info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته آخر تیر‌ماه

این هفته آسیب‌پذیری‌های بسیاری در مهم‌ترین محصولات بزرگترین شرکت‌ها از سراسر دنیا گزارش شد: از آسیب‌پذیری‌های حیاتی و پرخطر در محصولات Microsoft و Apple، Cisco تا آسیب‌پذیری‌های مهم سیستم‌های کنترل صنعتی Siemens و Mitsubishi Electric. همچنین در محصولات Apache، Adobe، Joomla، Nextcloud، IBM و Citrix  و کرنل لینوکس آسیب‌پذیری‌هایی شناسایی و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شده است.

لیست این آسیب‌پذیری‌ها به همراه ارزش روز صفر آن‌ها و لینک وصله‌ها و به‌روزرسانی‌های ارائه‌شده در جدول زیر آمده است.

رفع آسیب‌پذیری

ارزش روز صفر

نوع آسیب‌پذیری

محصول آسیب‌پذیر

امتیاز مبنا

شناسه آسیب‌پذیری

Official Fix

$۵k-$10k

Privilege Escalation

Adobe ColdFusion Search

۷.۳

CVE-2020-9673

Official Fix

$۵k-$10k

Privilege Escalation

Adobe ColdFusion Search

۷.۳

CVE-2020-9672

Official Fix

$۵k-$10k

Privilege Escalation

Adobe Creative Cloud Desktop Application File Permission

۶.۳

CVE-2020-9671

Official Fix

$۵k-$10k

Privilege Escalation

Adobe Creative Cloud Desktop Application

۶.۳

CVE-2020-9669

Official Fix

$۵k-$10k

Privilege Escalation

Adobe Creative Cloud Desktop Application Symlink

۵.۵

CVE-2020-9682

Official Fix

$۵k-$10k

Privilege Escalation

Adobe Creative Cloud Desktop Application Symlink

۶.۳

CVE-2020-9670

Official Fix

$۵k-$10k

Command Injection

Adobe Download Manager

۵.۵

CVE-2020-9688

Official Fix

$۲k-$5k

Information Disclosure

Adobe Media Encoder Out-of-Bounds

۴.۳

CVE-2020-9649

Official Fix

$۵k-$10k

Memory Corruption

Adobe Media Encoder Out-of-Bounds

۶.۳

CVE-2020-9650

Official Fix

$۵k-$10k

Memory Corruption

Adobe Media Encoder Out-of-Bounds

۶.۳

CVE-2020-9646

Not Defined

$۲k-$5k

XSS

Apache Airflow Admin Management Screen Stored

۳.۵

CVE-2020-11983

Not Defined

$۵k-$10k

XSS

Apache Airflow Classic UI Stored

۳.۵

CVE-2020-9485

Not Defined

$۱۰k-$25k

Command Injection

Apache Airflow

۵.۵

CVE-2020-11978

Not Defined

$۵k-$10k

XSS

Apache OFBiz Deserialization

۳.۵

CVE-2020-9496

Official Fix

$۲۵k-$50k

Unknown Vulnerability

Apache OFBiz eCommerce

۵.۵

CVE-2020-13923

Not Defined

$۱۰k-$25k

Code Execution

Apache RabbitMQ Redis/RabbitMQ

۵.۵

CVE-2020-11982

Not Defined

$۱۰k-$25k

Command Injection

Apache RabbitMQ Redis/RabbitMQ

۵.۵

CVE-2020-11981

Not Defined

$۵k-$10k

DoS

Apache Tomcat h2c Direct Connection Memory Exhaustion

۳.۵

CVE-2020-13934

Not Defined

$۵k-$10k

DoS

Apache Tomcat WebSocket Frame Loop

۳.۵

CVE-2020-13935

Official Fix

$۱۰۰k and more

Memory Corruption

Apple iOS/iPadOS Audio Out-of-Bounds

۶.۳

CVE-2020-9889

Official Fix

$۱۰۰k and more

Memory Corruption

Apple iOS/iPadOS Audio Out-of-Bounds

۶.۳

CVE-2020-9891

Official Fix

$۱۰۰k and more

Memory Corruption

Apple iOS/iPadOS Audio Out-of-Bounds

۶.۳

CVE-2020-9890

Official Fix

$۱۰۰k and more

Memory Corruption

Apple iOS/iPadOS Audio Out-of-Bounds

۶.۳

CVE-2020-9888

Official Fix

$۵۰k-$100k

Memory Corruption

Apple iOS/iPadOS AVEVideoEncoder

۸.۸

CVE-2020-9907

Official Fix

$۲۵k-$50k

DoS

Apple iOS/iPadOS Bluetooth

۵.۳

CVE-2020-9931

Official Fix

$۱۰k-$25k

Information Disclosure

Apple iOS/iPadOS CoreFoundation

۳.۳

CVE-2020-9934

Official Fix

$۲۵k-$50k

Memory Corruption

Apple iOS/iPadOS Crash Reporter

۵.۳

CVE-2020-9865

Official Fix

$۱۰k-$25k

Information Disclosure

Apple iOS/iPadOS GeoServices

۳.۳

CVE-2020-9933

Official Fix

$۵۰k-$100k

Memory Corruption

Apple iOS/iPadOS iAP

۵.۵

CVE-2020-9914

Official Fix

$۱۰۰k and more

Memory Corruption

Apple iOS/iPadOS ImageIO Out-of-Bounds

۶.۳

CVE-2020-9936

Official Fix

$۵۰k-$100k

Memory Corruption

Apple iOS/iPadOS Kernel

۸.۸

CVE-2020-9923

Official Fix

$۵۰k-$100k

Privilege Escalation

Apple iOS/iPadOS Kernel

۷.۰

CVE-2020-9909

Official Fix

$۵۰k-$100k

Privilege Escalation

Apple iOS/iPadOS Kernel

۶.۳

CVE-2019-14899

Official Fix

$۲۵k-$50k

DoS

Apple iOS/iPadOS Mail Out-of-Bounds

۴.۳

CVE-2019-19906

Official Fix

$۵۰k-$100k

Weak Authentication

Apple iOS/iPadOS Messages

۵.۶

CVE-2020-9885

Official Fix

$۱۰۰k and more

Memory Corruption

Apple iOS/iPadOS Model I/O

۵.۵

CVE-2020-9878

Official Fix

$۲۵k-$50k

Information Disclosure

Apple iOS/iPadOS Safari Login AutoFill

۴.۳

CVE-2020-9903

Official Fix

$۵۰k-$100k

Privilege Escalation

Apple iOS/iPadOS Safari Reader Same-Origin Policy

۶.۳

CVE-2020-9911

Official Fix

$۱۰۰k and more

Memory Corruption

Apple iOS/iPadOS WebKit Out-of-Bounds

۶.۳

CVE-2020-9894

Official Fix

$۲۵k-$50k

Spoofing

Apple iOS/iPadOS WebKit Page Loading

۶.۳

CVE-2020-9916

Official Fix

$۵۰k-$100k

Privilege Escalation

Apple iOS/iPadOS WebKit

