info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته اول بهمن‌ماه

این هفته آسیب‌پذیری‌های «حیاتی» و «پرخطر» بسیاری در محصولات مهم Cisco گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد.  همچنین در  محصولات شرکت‌های Oracle، Qualcomm، Python، NVIDIA،  IBM وکرنل لینوکس چندین آسیب‌پذیری «حیاتی» و «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به‌همراه  سطح خطر آن‌ها در جدول زیر آمده است.

شناسه آسیب‌پذیری

امتیاز مبنا

عنوان آسیب‌پذیری

ارزش روز صفر

رفع آسیب‌پذیری

CVE-2021-3166

۳.۵

Asus DSL-N14U-B1 Firmware Update Settings_DSL-N14U-B1.trx denial of service

$۰-$۱k

Not Defined

CVE-2020-29450

۴.۳

Atlassian Confluence Server/Data Center Avatar Upload denial of service

$۰-$۱k

Official Fix

CVE-2020-29446

۴.۳

Atlassian FishEye/Crucible file access

$۲k-$5k

Official Fix

CVE-2020-6024

۵.۳

Check Point SmartConsole access control

$۱k-$2k

Official Fix

CVE-2021-1280

۷.۸

Cisco Advanced Malware Protection DLL uncontrolled search path

$۱۰k-$25k

Official Fix

CVE-2021-1277

۵.۶

Cisco Data Center Network Manager API certificate validation

$۱۰k-$25k

Official Fix

CVE-2021-1276

۵.۶

Cisco Data Center Network Manager API certificate validation

$۱۰k-$25k

Official Fix

CVE-2021-1272

۶.۳

Cisco Data Center Network Manager Device Manager Application server-side request forgery

$۱۰k-$25k

Official Fix

CVE-2021-1255

۵.۵

Cisco Data Center Network Manager REST API Endpoint improper authorization

$۱۰k-$25k

Official Fix

CVE-2021-1135

۶.۳

Cisco Data Center Network Manager REST API Endpoint improper authorization

$۱۰k-$25k

Official Fix

CVE-2021-1133

۶.۳

Cisco Data Center Network Manager REST API Endpoint improper authorization

$۱۰k-$25k

Official Fix

CVE-2021-1248

۸.۰

Cisco Data Center Network Manager REST API Endpoint sql injection

$۱۰k-$25k

Official Fix

CVE-2021-1247

۸.۰

Cisco Data Center Network Manager REST API Endpoint sql injection

$۱۰k-$25k

Official Fix

CVE-2021-1283

۳.۳

Cisco Data Center Network Manager System Logs log file

$۲k-$5k

Official Fix

CVE-2021-1286

۳.۵

Cisco Data Center Network Manager Web-based Management Interface cross site scripting

$۲k-$5k

Official Fix

CVE-2021-1253

۳.۵

Cisco Data Center Network Manager Web-based Management Interface cross site scripting

$۲k-$5k

Official Fix

CVE-2021-1250

۳.۵

Cisco Data Center Network Manager Web-based Management Interface cross site scripting

$۲k-$5k

Official Fix

CVE-2021-1249

۳.۵

Cisco Data Center Network Manager Web-based Management Interface cross site scripting

$۲k-$5k

Official Fix

CVE-2021-1270

۶.۳

Cisco Data Center Network Manager Web-based Management Interface improper authorization

$۱۰k-$25k

Official Fix

CVE-2021-1269

۶.۳

Cisco Data Center Network Manager Web-based Management Interface improper authorization

