آسیبپذیریهای حیاتی هفته اول تیرماه
این هفته شرکت سیسکو آسیبپذیریهای بسیاری در محصولات خود و وصلههای نظیر آنها را گزارش کرد. همچنین در محصولات شرکتهای IBM، Intel، Netgear، Fortinet، Apache، Adobe، Schneider Electric و ... چندین آسیبپذیری «حیاتی» و «پرخطر» وجود داشت که وصلهها و بهروزرسانیهایی به منظور رفع آنها ارائه شده است. بعلاوه آسیبپذیریهایی با سطوح خطر «بالا» و «حیاتی» در افزونههای WordPress و سیستمعامل محبوب Google Android شناسایی شد.
لیست این آسیبپذیریها به همراه لینک وصلهها و بهروزرسانیهای ارائهشده در جدول زیر آمده است.
رفع آسیبپذیری |
نوع آسیبپذیری |
محصول آسیبپذیر |
امتیاز مبنا |
شناسه آسیبپذیری |
XSS |
Adobe Experience Manager |
۶.۱ |
CVE-2020-9648 |
|
XSS |
Adobe Experience Manager DOM-Based |
۶.۱ |
CVE-2020-9647 |
|
XSS |
Adobe Experience Manager Reflected |
۶.۱ |
CVE-2020-9651 |
|
Server-Side Request Forgery |
Adobe Experience Manager |
۷.۵ |
CVE-2020-9645 |
|
Server-Side Request Forgery |
Adobe Experience Manager |
۷.۵ |
CVE-2020-9643 |
|
XSS |
Adobe Experience Manager Stored |
۵.۴ |
CVE-2020-9644 |
|
Memory Corruption |
Adobe Flash Player Use-After-Free |
۹.۸ |
CVE-2020-9633 |
|
Memory Corruption |
Adobe Framemaker Code Execution |
۸.۸ |
CVE-2020-9636 |
|
Memory Corruption |
Adobe Framemaker Out-of-Bounds |
۸.۸ |
CVE-2020-9635 |
|
Memory Corruption |
Adobe Framemaker Out-of-Bounds |
۸.۸ |
CVE-2020-9634 |
|
Not Defined |
Memory Corruption |
Advantech WebAccess Node Stack-based |
۹.۸ |
CVE-2020-12019 |
Server-Side Request Forgery |
Apache Karaf JMX Authentication jmx.acl.cfg getMBeansFromURL |
۶.۳ |
CVE-2020-11980 |
|
Weak Authentication |
Apache TomEE ActiveMQ |
۶.۳ |
CVE-2020-11969 |
|
Not Defined |
Memory Corruption |
ARM Mbed OS CoAP Library sn_coap_parser_options_parse() |
۵.۵ |
CVE-2020-12887 |
Not Defined |
Memory Corruption |
ARM Mbed OS CoAP Library sn_coap_parser_options_parse() |
۵.۵ |
CVE-2020-12883 |
Memory Corruption |
ARM Mbed OS CoAP Library sn_coap_parser_options_parse() |
۵.۵ |
CVE-2020-12886 |
|
Not Defined |
DoS |
ARM Mbed OS CoAP Library sn_coap_parser_options_parse_multiple_options() |
۳.۵ |
CVE-2020-12885 |
Not Defined |
Memory Corruption |
ARM Mbed OS CoAP Library sn_coap_parser_options_parse_multiple_options() |
۵.۵ |
CVE-2020-12884 |
Not Defined |
Information Disclosure |
Beckhoff TwinCAT RT Network Driver Memory |
۵.۳ |
CVE-2020-12494 |
Weak Authentication |
Caddy TLS Client Authentication |
۵.۵ |
CVE-2018-21246 |
|
Privilege Escalation |
Cisco AMP for Endpoints |
۵.۵ |
CVE-2020-3350 |
|
Privilege Escalation |
Cisco ASR 5000 Enhanced Charging Service |
۵.۳ |
CVE-2020-3244 |
|
Privilege Escalation |
Cisco Cisco Email Security Appliance Antispam Protection Mechanism |
۵.۸ |
CVE-2020-3368 |
|
XSS |
Cisco Data Center Network Manager Web-based Management Interface Stored |
۴.۸ |
CVE-2020-3355 |
|
XSS |
Cisco Data Center Network Manager Web-based Management Interface Stored |
۴.۸ |
CVE-2020-3354 |
|
XSS |
Cisco Data Center Network Manager Web-based Management Interface Stored |
۶.۱ |
CVE-2020-3356 |
|
Directory Traversal |
Cisco Enterprise NFV Infrastructure Software CLI |
۶.۷ |
CVE-2020-3236 |
|
Privilege Escalation |
Cisco IOS XR Gigabit Ethernet Management Interface |
۵.۳ |
CVE-2020-3364 |
|
Information Disclosure |
Cisco IP Phone 7800/IP Phone 8800 Web-based Management Interface |
۵.۳ |
CVE-2020-3360 |
|
Information Disclosure |
Cisco Network Services Orchestrator CLI Timing |
۴.۷ |
CVE-2020-3362 |
|
Privilege Escalation |
Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface Command |
۷.۲ |
CVE-2020-3279 |
|
Privilege Escalation |
Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface Command |
۷.۲ |
CVE-2020-3277 |
|
Privilege Escalation |
Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface Command |
۷.۲ |
CVE-2020-3276 |
|
Privilege Escalation |
Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface Command |
۷.۲ |
CVE-2020-3275 |
|
Privilege Escalation |
Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface |
۷.۲ |
CVE-2020-3278 |
|
Privilege Escalation |
Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface |
۷.۲ |
CVE-2020-3274 |
|
Memory Corruption |
Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface Stack-based |
۷.۲ |
CVE-2020-3296 |
|
Memory Corruption |
Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface Stack-based |
۷.۲ |
CVE-2020-3295 |
|
Memory Corruption |
Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface Stack-based |
۷.۲ |
CVE-2020-3294 |
|
Memory Corruption |
Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface Stack-based |
۷.۲ |
CVE-2020-3293 |
|
Memory Corruption |
Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface Stack-based |
۷.۲ |
CVE-2020-3292 |
|
Memory Corruption |
Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface Stack-based |
۷.۲ |
CVE-2020-3291 |
|
Memory Corruption |
Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface Stack-based |
۷.۲ |
CVE-2020-3290 |
|
Memory Corruption |
Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface Stack-based |
۷.۲ |
CVE-2020-3289 |
|
Memory Corruption |
Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface Stack-based |
۷.۲ |
CVE-2020-3288 |
|
Memory Corruption |
Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface Stack-based |
۷.۲ |
CVE-2020-3287 |
|
Memory Corruption |
Cisco RV016/RV042/RV082/RV320/RV325 Web-based Management Interface Stack-based |
۷.۲ |
CVE-2020-3286 |
|
Privilege Escalation |
Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface Command |
۷.۲ |
CVE-2020-3269 |
|
Privilege Escalation |
Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface |
۷.۲ |
CVE-2020-3268 |
|
Privilege Escalation |
Cisco Smart Software Manager On-Prem Web Application |
۵.۳ |
CVE-2020-3245 |
|
Privilege Escalation |
Cisco TelePresence Collaboration Endpoint/RoomOS Upgrade Process |
۷.۲ |
CVE-2020-3336 |
|
Information Disclosure |
Cisco UCS Director API |
۴.۹ |
CVE-2020-3242 |
|
Directory Traversal |
Cisco UCS Director Web-based Management Interface |
۶.۵ |
CVE-2020-3241 |
|
Open Redirect |
Cisco Umbrella Web Application |
۴.۷ |
CVE-2020-3337 |
|
Information Disclosure |
Cisco Webex Meetings Desktop App |
۵.۵ |
CVE-2020-3347 |
|
Privilege Escalation |
Cisco Webex Meetings Desktop App |
۷.۵ |
CVE-2020-3263 |
|
Privilege Escalation |
Cisco Webex Meetings Desktop App Software Update |
۸.۸ |
CVE-2020-3342 |
|
Privilege Escalation |
Cisco Webex Meetings/WebEx Meetings Server |
۸.۱ |
CVE-2020-3361 |
|
Privilege Escalation |
CISOfy Lynis Access Control TOCTOU |
۵.۳ |
CVE-2020-13882 |
|
Information Disclosure |
CISOfy Lynis License Key |
۳.۳ |
CVE-2019-13033 |
|
Privilege Escalation |
Dell Endpoint Security/Endpoint Security Suite |
۶.۷ |
CVE-2020-5358 |
|
Privilege Escalation |
DigDash 2018R2/2019R1 JNLP File |
۵.۵ |
CVE-2020-13651 |
|
Server-Side Request Forgery |
DigDash 2018R2/2019R1 Login Page |
۵.۵ |
CVE-2020-13650 |
|
XSS |
DigDash 2018R2/2019R1/2020R1 Login Menu |
۶.۱ |
CVE-2020-13652 |
|
Not Defined |
Weak Authentication |
D-Link DSL-2750U Control Panel MAC Address |
۷.۸ |
CVE-2020-13150 |
Not Defined |
SQL Injection |
Dolibarr ERP CRM card.php |
۶.۳ |
CVE-2020-14443 |
Not Defined |
XSS |
Dolibarr ERP CRM notice.php |
۴.۳ |
CVE-2020-14475 |
Not Defined |
Privilege Escalation |
EcoStruxure Operator Terminal Expert Argument Injection |
۷.۸ |
CVE-2020-7496 |
Not Defined |
Directory Traversal |
EcoStruxure Operator Terminal Expert Code Execution |
۷.۸ |
CVE-2020-7494 |
Not Defined |
SQL Injection |
EcoStruxure Operator Terminal Expert Code Execution |
۷.۸ |
CVE-2020-7493 |
Not Defined |
Directory Traversal |
EcoStruxure Operator Terminal Expert |
۵.۵ |
CVE-2020-7495 |
Not Defined |
Directory Traversal |
EcoStruxure Operator Terminal Expert |
۹.۸ |
CVE-2020-7497 |
Unknown Vulnerability |
FasterXML jackson-databind oadd.org.apache.xalan.lib.sql.JNDIConnectionPool Serialized |