۶.۳

CVE-2020-9910

Official Fix

$۵۰k-$100k

Privilege Escalation

Apple iOS/iPadOS WebKit

۶.۳

CVE-2020-9915

Official Fix

$۲۵k-$50k

XSS

Apple iOS/iPadOS WebKit Universal

۴.۳

CVE-2020-9925

Official Fix

$۱۰۰k and more

Memory Corruption

Apple iOS/iPadOS WebKit Use-After-Free

۶.۳

CVE-2020-9895

Official Fix

$۱۰۰k and more

Memory Corruption

Apple iOS/iPadOS WebKit Use-After-Free

۶.۳

CVE-2020-9893

Official Fix

$۲۵k-$50k

Command Injection

Apple iOS/iPadOS WebKit Web Inspector

۴.۸

CVE-2020-9862

Official Fix

$۲۵k-$50k

DoS

Apple iOS/iPadOS WiFi

۴.۳

CVE-2020-9917

Official Fix

$۱۰۰k and more

Memory Corruption

Apple iOS/iPadOS Wi-Fi Out-of-Bounds

۹.۹

CVE-2020-9918

Official Fix

$۱۰k-$25k

Memory Corruption

Apple macOS Audio Out-of-Bounds

۶.۳

CVE-2020-9891

Official Fix

$۱۰k-$25k

Memory Corruption

Apple macOS Audio Out-of-Bounds

۶.۳

CVE-2020-9890

Official Fix

$۱۰k-$25k

Memory Corruption

Apple macOS Audio Out-of-Bounds

۶.۳

CVE-2020-9888

Official Fix

$۱۰k-$25k

Memory Corruption

Apple macOS Audio Out-of-Bounds

۶.۳

CVE-2020-9889

Official Fix

$۱۰k-$25k

Memory Corruption

Apple macOS Audio Out-of-Bounds

۶.۳

CVE-2020-9884

Official Fix

$۱۰k-$25k

Privilege Escalation

Apple macOS Clang

۵.۵

CVE-2020-9870

Official Fix

$۱۰k-$25k

Memory Corruption

Apple macOS CoreAudio

۵.۵

CVE-2020-9866

Official Fix

$۲k-$5k

Information Disclosure

Apple macOS CoreFoundation

۳.۳

CVE-2020-9934

Official Fix

$۵k-$10k

Memory Corruption

Apple macOS Crash Reporter

۵.۳

CVE-2020-9865

Official Fix

$۱۰k-$25k

Memory Corruption

Apple macOS Graphics Drivers Out-of-Bounds

۸.۸

CVE-2020-9799

Official Fix

$۲k-$5k

Information Disclosure

Apple macOS Heimdal

۳.۳

CVE-2020-9913

Official Fix

$۱۰k-$25k

Memory Corruption

Apple macOS ImageIO Out-of-Bounds

۶.۳

CVE-2020-9936

Official Fix

$۱۰k-$25k

Privilege Escalation

Apple macOS Kernel Injection

۶.۲

CVE-2019-14899

Official Fix

$۵k-$10k

DoS

Apple macOS Mail Out-of-Bounds

۴.۳

CVE-2019-19906

Official Fix

$۱۰k-$25k

Weak Authentication

Apple macOS Messages

۷.۳

CVE-2020-9885

Official Fix

$۱۰k-$25k

Memory Corruption

Apple macOS Model I/O

۵.۵

CVE-2020-9878

Official Fix

$۱۰k-$25k

Privilege Escalation

Apple macOS Security

۷.۸

CVE-2020-9864

Official Fix

$۱۰k-$25k

Privilege Escalation

Apple macOS Vim Code

۵.۸

CVE-2019-20807

Official Fix

$۲۵k-$50k

Memory Corruption

Apple macOS Wi-Fi Out-of-Bounds

۹.۹

CVE-2020-9918

Official Fix

$۲۵k-$50k

Privilege Escalation

Apple Safari Safari Downloads Origin

۶.۳

CVE-2020-9912

Official Fix

$۱۰k-$25k

Information Disclosure

Apple Safari Safari Login AutoFill Credentials

۴.۳

CVE-2020-9903

Official Fix

$۲۵k-$50k

Privilege Escalation

Apple Safari Safari Reader Same-Origin Policy

۶.۳

CVE-2020-9911

Official Fix

$۲۵k-$50k

Privilege Escalation

Apple Safari WebKit CSP

۶.۳

CVE-2020-9915

Official Fix

$۲۵k-$50k

Memory Corruption

Apple Safari WebKit Out-of-Bounds

۶.۳

CVE-2020-9894

Official Fix

$۱۰k-$25k

Spoofing

Apple Safari WebKit Page Loading

۶.۳

CVE-2020-9916

Official Fix

$۲۵k-$50k

Privilege Escalation

Apple Safari WebKit

۶.۳

CVE-2020-9910

Official Fix

$۱۰k-$25k

XSS

Apple Safari WebKit Universal

۴.۳

CVE-2020-9925

Official Fix

$۲۵k-$50k

Memory Corruption

Apple Safari WebKit Use-After-Free

۶.۳

CVE-2020-9895

Official Fix

$۲۵k-$50k

Memory Corruption

Apple Safari WebKit Use-After-Free

۶.۳

CVE-2020-9893

Official Fix

$۱۰k-$25k

Command Injection

Apple Safari WebKit Web Inspector

۴.۸

CVE-2020-9862

Official Fix

$۵k-$10k

Memory Corruption

Apple tvOS Audio Out-of-Bounds

۶.۳

CVE-2020-9891

Official Fix

$۵k-$10k

Memory Corruption

Apple tvOS Audio Out-of-Bounds

۶.۳

CVE-2020-9890

Official Fix

$۵k-$10k

Memory Corruption

Apple tvOS Audio Out-of-Bounds

۶.۳

CVE-2020-9888

Official Fix

$۵k-$10k

Memory Corruption

Apple tvOS Audio Out-of-Bounds

۶.۳

CVE-2020-9889

Official Fix

$۵k-$10k

Memory Corruption

Apple tvOS AVEVideoEncoder

۸.۸

CVE-2020-9907

Official Fix

$۲k-$5k

Memory Corruption

Apple tvOS Crash Reporter

۵.۳

CVE-2020-9865

Official Fix

$۱k-$2k

Information Disclosure

Apple tvOS GeoServices

۳.۳

CVE-2020-9933

Official Fix

$۵k-$10k

Memory Corruption

Apple tvOS iAP

۶.۳

CVE-2020-9914

Official Fix

$۵k-$10k

Memory Corruption

Apple tvOS ImageIO Out-of-Bounds

۶.۳

CVE-2020-9936

Official Fix

$۵k-$10k

Privilege Escalation

Apple tvOS Kernel Injection

۵.۰

CVE-2019-14899

Official Fix

$۵k-$10k

Memory Corruption

Apple tvOS Kernel Out-of-Bounds

۸.۸

CVE-2020-9909

Official Fix

$۵k-$10k

Privilege Escalation

Apple tvOS WebKit Content Security Policy

