info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته دوم فروردین‌ماه

مهم ترین آسیب‌پذیری‌ این هفته مربوط به محصولات موبایل شرکت سامسونگ است: آسیب‌پذیری‌هایی با سطح خطر «بسیار حیاتی» و «حیاتی». همچنین مرورگرهای محبوب Mozilla Firefox، Google Chrome و Internet Explorer همگی دارای آسیب‌پذیری‌های «حیاتی» و «خطرناک» هستند.  در محصولات پرکاربرد شرکت Adobe‌ نیز چندین آسیب‌پذیری حیاتی شناسایی شده است. آسیب‌پذیری‌های این هفته بیشتر از نوع «تخریب حافظه» بودند.

 

 

نوع آسیب‌پذیری

محصول آسیب‌پذیر

شناسه آسیب‌پذیری

XML External Entity

Accenture Mercury SimpleXmlParser.java

CVE-2020-10990

Memory Corruption

Adobe Acrobat Reader

CVE-2020-3807

Memory Corruption

Adobe Acrobat Reader

CVE-2020-3797

Privilege Escalation

Adobe Acrobat Reader DLL

CVE-2020-3803

Information Disclosure

Adobe Acrobat Reader Memory Leak

CVE-2020-3800

Information Disclosure

Adobe Acrobat Reader

CVE-2020-3806

Information Disclosure

Adobe Acrobat Reader

CVE-2020-3804

Memory Corruption

Adobe Acrobat Reader

CVE-2020-3795

Memory Corruption

Adobe Acrobat Reader

CVE-2020-3799

Memory Corruption

Adobe Acrobat Reader

CVE-2020-3805

Memory Corruption

Adobe Acrobat Reader

CVE-2020-3802

Memory Corruption

Adobe Acrobat Reader

CVE-2020-3801

Memory Corruption

Adobe Acrobat Reader

CVE-2020-3793

Memory Corruption

Adobe Acrobat Reader

CVE-2020-3792

Memory Corruption

Adobe Bridge

CVE-2020-9552

Memory Corruption

Adobe Bridge

CVE-2020-9551

Privilege Escalation

Adobe ColdFusion 2016/ColdFusion 2018 File Inclusion

CVE-2020-3794

Information Disclosure

Adobe ColdFusion

CVE-2020-3761

race condition

Adobe Creative Cloud Desktop Application

CVE-2020-3808

Information Disclosure

Adobe Experience Manager SSRF

CVE-2020-3769

Privilege Escalation

Adobe Genuine Integrity Service File Permission

CVE-2020-3766

Memory Corruption

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3790

Memory Corruption

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3789

Memory Corruption

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3788

Memory Corruption

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3787

Memory Corruption

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3786

Memory Corruption

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3785

Memory Corruption

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3784

Memory Corruption

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3780

Memory Corruption

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3776

Memory Corruption

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3775

Memory Corruption

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3774

Memory Corruption

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3772

Memory Corruption

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3770

Memory Corruption

Adobe Photoshop CC 2019/Photoshop 2020 Heap-based

CVE-2020-3783

Information Disclosure

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3791

Information Disclosure

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3782

Information Disclosure

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3781

Information Disclosure

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3778

Information Disclosure

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3777

Information Disclosure

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3771

Memory Corruption

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3779

Memory Corruption

Adobe Photoshop CC 2019/Photoshop 2020

CVE-2020-3773

Memory Corruption

Advantech WebAccess Stack-based

CVE-2020-10607

Code Execution

AIDA64 kerneld.sys

CVE-2019-7244

Weak Authentication