۵.۵ |
CVE-2020-14060 |
|
Unknown Vulnerability |
FasterXML jackson-databind oracle.jms.AQjmsQueueConnectionFactory Serialized |
۵.۵ |
CVE-2020-14061 |
|
Unknown Vulnerability |
FasterXML jackson-databind org.jsecurity.realm.jndi.JndiRealmFactory Serialized |
۵.۵ |
CVE-2020-14195 |
|
Unknown Vulnerability |
FasterXML jackson-databind Serialized |
۵.۵ |
CVE-2020-14062 |
|
Weak Encryption |
Fortinet FortiManager CLI Default Key |
۳.۵ |
CVE-2020-9289 |
|
Information Disclosure |
Fortinet FortiOS SSL VPN Cleartext |
۳.۳ |
CVE-2019-17655 |
|
Not Defined |
Weak Authentication |
GeoVision Door Access Control Default Admin Password |
۶.۲ |
CVE-2020-3928 |
Not Defined |
Information Disclosure |
GeoVision Door Access Control Log |
۴.۰ |
CVE-2020-3930 |
Not Defined |
Weak Encryption |
GeoVision Door Access Control SSH/HTTPS Default Key |
۵.۹ |
CVE-2020-3929 |
DoS |
GNU Bison Crash |
۷.۵ |
CVE-2020-14150 |
|
Unknown Vulnerability |
Google Android abc_pcie_issue_dma_xfer_sync |
۵.۵ |
CVE-2020-0232 |
|
Memory Corruption |
Google Android crus_sp_shared_ioctl |
۵.۵ |
CVE-2020-0235 |
|
Memory Corruption |
Google Android Kernel |
۸.۸ |
CVE-2020-0223 |
|
Memory Corruption |
Google Android msm-cirrus-playback.c crus_afe_get_param |
۵.۳ |
CVE-2020-0234 |
|
Not Defined |
DoS |
Google Go x-text Package Loop |
۳.۵ |
CVE-2020-14040 |
DoS |
Huawei FusionAccess Message |
۶.۵ |
CVE-2020-1825 |
|
Information Disclosure |
Huawei Mate 30 Bluetooth |
۶.۵ |
CVE-2020-1835 |
|
Weak Authentication |
Huawei P30 |
۶.۸ |
CVE-2020-1813 |
|
Weak Authentication |
Huawei P30/P30 Pro Man-in-the-Middle |
۶.۸ |
CVE-2020-9076 |
|
Weak Authentication |
Huawei P30/P30 Pro Software Package Integrity Check |
۴.۶ |
CVE-2020-1834 |
|
Not Defined |
Information Disclosure |
Huawei Secospace USG6300/Secospace USG6300E |
۶.۵ |
CVE-2020-9075 |
XSS |
IBM API Connect Web UI |
۵.۴ |
CVE-2020-4251 |
|
Information Disclosure |
IBM Business Automation Workflow Error Message |
۵.۳ |
CVE-2020-4532 |
|
XSS |
IBM DOORS Next Generation Web UI |
۵.۴ |
CVE-2020-4297 |
|
XSS |
IBM DOORS Next Generation Web UI |
۵.۴ |
CVE-2020-4295 |
|
XSS |
IBM DOORS Next Generation Web UI |
۵.۴ |
CVE-2020-4281 |
|
Privilege Escalation |
IBM MQ Appliance/IBM MQ AMQP Channels Certificate |
۵.۳ |
CVE-2020-4320 |
|
DoS |
IBM MQ/MQ Appliance Data Conversion |
۷.۵ |
CVE-2020-4310 |
|
Privilege Escalation |
IBM Spectrum Protect Plus Administrative Console File Upload |
۸.۰ |
CVE-2020-4470 |
|
Weak Encryption |
IBM Spectrum Protect Plus Default Credentials |
۹.۸ |
CVE-2020-4216 |
|
Privilege Escalation |
IBM Spectrum Protect Plus Incomplete Fix CVE-2020-4211 Command |
۹.۸ |
CVE-2020-4469 |
|
Information Disclosure |
IBM Spectrum Protect Plus Log File Plaintext |
۶.۵ |
CVE-2020-4477 |
|
Privilege Escalation |
IBM Spectrum Protect Plus |
۶.۵ |
CVE-2020-4471 |
|
Privilege Escalation |
IBM Spectrum Protect Web User Interface Clickjacking |
۵.۵ |
CVE-2020-4406 |
|
Weak Authentication |
IBM Spectrum Protect Web User Interface |
۷.۵ |
CVE-2020-4494 |
|
Privilege Escalation |
Icinga2 cmd |
۷.۸ |
CVE-2020-14004 |
|
Information Disclosure |
Intel AMT |
۴.۳ |
CVE-2020-0531 |
|
Information Disclosure |
Intel AMT |
۵.۳ |
CVE-2020-0535 |
|
Information Disclosure |
Intel AMT |
۷.۵ |
CVE-2020-0540 |
|
DoS |
Intel AMT Subsystem |
۵.۳ |
CVE-2020-0538 |
|
DoS |
Intel AMT Subsystem |
۵.۳ |
CVE-2020-0537 |
|
Privilege Escalation |
Intel AMT Subsystem |
۶.۳ |
CVE-2020-0532 |
|
Information Disclosure |
Intel AMT/ISM DHCPv6 Subsystem |
۵.۳ |
CVE-2020-0596 |
|
Memory Corruption |
Intel AMT/ISM IPv6 Subsystem Out-of-Bounds |
۷.۳ |
CVE-2020-0597 |
|
Memory Corruption |
Intel AMT/ISM IPv6 Subsystem Out-of-Bounds |
۷.۳ |
CVE-2020-0594 |
|
Memory Corruption |
Intel AMT/ISM IPv6 Subsystem Use-After-Free |
۷.۳ |
CVE-2020-0595 |
|
Information Disclosure |
Intel AMT/ISM Subsystem Out-of-Bounds |
۵.۳ |
CVE-2020-8674 |
|
Privilege Escalation |