$۱۰k-$25k

Official Fix

CVE-2021-1265

۴.۳

Cisco DNA Center API Call cleartext storage

$۵k-$10k

Official Fix

CVE-2021-1264

۸.۸

Cisco DNA Center command injection

$۱۰k-$25k

Official Fix

CVE-2021-1303

۴.۳

Cisco DNA Center Diagnostic privileges assignment

$۱۰k-$25k

Official Fix

CVE-2021-1257

۴.۳

Cisco DNA Center Web-based Management Interface cross-site request forgery

$۵k-$10k

Official Fix

CVE-2021-1312

۵.۳

Cisco Elastic Services Controller Health Monitor API resource consumption

$۵k-$10k

Official Fix

CVE-2021-1129

۵.۳

Cisco Email Security Appliance insertion of sensitive information into sent data

$۲۵k-$50k

Official Fix

CVE-2021-1299

۶.۶

Cisco SD-WAN command injection

$۵k-$10k

Official Fix

CVE-2021-1298

۶.۶

Cisco SD-WAN command injection

$۵k-$10k

Official Fix

CVE-2021-1263

۶.۶

Cisco SD-WAN command injection

$۵k-$10k

Official Fix

CVE-2021-1262

۶.۶

Cisco SD-WAN command injection

$۵k-$10k

Official Fix

CVE-2021-1261

۶.۶

Cisco SD-WAN command injection

$۵k-$10k

Official Fix

CVE-2021-1260

۶.۶

Cisco SD-WAN command injection

$۵k-$10k

Official Fix

CVE-2021-1233

۲.۳

Cisco SD-WAN iperf Tool input validation

$۲k-$5k

Official Fix

CVE-2021-1274

۵.۳

Cisco SD-WAN memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1241

۷.۳

Cisco SD-WAN memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1279

۷.۵

Cisco SD-WAN memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1278

۷.۵

Cisco SD-WAN memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1273

۷.۵

Cisco SD-WAN memory corruption

$۱۰k-$25k

Official Fix

CVE-2021-1301

۹.۸

Cisco SD-WAN memory corruption

$۲۵k-$50k

Official Fix

CVE-2021-1300

۹.۸

Cisco SD-WAN memory corruption

$۲۵k-$50k

Official Fix

CVE-2021-1235

۳.۳

Cisco SD-WAN vManage Software CLI improper authorization

$۵k-$10k

Official Fix

CVE-2021-1305

۶.۳

Cisco SD-WAN vManage Software Web-based Management Interface improper authorization

$۱۰k-$25k

Official Fix

CVE-2021-1304

۶.۳

Cisco SD-WAN vManage Software Web-based Management Interface improper authorization

$۱۰k-$25k

Official Fix

CVE-2021-1302

۶.۳

Cisco SD-WAN vManage Software Web-based Management Interface improper authorization

$۱۰k-$25k

Official Fix

CVE-2021-1349

۴.۳

Cisco SD-WAN vManage Software Web-based Management Interface injection

$۱۰k-$25k

Official Fix

CVE-2021-1259

۵.۰

Cisco SD-WAN vManage Software Web-based Management Interface path traversal

$۵k-$10k

Official Fix

CVE-2021-1225

۷.۳

Cisco SD-WAN vManage Software Web-based Management Interface sql injection

$۱۰k-$25k

Official Fix

CVE-2021-1219

۳.۳

Cisco Smart Software Manager Satellite hard-coded credentials

$۲k-$5k

Official Fix

CVE-2021-1138

۹.۸

Cisco Smart Software Manager Satellite input validation

$۱۰k-$25k

Official Fix

CVE-2021-1218

۵.۵

Cisco Smart Software Manager Satellite Web Management Interface redirect

$۵k-$10k

Official Fix

CVE-2021-1142

۹.۸

Cisco Smart Software Manager Satellite Web UI input validation

$۱۰k-$25k

Official Fix

CVE-2021-1141

۹.۸

Cisco Smart Software Manager Satellite Web UI input validation

$۱۰k-$25k

Official Fix

CVE-2021-1140

۹.۸

Cisco Smart Software Manager Satellite Web UI input validation

$۱۰k-$25k

Official Fix

CVE-2021-1139

۹.۸

Cisco Smart Software Manager Satellite Web UI input validation

$۱۰k-$25k

Official Fix

CVE-2021-1222

۵.۰

Cisco Smart Software Manager Satellite Web-based Management Interface sql injection