Apache Shiro Spring Dynamic Controller

CVE-2020-1957

Information Disclosure

Artifactory Plugin Global Configuration Password

CVE-2020-2164

Weak Encryption

Artifactory Plugin

CVE-2020-2165

Code Execution

Asus Device Activation DevActSvc.exe

CVE-2020-10649

XML External Entity

Azkaban XmlValidatorManager.java

CVE-2020-10992

Remote Code Execution

Azure Container Service Plugin YAML Parser  

CVE-2020-2168

Memory Corruption

CODESYS V3 Web Server

CVE-2020-10245

Privilege Escalation

Community plugin Album

CVE-2020-9468

SQL injection

custom-searchable-data-entry-system

CVE-2020-10817

Privilege Escalation

CuteNews PHP

CVE-2020-5558

Cross Site Scripting

Dell RSA Authentication Manager Security Console Stored

CVE-2020-5340

Cross Site Scripting

Dell RSA Authentication Manager Security Console Stored

CVE-2020-5339

Memory Corruption

DrayTek Vigor3900/Vigor2960/Vigor300B activate.cgi

CVE-2020-10825

Memory Corruption

DrayTek Vigor3900/Vigor2960/Vigor300B activate.cgi

CVE-2020-10824

Memory Corruption

DrayTek Vigor3900/Vigor2960/Vigor300B activate.cgi

CVE-2020-10823

Command Injection

DrayTek Vigor3900/Vigor2960/Vigor300B Debug Mode activate.cgi

CVE-2020-10826

Memory Corruption

DrayTek Vigor3900/Vigor2960/Vigor300B Stack-based

CVE-2020-10828

Memory Corruption

DrayTek Vigor3900/Vigor2960/Vigor300B Stack-based

CVE-2020-10827

Denial of Service

F5 BIG-IP HTTP

CVE-2020-5857

Denial of Service

F5 BIG-IP TMM Crash

CVE-2020-5862

Denial of Service

F5 BIG-IP TMM

CVE-2020-5861

Denial of Service

F5 BIG-IP TMM

CVE-2020-5859

Privilege Escalation

F5 BIG-IP/BIG-IQ High Availability

CVE-2020-5860

Privilege Escalation

F5 BIG-IP/BIG-IQ tmsh Shell

CVE-2020-5858

Privilege Escalation

FasterXML jackson-databind Gadget

CVE-2020-10969

Unknown Vulnerability

FasterXML jackson-databind Gadget

CVE-2020-10968

Privilege Escalation

FrozenNode Laravel-Administrator Image Upload file_upload

CVE-2020-10963

Code Execution

Gigabyte APP Center gdrv.sys

CVE-2019-7630

Privilege Escalation

GitLab Community Edition/Enterprise Edition Docker Images

CVE-2020-10952

Server-Side Request Forgery

GitLab Community Edition/Enterprise Edition Project Import

CVE-2020-10956

Denial of Service

GitLab Community Edition/Enterprise Edition Repository Archive

CVE-2020-10954

Information Disclosure

GitLab Community Edition/Enterprise Edition Upload

CVE-2020-10955

Directory Traversal

GitLab Enterprise Edition

CVE-2020-10953

Denial of Service

GNU Patch Incomplete Fix CVE-2018-6952 pch.c another_hunk

CVE-2019-20633

Memory Corruption

Google Chrome Audio Use-After-Free

CVE-2020-6449

Memory Corruption

Google Chrome Audio Use-After-Free

CVE-2020-6429

Memory Corruption

Google Chrome Audio Use-After-Free

CVE-2020-6428

Memory Corruption

Google Chrome Audio Use-After-Free

CVE-2020-6427

Privilege Escalation

Google Chrome Policy Enforcement

CVE-2020-6425

Privilege Escalation

Google Chrome Same Origin Policy

CVE-2020-6420

Memory Corruption

Google Chrome Use-After-Free

CVE-2020-6424

Memory Corruption

Google Chrome v8 Heap-based

CVE-2020-6426

Memory Corruption

Google Chrome WebGL Use-After-Free

CVE-2020-6422

Information Disclosure

Google Closure Library URL Parser

CVE-2020-8910

Privilege Escalation

http4s Local File Inclusion

CVE-2020-5280

Privilege Escalation

Huawei P30 Access Control

CVE-2020-1800

Privilege Escalation

Huawei Smart Phone

CVE-2020-9066

Memory Corruption

Huawei Smart Phone Use-After-Free

CVE-2020-9065

Weak Encryption

IBM API Connect

CVE-2019-4553

Cross Site Scripting

IBM Tivoli Netcool Impact Web UI

CVE-2019-4681

Privilege Escalation

IBM WebSphere Application Server SOAP Connector

CVE-2020-4276

Cross Site Scripting