Intel Core Processor BIOS Firmware |
۵.۹ |
CVE-2020-0529 |
|
Not Defined |
Privilege Escalation |
Intel Core Processor BIOS Firmware |
۷.۸ |
CVE-2020-0528 |
Not Defined |
Information Disclosure |
Intel CPU Cleanup |
۳.۳ |
CVE-2020-0543 |
DoS |
Intel CSME DAL Subsystem |
۵.۳ |
CVE-2020-0534 |
|
Privilege Escalation |
Intel CSME Hash |
۵.۳ |
CVE-2020-0533 |
|
Memory Corruption |
Intel CSME Subsystem |
۵.۳ |
CVE-2020-0542 |
|
Memory Corruption |
Intel CSME Subsystem Out-of-Bounds |
۵.۳ |
CVE-2020-0541 |
|
Information Disclosure |
Intel CSME/TXE DAL Subsystem |
۵.۳ |
CVE-2020-0536 |
|
Directory Traversal |
Intel CSME/TXE Subsystem |
۵.۳ |
CVE-2020-0539 |
|
Memory Corruption |
Intel CSME/TXE/Server Platform Services Subsystem Integer Overflow |
۵.۳ |
CVE-2020-0545 |
|
Information Disclosure |
Intel Data Center SSD Flow Management |
۳.۳ |
CVE-2020-0527 |
|
Privilege Escalation |
Intel Innovation Engine Control Flow Management |
۴.۳ |
CVE-2020-8675 |
|
Privilege Escalation |
Intel Server Platform Services Subsystem |
۵.۳ |
CVE-2020-0586 |
|
Privilege Escalation |
Intel TXE Access Control |
۴.۳ |
CVE-2020-0566 |
|
DoS |
ISC BIND rbtdb.c |
۴.۹ |
CVE-2020-8619 |
|
DoS |
ISC BIND Zone Transfer rdataset.c |
۴.۹ |
CVE-2020-8618 |
|
Not Defined |
Memory Corruption |
janus-gateway janus_streaming.c janus_streaming_rtsp_parse_sdp |
۹.۸ |
CVE-2020-14033 |
Not Defined |
Memory Corruption |
janus-gateway utils.c janus_get_codec_from_pt |
۹.۸ |
CVE-2020-14034 |
Unknown Vulnerability |
libjpeg EOF rdtarga.c read_*_pixel() |
۷.۱ |
CVE-2020-14151 |
|
Memory Corruption |
libjpeg jdhuff.c |
۷.۱ |
CVE-2020-14153 |
|
DoS |
libjpeg jmemnobs.c jpeg_mem_available() |
۷.۱ |
CVE-2020-14152 |
|
Memory Corruption |
LibVNCServer corre.c |
۹.۸ |
CVE-2020-14402 |
|
Memory Corruption |
LibVNCServer hextile.c |
۹.۸ |
CVE-2020-14403 |
|
DoS |
LibVNCServer rfbproto.c ConnectToRFBRepeater |
۷.۵ |
CVE-2018-21247 |
|
Not Defined |
DoS |
LibVNCServer rfbproto.c |
۷.۵ |
CVE-2020-14399 |
DoS |
LibVNCServer rfbproto.c |
۹.۸ |
CVE-2020-14405 |
|
DoS |
LibVNCServer rfbregion.c |
۷.۵ |
CVE-2020-14397 |
|
Memory Corruption |
LibVNCServer rre.c |
۹.۸ |
CVE-2020-14404 |
|
Memory Corruption |
LibVNCServer scale.c pixel_value |
۹.۸ |
CVE-2020-14401 |
|
DoS |
LibVNCServer sockets.c |
۷.۵ |
CVE-2020-14398 |
|
Memory Corruption |
LibVNCServer sockets.c |
۷.۵ |
CVE-2019-20839 |
|
DoS |
LibVNCServer tls_openssl.c |
۷.۵ |
CVE-2020-14396 |
|
Not Defined |
DoS |
LibVNCServer translate.c |
۷.۵ |
CVE-2020-14400 |
DoS |
LibVNCServer ws_decode.c hybiReadAndDecode |
۷.۵ |
CVE-2019-20840 |
|
Memory Corruption |
Linux Kernel slip.c |
۵.۵ |
CVE-2020-14416 |
|
Not Defined |
Information Disclosure |
Linux Kernel Userspace Core Dump |
۴.۴ |
CVE-2020-10732 |
Privilege Escalation |
Mattermost Desktop App dylib Injection |
۵.۵ |
CVE-2019-20856 |
|
Unknown Vulnerability |
Mattermost Desktop App HTTP Basic Authentication |
۵.۵ |
CVE-2020-14455 |
|
Privilege Escalation |
Mattermost Desktop App Link |
۵.۵ |
CVE-2019-20861 |
|
Privilege Escalation |
Mattermost Desktop App |
۵.۵ |
CVE-2020-14454 |
|
Privilege Escalation |
Mattermost Desktop App Same Origin Policy |
۵.۵ |
CVE-2020-14456 |
|
Privilege Escalation |
Mattermost Desktop App Same Origin Policy |
۵.۵ |
CVE-2018-21265 |
|
Information Disclosure |
Mattermost Mobile App Authorization Token |
۳.۵ |
CVE-2020-14449 |
|
Information Disclosure |
Mattermost Mobile App Cache |
۳.۳ |
CVE-2019-20850 |
|
Weak Authentication |
Mattermost Mobile App Cookie |
۳.۷ |
CVE-2019-20849 |
|
Information Disclosure |
Mattermost Mobile App Log |
۳.۵ |
CVE-2019-20852 |
|
Unknown Vulnerability |
Mattermost Mobile App Quick Reply |
۵.۵ |
CVE-2019-20848 |
|
Information Disclosure |
Mattermost Mobile App Single Sign-On Cookie |
۸.۱ |
CVE-2020-14451 |
|
Directory Traversal |
Mattermost Mobile App Video Preview |
۵.۵ |
CVE-2019-20851 |
|
Remote Code Execution |
Mattermost Packages Droplet |
