آسیب‌پذیری‌های حیاتی هفته سوم آذر‌ماه

این هفته آسیب‌پذیری‌های «پرخطر» بسیاری در محصولات مهم Apache گزارش و وصله‌ها و به‌روزرسانی‌هایی به منظور رفع آن‌ها ارائه شد. همچنین در محصولات شرکت‌های Apple، Google Chrome، Huawei، Schneider Electric و کرنل لینوکس چندین آسیب‌پذیری «پرخطر» وجود داشت.

لیست این آسیب‌پذیری‌ها به همراه لینک وصله‌ها و به‌روزرسانی‌های ارائه‌شده در جدول زیر آمده است.

شناسه آسیب‌پذیری	امتیاز مبنا	عنوان آسیب‌پذیری	ارزش روز صفر	رفع آسیب‌پذیری
CVE-2020-29279	۶.۳	۷۴CMS BaseController.class.php assign_resume_tpl file inclusion	$۲k-$5k	Official Fix
CVE-2020-23738	۵.۵	Advanced SystemCare denial of service	$۰-$۱k	Not Defined
CVE-2020-6111	۳.۵	Allen-Bradley MicroLogix 1100 denial of service	$۰-$۱k	Not Defined
CVE-2020-28175	۵.۳	Almico Speedfan access control	$۱k-$2k	Not Defined
CVE-2020-23727	۵.۵	Antiy Zhijia Terminal Defense System denial of service	$۰-$۱k	Not Defined
CVE-2020-23741	۳.۳	AnyView Monitoring Software denial of service	$۰-$۱k	Not Defined
CVE-2020-11990	۵.۵	Apache Cordova Camera Plugin access control	$۱۰k-$25k	Not Defined
CVE-2020-13956	۵.۵	Apache HttpClient URI Object unknown vulnerability	$۱۰k-$25k	Official Fix
CVE-2020-17527	۳.۷	Apache Tomcat Request Header information disclosure	$۵k-$10k	Not Defined
CVE-2020-25266	۵.۵	AppImage appimaged MP3 File unknown vulnerability	$۲k-$5k	Official Fix
CVE-2020-25265	۴.۶	AppImage libappimage Desktop File path traversal	$۱k-$2k	Official Fix
CVE-2020-10002	۳.۳	Apple iCloud Foundation state issue	$۲k-$5k	Official Fix
CVE-2020-9961	۶.۳	Apple iCloud ImageIO out-of-bounds read	$۵k-$10k	Official Fix
CVE-2020-9876	۶.۳	Apple iCloud ImageIO out-of-bounds write	$۱۰k-$25k	Official Fix
CVE-2020-27912	۶.۳	Apple iCloud ImageIO out-of-bounds write	$۱۰k-$25k	Official Fix
CVE-2020-27911	۶.۳	Apple iCloud libxml2 integer overflow	$۱۰k-$25k	Official Fix
CVE-2020-9981	۶.۳	Apple iCloud libxml2 use after free	$۱۰k-$25k	Official Fix
CVE-2020-27917	۶.۳	Apple iCloud libxml2 use after free	$۱۰k-$25k	Official Fix
CVE-2020-13631	۳.۵	Apple iCloud SQLite denial of service	$۲k-$5k	Official Fix
CVE-2020-13435	۴.۳	Apple iCloud SQLite denial of service	$۲k-$5k	Official Fix
CVE-2020-13434	۴.۳	Apple iCloud SQLite denial of service	$۲k-$5k	Official Fix
CVE-2020-9849	۴.۳	Apple iCloud SQLite information disclosure	$۵k-$10k	Official Fix
CVE-2020-13630	۶.۳	Apple iCloud SQLite memory corruption	$۱۰k-$25k	Official Fix
CVE-2020-9983	۶.۳	Apple iCloud WebKit out-of-bounds write	$۱۰k-$25k	Official Fix
CVE-2020-9951	۶.۳	Apple iCloud WebKit use after free	$۱۰k-$25k	Official Fix
CVE-2020-9947	۶.۳	Apple iCloud WebKit use after free	$۱۰k-$25k	Official Fix
CVE-2020-27918	۶.۳	Apple iCloud WebKit use after free	$۱۰k-$25k	Official Fix
CVE-2020-27918	۴.۳	Apple iCloud WebKit use after free	$۱۰k-$25k	Official Fix
CVE-2020-9951	۶.۳	Apple iCloud WebKit use after free	$۱۰k-$25k	Official Fix
CVE-2020-28993	۶.۳	ATX miniCMTS200a Broadband Gateway/Pico CMTS pathname traversal	$۱k-$2k	Not Defined
CVE-2020-11867	۴.۳	Audacity audacity-$USER temp file	$۲k-$5k	Not Defined
CVE-2020-14193	۶.۳	Automation Template classes injection	$۲k-$5k	Official Fix