Jenkins Configuration Page Stored

CVE-2020-2161

Cross Site Request Forgery

Jenkins CSRF Protection

CVE-2020-2160

Cross Site Scripting

Jenkins File Upload Stored

CVE-2020-2162

Cross Site Scripting

Jenkins View Column Header Stored

CVE-2020-2163

Privilege Escalation

Keijiban Tsumiki OS

CVE-2020-5561

Weak Encryption

Kiali Default Key

CVE-2020-1764

Memory Corruption

Linux Kernel net.c get_raw_socket

CVE-2020-10942

Privilege Escalation

McAfee Application and Change Control DLL

CVE-2020-7260

SQL injection

Micro Focus Service Manager Automation

CVE-2020-9521

Cross Site Scripting

Micro Focus Vibe Stored

CVE-2020-9520

Memory Corruption

Microsoft Internet Explorer

CVE-2020-0824

Memory Corruption

Microsoft Internet Explorer Scripting Engine

CVE-2020-0830

Memory Corruption

Microsoft Internet Explorer Scripting Engine

CVE-2020-0768

Memory Corruption

Microsoft Internet Explorer Scripting Engine

CVE-2020-0833

Memory Corruption

Microsoft Internet Explorer Scripting Engine

CVE-2020-0832

Memory Corruption

Microsoft Internet Explorer VBScript

CVE-2020-0847

Memory Corruption

Microsoft Office Word

CVE-2020-0892

Memory Corruption

Microsoft Office Word

CVE-2020-0855

Memory Corruption

Microsoft Office Word

CVE-2020-0852

Memory Corruption

Microsoft Office Word

CVE-2020-0851

Memory Corruption

Microsoft Office Word

CVE-2020-0850

Privilege Escalation

Mozilla Firefox CSS Block Injection

CVE-2020-6813

spoofing

Mozilla Firefox Fullscreen

CVE-2020-6810

spoofing

Mozilla Firefox javascript URL

CVE-2020-6808

Memory Corruption

Mozilla Firefox

CVE-2020-6815

Information Disclosure

Mozilla Firefox Web Extension

CVE-2020-6809

Information Disclosure

Mozilla Firefox/Firefox ESR/Thunderbird AirPod

CVE-2020-6812

Command Injection

Mozilla Firefox/Firefox ESR/Thunderbird Devtools

CVE-2020-6811

Memory Corruption

Mozilla Firefox/Firefox ESR/Thunderbird

CVE-2020-6814

Memory Corruption

Mozilla Firefox/Firefox ESR/Thunderbird Promise Resolution

CVE-2020-6806

Memory Corruption

Mozilla Firefox/Firefox ESR/Thunderbird Quota Manager Use-After-Free

CVE-2020-6805

Memory Corruption

Mozilla Firefox/Firefox ESR/Thunderbird Use-After-Free

CVE-2020-6807

Privilege Escalation

Nginx Controller Controller API

CVE-2020-5863

Privilege Escalation

Nick Chan Bot npm Command Shell

CVE-2020-5282

Weak Authentication

openITCOCKPIT API Key

CVE-2020-10788

Cross Site Scripting

openITCOCKPIT

CVE-2020-10790

Server-Side Request Forgery

openITCOCKPIT GrafanaConfigurationController.php

CVE-2020-10791

Privilege Escalation

openITCOCKPIT Web-based Terminal SudoMessageInterface.php

CVE-2020-10789

Remote Code Execution

OpenShift Pipeline Plugin YAML Parser

CVE-2020-2167

XML External Entity

Osmand BinaryMapIndexReader.java

CVE-2020-10993

Cross Site Scripting

OTRS Community Edition Article

CVE-2020-1771

Information Disclosure

OTRS Community Edition Login Screen

CVE-2020-1769

Information Disclosure

OTRS Community Edition Password Reset

CVE-2020-1772

Weak Authentication

OTRS Community Edition Password Reset

CVE-2020-1773

Information Disclosure

OTRS Community Edition Support Bundle

CVE-2020-1770

Privilege Escalation

Perun Group Manager

CVE-2020-5281

Privilege Escalation

Phoenix Contact PC WORX SRT Permission

CVE-2020-10939

Privilege Escalation

Phoenix Contact PORTICO SERVER

CVE-2020-10940

Remote Code Execution

Pipeline: AWS Steps Plugin YAML Parser

CVE-2020-2166

Privilege Escalation

python-apt Hash package.py

CVE-2019-15796

Weak Authentication

python-apt MD5 package.py

CVE-2019-15795

Cross Site Scripting

RapidDeploy Plugin Package Name Stored

CVE-2020-2170

XML External Entity

RapidDeploy Plugin XML Parser