$۱۰k-$25k

Official Fix

CVE-2021-1353

۵.۳

Cisco StarOS IPv4 Packet memory leak

$۵k-$10k

Official Fix

CVE-2021-1350

۵.۳

Cisco Umbrella Web UI allocation of resources

$۵k-$10k

Official Fix

CVE-2021-1364

۴.۳

Cisco Unified Communications Manager & Presence Service path traversal

$۵k-$10k

Official Fix

CVE-2021-1357

۴.۳

Cisco Unified Communications Manager & Presence Service path traversal

$۵k-$10k

Official Fix

CVE-2021-1355

۴.۳

Cisco Unified Communications Manager IM & Presence Service path traversal

$۵k-$10k

Official Fix

CVE-2021-1282

۴.۳

Cisco Unified Communications Manager IM & Presence Service path traversal

$۵k-$10k

Official Fix

CVE-2021-1271

۳.۵

Cisco Web Security Appliance Web-based Management Interface cross site scripting

$۵k-$10k

Official Fix

CVE-2021-3182

۵.۵

D-Link DCS-5220 buffer overflow

$۱۰k-$25k

Workaround

CVE-2020-25684

۵.۶

Dnsmasq DNS Cache forward.c reply_query security check for standard

$۲k-$5k

Official Fix

CVE-2020-25685

۵.۶

Dnsmasq DNS Cache forward.c reply_query unknown vulnerability

$۱k-$2k

Official Fix

CVE-2020-25683

۳.۷

Dnsmasq DNSSEC rfc1035.c extract_name heap-based overflow

$۲k-$5k

Official Fix

CVE-2020-25686

۵.۶

Dnsmasq Pending Request security check for standard

$۲k-$5k

Official Fix

CVE-2020-25687

۷.۳

Dnsmasq rfc1035.c extract_name heap-based overflow

$۲k-$5k

Official Fix

CVE-2020-25682

۷.۳

Dnsmasq rfc1035.c extract_name heap-based overflow

$۲k-$5k

Official Fix

CVE-2020-25681

۵.۶

Dnsmasq RRSets Sort heap-based overflow

$۲k-$5k

Official Fix

CVE-2020-27221

۵.۵

Eclipse OpenJ9 UTF-8 Encoding stack-based overflow

$۲k-$5k

Not Defined

CVE-2020-35272

۳.۵

Employee Performance Evaluation System Admin Portal cross site scripting

$۰-$۱k

Not Defined

CVE-2020-35271

۳.۵

Employee Performance Evaluation System cross site scripting

$۰-$۱k

Not Defined

CVE-2020-4887

۵.۳

IBM AIX/VIOS Local Privilege Escalation

$۵k-$10k

Not Defined

CVE-2020-4766

۵.۹

IBM MQ Internet Pass-Thru MQ Data denial of service

$۵k-$25k

Official Fix

CVE-2020-4871

۳.۳

IBM Planning Analytics information disclosure

$۲k-$5k

Not Defined

CVE-2020-4881

۳.۷

IBM Planning Analytics TLS Communication certificate validation

$۵k-$10k

Official Fix

CVE-2020-4873

۵.۳

IBM Planning Analytics unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-4688

