
۴.۹ |
CVE-2020-1419 |
|
$۱۰k-$25k |
Information Disclosure |
Microsoft Windows Kernel |
۵.۵ |
CVE-2020-1367 |
|
$۱۰۰k and more |
Memory Corruption |
Microsoft Windows Kernel |
۸.۳ |
CVE-2020-1411 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows Kernel |
۷.۸ |
CVE-2020-1336 |
|
$۵۰k-$100k |
Privilege Escalation |
Microsoft Windows lnk File |
۶.۲ |
CVE-2020-1421 |
|
$۱۰k-$25k |
DoS |
Microsoft Windows Local Security Authority Subsystem Service |
۴.۹ |
CVE-2020-1267 |
|
$۲۵k-$50k |
Weak Authentication |
Microsoft Windows Lockscreen |
۶.۳ |
CVE-2020-1398 |
|
$۱۰k-$25k |
DoS |
Microsoft Windows Mobile Device Management |
۶.۲ |
CVE-2020-1405 |
|
$۲۵k-$50k |
Information Disclosure |
Microsoft Windows Mobile Device Management |
۴.۹ |
CVE-2020-1330 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows Mobile Device Management |
۷.۰ |
CVE-2020-1372 |
|
$۵۰k-$100k |
Privilege Escalation |
Microsoft Windows Modules Installer |
۷.۸ |
CVE-2020-1346 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows Network Connections Service |
۷.۸ |
CVE-2020-1438 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows Picker Platform |
۷.۰ |
CVE-2020-1363 |
|
$۵۰k-$100k |
Privilege Escalation |
Microsoft Windows Profile Service |
۷.۰ |
CVE-2020-1360 |
|
$۲۵k-$50k |
Memory Corruption |
Microsoft Windows psmsrv.dll |
۶.۱ |
CVE-2020-1388 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows Push Notification Service |
۷.۸ |
CVE-2020-1387 |
|
$۵۰k-$100k |
Privilege Escalation |
Microsoft Windows Remote Desktop Client |
۶.۹ |
CVE-2020-1374 |
|
$۲۵k-$50k |
Information Disclosure |
Microsoft Windows Resource Policy |
۴.۹ |
CVE-2020-1358 |
|
$۲۵k-$50k |
Memory Corruption |
Microsoft Windows SharedStream Library |
۷.۸ |
CVE-2020-1463 |
|
$۲۵k-$50k |
Memory Corruption |
Microsoft Windows Speech Brokered API |
۶.۵ |
CVE-2020-1395 |
|
$۵۰k-$100k |
Privilege Escalation |
Microsoft Windows Storage Services |
۷.۸ |
CVE-2020-1347 |
|
$۵۰k-$100k |
Privilege Escalation |
Microsoft Windows Subsystem for Linux |
۷.۰ |
CVE-2020-1423 |
|
$۲۵k-$50k |
Privilege Escalation |
Microsoft Windows System Events Broker |
۶.۵ |
CVE-2020-1357 |
|
$۵۰k-$100k |
Privilege Escalation |
Microsoft Windows Update Stack |
۷.۰ |
CVE-2020-1424 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows UPnP Device Host |
۷.۸ |
CVE-2020-1354 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows UPnP Device Host |
۷.۰ |
CVE-2020-1430 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows USO Core Worker |
۷.۸ |
CVE-2020-1352 |
|
$۱۰k-$25k |
DoS |
Microsoft Windows WalletService |
۷.۱ |
CVE-2020-1364 |
|
$۲۵k-$50k |
Information Disclosure |
Microsoft Windows WalletService |
۴.۹ |
CVE-2020-1361 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows WalletService |
۷.۰ |
CVE-2020-1362 |
|
$۲۵k-$50k |
Memory Corruption |
Microsoft Windows WalletService |
۶.۵ |
CVE-2020-1369 |
|
$۲۵k-$50k |
Memory Corruption |
Microsoft Windows WalletService |
۷.۸ |
CVE-2020-1344 |
|
$۲۵k-$50k |
Memory Corruption |
Microsoft Windows Windows Network Connections Service |
۷.۸ |
CVE-2020-1390 |
|
$۲۵k-$50k |
Memory Corruption |
Microsoft Windows Windows Network Connections Service |
۷.۸ |
CVE-2020-1373 |
|
$۲۵k-$50k |
Memory Corruption |
Microsoft Windows Windows Network Connections Service |
۷.۸ |