۶.۳ |
CVE-2019-20853 |
|
Privilege Escalation |
Mattermost Plugins GitHub Plugin |
۵.۵ |
CVE-2019-20864 |
|
Information Disclosure |
Mattermost Server 2FA |
۳.۵ |
CVE-2019-20877 |
|
Privilege Escalation |
Mattermost Server Access Control |
۵.۵ |
CVE-2018-21254 |
|
Weak Authentication |
Mattermost Server Access Control |
۵.۵ |
CVE-2019-20859 |
|
Information Disclosure |
Mattermost Server API |
۶.۴ |
CVE-2020-14458 |
|
Privilege Escalation |
Mattermost Server API Permission |
۵.۵ |
CVE-2019-20887 |
|
DoS |
Mattermost Server APIv4 Endpoint |
۳.۵ |
CVE-2019-20858 |
|
Privilege Escalation |
Mattermost Server Attachment |
۵.۵ |
CVE-2019-20884 |
|
DoS |
Mattermost Server Automatic Direct Message Reply Loop |
۳.۵ |
CVE-2020-14448 |
|
DoS |
Mattermost Server Backtick |
۳.۵ |
CVE-2019-20857 |
|
Privilege Escalation |
Mattermost Server Channel Endpoint |
۵.۵ |
CVE-2019-20869 |
|
Privilege Escalation |
Mattermost Server Channel Name |
۵.۵ |
CVE-2018-21251 |
|
Privilege Escalation |
Mattermost Server Channel Patch API |
۵.۵ |
CVE-2018-21255 |
|
Unknown Vulnerability |
Mattermost Server Channel Post |
۵.۵ |
CVE-2019-20867 |
|
Privilege Escalation |
Mattermost Server Channel |
۷.۴ |
CVE-2020-14459 |
|
Privilege Escalation |
Mattermost Server Configuration File |
۵.۵ |
CVE-2019-20843 |
|
Unknown Vulnerability |
Mattermost Server Credentials |
۵.۵ |
CVE-2018-21248 |
|
CSRF |
Mattermost Server |
۴.۳ |
CVE-2019-20841 |
|
DoS |
Mattermost Server |
۳.۵ |
CVE-2018-21258 |
|
Spoofing |
Mattermost Server Direct Message |
۶.۴ |
CVE-2019-20844 |
|
Privilege Escalation |
Mattermost Server Domain |
۵.۵ |
CVE-2019-20882 |
|
Weak Authentication |
Mattermost Server Email Address |
۵.۴ |
CVE-2019-20879 |
|
Privilege Escalation |
Mattermost Server Email |
۵.۵ |
CVE-2019-20890 |
|
Unknown Vulnerability |
Mattermost Server Email |
۵.۵ |
CVE-2019-20878 |
|
DoS |
Mattermost Server Image Dimension Memory Consumption |
۴.۳ |
CVE-2018-21250 |
|
Privilege Escalation |
Mattermost Server Invite ID |
۵.۵ |
CVE-2019-20868 |
|
DoS |
Mattermost Server Latex Crash |
۳.۵ |
CVE-2018-21262 |
|
DoS |
Mattermost Server Latex Crash |
۴.۳ |
CVE-2019-20854 |
|
Information Disclosure |
Mattermost Server Legacy Attackment Migration |
۳.۵ |
CVE-2019-20855 |
|
DoS |
Mattermost Server Link Hang |
۳.۵ |
CVE-2018-21259 |
|
Server-Side Request Forgery |
Mattermost Server Local Services |
۵.۵ |
CVE-2019-20872 |
|
CSRF |
Mattermost Server Login Page |
۴.۳ |
CVE-2019-20865 |
|
Unknown Vulnerability |
Mattermost Server Markdown Library |
۵.۵ |
CVE-2019-20871 |
|
DoS |
Mattermost Server Markdown Renderer |
۶.۴ |
CVE-2020-14450 |
|
Information Disclosure |
Mattermost Server MFA Bruteforce |
۳.۱ |
CVE-2019-20881 |
|
Directory Traversal |
Mattermost Server mmctl |
۵.۳ |
CVE-2020-14452 |
|
Privilege Escalation |
Mattermost Server OAuth Application |
۵.۵ |
CVE-2020-14460 |
|
DoS |
Mattermost Server OpenGraph Memory Consumption |
۳.۵ |
CVE-2019-20880 |
|
Privilege Escalation |
Mattermost Server Password Reset |
۴.۶ |
CVE-2019-20875 |
|
Privilege Escalation |
Mattermost Server Permission |
۵.۵ |
CVE-2019-20889 |
|
Privilege Escalation |
Mattermost Server Permission |
۷.۴ |
CVE-2019-20846 |
|
Privilege Escalation |
Mattermost Server Policy |
۵.۵ |
CVE-2019-20876 |
|
Privilege Escalation |
Mattermost Server Post File ID |
۵.۵ |
CVE-2019-20870 |
|
Privilege Escalation |
Mattermost Server |
۵.۵ |
CVE-2018-21261 |
|
Privilege Escalation |
Mattermost Server |
۵.۵ |
CVE-2018-21253 |
|
Information Disclosure |
Mattermost Server Proxy Header |
۳.۵ |
CVE-2019-20866 |
|
Privilege Escalation |
Mattermost Server Robots File |
۵.۵ |
CVE-2019-20885 |
|
Information Disclosure |
Mattermost Server Role Change |
۳.۵ |
CVE-2019-20874 |
|
Weak Authentication |
Mattermost Server SAML Response |
۵.۵ |
CVE-2018-21263 |
|
SQL Injection |
Mattermost Server SearchAllChannels |
۶.۷ |
CVE-2019-20842 |
|
DoS |