۶.۳

CVE-2020-9915

Official Fix

$۵k-$10k

Memory Corruption

Apple tvOS WebKit Out-of-Bounds

۶.۳

CVE-2020-9894

Official Fix

$۲k-$5k

Spoofing

Apple tvOS WebKit Page Loading

۶.۳

CVE-2020-9916

Official Fix

$۵k-$10k

Privilege Escalation

Apple tvOS WebKit

۶.۳

CVE-2020-9910

Official Fix

$۲k-$5k

XSS

Apple tvOS WebKit Universal

۴.۳

CVE-2020-9925

Official Fix

$۵k-$10k

Memory Corruption

Apple tvOS WebKit Use-After-Free

۶.۳

CVE-2020-9895

Official Fix

$۵k-$10k

Memory Corruption

Apple tvOS WebKit Use-After-Free

۶.۳

CVE-2020-9893

Official Fix

$۲k-$5k

Command Injection

Apple tvOS WebKit Web Inspector

۴.۸

CVE-2020-9862

Official Fix

$۱۰k-$25k

Memory Corruption

Apple tvOS Wi-Fi Out-of-Bounds

۹.۶

CVE-2020-9918

Official Fix

$۵k-$10k

Memory Corruption

Apple watchOS Audio Out-of-Bounds

۶.۳

CVE-2020-9891

Official Fix

$۵k-$10k

Memory Corruption

Apple watchOS Audio Out-of-Bounds

۶.۳

CVE-2020-9890

Official Fix

$۵k-$10k

Memory Corruption

Apple watchOS Audio Out-of-Bounds

۶.۳

CVE-2020-9888

Official Fix

$۵k-$10k

Memory Corruption

Apple watchOS Audio Out-of-Bounds

۶.۳

CVE-2020-9889

Official Fix

$۲k-$5k

Memory Corruption

Apple watchOS Crash Reporter

۵.۳

CVE-2020-9865

Official Fix

$۱k-$2k

Information Disclosure

Apple watchOS GeoServices

۳.۳

CVE-2020-9933

Official Fix

$۵k-$10k

Memory Corruption

Apple watchOS ImageIO Out-of-Bounds

۶.۳

CVE-2020-9936

Official Fix

$۵k-$10k

Memory Corruption

Apple watchOS Kernel

۸.۸

CVE-2020-9923

Official Fix

$۵k-$10k

Memory Corruption

Apple watchOS Kernel Out-of-Bounds

۸.۸

CVE-2020-9909

Official Fix

$۲k-$5k

Weak Authentication

Apple watchOS Messages

۵.۶

CVE-2020-9885

Official Fix

$۵k-$10k

Privilege Escalation

Apple watchOS WebKit Content Security Policy

۶.۳

CVE-2020-9915

Official Fix

$۵k-$10k

Memory Corruption

Apple watchOS WebKit Out-of-Bounds

۶.۳

CVE-2020-9894

Official Fix

$۲k-$5k

Spoofing

Apple watchOS WebKit Page Loading

۶.۳

CVE-2020-9916

Official Fix

$۵k-$10k

Privilege Escalation

Apple watchOS WebKit

۵.۵

CVE-2020-9910

Official Fix

$۲k-$5k

XSS

Apple watchOS WebKit Universal

۴.۳

CVE-2020-9925

Official Fix

$۵k-$10k

Memory Corruption

Apple watchOS WebKit Use-After-Free

۶.۳

CVE-2020-9895

Official Fix

$۵k-$10k

Memory Corruption

Apple watchOS WebKit Use-After-Free

۶.۳

CVE-2020-9893

Official Fix

$۲k-$5k

Command Injection

Apple watchOS WebKit Web Inspector

۴.۸

CVE-2020-9862

Official Fix

$۱۰k-$25k

Memory Corruption

Apple watchOS Wi-Fi Out-of-Bounds

۹.۹

CVE-2020-9918

Official Fix

$۲k-$5k

Open Redirect

Atlassian JIRA Server login.jsp

۶.۱

CVE-2019-20901

Official Fix

$۱k-$2k

XSS

Atlassian JIRA Server/Data Center Add Field Module

۴.۸

CVE-2019-20900

Official Fix

$۰-$۱k

DoS

Atlassian JIRA Server/Data Center Avatar Upload

۶.۵

CVE-2019-20897

Official Fix

$۰-$۱k

DoS

Atlassian JIRA Server/Data Center Gadget API Flooding

۵.۳

CVE-2019-20899

Official Fix

$۱k-$2k

Information Disclosure

Atlassian JIRA Server/Data Center Global Permissions Screen

۷.۵

CVE-2019-20898

Official Fix

$۱k-$2k

Information Disclosure

Atlassian JIRA Server/Data Center Private Object

۴.۳

CVE-2020-14174

Official Fix

$۲k-$5k

Memory Corruption

Bareos Director Job Verification Heap-based

۷.۴

CVE-2020-11061

Official Fix

$۱k-$2k

Weak Authentication

Bareos

۶.۶

CVE-2020-4042

Official Fix

$۱۰k-$25k

Privilege Escalation

Cisco Content Security Management Appliance URL Filter

۴.۰

CVE-2020-3370

Official Fix

$۱۰k-$25k

Privilege Escalation

Cisco Data Center Network Manager CLI

۷.۸

CVE-2020-3380

Official Fix

$۵k-$10k

XSS

Cisco Data Center Network Manager Web-based Management Interface

۴.۸

CVE-2020-3349

Official Fix

$۵k-$10k

XSS

Cisco Data Center Network Manager Web-based Management Interface

۴.۸

CVE-2020-3348

Official Fix

$۵k-$10k

Information Disclosure

Cisco Meetings App API Subsystem

۴.۳

CVE-2020-3197

Official Fix

$۱۰k-$25k

Privilege Escalation

Cisco Prime License Manager Web Management Interface

۹.۸

CVE-2020-3140

Official Fix

$۵۰k-$100k

Weak Authentication

Cisco RV110W Telnet Service Default Admin Password

۹.۸

CVE-2020-3330

Official Fix

$۱۰k-$25k

Command Injection

Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface

۸.۱

CVE-2020-3332

Official Fix

$۱۰k-$25k

Privilege Escalation

Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface

۸.۸

CVE-2020-3146

Official Fix

$۱۰k-$25k

Privilege Escalation

Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface

۸.۸

CVE-2020-3145

Official Fix

$۱۰k-$25k

Code Execution

Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface Remote

۹.۸