CVE-2020-1428 |
|
$۲۵k-$50k |
Memory Corruption |
Microsoft Windows Windows Network Connections Service |
۷.۸ |
CVE-2020-1427 |
|
$۲۵k-$50k |
Privilege Escalation |
Microsoft Windows Windows Network Location Awareness Service |
۵.۷ |
CVE-2020-1437 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows Windows Print Workflow Service |
۷.۸ |
CVE-2020-1366 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows Windows Runtime |
۷.۸ |
CVE-2020-1353 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows Windows Runtime |
۷.۸ |
CVE-2020-1422 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows Windows Runtime |
۷.۸ |
CVE-2020-1399 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows Windows Runtime |
۷.۸ |
CVE-2020-1249 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows Windows Runtime |
۷.۸ |
CVE-2020-1413 |
|
$۵۰k-$100k |
Memory Corruption |
Microsoft Windows Windows Runtime |
۷.۸ |
CVE-2020-1404 |
|
$۵۰k-$100k |
Privilege Escalation |
Microsoft Windows Windows Runtime |
۷.۸ |
CVE-2020-1370 |
|
$۵۰k-$100k |
Privilege Escalation |
Microsoft Windows Windows Runtime |
۷.۸ |
CVE-2020-1414 |
|
$۵۰k-$100k |
Privilege Escalation |
Microsoft Windows Windows Runtime |
۷.۸ |
CVE-2020-1415 |
|
$۲۵k-$50k |
Memory Corruption |
Microsoft Windows Windows Sync Host Service |
۴.۹ |
CVE-2020-1434 |
|
$۰-$۱k |
CSRF |
MISP |
۸.۸ |
CVE-2020-15711 |
|
Not Defined |
$۲k-$5k |
Code Execution |
Mitsubishi Electric MC Works64 |
۵.۵ |
CVE-2020-12011 |
Not Defined |
$۰-$۱k |
DoS |
Mitsubishi Electric MC Works64 Deserialization |
۳.۵ |
CVE-2020-12015 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Mitsubishi Electric MC Works64 Deserialization |
۵.۵ |
CVE-2020-12009 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Mitsubishi Electric MC Works64 Deserialization |
۵.۵ |
CVE-2020-12007 |
Not Defined |
$۲k-$5k |
SQL Injection |
Mitsubishi Electric MC Works64 |
۶.۳ |
CVE-2020-12013 |
$۲k-$5k |
Privilege Escalation |
Netflix Titus Java Bean Validation |
۹.۸ |
CVE-2020-9297 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Nextcloud Contacts File Upload |
۴.۳ |
CVE-2020-8181 |
$۱k-$2k |
Unknown Vulnerability |
openenclave Side-Channel |
۵.۳ |
CVE-2020-15107 |
|
$۱k-$2k |
Weak Authentication |
OpenVPN Access Server User Authentication Token |
۷.۵ |
CVE-2020-15074 |
|
$۱k-$2k |
Privilege Escalation |
osquery zlib1.dll |
۸.۲ |
CVE-2020-11081 |
|
Not Defined |
$۰-$۱k |
XSS |
Pandora FMS SNMP |
۹.۶ |
CVE-2020-11749 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Python python38._pth |
۵.۵ |
CVE-2020-15801 |
Not Defined |
$۰-$۱k |
DoS |
Python TAR Archive tarfile.py _proc_pax |
۷.۵ |
CVE-2019-20907 |
Not Defined |
$۱۰k-$25k |
Privilege Escalation |
Red Hat Enterprise Linux Docker Package |
۷.۱ |
CVE-2020-14300 |
$۱۰k-$25k |
Privilege Escalation |
Red Hat Enterprise Linux Docker Package |
۷.۱ |
CVE-2020-14298 |
|
$۱۰k-$25k |
Weak Authentication |
Red Hat Enterprise Linux OpenLDAP Package |
۴.۶ |
CVE-2020-15719 |
|
Not Defined |
$۱k-$2k |
Weak Authentication |
Rittal PDU-3C002DEC/CMCIII-PU-9333E0FB Backdoor |
۹.۸ |
CVE-2020-11951 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Rittal PDU-3C002DEC/CMCIII-PU-9333E0FB CLI Menu |
۶.۲ |
CVE-2020-11952 |
Not Defined |
$۲k-$5k |
Code Execution |
Rittal PDU-3C002DEC/CMCIII-PU-9333E0FB |
۸.۸ |