Mattermost Server Slack Import Memory Consumption |
۶.۴ |
CVE-2019-20845 |
|
Privilege Escalation |
Mattermost Server Slash Command API |
۵.۵ |
CVE-2018-21257 |
|
Information Disclosure |
Mattermost Server Slash Command |
۳.۵ |
CVE-2019-20862 |
|
DoS |
Mattermost Server SVG Document Hang |
۴.۳ |
CVE-2019-20860 |
|
Unknown Vulnerability |
Mattermost Server Timing |
۵.۵ |
CVE-2018-21249 |
|
Privilege Escalation |
Mattermost Server Town Square |
۵.۵ |
CVE-2019-20883 |
|
Information Disclosure |
Mattermost Server User Activation |
۳.۵ |
CVE-2019-20873 |
|
Privilege Escalation |
Mattermost Server User |
۴.۶ |
CVE-2019-20886 |
|
DoS |
Mattermost Server Webhook Loop |
۶.۴ |
CVE-2020-14447 |
|
DoS |
Mattermost Server Webhook Memory Consumption |
۳.۵ |
CVE-2019-20888 |
|
Privilege Escalation |
Mattermost Server Webhook |
۵.۵ |
CVE-2019-20863 |
|
Privilege Escalation |
Mattermost Server WebSocket Event |
۵.۵ |
CVE-2018-21260 |
|
Information Disclosure |
Mattermost Server Websocket |
۵.۳ |
CVE-2020-14457 |
|
Privilege Escalation |
Mattermost Server Websocket |
۵.۵ |
CVE-2019-20847 |
|
DoS |
Mattermost Socket Read |
۶.۴ |
CVE-2020-14453 |
|
XSS |
Micro Focus ArcSight Enterprise Security Manager |
۶.۱ |
CVE-2020-9522 |
|
Not Defined |
XSS |
Micro Focus Arcsight Logger |
۶.۱ |
CVE-2020-11839 |
XSS |
Micro Focus ArcSight Management Center |
۵.۴ |
CVE-2020-11838 |
|
Information Disclosure |
Micro Focus ArcSight Management Center |
۴.۳ |
CVE-2020-11841 |
|
Information Disclosure |
Micro Focus ArcSight Management Center |
۴.۳ |
CVE-2020-11840 |
|
Weak Authentication |
Mutt GnuTLS |
۴.۳ |
CVE-2020-14154 |
|
Information Disclosure |
Mutt PREAUTH Man-in-the-Middle |
۵.۹ |
CVE-2020-14093 |
|
Not Defined |
XSS |
Navigate CMS Alias |
۳.۵ |
CVE-2020-14927 |
Not Defined |
Privilege Escalation |
Navigate CMS extension.class.php check_upload |
۵.۵ |
CVE-2020-14067 |
Command Injection |
Netgear RBS750 |
۸.۴ |
CVE-2020-14433 |
|
Command Injection |
Netgear RBS840 |
۸.۴ |
CVE-2020-14434 |
|
Information Disclosure |
Netgear RBS840 Credentials |
۹.۶ |
CVE-2020-14426 |
|
Command Injection |
Netgear RBS850 |
۹.۶ |
CVE-2020-14442 |
|
Command Injection |
Netgear RBS850 |
۹.۶ |
CVE-2020-14441 |
|
Command Injection |
Netgear RBS850 |
۹.۶ |
CVE-2020-14440 |
|
Command Injection |
Netgear RBS850 |
۹.۶ |
CVE-2020-14439 |
|
Command Injection |
Netgear RBS850 |
۹.۶ |
CVE-2020-14438 |
|
Command Injection |
Netgear RBS850 |
۹.۶ |
CVE-2020-14437 |
|
Information Disclosure |
Netgear RBS850 Credentials |
۹.۶ |
CVE-2020-14431 |
|
Information Disclosure |
Netgear RBS850 Credentials |
۹.۶ |
CVE-2020-14430 |
|
Information Disclosure |
Netgear RBS850 Credentials |
۹.۶ |
CVE-2020-14429 |
|
Information Disclosure |
Netgear RBS850 Credentials |
۹.۶ |
CVE-2020-14428 |
|
Information Disclosure |
Netgear RBS850 Credentials |
۹.۶ |
CVE-2020-14427 |
|
CSRF |
Netgear RBS850 |
۸.۴ |
CVE-2020-14432 |
|
Command Injection |
Netgear SRK60B06 |
۸.۸ |
CVE-2020-14435 |
|
Privilege Escalation |
OMERO Group |
۳.۸ |
CVE-2020-6752 |
|
Information Disclosure |
OMERO |
۳.۵ |
CVE-2019-16245 |
|
Information Disclosure |
OMERO.web URL |
۳.۵ |
CVE-2020-7932 |
|
Not Defined |
Privilege Escalation |
Open Microscopy Environment OMERO.server File Import |
۵.۵ |
CVE-2019-9944 |
Not Defined |
Privilege Escalation |
Open Microscopy Environment OMERO.server Permission |
۵.۵ |
CVE-2019-9943 |
Privilege Escalation |
OpenBMC phosphor-host-ipmid File Permission passwd_mgr.cpp |
۵.۵ |
CVE-2020-14156 |
|
Not Defined |
XSS |
OX App Suite |
۵.۴ |
CVE-2020-8542 |
Not Defined |
DoS |
OX App Suite |
۷.۵ |
CVE-2020-8543 |
Not Defined |
Server-Side Request Forgery |
OX App Suite |
۶.۵ |
CVE-2020-8544 |
Not Defined |
XML External Entity |
OX App Suite |
۶.۵ |
CVE-2020-8541 |
Not Defined |
XSS |
OX Guard |
۶.۱ |
CVE-2020-9426 |
Not Defined |
Server-Side Request Forgery |
OX Guard |
۵.۰ |
CVE-2020-9427 |
Memory Corruption |