۵.۳

IBM Security Guardium command injection

$۵k-$10k

Not Defined

CVE-2020-4921

۶.۳

IBM Security Guardium sql injection

$۱۰k-$25k

Not Defined

CVE-2020-4969

۳.۷

IBM Security Identity Governance and Intelligence HSTS cleartext transmission

$۵k-$25k

Official Fix

CVE-2020-4958

۵.۶

IBM Security Identity Governance and Intelligence improper authentication

$۵k-$25k

Official Fix

CVE-2020-4968

۳.۷

IBM Security Identity Governance and Intelligence inadequate encryption

$۵k-$25k

Official Fix

CVE-2020-4966

۳.۷

IBM Security Identity Governance and Intelligence Token missing secure attribute

$۵k-$25k

Official Fix

CVE-2020-4983

۷.۵

IBM Spectrum LSF/Spectrum LSF Suite LSF Job unknown vulnerability

$۱۰k-$25k

Not Defined

CVE-2020-8554

۳.۱

Kubernetes API Server permission

$۰-$۵k

Not Defined

CVE-2021-3178

۶.۳

Linux Kernel NFS Export nfs3xdr.c no_subtree_check path traversal

$۵k-$10k

Official Fix

CVE-2020-35128

۳.۵

Mautic Javascript File cross site scripting

$۰-$۱k

Official Fix

CVE-2020-35129

۳.۵

Mautic Social Monitoring cross site scripting

$۰-$۱k

Official Fix

CVE-2020-7343

۵.۵

McAfee Agent Update denial of service

$۱k-$2k

Official Fix

CVE-2021-25325

۳.۵

MISP Galaxy Cluster Element index.ctp cross site scripting

$۰-$۱k

Official Fix

CVE-2021-25324

۳.۵

MISP Galaxy Cluster View view.ctp cross site scripting

$۰-$۱k

Official Fix

CVE-2021-3184

۳.۵

MISP global_menu.ctp cross site scripting

$۰-$۱k

Official Fix

CVE-2021-25323

۹.۱

MISP Password weak password

$۱k-$2k

Official Fix

CVE-2021-1068

۵.۵

NVIDIA Shield TV NVDEC buffer overflow

$۲k-$5k

Official Fix

CVE-2021-1069

۳.۵

NVIDIA Shield TV NVHost null pointer dereference

$۰-$۱k

Official Fix

CVE-2021-1067

۵.۵

NVIDIA Shield TV RPMB Command Status unknown vulnerability

$۲k-$5k

Official Fix

CVE-2021-25173

۳.۵

Open Design Alliance Drawings SDK DGN File denial of service

$۰-$۱k

Official Fix

CVE-2021-25174

۳.۵

Open Design Alliance Drawings SDK DGN File memory corruption

$۱k-$2k

Official Fix

CVE-2021-25177

۳.۵

Open Design Alliance Drawings SDK DXF File null pointer dereference

$۰-$۱k

Official Fix

CVE-2021-25176

۳.۵

Open Design Alliance Drawings SDK DXF File null pointer dereference

$۰-$۱k

Official Fix

CVE-2021-25175

۳.۵

Open Design Alliance Drawings SDK DXF File null pointer dereference

$۰-$۱k

Official Fix

CVE-2021-25178

۵.۵

Open Design Alliance Drawings SDK DXF File stack-based overflow

$۲k-$5k

Official Fix

CVE-2021-3130

۴.۳

Open-AudIT Web Interface information disclosure

$۱k-$2k

Not Defined

CVE-2021-25295

۳.۵

OpenCATS cross site scripting

$۰-$۱k

Not Defined

CVE-2021-25294

۶.۳

OpenCATS guzzlehttp DataGrid.php __destruct deserialization

$۲k-$5k

Not Defined

CVE-2020-26295

۴.۷

OpenMage Import/Export unrestricted upload

$۰-$۵k

Official Fix

CVE-2020-26285

۴.۷

OpenMage Import/Export unrestricted upload

$۰-$۵k

Official Fix

CVE-2020-26252

۴.۷

OpenMage Update path traversal

$۱k-$2k

Official Fix

CVE-2019-17563

۷.۵

Oracle Agile Engineering Data Management Install Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2020-14195

۸.۱

Oracle Agile PLM Security Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2020-9281

۶.۱

Oracle Agile PLM Security unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2019-11358

۶.۱

Oracle Agile Product Lifecycle Management for Process Installation unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2021-2040

۷.۱

Oracle Argus Safety Case Form/Local Affiliate Form Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2021-2110

۴.۳

Oracle Argus Safety Letters information disclosure

$۵k-$10k

Official Fix

CVE-2021-2104

۸.۲

Oracle Complex Maintenance, Repair, and Overhaul Dialog Box unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2021-2103

۸.۲

Oracle Complex Maintenance, Repair, and Overhaul Dialog Box unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2021-2102

۸.۲

Oracle Complex Maintenance, Repair, and Overhaul Dialog Box unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2021-2080

۸.۲

Oracle Configurator UI Servlet unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2021-2079

۸.۲

Oracle Configurator UI Servlet unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2021-2078

۸.۲

Oracle Configurator UI Servlet unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-14803

۵.۳

Oracle Java SE Libraries information disclosure

$۱۰k-$25k

Official Fix

CVE-2021-2052

۵.۸

Oracle JD Edwards EnterpriseOne Orchestrator E1 IOT Orchestrator Security information disclosure

$۵k-$10k

Official Fix

CVE-2020-11022

۶.۱

Oracle JD Edwards EnterpriseOne Orchestrator E1 IOT Orchestrator Security unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-11022

۶.۱

Oracle JD Edwards EnterpriseOne Tools E1 Dev Platform Tech - Cloud unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-1967

۷.۵

Oracle JD Edwards EnterpriseOne Tools Enterprise Infrastructure SEC denial of service

$۵k-$10k

Official Fix

CVE-2020-11022

۶.۱

Oracle JD Edwards EnterpriseOne Tools Web Runtime unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2021-2006

۵.۳

Oracle MySQL Client C API denial of service

$۲k-$5k

Official Fix

CVE-2021-2011

۵.۹

Oracle MySQL Client C API denial of service

$۵k-$10k

Official Fix

CVE-2021-2007

۳.۷

Oracle MySQL Client C API information disclosure

$۵k-$10k

Official Fix

CVE-2021-2010

۴.۲

Oracle MySQL Client C API unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-5408

۶.۵

Oracle MySQL Enterprise Monitor Service Manager information disclosure

$۵k-$10k

Official Fix

CVE-2019-10086

۷.۳

Oracle MySQL Enterprise Monitor Service Manager Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2020-5421

۶.۵

Oracle MySQL Enterprise Monitor Service Manager unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2021-2038

