HVV 2020 | HVV Summary of period vulnerabilities


This paper is written by “ Shenzhen Branch of national and local joint Engineering Research Center for network security detection and protection technology —— East Tower Institute of network security ” Summary

#【 Microsoft 】

CVE-2020-0618 SQL Server Report service Remote Code Execution Vulnerability

CVE-2020-0688 Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2020-1035 Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability

CVE-2020-1048 Microsoft Windows Print Spooler Security vulnerabilities

CVE-2020-1092 Microsoft Internet Explorer Remote Code Execution Vulnerability

CVE-2020-1350 Microsoft Windows Server DNS Server Buffer error vulnerability

CVE-2020-1472 Windows NetLogon Privilege escalation vulnerability

CVE-2020-16860 Microsoft Dynamics 365 Remote Code Execution Vulnerability

CVE-2020-16875 Microsoft Exchange Remote Code Execution Vulnerability

#【 Apple 】

CVE-2020-9951 Apple Safari Remote execution code vulnerability

CVE-2020-9992 Apple Xcode Remote command execution vulnerability

#【Apache】

CVE-2019-17564-Apache Dubbo Deserialization vulnerability

CVE-2020-1938-Apache Tomcat File contains vulnerability

CVE-2020-1948-Apache Dubbo Deserialization vulnerability

CVE-2020-1956-Apache Kylin Remote command execution vulnerability

CVE-2020-9480-Apache Spark Remote Code Execution Vulnerability

CVE-2020-9483-Apache SkyWalkingSQL Injection vulnerability

CVE-2020-9484-Apache Tomcat session Persistent Remote Code Execution Vulnerability

CVE-2020-9498-Apache Guacamole RDP Remote Code Execution Vulnerability

CVE-2020-11974,CVE-2020-13922 Apache DolphinScheduler Remote Code Execution Vulnerability

CVE-2020-11989-Apache Shiro Authentication bypass vulnerability

CVE-2020-11991 Apache Cocoon XML External entity injection vulnerability

CVE-2020-11995-Apache Dubbo Remote Code Execution Vulnerability

CVE-2020-13920 Apache ActiveMQ Remote Code Execution Vulnerability

CVE-2020-13921-Apache SkyWalking SQL Injection vulnerability

CVE-2020-13925-Apache Kylin Remote command execution vulnerability

CVE-2020-13933-Apache Shiro Privilege bypass vulnerability

CVE-2020-13948 Apache Superset Remote Code Execution Vulnerability

#【 Pan micro 】

CNVD-2019-32204 Pan micro OA E-cology Remote command execution vulnerability

CNVD-2019-34241 Pan micro E-cology OA system SQL Injection vulnerability

Pan micro Cloud Bridge e-bridge directory traversal / File read vulnerability

#【 Access 】

Access OA11.4 There is an unauthorized login vulnerability

Access OA11.5 There are many problems SQL Injection vulnerability

Access OA11.6 Unauthorized Remote Code Execution Vulnerability

Access OA The file contains vulnerabilities and SQL Injection vulnerability

Access OA v11.7 backstage SQL injection

#【 UFIDA 】

UFIDA NC6.5 Deserialization vulnerability

CNVD-2020-47540,CNVD-2020-47539 Wait for UFIDA NC Cloud Multiple security vulnerabilities

UFIDA GRP-u8 Command Execution Vulnerability

UFIDA GRP-u8 SQL injection

#【 Deeply convinced 】

Deeply convinced SSL VPN Remote Code Execution Vulnerability

Deeply convinced VPN Any user added vulnerability

Deeply convinced SSL VPN Nday - Pre Auth Arbitrary password reset vulnerability

Deeply convinced SSL VPN Modify binding mobile phone number vulnerability , Grade : high-risk

Deeply convinced EDR 3.2.21 Remote code execution

Deeply convinced EDR Arbitrary user login vulnerability

#【 Zhiyuan 】

Zhiyuan A8 File upload vulnerability

Zhiyuan A8 Deserialization vulnerability

Zhiyuan OA Arbitrary file write vulnerability

#【 Tianrongxin 】

Tianrongxin data leakage prevention system is not authorized to modify the administrator password

Tianrongxin TOPApp-LB load balancing SQL Injection vulnerability

#【 Green League 】

Green League UTS Integrated threat probe administrator login at will

Green League UTS Integrated threat probe information leakage vulnerability

#【ThinkPHP】

ThinkPHP3.x Injection vulnerability

ThinkPHP6 Arbitrary file manipulation vulnerability

#【Weblogic】

CVE-2020-2551-Weblogic Deserialization vulnerability

CVE-2020-2555-Weblogic Deserialization vulnerability

CVE-2020-14645-Weblogic Command Execution Vulnerability

#【VMware】

CVE-2020-3956-VMware Cloud Director Code injection vulnerability

CVE-2020-3980VMware Fusion Privilege escalation vulnerability

#【linux】

CVE-2020-7704 linux-cmdline Security vulnerabilities

linux-cmdline Remote Code Execution Vulnerability

CVE-2020-25284 linux kernel Code Execution Vulnerability

#【IBM】

CVE-2020-4643 IBM WebSphere existence XXE External entity injection vulnerability

CVE-2020-4703,CVE-2020-4711 IBM Spectrum Protect Plus Directory traversal and Arbitrary Code Execution Vulnerability