CVE-2020-28206	۳.۷	Bitrix Framework excessive authentication	$۱k-$2k	Not Defined
CVE-2020-29282	۷.۳	BloodX sql injection	$۲k-$5k	Not Defined
CVE-2020-16849	۴.۳	Canon MF237w IPv4/ICMPv4 information disclosure	$۱k-$2k	Not Defined
CVE-2020-5423	۵.۳	CAPI YAML Parser resource consumption	$۰-$۱k	Official Fix
CVE-2020-29287	۷.۳	Car Rental Management System view_car.php sql injection	$۲k-$5k	Not Defined
CVE-2020-2323	۵.۵	Chaos Monkey Plugin authorization	$۱k-$2k	Not Defined
CVE-2020-2322	۳.۵	Chaos Monkey Plugin Read memory leak	$۰-$۱k	Not Defined
CVE-2020-6021	۶.۳	Check Point Endpoint Security Client Installation uncontrolled search path	$۲k-$5k	Official Fix
CVE-2020-25693	۵.۵	CImg load_pnm heap-based buffer overflow	$۲k-$5k	Official Fix
CVE-2017-14451	۷.۳	cpp-ethereum libevm Smart Contract Code out-of-bounds write	$۲k-$5k	Not Defined
CVE-2020-29389	۶.۳	Crux Linux Docker Image credentials management	$۲k-$5k	Not Defined
CVE-2020-2324	۵.۵	CVS Plugin XML Parser xml external entity reference	$۱k-$2k	Not Defined
CVE-2020-29394	۵.۵	dlt-daemon Diagnostic Log dlt_common.c dlt_filter_load buffer overflow	$۲k-$5k	Not Defined
CVE-2020-23740	۵.۳	DriverGenius Driver Wizard access control	$۱k-$2k	Not Defined
CVE-2020-5799	۵.۵	Eat Spray Love mobile App backdoor	$۱k-$2k	Not Defined
CVE-2020-5800	۶.۳	Eat Spray Love mobile App improper authentication	$۱k-$2k	Not Defined
CVE-2020-5680	۴.۳	EC-CUBE denial of service	$۰-$۱k	Not Defined
CVE-2020-5679	۳.۵	EC-CUBE UI Layer clickjacking	$۱k-$2k	Not Defined
CVE-2020-26762	۷.۳	Edimax IC-3116W/IC-3140W GET Request ipcam_cgi doGetSysteminfo stack-based buffer overflow	$۲k-$5k	Official Fix
CVE-2020-27816	۶.۳	elasticsearch-operator-container Namespace Validator redirect	$۱k-$2k	Official Fix
CVE-2020-25649	۵.۵	FasterXML Jackson Databind xml external entity reference	$۱k-$2k	Not Defined
CVE-2020-7469	۷.۳	FreeBSD ICMPv6 use after free	$۱۰k-$25k	Official Fix
CVE-2020-25577	۷.۳	FreeBSD rtsold memory corruption	$۱۰k-$25k	Official Fix
CVE-2020-29573	۵.۵	GNU C Library ldbl2mpn.c sprintf stack-based buffer overflow	$۲k-$5k	Official Fix
CVE-2020-29562	۳.۵	GNU C Library UCS4 Text denial of service	$۰-$۱k	Not Defined
CVE-2020-16037	۶.۳	Google Chrome Clipboard use after free	$۵۰k-$100k	Official Fix
CVE-2020-16039	۶.۳	Google Chrome Extension use after free	$۵۰k-$100k	Official Fix
CVE-2020-16038	۶.۳	Google Chrome Media use after free	$۵۰k-$100k	Official Fix
CVE-2020-16041	۶.۳	Google Chrome Networking out-of-bounds read	$۲۵k-$50k	Official Fix
CVE-2020-16040	۶.۳	Google Chrome V8 Remote Code Execution	$۵۰k-$100k	Official Fix
CVE-2020-16042	۶.۳	Google Chrome V8 uninitialized pointer	$۵۰k-$100k	Official Fix
CVE-2020-5678	۳.۵	GROWI cross site scripting	$۰-$۱k	Not Defined
CVE-2020-5677	۳.۵	GROWI cross site scripting	$۰-$۱k	Not Defined
CVE-2020-5676	۴.۳	GROWI information disclosure	$۱k-$2k	Not Defined
CVE-2020-29288	۷.۳	Gym Management System manage_user.php sql injection	$۲k-$5k	Not Defined
CVE-2020-29529	۵.۵	Hashicorp go-slug pathname traversal	$۱k-$2k	Official Fix
CVE-2020-14260	۵.۵	HCL Domino DXL buffer overflow	$۲k-$5k	Not Defined