CVE-2020-3323

Official Fix

$۱۰k-$25k

Weak Authentication

Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface

۹.۸

CVE-2020-3144

Official Fix

$۵k-$10k

Information Disclosure

Cisco RV110W/RV215W Web-based Management Interface

۵.۹

CVE-2020-3150

Official Fix

$۱۰k-$25k

Code Execution

Cisco RV110W/RV215W Web-based Management Interface Remote

۹.۸

CVE-2020-3331

Official Fix

$۱۰k-$25k

Privilege Escalation

Cisco RV340/RV340W/RV345/RV345P SSL VPN

۹.۸

CVE-2020-3357

Official Fix

$۵k-$10k

DoS

Cisco SD-WAN Solution

۸.۶

CVE-2020-3351

Official Fix

$۵k-$10k

Privilege Escalation

Cisco SD-WAN Solution Operating System

۵.۳

CVE-2020-3379

Official Fix

$۵k-$10k

Weak Authentication

Cisco SD-WAN Solution

۸.۴

CVE-2020-3180

Official Fix

$۲k-$5k

DoS

Cisco SD-WAN vEdge Router Deep Packet Inspection

۷.۴

CVE-2020-3385

Official Fix

$۵k-$10k

DoS

Cisco SD-WAN vEdge Router Deep Ppacket Inspection

۸.۶

CVE-2020-3369

Official Fix

$۱۰k-$25k

Command Injection

Cisco SD-WAN vManage CLI

۷.۸

CVE-2020-3388

Official Fix

$۱۰k-$25k

Privilege Escalation

Cisco SD-WAN vManage

۷.۵

CVE-2020-3387

Official Fix

$۱۰k-$25k

Directory Traversal

Cisco SD-WAN vManage Web Management Interface

۸.۸

CVE-2020-3381

Official Fix

$۱۰k-$25k

XML External Entity

Cisco SD-WAN vManage Web UI

۶.۵

CVE-2020-3405

Official Fix

$۵k-$10k

XSS

Cisco SD-WAN vManage Web-based Management Interface

۶.۴

CVE-2020-3406

Official Fix

$۱۰k-$25k

Directory Traversal

Cisco SD-WAN vManage Web-based Management Interface

۶.۵

CVE-2020-3401

Official Fix

$۵k-$10k

Information Disclosure

Cisco SD-WAN vManage Web-based Management Interface

۶.۵

CVE-2020-3437

Official Fix

$۲k-$5k

DoS

Cisco SD-WAN vManage Web-based Management Interface Memory Exhaustion

۶.۵

CVE-2020-3372

Official Fix

$۱۰k-$25k

SQL Injection

Cisco SD-WAN vManage Web-based Management Interface

۵.۴

CVE-2020-3468

Official Fix

$۱۰k-$25k

SQL Injection

Cisco SD-WAN vManage Web-based Management Interface

۴.۳

CVE-2020-3378

Official Fix

$۵k-$10k

DoS

Cisco Small Business RV VPN Router SSL VPN Restart

۸.۶

CVE-2020-3358

Official Fix

$۱۰k-$25k

SQL Injection

Cisco Vision Dynamic Signage Director Web-based Management Interface

۴.۹

CVE-2020-3450

Official Fix

$۵k-$10k

XSS

Cisco Webex Meetings/WebEx Meetings Server

۴.۳

CVE-2020-3345

Official Fix

$۱۰k-$25k

Privilege Escalation

Citrix ADC Linux Client/Gateway Linux Client

۷.۸

CVE-2020-8199

Official Fix

$۱۰k-$25k

Privilege Escalation

Citrix ADC/Gateway Command

۸.۸

CVE-2020-8197

Official Fix

$۵k-$10k

DoS

Citrix ADC/Gateway

۷.۵

CVE-2020-8187

Official Fix

$۱۰k-$25k

Privilege Escalation

Citrix ADC/Gateway File Permission

۷.۵

CVE-2020-8190

Official Fix

$۵k-$10k

Information Disclosure

Citrix ADC/Gateway/SDWAN WAN-OP Access Control

۴.۳

CVE-2020-8196

Official Fix

$۱۰k-$25k

Privilege Escalation

Citrix ADC/Gateway/SDWAN WAN-OP Access Control

۶.۵

CVE-2020-8193

Official Fix

$۱۰k-$25k

Privilege Escalation

Citrix ADC/Gateway/SDWAN WAN-OP File Download Code Injection

۶.۵

CVE-2020-8194

Official Fix

$۵k-$10k

Information Disclosure

Citrix ADC/Gateway/SDWAN WAN-OP

۶.۵

CVE-2020-8195

Official Fix

$۵k-$10k

XSS

Citrix ADC/Gateway/SDWAN WAN-OP Reflected

۶.۱

CVE-2020-8191

Official Fix

$۵k-$10k

XSS

Citrix ADC/Gateway/SDWAN WAN-OP Stored

۶.۱

CVE-2020-8198

Official Fix

$۵k-$10k

Weak Encryption

Dell EMC OpenManage Integration Default Key

۸.۸

CVE-2020-5374

Official Fix

$۵k-$10k

Weak Authentication

Dell EMC OpenManage Integration

۶.۵

CVE-2020-5373

Official Fix

$۱k-$2k

Weak Authentication

Dogtag PKI pki.client.PKIConnection

۸.۱

CVE-2020-15720

Official Fix

$۱k-$2k

Weak Authentication

Envoy

۴.۶

CVE-2020-15104

Not Defined

$۲k-$5k

Privilege Escalation

Gitlab Authentication Plugin

۵.۵

CVE-2020-2228

Not Defined

$۰-$۱k

DoS

GNU LibreDWG bits.c bit_calc_CRC

۳.۵

CVE-2019-20911

Not Defined

$۲k-$5k

Memory Corruption

GNU LibreDWG bits.c bit_read_TF

۵.۵

CVE-2019-20912

Not Defined

$۲k-$5k

Memory Corruption

GNU LibreDWG bits.c bit_write_TF

۵.۵

CVE-2019-20915

Not Defined

$۲k-$5k

Memory Corruption

GNU LibreDWG common_entity_data.spec dwg_encode_entity

۵.۵

CVE-2019-20913

Not Defined

$۰-$۱k

DoS

GNU LibreDWG common_entity_handle_data.spec dwg_encode_common_entity_handle_data

۳.۵

CVE-2019-20914

Not Defined

$۲k-$5k

Memory Corruption

GNU LibreDWG decode.c decode_R13_R2000

۵.۵

CVE-2019-20910

Not Defined

$۰-$۱k

DoS

GNU LibreDWG dwg.spec dwg_encode_LWPOLYLINE

۳.۵

CVE-2019-20909

Not Defined

$۲k-$5k

Privilege Escalation

HCL Verse Code Loading

۵.۵

CVE-2020-4100

Official Fix

$۵k-$10k