PCRE libpcre Integer Overflow |
۹.۸ |
CVE-2020-14155 |
|
Memory Corruption |
PCRE libpcre |
۵.۵ |
CVE-2019-20838 |
|
Privilege Escalation |
Pound Request Smuggling |
۹.۱ |
CVE-2018-21245 |
|
Privilege Escalation |
Pulse Secure Client PulseSecureService.exe |
۵.۵ |
CVE-2020-13162 |
|
Not Defined |
DoS |
Python ipaddress.py IPv6Interface |
۵.۳ |
CVE-2020-14422 |
Memory Corruption |
Redis lua_struct.c getnum |
۵.۵ |
CVE-2020-14147 |
|
Not Defined |
DoS |
Rockwell Automation FactoryTalk Linx EDS File CPU Exhaustion |
۳.۵ |
CVE-2020-12005 |
Not Defined |
Privilege Escalation |
Rockwell Automation FactoryTalk Linx Parser |
۵.۵ |
CVE-2020-12001 |
Not Defined |
Privilege Escalation |
Rockwell Automation FactoryTalk Linx |
۵.۵ |
CVE-2020-12003 |
Not Defined |
Privilege Escalation |
Rockwell Automation FactoryTalk Linx |
۵.۵ |
CVE-2020-11999 |
Privilege Escalation |
Ruby on Rails ActiveStorage S3 Adapter File Upload |
۵.۵ |
CVE-2020-8162 |
|
Information Disclosure |
Ruby on Rails |
۳.۵ |
CVE-2020-8164 |
|
Not Defined |
Weak Authentication |
Schneider Electric Easergy T300 Brute Force |
۹.۸ |
CVE-2020-7508 |
Not Defined |
Information Disclosure |
Schneider Electric Easergy T300 Cleartext |
۷.۵ |
CVE-2020-7513 |
Not Defined |
CSRF |
Schneider Electric Easergy T300 |
۸.۸ |
CVE-2020-7503 |
Not Defined |
DoS |
Schneider Electric Easergy T300 |
۵.۳ |
CVE-2020-7504 |
Not Defined |
Information Disclosure |
Schneider Electric Easergy T300 |
۷.۵ |
CVE-2020-7506 |
Not Defined |
Privilege Escalation |
Schneider Electric Easergy T300 Integrity Check Code Injection |
۷.۲ |
CVE-2020-7505 |
Not Defined |
DoS |
Schneider Electric Easergy T300 Login |
۷.۵ |
CVE-2020-7507 |
Not Defined |
Information Disclosure |
Schneider Electric Easergy T300 Private Key |
۷.۵ |
CVE-2020-7510 |
Not Defined |
Privilege Escalation |
Schneider Electric Easergy T300 |
۷.۲ |
CVE-2020-7509 |
Not Defined |
Unknown Vulnerability |
Schneider Electric Easergy T300 |
۹.۸ |
CVE-2020-7512 |
Not Defined |
Weak Encryption |
Schneider Electric Easergy T300 |
۷.۵ |
CVE-2020-7511 |
Not Defined |
DoS |
Schneider Electric Modicon M218 Logic Controller Out-of-Bounds |
۳.۵ |
CVE-2020-7502 |
Not Defined |
Weak Authentication |
Schneider Electric Modicon PLC Unity Loader/OS Loader Default Credentials |
۵.۵ |
CVE-2020-7498 |
Not Defined |
Privilege Escalation |
Schneider Electric U.motion Server/Touch Panel Access Control |
۵.۵ |
CVE-2020-7499 |
Not Defined |
SQL Injection |
Schneider Electric U.motion Server/Touch Panel |
۶.۳ |
CVE-2020-7500 |
Not Defined |
Privilege Escalation |
Schneider Electric Vijeo Designer Basic/Vijeo Designer |
۵.۵ |
CVE-2020-7501 |
Not Defined |
Memory Corruption |
TP-LINK NC200/NC210/NC220/NC230/NC250/NC260/NC450 |
۵.۵ |
CVE-2020-13224 |
Information Disclosure |
Treck TCP-IP Stack ARP Out-of-Bounds Affecting Cisco Products |
۴.۳ |
CVE-2020-11914 |
|
Information Disclosure |
Treck TCP-IP Stack DHCP Out-of-Bounds Affecting Cisco Products |
۶.۵ |
CVE-2020-11903 |
|
Memory Corruption |
Treck TCP-IP Stack DHCP Stack-based Affecting Cisco Products |
۵.۵ |
CVE-2020-11908 |
|
Information Disclosure |
Treck TCP-IP Stack DHCPv6 Out-of-Bounds Affecting Cisco Products |
۳.۵ |
CVE-2020-11905 |
|
Memory Corruption |
Treck TCP-IP Stack Ethernet Link Layer Integer Underflow Affecting Cisco Products |
۵.۵ |
CVE-2020-11906 |
|
Privilege Escalation |
Treck TCP-IP Stack ICMPv4 Access Control Stack-based Affecting Cisco Products |
۵.۵ |
CVE-2020-11911 |
|
Information Disclosure |
Treck TCP-IP Stack ICMPv4 Out-of-Bounds Affecting Cisco Products |
۳.۵ |
CVE-2020-11910 |
|
Memory Corruption |
Treck TCP-IP Stack Integer Overflow Affecting Cisco Products |
۵.۵ |
CVE-2020-11904 |
|
Memory Corruption |
Treck TCP-IP Stack IPv4 Integer Underflow Affecting Cisco Products |
۵.۵ |
CVE-2020-11909 |
|
Memory Corruption |
Treck TCP-IP Stack IPv4 Tunneling Double-Free Affecting Cisco Products |
۵.۵ |
