This paper is written by “ Shenzhen Branch of national and local joint Engineering Research Center for network security detection and protection technology —— East Tower Institute of network security ” Summary
#【 Microsoft 】
CVE-2020-0618 SQL Server Report service Remote Code Execution Vulnerability
CVE-2020-0688 Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2020-1035 Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability
CVE-2020-1048 Microsoft Windows Print Spooler Security vulnerabilities
CVE-2020-1092 Microsoft Internet Explorer Remote Code Execution Vulnerability
CVE-2020-1350 Microsoft Windows Server DNS Server Buffer error vulnerability
CVE-2020-1472 Windows NetLogon Privilege escalation vulnerability
CVE-2020-16860 Microsoft Dynamics 365 Remote Code Execution Vulnerability
CVE-2020-16875 Microsoft Exchange Remote Code Execution Vulnerability
#【 Apple 】
CVE-2020-9951 Apple Safari Remote execution code vulnerability
CVE-2020-9992 Apple Xcode Remote command execution vulnerability
#【Apache】
CVE-2019-17564-Apache Dubbo Deserialization vulnerability
CVE-2020-1938-Apache Tomcat File contains vulnerability
CVE-2020-1948-Apache Dubbo Deserialization vulnerability
CVE-2020-1956-Apache Kylin Remote command execution vulnerability
CVE-2020-9480-Apache Spark Remote Code Execution Vulnerability
CVE-2020-9483-Apache SkyWalkingSQL Injection vulnerability
CVE-2020-9484-Apache Tomcat session Persistent Remote Code Execution Vulnerability
CVE-2020-9498-Apache Guacamole RDP Remote Code Execution Vulnerability
CVE-2020-11974,CVE-2020-13922 Apache DolphinScheduler Remote Code Execution Vulnerability
CVE-2020-11989-Apache Shiro Authentication bypass vulnerability
CVE-2020-11991 Apache Cocoon XML External entity injection vulnerability
CVE-2020-11995-Apache Dubbo Remote Code Execution Vulnerability
CVE-2020-13920 Apache ActiveMQ Remote Code Execution Vulnerability
CVE-2020-13921-Apache SkyWalking SQL Injection vulnerability
CVE-2020-13925-Apache Kylin Remote command execution vulnerability
CVE-2020-13933-Apache Shiro Privilege bypass vulnerability
CVE-2020-13948 Apache Superset Remote Code Execution Vulnerability
#【 Pan micro 】
CNVD-2019-32204 Pan micro OA E-cology Remote command execution vulnerability
CNVD-2019-34241 Pan micro E-cology OA system SQL Injection vulnerability
Pan micro Cloud Bridge e-bridge directory traversal / File read vulnerability
#【 Access 】
Access OA11.4 There is an unauthorized login vulnerability
Access OA11.5 There are many problems SQL Injection vulnerability
Access OA11.6 Unauthorized Remote Code Execution Vulnerability
Access OA The file contains vulnerabilities and SQL Injection vulnerability
Access OA v11.7 backstage SQL injection
#【 UFIDA 】
UFIDA NC6.5 Deserialization vulnerability
CNVD-2020-47540,CNVD-2020-47539 Wait for UFIDA NC Cloud Multiple security vulnerabilities
UFIDA GRP-u8 Command Execution Vulnerability
UFIDA GRP-u8 SQL injection
#【 Deeply convinced 】
Deeply convinced SSL VPN Remote Code Execution Vulnerability
Deeply convinced VPN Any user added vulnerability
Deeply convinced SSL VPN Nday - Pre Auth Arbitrary password reset vulnerability
Deeply convinced SSL VPN Modify binding mobile phone number vulnerability , Grade : high-risk
Deeply convinced EDR 3.2.21 Remote code execution
Deeply convinced EDR Arbitrary user login vulnerability
#【 Zhiyuan 】
Zhiyuan A8 File upload vulnerability
Zhiyuan A8 Deserialization vulnerability
Zhiyuan OA Arbitrary file write vulnerability
#【 Tianrongxin 】
Tianrongxin data leakage prevention system is not authorized to modify the administrator password
Tianrongxin TOPApp-LB load balancing SQL Injection vulnerability
#【 Green League 】
Green League UTS Integrated threat probe administrator login at will
Green League UTS Integrated threat probe information leakage vulnerability
#【ThinkPHP】
ThinkPHP3.x Injection vulnerability
ThinkPHP6 Arbitrary file manipulation vulnerability
#【Weblogic】
CVE-2020-2551-Weblogic Deserialization vulnerability
CVE-2020-2555-Weblogic Deserialization vulnerability
CVE-2020-14645-Weblogic Command Execution Vulnerability
#【VMware】
CVE-2020-3956-VMware Cloud Director Code injection vulnerability
CVE-2020-3980VMware Fusion Privilege escalation vulnerability
#【linux】
CVE-2020-7704 linux-cmdline Security vulnerabilities
linux-cmdline Remote Code Execution Vulnerability
CVE-2020-25284 linux kernel Code Execution Vulnerability
#【IBM】