۴.۴

Oracle MySQL Server Components Services denial of service

$۲k-$5k

Official Fix

CVE-2021-2061

۴.۴

Oracle MySQL Server DDL denial of service

$۲k-$5k

Official Fix

CVE-2021-2122

۴.۹

Oracle MySQL Server DDL denial of service

$۲k-$5k

Official Fix

CVE-2021-2088

۴.۴

Oracle MySQL Server DML denial of service

$۱k-$2k

Official Fix

CVE-2021-2087

۴.۴

Oracle MySQL Server DML denial of service

$۱k-$2k

Official Fix

CVE-2021-2056

۴.۴

Oracle MySQL Server DML denial of service

$۲k-$5k

Official Fix

CVE-2021-2032

۴.۳

Oracle MySQL Server Information Schema information disclosure

$۵k-$10k

Official Fix

CVE-2021-2022

۴.۴

Oracle MySQL Server InnoDB denial of service

$۲k-$5k

Official Fix

CVE-2021-2028

۴.۹

Oracle MySQL Server InnoDB denial of service

$۲k-$5k

Official Fix

CVE-2021-2042

۲.۳

Oracle MySQL Server InnoDB information disclosure

$۱k-$2k

Official Fix

CVE-2021-2048

۵.۰

Oracle MySQL Server InnoDB unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2021-2058

۴.۹

Oracle MySQL Server Locking denial of service

$۲k-$5k

Official Fix

CVE-2021-2065

۴.۹

Oracle MySQL Server Optimizer denial of service

$۲k-$5k

Official Fix

CVE-2021-2076

۴.۹

Oracle MySQL Server Optimizer denial of service

$۲k-$5k

Official Fix

CVE-2021-2070

۴.۹

Oracle MySQL Server Optimizer denial of service

$۲k-$5k

Official Fix

CVE-2021-2060

۴.۹

Oracle MySQL Server Optimizer denial of service

$۲k-$5k

Official Fix

CVE-2021-2055

۴.۹

Oracle MySQL Server Optimizer denial of service

$۲k-$5k

Official Fix

CVE-2021-2036

۴.۹

Oracle MySQL Server Optimizer denial of service

$۲k-$5k

Official Fix

CVE-2021-2031

۴.۹

Oracle MySQL Server Optimizer denial of service

$۲k-$5k

Official Fix

CVE-2021-2030

۴.۹

Oracle MySQL Server Optimizer denial of service

$۲k-$5k

Official Fix

CVE-2021-2021

۴.۹

Oracle MySQL Server Optimizer denial of service

$۲k-$5k

Official Fix

CVE-2021-2016

۴.۹

Oracle MySQL Server Optimizer denial of service

$۲k-$5k

Official Fix

CVE-2021-2001

۴.۹

Oracle MySQL Server Optimizer denial of service

$۲k-$5k

Official Fix

CVE-2021-2024

۶.۵

Oracle MySQL Server Optimizer denial of service

$۲k-$5k

Official Fix

CVE-2021-2020

۶.۵

Oracle MySQL Server Optimizer denial of service

$۲k-$5k

Official Fix

CVE-2021-1998

۳.۸

Oracle MySQL Server Optimizer unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2021-2014

۴.۹

Oracle MySQL Server PAM Auth Plugin denial of service

$۲k-$5k

Official Fix

CVE-2021-2012

۴.۹

Oracle MySQL Server Privileges denial of service

$۲k-$5k

Official Fix

CVE-2021-2019

۲.۷

Oracle MySQL Server Privileges information disclosure

$۵k-$10k

Official Fix

CVE-2021-2002

۴.۹

Oracle MySQL Server Replication denial of service

$۲k-$5k

Official Fix

CVE-2021-2009

۴.۹

Oracle MySQL Server Roles denial of service

$۲k-$5k

Official Fix

CVE-2021-2081

۴.۹

Oracle MySQL Server Stored Procedure denial of service

$۲k-$5k

Official Fix

CVE-2021-2072

۴.۹

Oracle MySQL Server Stored Procedure denial of service

$۲k-$5k

Official Fix

CVE-2021-2046

۶.۸

Oracle MySQL Server Stored Procedure denial of service

$۲k-$5k

Official Fix

CVE-2020-1971

۵.۹

Oracle MySQL Workbench denial of service

$۵k-$10k

Official Fix

CVE-2020-13871

۷.۵

Oracle MySQL Workbench denial of service

$۵k-$10k

Official Fix

CVE-2021-2044

۶.۵

Oracle PeopleSoft Enterprise FIN Payables Financial Sanctions information disclosure

$۵k-$10k

Official Fix

CVE-2020-11022

۶.۱

Oracle PeopleSoft Enterprise HCM Human Resources Company Dir/Org Chart Viewer/Employee Snapshot unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2019-0227

