漏洞 Vulnerability CVE-2020-3544：思科Cisco Video Surveillance 8000系列IP摄像头远程代码执行漏洞 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-rcedos-mAHR8vNx CVE-2020-10816： Zoho ManageEngine Applications Manager 14780及更低版本的认证绕过漏洞 https://gitlab.com/eLeN3Re/CVE-2020-10816 CVE-2020-9048：江森自控victor Web Client任意文件删除漏洞 https://nvd.nist.gov/vuln/detail/CVE-2020-9048 Karel IP Phone IP1211 Web 管理面板目录遍历漏洞 https://www.exploit-db.com/exploits/48857 安全资讯 Security Information 苹果T2安全芯片被发现存在无法修复漏洞 https://www.ibtimes.sg/apples-famed-t2-security-chips-unfixable-vulnerability-allows-hackers-easy-access-macs-52244 安全研究 Security Research HEH：一种新的物联网P2P僵尸网络 https://blog.netlab.360.com/heh-an-iot-p2p-botnet/ CVE-2019-0230：Apache struts ognl 远程代码执行漏洞分析 https://www.thezdi.com/blog/2020/10/7/cve-2019-0230-apache-struts-ognl-remote-code-execution HashiCorp Vault身份验证问题（CVE-2020-16250 / 16251）分析 https://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html 剖析两个D-Link路由器身份验证绕过漏洞 https://www.thezdi.com/blog/2020/9/30/the-anatomy-of-a-bug-door-dissecting-two-d-link-router-authentication-bypasses