CVE-2020-4643 IBM WebSphere existence XXE External entity injection vulnerability
CVE-2020-4703,CVE-2020-4711 IBM Spectrum Protect Plus Directory traversal and Arbitrary Code Execution Vulnerability
#【WordPress】
CVE-2020-5780 WordPress Email forgery vulnerability
Wordpress File-manager Plug in arbitrary file upload
#【Nginx】
CVE-2020-24660 Nginx Privilege bypass vulnerability
phpStudy nginx Analysis of loopholes
#【SaltStack】
CVE-2020-11651-SaltStack Authentication bypass vulnerability / Command execution
CVE-2020-11652-SaltStack Directory traversal vulnerability
#【WebSphere】
CVE-2020-4362-WebSphere Remote Code Execution Vulnerability
CVE-2020-4450-WebSphere Remote Code Execution Vulnerability
WebSphere Application Server XXE loophole
#【webTareas】
CVE-2020-25733 File upload vulnerability
CVE-2020-25734 Directory traversal vulnerability
CVE-2020-25735 Cross site scripting vulnerability
#【Citrix Systems】
CVE-2020-8245,CVE-2020-8246,CVE-2020-8247 Citrix Systems Multiple product vulnerabilities
#【 File operation class 】
CVE-2020-10977-Gitlab CE/EE Arbitrary file read /RCE
CVE-2020-25540 Thinkadmin v6 Arbitrary file read vulnerability
CVE-2020-25790 Typesetter CMS Upload any file
Vulnerability of arbitrary file upload in joint soft access system EXP open
Fastadmin File upload vulnerability
Arbitrary file upload vulnerability of Jianwen project management software
#【 other 】
CVE-2019-0230-Struts2 Remote Code Execution Vulnerability
CVE-2020-0601- Signature forgery
CVE-2020-0796 SMBV3 Remote command execution vulnerability
CVE-2020-1181 SharePoint Remote Code Execution Vulnerability
CVE-2020-1947-ShardingShpere Command Execution Vulnerability
CVE-2020-2040 PAN-OS Remote Code Execution Vulnerability
CVE-2020-5410-Spting-Cloud-Config-Server directory traversal
CVE-2020-5421 Spring Framework Reflective file download vulnerability
CVE-2020-5902-F5 BIG-IP TMUI Remote Code Execution Vulnerability
CVE-2020-7115 Aruba Clearpass Remote command execution vulnerability
CVE-2020-7293 McAfee Web Multiple high risk vulnerabilities
CVE-2020-8028 SUSE Access control error vulnerability
CVE-2020-8193-Citrix ADC Remote code execution
CVE-2020-8194-Citrix Code injection and other vulnerabilities
CVE-2020-8201 Node Core Multiple security vulnerabilities
CVE-2020-11107-XAMPP Arbitrary Command Execution Vulnerability
CVE-2020-11699 SpamTitan 7.07 Multiple RCE loophole
CVE-2020-11861 KM03709900 Loopholes in power raising
CVE-2020-12109 TP-Link Cloud camera
CVE-2020-13699-TeamViewer Full version no password connection
CVE-2020-15148 Yii 2 Framework deserialization remote command execution vulnerability
CVE-2020-15505 MobileIron MDM Remote Code Execution Vulnerability
CVE-2020-15710 PulseAudio Command Execution Vulnerability
CVE-2020-15920 Mida Solutions eFramework ajaxreq.php Command injection vulnerability
CVE-2020-24616 FasterXML jackson-databind Remote Code Execution Vulnerability
CVE-2020-25287 Pligg CMS Remote Code Execution Vulnerability
CVE-2020-25751 Joomla paGO Commerce 2.5.9.0 SQL injection
QEMU-KVM Cross border read / write vulnerability
PHPCMS v9 Full version front desk RCE
WPS Office Remote heap corruption vulnerability
Ghostscript
Netruida webVPN RCE loophole
Horde Groupware Webmail Edition
Pagoda panel 888 port pma Unauthorized access
Cochip Wireless router divulges account and password vulnerability by bypassing authentication
ISC BIND There are multiple security vulnerabilities
Citrix Systems There are security loopholes in many products
CNVD-2019-20835 Remote command execution vulnerability of Qizhi fortress
PAN-OS Remote Code Execution Vulnerability
Nagios Command Execution Vulnerability
Wangyu Nebula VPN There are loopholes in the old version
Spectrum Protect Plus Arbitrary Code Execution Vulnerability
McAfee Web Gateway Multiple high risk vulnerabilities
Nagios Command execution
Fastjson <= 1.2.68 Remote command execution vulnerability
vBulletin 5.6.1 SQL Injection vulnerability
Dongta security college has launched various activities and learning contents on all major platforms , Log in to the following platforms quickly , Search below “ key word ” Let's learn
micro-blog , Tencent classroom , Zhihu : Dongta Institute of network security
Bilibili : Dongta network security
For more activities and consultation, welcome to add wechat :dongtakefu
Free learning materials and courses
Waiting for you to collect it
Technology
Daily Recommendation