۷.۵

Oracle PeopleSoft Enterprise HCM Human Resources Global Payroll for Switzerland unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2021-2071

۸.۱

Oracle PeopleSoft Enterprise PeopleTools Elastic Search Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2021-2063

۸.۴

Oracle PeopleSoft Enterprise PeopleTools Portal Local Privilege Escalation

$۱۰k-$25k

Official Fix

CVE-2021-2043

۶.۱

Oracle PeopleSoft Enterprise PeopleTools Portal unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-9281

۶.۱

Oracle PeopleSoft Enterprise PeopleTools Rich Text Editor unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-1968

۳.۷

Oracle PeopleSoft Enterprise PeopleTools Security information disclosure

$۵k-$10k

Official Fix

CVE-2020-5421

۶.۵

Oracle Retail Assortment Planning Application Core unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-17521

۵.۵

Oracle Retail Bulk Data Integration BDI Job Scheduler information disclosure

$۲k-$5k

Official Fix

CVE-2020-5398

۷.۵

Oracle Retail Bulk Data Integration BDI Job Scheduler Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2019-17091

۶.۱

Oracle Retail Bulk Data Integration BDI Job Scheduler unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2021-2057

۶.۳

Oracle Retail Customer Management and Segmentation Foundation Internal Operations Remote Privilege Escalation

$۱۰k-$25k

Official Fix

CVE-2020-9488

۳.۷

Oracle Retail Customer Management and Segmentation Foundation Promotions information disclosure

$۵k-$10k

Official Fix

CVE-2020-10683

۹.۸

Oracle Retail Customer Management and Segmentation Foundation Segment Remote Code Execution

$۱۰۰k and more

Official Fix

CVE-2020-1945

۹.۱

Oracle Retail Extract Transform and Load Mathematical Operators unknown vulnerability

$۱۰۰k and more

Official Fix

CVE-2020-17521

۵.۵

Oracle Retail Financial Integration PeopleSoft Integration Bugs information disclosure

$۲k-$5k

Official Fix

CVE-2019-10086

۷.۳

Oracle Retail Financial Integration PeopleSoft Integration Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2020-5421

۶.۵

Oracle Retail Financial Integration PeopleSoft Integration unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-11979

۷.۵

Oracle Retail Financial Integration PeopleSoft Integration unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-17521

۵.۵

Oracle Retail Integration Bus RIB Kernal information disclosure

$۲k-$5k

Official Fix

CVE-2019-10086

۷.۳

Oracle Retail Integration Bus RIB Kernal Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2020-5421

۶.۵

Oracle Retail Integration Bus RIB Kernal unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2019-17566

۷.۵

Oracle Retail Integration Bus RIB Kernal unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-11979

۷.۵

Oracle Retail Integration Bus RIB Kernal unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2017-8028

۸.۱

Oracle Retail Invoice Matching Posting Remote Code Execution

$۲۵k-$50k

Official Fix

CVE-2020-5421

۶.۵

Oracle Retail Invoice Matching Security unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-9546

۹.۸

Oracle Retail Merchandising System Foundation Remote Code Execution

$۱۰۰k and more

Official Fix

CVE-2020-13954

۶.۱

Oracle Retail Order Broker Cloud Service Supplier Direct Fulfillment unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-9484

۷.۰

Oracle Retail Order Broker System Administration Local Privilege Escalation

$۱۰k-$25k

Official Fix

CVE-2019-10086

۷.۳

Oracle Retail Order Broker System Administration Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2020-5421

۸.۸

Oracle Retail Order Broker System Administration Remote Privilege Escalation

$۲۵k-$50k

Official Fix

CVE-2019-17566

۷.۵

Oracle Retail Order Broker System Administration unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-9546

۹.۸

Oracle Retail Sales Audit Rule Wizards Remote Code Execution

$۱۰۰k and more

Official Fix

CVE-2020-17521

۵.۵

Oracle Retail Service Backbone RSB kernel information disclosure

$۲k-$5k

Official Fix

CVE-2019-10086

۷.۳

Oracle Retail Service Backbone RSB kernel Remote Code Execution

$۱۰k-$25k

Official Fix

CVE-2020-5421

۶.۵

Oracle Retail Service Backbone RSB kernel unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-11979

۷.۵

Oracle Retail Service Backbone RSB kernel unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2019-17091

۶.۱

Oracle Retail Store Inventory Management SIM Integration unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-11979

۷.۵

Oracle Retail Store Inventory Management SIM Integration unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2021-2004

۴.۳

Oracle Siebel Core - Server BizLogic Script Integration - Scripting information disclosure