CVE-2020-11953 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Rittal PDU-3C002DEC/CMCIII-PU-9333E0FB Permission |
۸.۸ |
CVE-2020-11955 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Rittal PDU-3C002DEC/CMCIII-PU-9333E0FB |
۹.۸ |
CVE-2020-11956 |
Not Defined |
$۲k-$5k |
Directory Traversal |
rollup-plugin-serve readFile |
۷.۵ |
CVE-2020-7684 |
Not Defined |
$۰-$۱k |
XSS |
RosarioSIS NotifyParents.php |
۶.۱ |
CVE-2020-15721 |
Not Defined |
$۱k-$2k |
XSS |
RosarioSIS Preferences.php |
۴.۳ |
CVE-2020-15716 |
Not Defined |
$۱k-$2k |
XSS |
RosarioSIS PrintSchedules.php |
۴.۳ |
CVE-2020-15718 |
Not Defined |
$۱k-$2k |
XSS |
RosarioSIS Search.inc.php |
۴.۳ |
CVE-2020-15717 |
Not Defined |
$۵k-$10k |
XSS |
SAP Business Intelligence Platform |
۶.۱ |
CVE-2020-6276 |
Not Defined |
$۵k-$10k |
XSS |
SAP Business Intelligence Platform Image Upload Stored |
۵.۴ |
CVE-2020-6278 |
Not Defined |
$۵k-$10k |
XSS |
SAP Business Intelligence Platform Reflected |
۶.۱ |
CVE-2020-6281 |
Not Defined |
$۵k-$10k |
Information Disclosure |
SAP Disclosure Management Cookie httponly |
۵.۴ |
CVE-2020-6267 |
Not Defined |
$۵k-$10k |
CSRF |
SAP Disclosure Management |
۸.۸ |
CVE-2020-6289 |
Not Defined |
$۵k-$10k |
Weak Authentication |
SAP Disclosure Management Session Expiration |
۸.۸ |
CVE-2020-6292 |
Not Defined |
$۵k-$10k |
Weak Authentication |
SAP Disclosure Management Session Expiration |
۸.۸ |
CVE-2020-6291 |
Not Defined |
$۱۰k-$25k |
Weak Authentication |
SAP Disclosure Management Session Fixation |
۶.۳ |
CVE-2020-6290 |
Not Defined |
$۱۰k-$25k |
Directory Traversal |
SAP NetWeaver AS JAVA LM Configuration Wizard |
۵.۳ |
CVE-2020-6286 |
Not Defined |
$۱۰k-$25k |
Server-Side Request Forgery |
SAP NetWeaver AS JAVA |
۵.۸ |
CVE-2020-6282 |
Not Defined |
$۵k-$10k |
Information Disclosure |
SAP NetWeaver XML Toolkit for JAVA |
۷.۷ |
CVE-2020-6285 |
Not Defined |
$۵k-$10k |
Information Disclosure |
SAP NetWeaver/ABAP Platform |
۲.۷ |
CVE-2020-6280 |
$۱۰k-$25k |
Privilege Escalation |
Siemens Camstar Enterprise Platform |
۸.۱ |
CVE-2020-7578 |
|
$۱۰k-$25k |
SQL Injection |
Siemens Camstar Enterprise Platform |
۸.۱ |
CVE-2020-7577 |
|
$۵k-$10k |
XSS |
Siemens Camstar Enterprise Platform Stored |
۵.۴ |
CVE-2020-7576 |
|
$۱۰k-$25k |
Memory Corruption |
Siemens LOGO! 8 BM Web Server |
۷.۳ |
CVE-2020-7593 |
|
$۱۰k-$25k |
Privilege Escalation |
Siemens Opcenter Execution Discrete |
۷.۸ |
CVE-2020-7581 |
|
$۵k-$10k |
DoS |
Siemens Opcenter Execution Discrete Restart |
۳.۵ |
CVE-2020-7588 |
|
$۵k-$10k |
DoS |
Siemens Opcenter Execution Discrete Restart |
۳.۵ |
CVE-2020-7587 |
|
$۱۰k-$25k |
Privilege Escalation |
Siemens SICAM MMU/SICAM SGU/SICAM T Firmware |
۷.۵ |
CVE-2020-10044 |
|
$۲k-$5k |
Weak Encryption |
Siemens SICAM MMU/SICAM SGU/SICAM T Password |
۵.۵ |
CVE-2020-10040 |
|
$۵k-$10k |
XSS |
Siemens SICAM MMU/SICAM SGU/SICAM T Stored |
۶.۱ |
CVE-2020-10041 |
|
$۱۰k-$25k |
Memory Corruption |
Siemens SICAM MMU/SICAM SGU/SICAM T Web Application |
۹.۸ |
CVE-2020-10042 |
|
$۱۰k-$25k |
Weak Authentication |
Siemens SICAM MMU/SICAM SGU/SICAM T Web Application Replay |
۸.۸ |
CVE-2020-10045 |
|
$۱۰k-$25k |
Weak Authentication |
Siemens SICAM MMU/SICAM SGU/SICAM T Web Search Command |
۹.۸ |
CVE-2020-10038 |
|
$۵k-$10k |
XSS |
Siemens SICAM MMU/SICAM SGU/SICAM T Web Server |