CVE-2020-4128	۵.۳	HCL Domino ID Vault Service excessive authentication	$۱k-$2k	Not Defined
CVE-2020-4129	۵.۳	HCL Domino LDAP Service excessive authentication	$۱k-$2k	Official Fix
CVE-2020-4127	۴.۳	HCL Domino Login cross-site request forgery	$۰-$۱k	Official Fix
CVE-2020-4126	۳.۷	HCL iNotes HTTP Session cleartext transmission	$۰-$۱k	Official Fix
CVE-2020-4102	۵.۵	HCL Notes DXL buffer overflow	$۲k-$5k	Not Defined
CVE-2020-25638	۶.۳	hibernate-core JPA Criteria API sql injection	$۱k-$2k	Not Defined
CVE-2020-7199	۶.۳	HPE Edgeline Infrastructure Manager Remote Privilege Escalation	$۱۰k-$25k	Not Defined
CVE-2020-9114	۵.۵	Huawei FusionCompute Administrator access control	$۱۰k-$25k	Not Defined
CVE-2020-9116	۶.۳	Huawei FusionCompute command injection	$۱۰k-$25k	Not Defined
CVE-2020-9247	۵.۵	Huawei Honor 20 Pro Configuration Parameter buffer overflow	$۱۰k-$25k	Not Defined
CVE-2020-9115	۵.۵	Huawei ManageOne Plugin command injection	$۱۰k-$25k	Not Defined
CVE-2020-9117	۵.۵	Huawei Nova 4/SydneyM-AL00 out-of-bounds write	$۱۰k-$25k	Official Fix
CVE-2020-27772	۵.۵	ImageMagick bmp.c integer overflow	$۲k-$5k	Official Fix
CVE-2020-27760	۴.۳	ImageMagick enhance.c GammaImage divide by zero	$۰-$۱k	Official Fix
CVE-2020-27773	۳.۵	ImageMagick gem-private.h divide by zero	$۰-$۱k	Official Fix
CVE-2020-27762	۳.۵	ImageMagick hdr.c integer overflow	$۱k-$2k	Official Fix
CVE-2020-27761	۵.۵	ImageMagick palm.c WritePALMImage integer overflow	$۲k-$5k	Official Fix
CVE-2020-27771	۵.۵	ImageMagick pdf.c RestoreMSCWarning integer overflow	$۲k-$5k	Official Fix
CVE-2020-27759	۳.۵	ImageMagick quantize.c IntensityCompare integer overflow	$۱k-$2k	Official Fix
CVE-2020-27775	۵.۵	ImageMagick quantum.h integer overflow	$۲k-$5k	Official Fix
CVE-2020-27767	۵.۵	ImageMagick quantum.h integer overflow	$۲k-$5k	Official Fix
CVE-2020-27763	۳.۵	ImageMagick resize.c divide by zero	$۰-$۱k	Official Fix
CVE-2020-27765	۳.۵	ImageMagick segment.c divide by zero	$۰-$۱k	Official Fix
CVE-2020-27764	۳.۵	ImageMagick statistic.c ApplyEvaluateOperator integer overflow	$۱k-$2k	Official Fix
CVE-2020-27776	۵.۵	ImageMagick statistic.c integer overflow	$۲k-$5k	Official Fix
CVE-2020-27774	۵.۵	ImageMagick statistic.c integer overflow	$۲k-$5k	Official Fix
CVE-2020-27766	۵.۵	ImageMagick statistic.c integer overflow	$۲k-$5k	Official Fix
CVE-2020-27770	۵.۵	ImageMagick SubstituteString integer overflow	$۲k-$5k	Official Fix
CVE-2020-25711	۵.۵	Infinispan REST API access control	$۱k-$2k	Not Defined
CVE-2020-5798	۸.۰	inSync Client Installer improper validation of integrity check value	$۲k-$5k	Not Defined
CVE-2020-26513	۶.۳	Intland codeBeamer ALM ReqIF XML Data xml external entity reference	$۱k-$2k	Official Fix
CVE-2020-28950	۶.۳	Kaspersky Anti-Ransomware Tool uncontrolled search path	$۲k-$5k	Official Fix
CVE-2020-27151	۸.۰	Kata Containers unknown vulnerability	$۲k-$5k	Official Fix
CVE-2020-28272	۶.۳	keyget Prototype code injection	$۲k-$5k	Official Fix
CVE-2020-8351	۵.۳	Lenovo PCManager config	$۱k-$2k	Official Fix
CVE-2020-14339	۵.۵	libvirt File Descriptor control missing release of resource	$۰-$۱k	Not Defined