CVE-2020-2171

Information Disclosure

Samsung Mobile Devices Allshare

CVE-2019-20614

Privilege Escalation

Samsung Mobile Devices Bluetooth Stack

CVE-2019-20595

Denial of Service

Samsung Mobile Devices Broadcom Wi-Fi

CVE-2019-20612

SQL injection

Samsung Mobile Devices Contacts Time-Based

CVE-2019-20613

Memory Corruption

Samsung Mobile Devices CP Message Decoder

CVE-2020-10835

Privilege Escalation

Samsung Mobile Devices DeX Lockscreen

CVE-2020-10833

Memory Corruption

Samsung Mobile Devices Display Driver Stack-based

CVE-2020-10852

Privilege Escalation

Samsung Mobile Devices Emergency Mode

CVE-2019-20608

Memory Corruption

Samsung Mobile Devices Exynos Chipset

CVE-2020-10850

Memory Corruption

Samsung Mobile Devices Exynos Chipset Heap-based

CVE-2019-20621

Memory Corruption

Samsung Mobile Devices Exynos Chipset Heap-based

CVE-2019-20605

Memory Corruption

Samsung Mobile Devices Exynos Chipset Heap-based

CVE-2019-20594

Information Disclosure

Samsung Mobile Devices Exynos Chipset

CVE-2019-20625

Information Disclosure

Samsung Mobile Devices Exynos Chipset

CVE-2019-20596

Memory Corruption

Samsung Mobile Devices Exynos Chipset

CVE-2020-10836

Memory Corruption

Samsung Mobile Devices Exynos Chipset

CVE-2020-10832

Memory Corruption

Samsung Mobile Devices Exynos Chipset Stack-based

CVE-2019-20622

Memory Corruption

Samsung Mobile Devices Exynos Chipset Stack-based

CVE-2019-20611

Memory Corruption

Samsung Mobile Devices Exynos Chipset Stack-based

CVE-2019-20581

Memory Corruption

Samsung Mobile Devices Exynos9810 Chipset Use-After-Free

CVE-2019-20582

Weak Authentication

Samsung Mobile Devices Facial Recognition

CVE-2020-10847

Privilege Escalation

Samsung Mobile Devices Factory Reset Protection

CVE-2020-10855

Privilege Escalation

Samsung Mobile Devices Factory Reset Protection

CVE-2020-10839

Privilege Escalation

Samsung Mobile Devices Factory Reset Protection

CVE-2019-20615

Denial of Service

Samsung Mobile Devices Gallery

CVE-2019-20604

Information Disclosure

Samsung Mobile Devices Gallery

CVE-2020-10853

Information Disclosure

Samsung Mobile Devices Gallery

CVE-2019-20616

Information Disclosure

Samsung Mobile Devices Gallery

CVE-2019-20593

Information Disclosure

Samsung Mobile Devices Gallery Uninitialized Memory

CVE-2019-20623

Weak Authentication

Samsung Mobile Devices Gatekeeper Trustlet

CVE-2020-10849

SQL injection

Samsung Mobile Devices Gear VR Service Content Provider

CVE-2019-20591

Memory Corruption

Samsung Mobile Devices HDCP Trustlet

CVE-2019-20584

race condition

Samsung Mobile Devices hdcp2 Driver

CVE-2020-10843

Information Disclosure

Samsung Mobile Devices

CVE-2020-10854

Memory Corruption

Samsung Mobile Devices Kernel Driver Heap-based

CVE-2020-10829

Memory Corruption

Samsung Mobile Devices Keymaster Trustlet Heap-based

CVE-2019-20607

Memory Corruption

Samsung Mobile Devices kperfmon Driver Stack-based

CVE-2020-10851

Information Disclosure

Samsung Mobile Devices Lock Screen

CVE-2020-10834

Information Disclosure

Samsung Mobile Devices Lock Screen

CVE-2019-20598

Privilege Escalation

Samsung Mobile Devices Lock Screen

CVE-2019-20579

Memory Corruption

Samsung Mobile Devices MALI GPU Driver Use-After-Free

CVE-2019-20600

Memory Corruption

Samsung Mobile Devices

CVE-2020-10848

Memory Corruption

Samsung Mobile Devices MLDAP Trustlet Type Confusion

CVE-2019-20587

Information Disclosure

Samsung Mobile Devices Motion Photo Player

CVE-2019-20580

race condition

Samsung Mobile Devices MTP Use-After-Free

CVE-2020-10845

Information Disclosure

Samsung Mobile Devices Notifications

CVE-2020-10830

Privilege Escalation

Samsung Mobile Devices OEM

CVE-2020-10846