CVE-2020-11900 |
|
Privilege Escalation |
Treck TCP-IP Stack IPv4 Tunneling Stack-based Affecting Cisco Products |
۶.۳ |
CVE-2020-11896 |
|
Information Disclosure |
Treck TCP-IP Stack IPV4/ICMPv4 Stack-based Affecting Cisco Products |
۴.۳ |
CVE-2020-11898 |
|
Information Disclosure |
Treck TCP-IP Stack IPv6 Out-of-Bounds Affecting Cisco Products |
۳.۵ |
CVE-2020-11913 |
|
Information Disclosure |
Treck TCP-IP Stack IPv6 Out-of-Bounds Affecting Cisco Products |
۴.۳ |
CVE-2020-11899 |
|
Memory Corruption |
Treck TCP-IP Stack IPv6OverIPv4 Tunneling Out-of-Bounds Affecting Cisco Products |
۵.۵ |
CVE-2020-11902 |
|
Memory Corruption |
Treck TCP-IP Stack Out-of-Bounds Affecting Cisco Products |
۶.۳ |
CVE-2020-11897 |
|
Privilege Escalation |
Treck TCP-IP Stack Stack-based Affecting Cisco Products |
۶.۳ |
CVE-2020-11901 |
|
Information Disclosure |
Treck TCP-IP Stack TCP Out-of-Bounds Affecting Cisco Products |
۳.۵ |
CVE-2020-11912 |
|
Unknown Vulnerability |
Treck TCP-IP Stack TCP Stack-based Affecting Cisco Products |
۵.۵ |
CVE-2020-11907 |
|
Command Injection |
TRENDnet TEW-827DRU apply.cgi dhcp_connect |
۸.۸ |
CVE-2020-14075 |
|
Not Defined |
Command Injection |
TRENDnet TEW-827DRU apply.cgi send_log_email |
۸.۸ |
CVE-2020-14081 |
Not Defined |
Memory Corruption |
TRENDnet TEW-827DRU apply.cgi set_sta_enrollee_pin_wifi0 |
۸.۸ |
CVE-2020-14077 |
Not Defined |
Memory Corruption |
TRENDnet TEW-827DRU SSI Binary apply.cgi auto_up_lp |
۸.۸ |
CVE-2020-14079 |
Not Defined |
Memory Corruption |
TRENDnet TEW-827DRU SSI Binary apply.cgi kick_ban_wifi_mac_allow |
۸.۸ |
CVE-2020-14074 |
Not Defined |
Memory Corruption |
TRENDnet TEW-827DRU SSI Binary apply.cgi st_dev_rconnect |
۸.۸ |
CVE-2020-14076 |
Not Defined |
Memory Corruption |
TRENDnet TEW-827DRU SSI Binary apply.cgi wifi_captive_portal_login |
۸.۸ |
CVE-2020-14078 |
Not Defined |
Memory Corruption |
TRENDnet TEW-827DRU SSI Binary apply_sec.cgi ping_test |
۹.۸ |
CVE-2020-14080 |
Privilege Escalation |
VMware Horizon Client Folder Permission Command |
۷.۸ |
CVE-2020-3961 |
|
Privilege Escalation |
Webroot PKG |
۵.۵ |
CVE-2020-5755 |
|
Memory Corruption |
Webroot Type Confusion |
۶.۳ |
CVE-2020-5754 |
|
XSS |
WordPress Block Editor wp-admin |
۵.۴ |
CVE-2020-4046 |
|
Not Defined |
SQL Injection |
WordPress gVectors wpDiscuz Plugin wpdLoadMoreComments |
۶.۳ |
CVE-2020-13640 |
XSS |
WordPress Media File |
۶.۸ |
CVE-2020-4047 |
|
Privilege Escalation |
WordPress Meta Field |
۳.۵ |
CVE-2020-4050 |
|
XSS |
WordPress Theme Upload wp-admin |
۲.۴ |
CVE-2020-4049 |
|
Open Redirect |
WordPress wp_validate_redirect() |
۵.۷ |
CVE-2020-4048 |
|
Not Defined |
CSRF |
wpForo Plugin |
۸.۸ |
CVE-2019-19109 |
Not Defined |
XSS |
wpForo Plugin |
۴.۸ |
CVE-2019-19110 |
Not Defined |
XSS |
wpForo Plugin |
۶.۱ |
CVE-2019-19111 |
Not Defined |
XSS |
wpForo Plugin dashboard.php wpf-dw-td-value |
۶.۱ |
CVE-2019-19112 |
Not Defined |
XSS |
WSO2 Identity Server/IS as Key Manager Management Console Basic Policy Editor Reflected |
۴.۴ |
CVE-2020-14445 |
Not Defined |
XSS |
WSO2 Identity Server/IS as Key Manager Management Console Policy Administration Reflected |
۵.۴ |
CVE-2020-14444 |
Not Defined |
Open Redirect |
WSO2 Identity Server/IS as Key Manager |
۶.۱ |
CVE-2020-14446 |
Privilege Escalation |
Zammad Domain Based Assignment |
۶.۳ |
CVE-2020-14214 |
|
Privilege Escalation |
Zammad Ticket |
۵.۵ |
CVE-2020-14213 |
|
Privilege Escalation |
Zoho ManageEngine ServiceDesk Plus |
۷.۵ |
CVE-2020-14048 |
|
Not Defined |
Information Disclosure |
ZTEMarket apk Activity User |
۳.۵ |
CVE-2020-6869 |
سطح خطر حدود ۳۱% آسیبپذیریهای هفته، «پرخطر» و «حیاتی» برآورد شده است که بسیار قابلتوجّه است.
خوشبختانه برای ۷۸% آسیبپذیریهای هفته، بهروزرسانیها و یا وصلههایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده از آسیبپذیریها بهتر است سریعاً اعمال شوند.
همچنین با ۹۰ مورد، اکثر آسیبپذیریهای هفته (۲۶%) از نوع «ارتقا امتیاز» بودند.