۶.۱ |
CVE-2020-10043 |
|
$۵k-$10k |
Information Disclosure |
Siemens SICAM MMU/SICAM SGU/SICAM T Web Server Flooding |
۷.۵ |
CVE-2020-10037 |
|
$۵k-$10k |
Weak Encryption |
Siemens SICAM MMU/SICAM SGU/SICAM T Web Server Man-in-the-Middle |
۸.۱ |
CVE-2020-10039 |
|
$۵k-$10k |
Weak Encryption |
Siemens SIMATIC HMI Basic Panel |
۳.۱ |
CVE-2020-7592 |
|
$۵k-$10k |
DoS |
Siemens SIMATIC S7-200 SMART CPU Crash |
۷.۵ |
CVE-2020-7584 |
|
$۰-$۱k |
XSS |
SilverStripe CMS Login Form |
۳.۵ |
CVE-2020-9311 |
|
$۰-$۱k |
XSS |
SilverStripe CMS Upload Stored |
۳.۵ |
CVE-2020-9309 |
|
$۱k-$2k |
Information Disclosure |
SilverStripe |
۳.۵ |
CVE-2020-6164 |
|
$۲k-$5k |
Privilege Escalation |
SilverStripe Permission Check |
۶.۳ |
CVE-2020-6165 |
|
$۲k-$5k |
SQL Injection |
Sophos XG Firewall Admin Web Interface |
۹.۸ |
CVE-2020-15504 |
|
Not Defined |
$۲k-$5k |
Code Execution |
SuperWebMailer mailingupgrade.php Remote |
۹.۸ |
CVE-2020-11546 |
$۱k-$2k |
Directory Traversal |
Suprema BioStar Video Extension |
۷.۵ |
CVE-2020-15050 |
|
Not Defined |
$۲k-$5k |
Unknown Vulnerability |
Sylabs Singularity Error |
۷.۵ |
CVE-2020-13846 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Sylabs Singularity Integrity Check |
۷.۵ |
CVE-2020-13847 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Sylabs Singularity Integrity Check |
۷.۵ |
CVE-2020-13845 |
$۰-$۱k |
DoS |
Synergy Exception Crash |
۶.۵ |
CVE-2020-15117 |
|
Not Defined |
$۱k-$2k |
XSS |
Tenda AC15/AC1900 Endpoint WifiBasicSet |
۶.۱ |
CVE-2020-10989 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Tenda AC15/AC1900 setUsbUnload |
۹.۸ |
CVE-2020-10987 |
Not Defined |
$۱k-$2k |
CSRF |
Tenda AC15/AC1900 SysToolReboot |
۶.۵ |
CVE-2020-10986 |
Workaround |
$۱k-$2k |
Weak Authentication |
Tenda AC15/AC1900 telnetd tenda_login |
۹.۸ |
CVE-2020-10988 |
$۱k-$2k |
Code Execution |
Tobesoft XPlatform ____COMPONENT____ |
۹.۸ |
CVE-2020-7815 |
|
$۲k-$5k |
Privilege Escalation |
Traccar GPS Tracking System LDAP Search Filter LDAP injection |
۷.۷ |
CVE-2020-5246 |
|
Not Defined |
$۵k-$10k |
DoS |
Trend Micro Secuity 2020 Crash |
۳.۵ |
CVE-2020-15603 |
Not Defined |
$۱۰k-$25k |
Code Execution |
Trend Micro Security 2020 Remote |
۶.۳ |
CVE-2020-15602 |
$۱k-$2k |
Information Disclosure |
Two-Factor Authentication User Session Credentials |
۵.۴ |
CVE-2020-15105 |
|
Not Defined |
$۲k-$5k |
Privilege Escalation |
Verint Impact 360 help_popup.jsp |
۶.۱ |
CVE-2019-12773 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Verint Impact 360 signin |
۸.۸ |
CVE-2019-12784 |
Not Defined |
$۲k-$5k |
Privilege Escalation |
Verint Impact 360 signin |
۶.۱ |
CVE-2019-12783 |
$۲۵k-$50k |
Privilege Escalation |
VMware Fusion XPC Client Validation |
۷.۸ |
CVE-2020-3974 |
|
$۲k-$5k |
Privilege Escalation |
WebKitGTK/WPE WebKit Bubblewrap Sandbox |
۵.۵ |
CVE-2020-13753 |
|
$۰-$۱k |
XSS |
Zabbix URL Widget Stored |
۳.۵ |
CVE-2020-15803 |
سطح خطر حدود ۳۱% آسیبپذیریهای هفته، «پرخطر» و «حیاتی» برآورد شده است که بسیار قابلتوجّه است.
ارزش روز صفرم بیش از ۸۷% آسیبپذیریهای هفته بالای ۲۰۰۰ دلار برآورد شده است.
خوشبختانه برای ۸۱% آسیبپذیریهای هفته، بهروزرسانیها و یا وصلههایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده از آسیبپذیریها بهتر است سریعاً اعمال شوند.
همچنین با ۱۰۳ مورد، اکثر آسیبپذیریهای هفته (۲۶%) از نوع «تخریب حافظه» بودند.