$۵k-$10k

Official Fix

CVE-2021-2039

۷.۶

Oracle Siebel Core - Server Framework Search unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-11022

۶.۱

Oracle Siebel Mobile App Open UI unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-9484

۷.۰

Oracle Siebel UI Framework EAI Local Privilege Escalation

$۱۰k-$25k

Official Fix

CVE-2020-9488

۳.۷

Oracle StorageTek Tape Analytics SW Tool information disclosure

$۵k-$10k

Official Fix

CVE-2020-11022

۶.۱

Oracle StorageTek Tape Analytics SW Tool jQuery unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2019-11358

۶.۱

Oracle Transportation Management Install unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-2555

۹.۸

Oracle Utilities Framework General Remote Code Execution

$۱۰۰k and more

Official Fix

CVE-2021-2130

۴.۴

Oracle VM VirtualBox denial of service

$۱k-$2k

Official Fix

CVE-2021-2127

۴.۴

Oracle VM VirtualBox denial of service

$۱k-$2k

Official Fix

CVE-2021-2073

۴.۴

Oracle VM VirtualBox denial of service

$۱k-$2k

Official Fix

CVE-2021-2124

۶.۰

Oracle VM VirtualBox denial of service

$۱k-$2k

Official Fix

CVE-2021-2121

۶.۰

Oracle VM VirtualBox denial of service

$۱k-$2k

Official Fix

CVE-2021-2112

۶.۰

Oracle VM VirtualBox denial of service

$۱k-$2k

Official Fix

CVE-2021-2111

۶.۰

Oracle VM VirtualBox denial of service

$۱k-$2k

Official Fix

CVE-2021-2086

۶.۰

Oracle VM VirtualBox denial of service

$۱k-$2k

Official Fix

CVE-2021-2123

۳.۲

Oracle VM VirtualBox information disclosure

$۱k-$2k

Official Fix

CVE-2021-2120

۶.۰

Oracle VM VirtualBox information disclosure

$۲k-$5k

Official Fix

CVE-2021-2119

۶.۰

Oracle VM VirtualBox information disclosure

$۲k-$5k

Official Fix

CVE-2021-2128

۶.۵

Oracle VM VirtualBox information disclosure

$۲k-$5k

Official Fix

CVE-2021-2074

۸.۲

Oracle VM VirtualBox Local Privilege Escalation

$۱۰k-$25k

Official Fix

CVE-2021-2125

۴.۶

Oracle VM VirtualBox unknown vulnerability

$۵k-$10k

Official Fix

CVE-2021-2131

۶.۰

Oracle VM VirtualBox unknown vulnerability

$۵k-$10k

Official Fix

CVE-2021-2126

۶.۰

Oracle VM VirtualBox unknown vulnerability

$۵k-$10k

Official Fix

CVE-2021-2129

۷.۹

Oracle VM VirtualBox unknown vulnerability

$۱۰k-$25k

Official Fix

CVE-2020-11984

۹.۸

Oracle ZFS Storage Appliance Kit Operating System Image Remote Code Execution

$۱۰۰k and more

Official Fix

CVE-2021-1999

۵.۰

Oracle ZFS Storage Appliance Kit RAS subsystems unknown vulnerability

$۵k-$10k

Official Fix

CVE-2020-12514

۴.۴

Pepperl+Fuchs P+F Comtrol IO-Link Master discoveryd null pointer dereference

$۰-$۵k

Official Fix

CVE-2020-12512

۳.۵

Pepperl+Fuchs P+F Comtrol IO-Link Master HTTP POST cross site scripting

$۰-$۵k

Official Fix

CVE-2020-12513

۸.۸

Pepperl+Fuchs P+F Comtrol IO-Link Master os command injection

$۰-$۵k

Official Fix

CVE-2020-12511

۳.۵

Pepperl+Fuchs P+F Comtrol IO-Link Master Web Interface cross-site request forgery

$۰-$۵k

Official Fix

CVE-2020-23522

۳.۵

Pixelimity setting.php cross-site request forgery

$۰-$۱k

Not Defined

CVE-2021-3177

۷.۳

Python callproc.c PyCArg_repr buffer overflow

$۲k-$5k

Official Fix

CVE-2020-3687

۳.۳

Qualcomm Admin Services access control

$۰-$۱k

Official Fix

CVE-2020-11136

۵.۵

Qualcomm Snapdragon Auto Audio Driver buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-3691