Privilege Escalation

Huawei P30

۵.۵

CVE-2020-9258

Official Fix

$۵k-$10k

Information Disclosure

Huawei P30/P30 Pro WiFi

۶.۵

CVE-2020-9260

Not Defined

$۱k-$2k

Weak Encryption

IBM BigFix Platform Credentials

۲.۵

CVE-2020-4095

Official Fix

$۵k-$10k

XSS

IBM Jazz Team Server Web UI

۵.۴

CVE-2019-4748

Official Fix

$۵k-$10k

Privilege Escalation

IBM Maximo Asset Management Logout

۵.۶

CVE-2019-4591

Official Fix

$۵k-$10k

Weak Encryption

IBM Publishing Engine Cookie

۴.۳

CVE-2020-4316

Official Fix

$۱۰k-$25k

Privilege Escalation

IBM QRadar SIEM Command

۹.۱

CVE-2020-4512

Official Fix

$۲k-$5k

DoS

IBM QRadar SIEM qflow

۶.۵

CVE-2020-4511

Official Fix

$۵k-$10k

XSS

IBM QRadar SIEM Web UI

۶.۱

CVE-2020-4513

Official Fix

$۵k-$10k

XSS

IBM QRadar SIEM Web UI

۵.۴

CVE-2020-4364

Official Fix

$۱۰k-$25k

XML External Entity

IBM QRadar SIEM XML Data

۷.۶

CVE-2020-4510

Official Fix

$۱۰k-$25k

XML External Entity

IBM Sterling External Authentication Server

۸.۲

CVE-2020-4462

Official Fix

$۵k-$10k

XSS

IBM Team Concert Web UI

۵.۴

CVE-2019-4747

Official Fix

$۲۵k-$50k

Privilege Escalation

IBM WebSphere Application Server SOAP Connector Deserialization

۸.۸

CVE-2020-4464

Not Defined

$۲k-$5k

Privilege Escalation

Icewarp Email Server Access Control

۵.۵

CVE-2020-14064

Not Defined

$۱k-$2k

XSS

Icewarp Email Server

۴.۳

CVE-2020-14066

Not Defined

$۰-$۱k

DoS

Icewarp Email Server File Upload

۴.۳

CVE-2020-14065

Official Fix

$۰-$۱k

XSS

Jenkins Agent Name Stored

۸.۱

CVE-2020-2220

Official Fix

$۰-$۱k

XSS

Jenkins Job Name Stored

۸.۱

CVE-2020-2222

Official Fix

$۰-$۱k

XSS

Jenkins Stored

۸.۱

CVE-2020-2223

Official Fix

$۰-$۱k

XSS

Jenkins Upstram Job Stored

۸.۱

CVE-2020-2221

Official Fix

$۲k-$5k

Privilege Escalation

jison OS

۵.۵

CVE-2020-8178

Official Fix

$۵k-$10k

CSRF

Joomla CMS com_installer

۶.۳

CVE-2020-15700

Official Fix

$۵k-$10k

CSRF

Joomla CMS com_privacy

۶.۳

CVE-2020-15695

Official Fix

$۵k-$10k

Information Disclosure

Joomla CMS Filter Credentials

۵.۳

CVE-2020-15698

Official Fix

$۵k-$10k

XSS

Joomla CMS mod_random_image

۵.۴

CVE-2020-15696

Official Fix

$۱۰k-$25k

Privilege Escalation

Joomla CMS

۵.۳

CVE-2020-15697

Official Fix

$۵k-$10k

DoS

Joomla CMS Validation

۵.۳

CVE-2020-15699

Official Fix

$۲k-$5k

Code Execution

kramdown Gem Document

۵.۵

CVE-2020-14001

Not Defined

$۲k-$5k

SQL Injection

Kronos WebTA com.threeis.webta.H352premPayRequest Blind

۶.۳

CVE-2020-14982

Not Defined

$۲k-$5k

SQL Injection

Kylin Hyve SQL

۶.۳

CVE-2020-13926

Not Defined

$۲k-$5k

Privilege Escalation

Kylin Restful API OS

۵.۵

CVE-2020-13925

Not Defined

$۰-$۱k

CSRF

LibreHealth EMR

۴.۳

CVE-2020-11438

Official Fix

$۰-$۱k

XSS

LibreHealth EMR

۳.۵

CVE-2020-11436

Official Fix

$۲k-$5k

Privilege Escalation

LibreHealth EMR Local File Inclusion

۵.۵

CVE-2020-11439

Not Defined

$۲k-$5k

SQL Injection

LibreHealth EMR

۶.۳

CVE-2020-11437

Not Defined

$۱۰k-$25k

Privilege Escalation

Linux Kernel ACPI Table acpi_configfs.c

۵.۵

CVE-2020-15780

Not Defined

$۲k-$5k

Information Disclosure

Linux Kernel Speculative Execution

۵.۱

CVE-2019-19338

Official Fix

$۲k-$5k

Privilege Escalation

lodash _.zipObjectDeep

۵.۵

CVE-2020-8203

Official Fix

$۰-$۱k

XSS

Matrix Authorization Strategy Plugin Stored

۳.۵

CVE-2020-2226

Official Fix

$۰-$۱k

XSS

Matrix Project Plugin Overview Page Stored

۳.۵

CVE-2020-2225

Official Fix

$۰-$۱k

XSS

Matrix Project Plugin Overview Page Stored

۳.۵

CVE-2020-2224

Official Fix

$۱۰k-$25k

Open Redirect

McAfee Web Gateway

۵.۸

CVE-2020-7292

Official Fix

$۵k-$10k

DoS

Microsoft Bond

۳.۵

CVE-2020-1469

Official Fix

$۲۵k-$50k

Privilege Escalation

Microsoft Lync/Skype for Business Server/SharePoint OAuth Token

۵.۵

CVE-2020-1025

Official Fix

$۱۰k-$25k

Privilege Escalation

Microsoft Visual Studio Code ESLint Extension

۶.۳

CVE-2020-1481

Official Fix

$۵k-$10k

Privilege Escalation

Microsoft Visual Studio Code Injection

۴.۸

CVE-2020-1416

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows ActiveX Installer Service

۷.۰

CVE-2020-1402

Official Fix

$۲۵k-$50k

Information Disclosure

Microsoft Windows Agent Activation Runtime

۴.۹

CVE-2020-1391

Official Fix

$۵۰k-$100k

Privilege Escalation

Microsoft Windows ALPC

۸.۳

CVE-2020-1396

Official Fix

$۵۰k-$100k

Privilege Escalation

Microsoft Windows AppX Deployment Extension

۶.۷

CVE-2020-1431

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows CNG Key Isolation Service

۶.۶

CVE-2020-1384

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows CNG Key Isolation Service