Unknown Vulnerability

Samsung Mobile Devices OMACP

CVE-2019-20606

Memory Corruption

Samsung Mobile Devices

CVE-2020-10844

Privilege Escalation

Samsung Mobile Devices Pin Window

CVE-2019-20618

Memory Corruption

Samsung Mobile Devices PROCA Use-After-Free

CVE-2020-10838

Memory Corruption

Samsung Mobile Devices Protected Memory

CVE-2019-20601

Denial of Service

Samsung Mobile Devices Qualcomm Chipset NULL Pointer Dereference

CVE-2019-20602

Denial of Service

Samsung Mobile Devices Qualcomm NULL Pointer Dereference

CVE-2019-20603

Memory Corruption

Samsung Mobile Devices SEC_FR Trustlet

CVE-2019-20585

Memory Corruption

Samsung Mobile Devices Secure Boot

CVE-2019-20578

Information Disclosure

Samsung Mobile Devices Secure Folder

CVE-2019-20617

Information Disclosure

Samsung Mobile Devices Secure Startup

CVE-2019-20619

Memory Corruption

Samsung Mobile Devices Secure Storage Integer Underflow

CVE-2019-20590

Memory Corruption

Samsung Mobile Devices SEM Trustlet

CVE-2019-20588

Privilege Escalation

Samsung Mobile Devices Settings App

CVE-2019-20620

Memory Corruption

Samsung Mobile Devices SKPM Trustlet

CVE-2019-20589

Information Disclosure

Samsung Mobile Devices Smartwatch

CVE-2019-20609

Privilege Escalation

Samsung Mobile Devices SPENgesture Log

CVE-2019-20597

SQL injection

Samsung Mobile Devices Story Video Editor Content Provider

CVE-2019-20592

Information Disclosure

Samsung Mobile Devices S-Voice

CVE-2019-20624

Memory Corruption

Samsung Mobile Devices TEEGRIS Stack-based

CVE-2020-10837

Memory Corruption

Samsung Mobile Devices TEEGRIS Type Confusion

CVE-2019-20586

Memory Corruption

Samsung Mobile Devices TEEGRIS Type Confusion

CVE-2019-20583

Code Execution

Samsung Mobile Devices Trustlet

CVE-2019-20610

Memory Corruption

Samsung Mobile Devices tsmux Driver

CVE-2020-10842

Privilege Escalation

Samsung Mobile Devices Update

CVE-2020-10831

Unknown Vulnerability

Samsung Mobile Devices vipx Driver

CVE-2020-10841

Unknown Vulnerability

Samsung Mobile Devices vipx Driver

CVE-2020-10840

Unknown Vulnerability

Samsung Mobile Devices Voice Assistant

CVE-2019-20599

Privilege Escalation

Serendipity PHP

CVE-2020-10964

Denial of Service

SonicWALL SMA1000 HTTP Extraweb Server Crash

CVE-2020-5129

Privilege Escalation

SUNNET eHRD Access Control

CVE-2020-10510

Information Disclosure

SUNNET eHRD Credentials

CVE-2020-10508

Cross Site Scripting

SUNNET eHRD

CVE-2020-10509

Code Execution

TechPowerUp GPU-Z GPU-Z.sys

CVE-2019-7245

Privilege Escalation

Telegram App Show Popup

CVE-2020-10570

Privilege Escalation

Teradici PCoIP Management Console Password Reset

CVE-2020-10965

Privilege Escalation

Totemo Totemomail WebMail

CVE-2020-7918

Privilege Escalation

TP-LINK AC1750 Firewall

CVE-2020-10887

Privilege Escalation

TP-LINK AC1750

CVE-2020-10885

Privilege Escalation

TP-LINK AC1750

CVE-2020-10883

Privilege Escalation

TP-LINK AC1750 Service Port 20002

CVE-2020-10884

Weak Authentication

TP-LINK AC1750 SSH Port Forwarding

CVE-2020-10888

Memory Corruption

TP-LINK AC1750 Stack-based

CVE-2020-10881

Privilege Escalation

TP-LINK AC1750 tdpServer Service

CVE-2020-10882

Privilege Escalation

TP-LINK AC1750 tmpServer Service

CVE-2020-10886

Denial of Service

TP-LINK Archer C5

CVE-2020-9375

Weak Encryption

UltraLog Express Device Management Interface Cleartext

CVE-2020-3921

Privilege Escalation

UltraLog Express Device Management Interface

CVE-2020-3920

SQL injection

UltraLog Express Device Management Interface

CVE-2020-3936

Cross Site Scripting

WL-Enq

CVE-2020-5559

Privilege Escalation

WL-Enq OS

CVE-2020-5560

Cross Site Scripting

WPForms Contact Form Stored

CVE-2020-10385