#【WordPress】

CVE-2020-5780 WordPress Email forgery vulnerability

Wordpress File-manager Plug in arbitrary file upload

#【Nginx】

CVE-2020-24660 Nginx Privilege bypass vulnerability

phpStudy nginx Analysis of loopholes

#【SaltStack】

CVE-2020-11651-SaltStack Authentication bypass vulnerability / Command execution

CVE-2020-11652-SaltStack Directory traversal vulnerability

#【WebSphere】

CVE-2020-4362-WebSphere Remote Code Execution Vulnerability

CVE-2020-4450-WebSphere Remote Code Execution Vulnerability

WebSphere Application Server XXE loophole

#【webTareas】

CVE-2020-25733 File upload vulnerability

CVE-2020-25734 Directory traversal vulnerability

CVE-2020-25735 Cross site scripting vulnerability

#【Citrix Systems】

CVE-2020-8245,CVE-2020-8246,CVE-2020-8247 Citrix Systems Multiple product vulnerabilities

#【 File operation class 】

CVE-2020-10977-Gitlab CE/EE Arbitrary file read /RCE

CVE-2020-25540 Thinkadmin v6 Arbitrary file read vulnerability

CVE-2020-25790 Typesetter CMS Upload any file

Vulnerability of arbitrary file upload in joint soft access system EXP open

Fastadmin File upload vulnerability

Arbitrary file upload vulnerability of Jianwen project management software

#【 other 】

CVE-2019-0230-Struts2 Remote Code Execution Vulnerability

CVE-2020-0601- Signature forgery

CVE-2020-0796 SMBV3 Remote command execution vulnerability

CVE-2020-1181 SharePoint Remote Code Execution Vulnerability

CVE-2020-1947-ShardingShpere Command Execution Vulnerability

CVE-2020-2040 PAN-OS Remote Code Execution Vulnerability

CVE-2020-5410-Spting-Cloud-Config-Server directory traversal

CVE-2020-5421 Spring Framework Reflective file download vulnerability

CVE-2020-5902-F5 BIG-IP TMUI Remote Code Execution Vulnerability

CVE-2020-7115 Aruba Clearpass Remote command execution vulnerability

CVE-2020-7293 McAfee Web Multiple high risk vulnerabilities

CVE-2020-8028 SUSE Access control error vulnerability

CVE-2020-8193-Citrix ADC Remote code execution

CVE-2020-8194-Citrix Code injection and other vulnerabilities

CVE-2020-8201 Node Core Multiple security vulnerabilities

CVE-2020-11107-XAMPP Arbitrary Command Execution Vulnerability

CVE-2020-11699 SpamTitan 7.07 Multiple RCE loophole

CVE-2020-11861 KM03709900 Loopholes in power raising

CVE-2020-12109 TP-Link Cloud camera

CVE-2020-13699-TeamViewer Full version no password connection

CVE-2020-15148 Yii 2 Framework deserialization remote command execution vulnerability

CVE-2020-15505 MobileIron MDM Remote Code Execution Vulnerability

CVE-2020-15710 PulseAudio Command Execution Vulnerability

CVE-2020-15920 Mida Solutions eFramework ajaxreq.php Command injection vulnerability

CVE-2020-24616 FasterXML jackson-databind Remote Code Execution Vulnerability

CVE-2020-25287 Pligg CMS Remote Code Execution Vulnerability

CVE-2020-25751 Joomla paGO Commerce 2.5.9.0 SQL injection

QEMU-KVM Cross border read / write vulnerability

PHPCMS v9 Full version front desk RCE

WPS Office Remote heap corruption vulnerability

Ghostscript

Netruida webVPN RCE loophole

Horde Groupware Webmail Edition

Pagoda panel 888 port pma Unauthorized access

Cochip Wireless router divulges account and password vulnerability by bypassing authentication

ISC BIND There are multiple security vulnerabilities

Citrix Systems There are security loopholes in many products

CNVD-2019-20835 Remote command execution vulnerability of Qizhi fortress

PAN-OS Remote Code Execution Vulnerability

Nagios Command Execution Vulnerability

Wangyu Nebula VPN There are loopholes in the old version

Spectrum Protect Plus Arbitrary Code Execution Vulnerability

McAfee Web Gateway Multiple high risk vulnerabilities

Nagios Command execution

Fastjson <= 1.2.68 Remote command execution vulnerability

vBulletin 5.6.1 SQL Injection vulnerability

Dongta security college has launched various activities and learning contents on all major platforms , Log in to the following platforms quickly , Search below “ key word ” Let's learn

micro-blog , Tencent classroom , Zhihu : Dongta Institute of network security
Bilibili : Dongta network security
For more activities and consultation, welcome to add wechat :dongtakefu

Free learning materials and courses

Waiting for you to collect it

Technology
Daily Recommendation
Taobao unveils the year “ Ugly thing ”: Wool felt buyers show “ It's ugly ”
views 7
The worst year in human history Not at all 2020
views 5
《 A secret corner 》 Global shortlist 15 The best show The only domestic drama
views 4
WeChat ,QQ And many other popular Android APP Online Tongxin UOS: First exposure of interface
views 3
2021 Years , Why do people miss breathing lights ?
views 3
DAVE: From code trustworthiness to data trustworthiness
views 3
©2019-2020 Toolsou All rights reserved,
python3 Of tkinter Design of login interface +mysql Import data of database CRC Partial understanding of modular division use MySQL Processing 100 million level data The greatest common divisor and the least common multiple C Language Edition 【 Data structure and algorithm 8】 The maze problem of recursion 2020 year ,Java Is there any future ?【2020 The best little program : You can find all kinds of resources you want ?】element Form validation number type and range An interview of Alibaba outsourcing vue:word Local upload Preview