۷.۰

CVE-2020-1359

Official Fix

$۲۵k-$50k

Privilege Escalation

Microsoft Windows COM Server

۶.۵

CVE-2020-1375

Official Fix

$۲۵k-$50k

Information Disclosure

Microsoft Windows Connected User Experiences and Telemetry Service

۴.۹

CVE-2020-1386

Official Fix

$۲۵k-$50k

Memory Corruption

Microsoft Windows Credential Enrollment Manager Service

۶.۵

CVE-2020-1368

Official Fix

$۲۵k-$50k

Memory Corruption

Microsoft Windows Credential Picker

۴.۹

CVE-2020-1385

Official Fix

$۵۰k-$100k

Privilege Escalation

Microsoft Windows Delivery Optimization Service

۸.۳

CVE-2020-1392

Official Fix

$۵۰k-$100k

Privilege Escalation

Microsoft Windows Diagnostics Hub

۷.۰

CVE-2020-1393

Official Fix

$۲۵k-$50k

Privilege Escalation

Microsoft Windows Diagnostics Hub

۶.۵

CVE-2020-1418

Official Fix

$۲۵k-$50k

Information Disclosure

Microsoft Windows Error Reporting

۴.۹

CVE-2020-1420

Official Fix

$۱۰k-$25k

DoS

Microsoft Windows Error Reporting Manager

۶.۰

CVE-2020-1429

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows Event Logging

۷.۰

CVE-2020-1371

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows Event Logging

۷.۰

CVE-2020-1365

Official Fix

$۲۵k-$50k

Memory Corruption

Microsoft Windows Function Discovery Service

۶.۵

CVE-2020-1085

Official Fix

$۲۵k-$50k

Memory Corruption

Microsoft Windows Geolocation Framework

۶.۵

CVE-2020-1394

Official Fix

$۱۰k-$25k

Privilege Escalation

Microsoft Windows Group Policy Services Policy

۵.۴

CVE-2020-1333

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows Hyper-V RemoteFX vGPU

۸.۵

CVE-2020-1043

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows Hyper-V RemoteFX vGPU

۸.۵

CVE-2020-1042

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows Hyper-V RemoteFX vGPU

۸.۵

CVE-2020-1036

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows Hyper-V RemoteFX vGPU

۸.۵

CVE-2020-1032

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows Hyper-V RemoteFX vGPU

۸.۵

CVE-2020-1040

Official Fix

$۵۰k-$100k

Privilege Escalation

Microsoft Windows Hyper-V RemoteFX vGPU

۸.۵

CVE-2020-1041

Official Fix

$۵۰k-$100k

Privilege Escalation

Microsoft Windows iSCSI Target Service

۷.۸

CVE-2020-1356

Official Fix

$۲۵k-$50k

Information Disclosure

Microsoft Windows Kernel

۵.۵

CVE-2020-1389

Official Fix

$۲۵k-$50k

Information Disclosure

Microsoft Windows Kernel

۴.۹

CVE-2020-1426

Official Fix

$۲۵k-$50k

Information Disclosure

Microsoft Windows Kernel

۴.۹

CVE-2020-1419

Official Fix

$۱۰k-$25k

Information Disclosure

Microsoft Windows Kernel

۵.۵

CVE-2020-1367

Official Fix

$۱۰۰k and more

Memory Corruption

Microsoft Windows Kernel

۸.۳

CVE-2020-1411

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows Kernel

۷.۸

CVE-2020-1336

Official Fix

$۵۰k-$100k

Privilege Escalation

Microsoft Windows lnk File

۶.۲

CVE-2020-1421

Official Fix

$۱۰k-$25k

DoS

Microsoft Windows Local Security Authority Subsystem Service

۴.۹

CVE-2020-1267

Official Fix

$۲۵k-$50k

Weak Authentication

Microsoft Windows Lockscreen

۶.۳

CVE-2020-1398

Official Fix

$۱۰k-$25k

DoS

Microsoft Windows Mobile Device Management

۶.۲

CVE-2020-1405

Official Fix

$۲۵k-$50k

Information Disclosure

Microsoft Windows Mobile Device Management

۴.۹

CVE-2020-1330

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows Mobile Device Management

۷.۰

CVE-2020-1372

Official Fix

$۵۰k-$100k

Privilege Escalation

Microsoft Windows Modules Installer

۷.۸

CVE-2020-1346

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows Network Connections Service

۷.۸

CVE-2020-1438

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows Picker Platform

۷.۰

CVE-2020-1363

Official Fix

$۵۰k-$100k

Privilege Escalation

Microsoft Windows Profile Service

۷.۰

CVE-2020-1360

Official Fix

$۲۵k-$50k

Memory Corruption

Microsoft Windows psmsrv.dll

۶.۱

CVE-2020-1388

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows Push Notification Service

۷.۸

CVE-2020-1387

Official Fix

$۵۰k-$100k

Privilege Escalation

Microsoft Windows Remote Desktop Client

۶.۹

CVE-2020-1374

Official Fix

$۲۵k-$50k

Information Disclosure

Microsoft Windows Resource Policy

۴.۹

CVE-2020-1358

Official Fix

$۲۵k-$50k

Memory Corruption

Microsoft Windows SharedStream Library

۷.۸

CVE-2020-1463

Official Fix

$۲۵k-$50k

Memory Corruption

Microsoft Windows Speech Brokered API

۶.۵

CVE-2020-1395

Official Fix

$۵۰k-$100k

Privilege Escalation

Microsoft Windows Storage Services

۷.۸

CVE-2020-1347

Official Fix

$۵۰k-$100k

Privilege Escalation

Microsoft Windows Subsystem for Linux

۷.۰

CVE-2020-1423

Official Fix

$۲۵k-$50k

Privilege Escalation

Microsoft Windows System Events Broker

۶.۵

CVE-2020-1357

Official Fix

$۵۰k-$100k

Privilege Escalation

Microsoft Windows Update Stack

۷.۰

CVE-2020-1424

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows UPnP Device Host

۷.۸

CVE-2020-1354

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows UPnP Device Host

۷.۰

CVE-2020-1430

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows USO Core Worker

۷.۸

CVE-2020-1352

Official Fix

$۱۰k-$25k

DoS

Microsoft Windows WalletService

۷.۱

CVE-2020-1364

Official Fix

$۲۵k-$50k

Information Disclosure

Microsoft Windows WalletService

۴.۹

CVE-2020-1361

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows WalletService

۷.۰

CVE-2020-1362

Official Fix

$۲۵k-$50k

Memory Corruption

Microsoft Windows WalletService

۶.۵

CVE-2020-1369

Official Fix

$۲۵k-$50k

Memory Corruption

Microsoft Windows WalletService

۷.۸

CVE-2020-1344

Official Fix

$۲۵k-$50k

Memory Corruption

Microsoft Windows Windows Network Connections Service

۷.۸

CVE-2020-1390

Official Fix

$۲۵k-$50k

Memory Corruption

Microsoft Windows Windows Network Connections Service

۷.۸

CVE-2020-1373

Official Fix

$۲۵k-$50k

Memory Corruption

Microsoft Windows Windows Network Connections Service

۷.۸

CVE-2020-1428

Official Fix

$۲۵k-$50k

Memory Corruption

Microsoft Windows Windows Network Connections Service

۷.۸

CVE-2020-1427

Official Fix

$۲۵k-$50k

Privilege Escalation

Microsoft Windows Windows Network Location Awareness Service

۵.۷

CVE-2020-1437

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows Windows Print Workflow Service

