آسیبپذیریهای حیاتی هفته سوم آبانماه
در این هفته در بسیاری از محصولات پرکاربرد آسیبپذیریهای حیاتی کشف شده است. از مهمترین این آسیبپذیریها، آسیبپذیری است که در برخی از روترهای شرکت سیسکو یافت شده است. این روترها اگر از سفتافزار نسخههای پیش از ۴.۲.۳.۱۰ برخوردار باشند باید سریعاً بهروزرسانی شوند. قابل ذکر است که آسیبپذیریهای نرمافزار پایتون و مرورگر کروم نیز حیاتی است.
نوع آسیبپذیری |
محصول آسیبپذیر |
شناسه |
privilege escalation |
Drupal Session Lockout |
CVE-2010-2473 |
memory corruption |
shadow/sudo Session |
CVE-2005-4890 |
privilege escalation |
sudo Descriptor 3 |
CVE-2019-18684 |
memory corruption |
Linux Kernel V4L2 Subsystem vivid vivid_stop_generating_vid_cap() |
CVE-2019-18683 |
privilege escalation |
Linux Kernel |
CVE-2006-4243 |
memory corruption |
Linux Kernel audit.c aa_label_parse() |
CVE-2019-18814 |
unknown vulnerability |
Linux Kernel clocksource.c |
CVE-2010-2243 |
memory corruption |
Linux Kernel sysctl_net_ipv4.c tcp_ack_update_rtt() |
CVE-2019-18805 |
privilege escalation |
PHPOffice PhpSpreadsheet XML Data std_table.php XML External Entity |
CVE-2019-12331 |
Code Execution |
php-gettext Plural Form Formula Remote |
CVE-2015-8980 |
Remote Code Execution |
Python Software Foundation Djblets eval() |
CVE-2013-4409 |
weak authentication |
Python PIP DNS Query Man-in-the-Middle |
CVE-2013-5123 |
unknown vulnerability |
Google Chrome |
CVE-2019-13720 |
unknown vulnerability |
Google Chrome |
CVE-2019-13721 |
unknown vulnerability |
Google Chrome Blink AnimationControllerPrivate |
CVE-2011-2336 |
unknown vulnerability |
Google Chrome Blink |
CVE-2011-2337 |
memory corruption |
Google Chrome WebKit replaceDocument |
CVE-2011-2353 |
unknown vulnerability |
Google Chrome WebKit Timer.cpp |
CVE-2011-2807 |
memory corruption |
Google Chrome WebKit fillRect |
CVE-2011-1298 |
unknown vulnerability |
Google Chrome WebKit |
CVE-2011-2808 |
unknown vulnerability |
Google Chrome WebKit |
CVE-2011-1460 |
privilege escalation |
Redhat vsdm Temp File |
CVE-2013-4280 |
weak authentication |
Red Hat Enterprise Virtualization Manager SSL Certificate Verification Service Man-in-the-Middle |
CVE-2009-3552 |
unknown vulnerability |
Apache Arrow Parquet Uninitialized Memory |
CVE-2019-12410 |
unknown vulnerability |
Apache Arrow Array Uninitialized Memory |
CVE-2019-12408 |
memory corruption |
ARM Mbed OS CoAP Library sn_coap_builder_calc_needed_packet_data_size_2() |
CVE-2019-17211 |
memory corruption |
ARM Mbed OS CoAP Library sn_coap_parser_options_parse() |
CVE-2019-17212 |
Code Execution |
Centrify Authentication and Privileged Elevation Services |
CVE-2019-18631 |
information disclosure |
Cisco Enterprise Chat and Email HTTP API |
CVE-2019-1877 |
privilege escalation |
Cisco Firepower Threat Defense Software HTTP Traffic Filter |
CVE-2019-1982 |
privilege escalation |
Cisco Firepower Threat Defense Software Normalization |
CVE-2019-1981 |
privilege escalation |
Cisco Firepower Threat Defense Software Protocol Detection |
CVE-2019-1980 |
privilege escalation |
Cisco Firepower Threat Defense Software Stream Reassembly |
CVE-2019-1978 |
Arbitrary Command Execution Vulnerability |
Cisco Small Business RV016, RV042, RV042G, and RV082 Routers |
CVE-2019-15271 |
Command Injection Vulnerability |
Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 |
CVE-2019-15957 |
Unauthorized Device Reset Vulnerability |
Cisco Web Security Appliance |
CVE-2019-15956 |
Denial of Service Vulnerability |
Cisco Wireless LAN Controller HTTP Parsing Engine |
CVE-2019-15276 |
Arbitrary Code Execution Vulnerabilities |