۶.۳

Qualcomm Snapdragon Auto Audio integer underflow

$۱۰k-$25k

Official Fix

CVE-2020-11179

۴.۶

Qualcomm Snapdragon Auto buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11149

۳.۵

Qualcomm Snapdragon Auto Camera Driver out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-11150

۵.۵

Qualcomm Snapdragon Auto Camera Driver out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-11180

۵.۵

Qualcomm Snapdragon Auto Command out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-11145

۳.۵

Qualcomm Snapdragon Auto Delta Extension Header divide by zero

$۲k-$5k

Official Fix

CVE-2020-11183

۵.۵

Qualcomm Snapdragon Auto Display Service buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11144

۵.۵

Qualcomm Snapdragon Auto DL ROHC Packet Decompression buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11139

۳.۵

Qualcomm Snapdragon Auto Frame out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-11152

۴.۶

Qualcomm Snapdragon Auto HAL Layer race condition

$۲k-$5k

Official Fix

CVE-2020-11148

۵.۵

Qualcomm Snapdragon Auto HIDL use after free

$۱۰k-$25k

Official Fix

CVE-2020-11137

۳.۵

Qualcomm Snapdragon Auto Integer Multiplication out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-11146

۵.۵

Qualcomm Snapdragon Auto IOCTL array index

$۱۰k-$25k

Official Fix

CVE-2020-11151

۵.۵

Qualcomm Snapdragon Auto IOCTL use after free

$۱۰k-$25k

Official Fix

CVE-2020-11167

۶.۳

Qualcomm Snapdragon Auto L2CAP Packet Length memory corruption

$۱۰k-$25k

Official Fix

CVE-2020-3685

۵.۵

Qualcomm Snapdragon Auto memory corruption

$۱۰k-$25k

Official Fix

CVE-2020-3686

۶.۳

Qualcomm Snapdragon Auto Music Playback out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-11143

۶.۳

Qualcomm Snapdragon Auto Music Playback out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-11140

۶.۳

Qualcomm Snapdragon Auto Music Playback out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-11138

۴.۳

Qualcomm Snapdragon Auto Music Playback uninitialized pointer

$۵k-$10k

Official Fix

CVE-2020-11212

۵.۵

Qualcomm Snapdragon Auto NAN Beacon Attribute out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-11214

۵.۵

Qualcomm Snapdragon Auto NDL Attribute buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11119

۵.۵

Qualcomm Snapdragon Auto Response Header buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11200

۵.۵

Qualcomm Snapdragon Auto RPS Parser buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11213

۵.۵

Qualcomm Snapdragon Auto Service Descriptor out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-11197

۶.۳

Qualcomm Snapdragon Auto Stream Info Update integer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11216

۶.۳

Qualcomm Snapdragon Auto Video Driver buffer overflow

$۱۰k-$25k

Official Fix

CVE-2020-11215

۵.۵

Qualcomm Snapdragon Auto VSA Attribute out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-11225

۵.۵

Qualcomm Snapdragon Auto WLAN Driver out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-11185

۵.۵

Qualcomm Snapdragon Auto WLAN Driver out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-11217

۵.۵

Qualcomm Snapdragon Compute Audio Driver double free

$۱۰k-$25k

Official Fix

CVE-2020-11181

۵.۵

Qualcomm Snapdragon Compute CVP Process out-of-bounds read

$۵k-$10k

Official Fix

CVE-2020-8568

۲.۲

Secrets Store CSI Driver pods path traversal

$۰-$۵k

Not Defined

CVE-2020-8567

۴.۲

Secrets Store CSI Driver Vault Plugin pods path traversal

$۰-$۵k

Official Fix

CVE-2020-28481

۷.۳

socket.io Packet CORS unknown vulnerability

$۲k-$5k

Official Fix

CVE-2020-26278

۵.۵

Weave Net unnecessary privileges

$۱k-$2k

Official Fix

CVE-2020-14360

۵.۵

X.Org Server XkbSetMap memory corruption

$۲k-$5k

Official Fix

CVE-2020-27733

۶.۳

Zoho ManageEngine Applications Manager sql injection

$۱k-$2k

Official Fix

 

سطح خطر حدود ۲۱% آسیب‌پذیری‌های هفته، «پرخطر» و «حیاتی» برآورد شده است که قابل‌توجه است.

خوشبختانه برای ۹۴% آسیب‌پذیری‌‌های هفته، به‌روزرسانی‌ها و یا وصله‌هایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده ازآسیب‌پذیری‌ها بهتر است سریعاً اعمال شوند.

 

 

    

 

 

تحت نظارت وف ایرانی