۷.۸

CVE-2020-1366

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows Windows Runtime

۷.۸

CVE-2020-1353

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows Windows Runtime

۷.۸

CVE-2020-1422

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows Windows Runtime

۷.۸

CVE-2020-1399

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows Windows Runtime

۷.۸

CVE-2020-1249

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows Windows Runtime

۷.۸

CVE-2020-1413

Official Fix

$۵۰k-$100k

Memory Corruption

Microsoft Windows Windows Runtime

۷.۸

CVE-2020-1404

Official Fix

$۵۰k-$100k

Privilege Escalation

Microsoft Windows Windows Runtime

۷.۸

CVE-2020-1370

Official Fix

$۵۰k-$100k

Privilege Escalation

Microsoft Windows Windows Runtime

۷.۸

CVE-2020-1414

Official Fix

$۵۰k-$100k

Privilege Escalation

Microsoft Windows Windows Runtime

۷.۸

CVE-2020-1415

Official Fix

$۲۵k-$50k

Memory Corruption

Microsoft Windows Windows Sync Host Service

۴.۹

CVE-2020-1434

Official Fix

$۰-$۱k

CSRF

MISP

۸.۸

CVE-2020-15711

Not Defined

$۲k-$5k

Code Execution

Mitsubishi Electric MC Works64

۵.۵

CVE-2020-12011

Not Defined

$۰-$۱k

DoS

Mitsubishi Electric MC Works64 Deserialization

۳.۵

CVE-2020-12015

Not Defined

$۲k-$5k

Privilege Escalation

Mitsubishi Electric MC Works64 Deserialization

۵.۵

CVE-2020-12009

Not Defined

$۲k-$5k

Privilege Escalation

Mitsubishi Electric MC Works64 Deserialization

۵.۵

CVE-2020-12007

Not Defined

$۲k-$5k

SQL Injection

Mitsubishi Electric MC Works64

۶.۳

CVE-2020-12013

Official Fix

$۲k-$5k

Privilege Escalation

Netflix Titus Java Bean Validation

۹.۸

CVE-2020-9297

Not Defined

$۲k-$5k

Privilege Escalation

Nextcloud Contacts File Upload

۴.۳

CVE-2020-8181

Official Fix

$۱k-$2k

Unknown Vulnerability

openenclave Side-Channel

۵.۳

CVE-2020-15107

Official Fix

$۱k-$2k

Weak Authentication

OpenVPN Access Server User Authentication Token

۷.۵

CVE-2020-15074

Official Fix

$۱k-$2k

Privilege Escalation

osquery zlib1.dll

۸.۲

CVE-2020-11081

Not Defined

$۰-$۱k

XSS

Pandora FMS SNMP

۹.۶

CVE-2020-11749

Not Defined

$۲k-$5k

Privilege Escalation

Python python38.‎_pth

۵.۵

CVE-2020-15801

Not Defined

$۰-$۱k

DoS

Python TAR Archive tarfile.py _proc_pax

۷.۵

CVE-2019-20907

Not Defined

$۱۰k-$25k

Privilege Escalation

Red Hat Enterprise Linux Docker Package

۷.۱

CVE-2020-14300

Official Fix

$۱۰k-$25k

Privilege Escalation

Red Hat Enterprise Linux Docker Package

۷.۱

CVE-2020-14298

Official Fix

$۱۰k-$25k

Weak Authentication

Red Hat Enterprise Linux OpenLDAP Package

۴.۶

CVE-2020-15719

Not Defined

$۱k-$2k

Weak Authentication

Rittal PDU-3C002DEC/CMCIII-PU-9333E0FB Backdoor

۹.۸

CVE-2020-11951

Not Defined

$۲k-$5k

Privilege Escalation

Rittal PDU-3C002DEC/CMCIII-PU-9333E0FB CLI Menu

۶.۲

CVE-2020-11952

Not Defined

$۲k-$5k

Code Execution

Rittal PDU-3C002DEC/CMCIII-PU-9333E0FB

۸.۸

CVE-2020-11953

Not Defined

$۲k-$5k

Privilege Escalation

Rittal PDU-3C002DEC/CMCIII-PU-9333E0FB Permission

۸.۸

CVE-2020-11955

Not Defined

$۲k-$5k

Privilege Escalation

Rittal PDU-3C002DEC/CMCIII-PU-9333E0FB

۹.۸

CVE-2020-11956

Not Defined

$۲k-$5k

Directory Traversal

rollup-plugin-serve readFile

۷.۵

CVE-2020-7684

Not Defined

$۰-$۱k

XSS

RosarioSIS NotifyParents.php

۶.۱

CVE-2020-15721

Not Defined

$۱k-$2k

XSS

RosarioSIS Preferences.php

۴.۳

CVE-2020-15716

Not Defined

$۱k-$2k

XSS

RosarioSIS PrintSchedules.php

۴.۳

CVE-2020-15718

Not Defined

$۱k-$2k

XSS

RosarioSIS Search.inc.php

۴.۳

CVE-2020-15717

Not Defined

$۵k-$10k

XSS

SAP Business Intelligence Platform

۶.۱

CVE-2020-6276

Not Defined

$۵k-$10k

XSS

SAP Business Intelligence Platform Image Upload Stored

۵.۴

CVE-2020-6278

Not Defined

$۵k-$10k

XSS

SAP Business Intelligence Platform Reflected

۶.۱

CVE-2020-6281

Not Defined

$۵k-$10k

Information Disclosure

SAP Disclosure Management Cookie httponly

۵.۴

CVE-2020-6267

Not Defined

$۵k-$10k

CSRF

SAP Disclosure Management

۸.۸

CVE-2020-6289

Not Defined

$۵k-$10k

Weak Authentication

SAP Disclosure Management Session Expiration

۸.۸

CVE-2020-6292

Not Defined

$۵k-$10k

Weak Authentication

SAP Disclosure Management Session Expiration

۸.۸

CVE-2020-6291

Not Defined

$۱۰k-$25k

Weak Authentication

SAP Disclosure Management Session Fixation

۶.۳

CVE-2020-6290

Not Defined

$۱۰k-$25k

Directory Traversal

SAP NetWeaver AS JAVA LM Configuration Wizard

۵.۳

CVE-2020-6286

Not Defined

$۱۰k-$25k

Server-Side Request Forgery

SAP NetWeaver AS JAVA

۵.۸

CVE-2020-6282

Not Defined

$۵k-$10k

Information Disclosure

SAP NetWeaver XML Toolkit for JAVA

۷.۷

CVE-2020-6285

Not Defined

$۵k-$10k

Information Disclosure

SAP NetWeaver/ABAP Platform

۲.۷

CVE-2020-6280

Official Fix