Cisco Webex Network Recording Player and Cisco Webex Player |
CVE-2019-15283 CVE-2019-15284 CVE-2019-15285 CVE-2019-15286 CVE-2019-15287 |
Privilege Escalation Vulnerability |
Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software |
CVE-2019-15288 |
Denial of Service Vulnerabilities |
Cisco TelePresence Collaboration Endpoint and RoomOS Software |
CVE-2019-15289 |
Remote Code Execution Vulnerability |
Cisco Prime Infrastructure and Evolved Programmable Network Manager |
CVE-2019-15958 |
directory traversal |
Atlassian Jira Service Desk Server Customer Context Filter |
CVE-2019-15004 |
Code Execution |
NVIDIA GeForce Experience GameStream |
CVE-2019-5701 |
privilege escalation |
NVIDIA Virtual GPU Manager Guest Access |
CVE-2019-5697 |
memory corruption |
NVIDIA Virtual GPU Manager Guest VM Out-of-Bounds |
CVE-2019-5696 |
Code Execution |
NVIDIA Windows GPU Display Driver DLL Loader |
CVE-2019-5694 |
memory corruption |
NVIDIA Windows GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape |
CVE-2019-5692 |
memory corruption |
NVIDIA Windows GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape |
CVE-2019-5691 |
memory corruption |
NVIDIA Windows GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape |
CVE-2019-5690 |
Code Execution |
NVIDIA GeForce Experience Downloader |
CVE-2019-5689 |
privilege escalation |
IBM QRadar Advisor Blacklist privilege escalation |
CVE-2019-4556 |
privilege escalation |
IBM Cognos Analytics Web Server XML External Entity |
CVE-2018-1721 |
unknown vulnerability |
Qualcomm Snapdragon Auto ADSP |
CVE-2019-10491 |
memory corruption |
Qualcomm Snapdragon Auto Array Index |
CVE-2019-10533 |
memory corruption |
Qualcomm Snapdragon Auto Array Index Out-of-Bounds |
CVE-2019-2258 |
memory corruption |
Qualcomm Snapdragon Auto Audio |
CVE-2019-10512 |
Use-After-Free |
Qualcomm Snapdragon Auto clk Driver |
CVE-2019-10524 |
unknown vulnerability |
Qualcomm Snapdragon Auto Crypto Engine |
CVE-2019-2323 |
memory corruption |
Qualcomm Snapdragon Auto Data Structure |
CVE-2019-10496 |
unknown vulnerability |
Qualcomm Snapdragon Auto DCI Client |
CVE-2019-10515 |
memory corruption |
Qualcomm Snapdragon Auto Entry Page set_page_dirty() |
CVE-2019-10529 |
unknown vulnerability |
Qualcomm Snapdragon Auto FLV Clip |
CVE-2019-10541 |
memory corruption |
Qualcomm Snapdragon Auto Header |
CVE-2019-10542 |
memory corruption |
Qualcomm Snapdragon Auto HEVC Encoding/AVC Encoding |
CVE-2019-10495 |
Out-of-Bounds |
Qualcomm Snapdragon Auto IE Measurement |
CVE-2019-10505 |
Integer Overflow |
Qualcomm Snapdragon Auto |
CVE-2019-2331 |
unknown vulnerability |
Qualcomm Snapdragon Auto Kernel |
CVE-2019-2249 |
memory corruption |
Qualcomm Snapdragon Auto Key Blob Deserialization |
CVE-2019-2275 |
memory corruption |
Qualcomm Snapdragon Auto mdlog Session Use-After-Free |
CVE-2019-10528 |
memory corruption |
Qualcomm Snapdragon Auto |
CVE-2019-2332 |
memory corruption |
Qualcomm Snapdragon Auto |
CVE-2019-10531 |
memory corruption |
Qualcomm Snapdragon Auto |
CVE-2019-10522 |
memory corruption |
Qualcomm Snapdragon Auto Out-of-Bounds |
CVE-2019-2285 |
memory corruption |
Qualcomm Snapdragon Auto Out-of-Bounds |
CVE-2019-2283 |
memory corruption |
Qualcomm Snapdragon Auto Sensor Power Double-Free |
CVE-2019-10565 |
memory corruption |
Qualcomm Snapdragon Auto Thread |
CVE-2019-2246 |
memory corruption |
Qualcomm Snapdragon Auto Vendor Command Integer Overflow |
CVE-2019-2302 |
memory corruption |
Qualcomm Snapdragon Compute Camera Module Stack-based |
CVE-2019-10502 |