$۱۰k-$25k

Privilege Escalation

Siemens Camstar Enterprise Platform

۸.۱

CVE-2020-7578

Official Fix

$۱۰k-$25k

SQL Injection

Siemens Camstar Enterprise Platform

۸.۱

CVE-2020-7577

Official Fix

$۵k-$10k

XSS

Siemens Camstar Enterprise Platform Stored

۵.۴

CVE-2020-7576

Official Fix

$۱۰k-$25k

Memory Corruption

Siemens LOGO!‎ 8 BM Web Server

۷.۳

CVE-2020-7593

Official Fix

$۱۰k-$25k

Privilege Escalation

Siemens Opcenter Execution Discrete

۷.۸

CVE-2020-7581

Official Fix

$۵k-$10k

DoS

Siemens Opcenter Execution Discrete Restart

۳.۵

CVE-2020-7588

Official Fix

$۵k-$10k

DoS

Siemens Opcenter Execution Discrete Restart

۳.۵

CVE-2020-7587

Official Fix

$۱۰k-$25k

Privilege Escalation

Siemens SICAM MMU/SICAM SGU/SICAM T Firmware

۷.۵

CVE-2020-10044

Official Fix

$۲k-$5k

Weak Encryption

Siemens SICAM MMU/SICAM SGU/SICAM T Password

۵.۵

CVE-2020-10040

Official Fix

$۵k-$10k

XSS

Siemens SICAM MMU/SICAM SGU/SICAM T Stored

۶.۱

CVE-2020-10041

Official Fix

$۱۰k-$25k

Memory Corruption

Siemens SICAM MMU/SICAM SGU/SICAM T Web Application

۹.۸

CVE-2020-10042

Official Fix

$۱۰k-$25k

Weak Authentication

Siemens SICAM MMU/SICAM SGU/SICAM T Web Application Replay

۸.۸

CVE-2020-10045

Official Fix

$۱۰k-$25k

Weak Authentication

Siemens SICAM MMU/SICAM SGU/SICAM T Web Search Command

۹.۸

CVE-2020-10038

Official Fix

$۵k-$10k

XSS

Siemens SICAM MMU/SICAM SGU/SICAM T Web Server

۶.۱

CVE-2020-10043

Official Fix

$۵k-$10k

Information Disclosure

Siemens SICAM MMU/SICAM SGU/SICAM T Web Server Flooding

۷.۵

CVE-2020-10037

Official Fix

$۵k-$10k

Weak Encryption

Siemens SICAM MMU/SICAM SGU/SICAM T Web Server Man-in-the-Middle

۸.۱

CVE-2020-10039

Official Fix

$۵k-$10k

Weak Encryption

Siemens SIMATIC HMI Basic Panel

۳.۱

CVE-2020-7592

Official Fix

$۵k-$10k

DoS

Siemens SIMATIC S7-200 SMART CPU Crash

۷.۵

CVE-2020-7584

Official Fix

$۰-$۱k

XSS

SilverStripe CMS Login Form

۳.۵

CVE-2020-9311

Official Fix

$۰-$۱k

XSS

SilverStripe CMS Upload Stored

۳.۵

CVE-2020-9309

Official Fix

$۱k-$2k

Information Disclosure

SilverStripe

۳.۵

CVE-2020-6164

Official Fix

$۲k-$5k

Privilege Escalation

SilverStripe Permission Check

۶.۳

CVE-2020-6165

Official Fix

$۲k-$5k

SQL Injection

Sophos XG Firewall Admin Web Interface

۹.۸

CVE-2020-15504

Not Defined

$۲k-$5k

Code Execution

SuperWebMailer mailingupgrade.php Remote

۹.۸

CVE-2020-11546

Official Fix

$۱k-$2k

Directory Traversal

Suprema BioStar Video Extension

۷.۵

CVE-2020-15050

Not Defined

$۲k-$5k

Unknown Vulnerability

Sylabs Singularity Error

۷.۵

CVE-2020-13846

Not Defined

$۲k-$5k

Privilege Escalation

Sylabs Singularity Integrity Check

۷.۵

CVE-2020-13847

Not Defined

$۲k-$5k

Privilege Escalation

Sylabs Singularity Integrity Check

۷.۵

CVE-2020-13845

Official Fix

$۰-$۱k

DoS

Synergy Exception Crash

۶.۵

CVE-2020-15117

Not Defined

$۱k-$2k

XSS

Tenda AC15/AC1900 Endpoint WifiBasicSet

۶.۱

CVE-2020-10989

Not Defined

$۲k-$5k

Privilege Escalation

Tenda AC15/AC1900 setUsbUnload

۹.۸

CVE-2020-10987

Not Defined

$۱k-$2k

CSRF

Tenda AC15/AC1900 SysToolReboot

۶.۵

CVE-2020-10986

Workaround

$۱k-$2k

Weak Authentication

Tenda AC15/AC1900 telnetd tenda_login

۹.۸

CVE-2020-10988

Official Fix

$۱k-$2k

Code Execution

Tobesoft XPlatform ____COMPONENT____

۹.۸

CVE-2020-7815

Official Fix

$۲k-$5k

Privilege Escalation

Traccar GPS Tracking System LDAP Search Filter LDAP injection

۷.۷

CVE-2020-5246

Not Defined

$۵k-$10k

DoS

Trend Micro Secuity 2020 Crash

۳.۵

CVE-2020-15603

Not Defined

$۱۰k-$25k

Code Execution

Trend Micro Security 2020 Remote

۶.۳

CVE-2020-15602

Official Fix

$۱k-$2k

Information Disclosure

Two-Factor Authentication User Session Credentials

۵.۴

CVE-2020-15105

Not Defined

$۲k-$5k

Privilege Escalation

Verint Impact 360 help_popup.jsp

۶.۱

CVE-2019-12773

Not Defined

$۲k-$5k

Privilege Escalation

Verint Impact 360 signin

۸.۸

CVE-2019-12784

Not Defined

$۲k-$5k

Privilege Escalation

Verint Impact 360 signin

۶.۱

CVE-2019-12783

Official Fix

$۲۵k-$50k

Privilege Escalation

VMware Fusion XPC Client Validation

۷.۸

CVE-2020-3974

Official Fix

$۲k-$5k

Privilege Escalation

WebKitGTK/WPE WebKit Bubblewrap Sandbox

۵.۵

CVE-2020-13753

Official Fix

$۰-$۱k

XSS

Zabbix URL Widget Stored

۳.۵

CVE-2020-15803

 
 

سطح خطر حدود ۳۱% آسیب‌پذیری‌های هفته، «پرخطر» و «حیاتی» برآورد شده است که بسیار قابل‌توجّه است.

 

ارزش روز صفرم بیش از ۸۷% آسیب‌پذیری‌های هفته بالای ۲۰۰۰ دلار برآورد شده است.

 

خوشبختانه برای ۸۱% آسیب‌پذیری‌‌های هفته، به‌روزرسانی‌ها و یا وصله‌هایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده از آسیب‌پذیری‌ها بهتر است سریعاً اعمال شوند.

 

همچنین با ۱۰۳ مورد، اکثر آسیب‌پذیری‌های هفته (۲۶%) از نوع «تخریب حافظه» بودند.