CVE-2017-2910	۶.۳	libxls XLS File xls_addCell out-of-bounds write	$۲k-$5k	Not Defined
CVE-2020-14381	۵.۳	Linux Kernel futex use after free	$۵k-$10k	Official Fix
CVE-2020-14351	۵.۳	Linux Kernel perf Subsystem use after free	$۵k-$10k	Not Defined
CVE-2020-25704	۳.۳	Linux Kernel Performance Monitoring Subsystem resource consumption	$۱k-$2k	Official Fix
CVE-2020-29534	۵.۵	Linux Kernel Reference execve unknown vulnerability	$۱۰k-$25k	Official Fix
CVE-2020-14305	۷.۳	Linux Kernel Voice over IP H.‎323 Connection Tracking out-of-bounds write	$۱۰k-$25k	Not Defined
CVE-2020-13542	۷.۸	LogicalDoc permission	$۲k-$5k	Not Defined
CVE-2020-7335	۵.۳	McAfee Total Protection Microsoft Windows Client access control	$۵k-$10k	Official Fix
CVE-2020-5675	۴.۳	Mitsubishi Electric GT2107-WTBD out-of-bounds read	$۱k-$2k	Not Defined
CVE-2020-16850	۷.۵	Mitsubishi Electric MELSEC iQ-R denial of service	$۰-$۱k	Not Defined
CVE-2020-25463	۴.۳	Moddable SDK xsCommon.c fxUTF8Decode denial of service	$۰-$۱k	Official Fix
CVE-2020-25464	۶.۳	Moddable SDK xsDebug.c heap-based buffer overflow	$۲k-$5k	Official Fix
CVE-2020-25461	۴.۳	Moddable SDK xsProxy.c fxProxyGetter denial of service	$۰-$۱k	Official Fix
CVE-2020-25462	۶.۳	Moddable SDK xsSyntaxical.c fxCheckArrowFunction heap-based buffer overflow	$۲k-$5k	Official Fix
CVE-2020-25465	۴.۳	Moddable SDK xsSyntaxical.c:3419 xObjectBindingFromExpression denial of service	$۰-$۱k	Official Fix
CVE-2020-26970	۵.۵	Mozilla Thunderbird SMTP Server Response Code stack-based buffer overflow	$۲۵k-$50k	Official Fix
CVE-2020-29284	۷.۳	Multi Restaurant Table Reservation System view-chair-list.php sql injection	$۲k-$5k	Not Defined
CVE-2020-28251	۸.۰	Netscout AirMagnet Enterprise Sensor access control	$۲k-$5k	Not Defined
CVE-2020-28938	۳.۵	OpenClinic Check.php cross site scripting	$۰-$۱k	Not Defined
CVE-2020-28937	۴.۳	OpenClinic direct request	$۲k-$5k	Not Defined
CVE-2020-28939	۵.۵	OpenClinic test_new.php unrestricted upload	$۱k-$2k	Not Defined
CVE-2020-27408	۶.۳	openSIS Community Edition ResetUserInfo.php access control	$۲k-$5k	Not Defined
CVE-2020-27409	۳.۵	openSIS Community Edition SideForStudent.php cross site scripting	$۰-$۱k	Official Fix
CVE-2020-12524	۵.۳	Phoenix Contact BTP 2043W/BTP 2070W/BTP 2102W resource consumption	$۰-$۱k	Not Defined
CVE-2020-13498	۳.۵	Pixar OpenUSD Encoding out-of-bounds read	$۰-$۱k	Not Defined
CVE-2020-13497	۴.۳	Pixar OpenUSD Encoding out-of-bounds read	$۱k-$2k	Not Defined
CVE-2020-13496	۴.۳	Pixar OpenUSD Encoding out-of-bounds read	$۱k-$2k	Not Defined
CVE-2020-13531	۶.۳	Pixar OpenUSD USD File Ha USD File Handler use after free	$۲k-$5k	Not Defined
CVE-2020-13493	۶.۳	Pixar OpenUSD USD File heap-based buffer overflow	$۲k-$5k	Not Defined
CVE-2020-13524	۴.۳	Pixar OpenUSD USD File out-of-bounds read	$۱k-$2k	Not Defined
CVE-2020-13494	۴.۳	Pixar OpenUSD USD File out-of-bounds read	$۱k-$2k	Not Defined
CVE-2020-28923	۵.۵	Play Framework Java API unknown vulnerability	$۲k-$5k	Official Fix
CVE-2020-2320	۵.۰	Plugin Installation Manager Tool Plugin Download code download	$۱k-$2k	Not Defined
CVE-2020-26244	۴.۶	Python oic cryptographic issues	$۰-$۱k	Official Fix
CVE-2020-27783	۳.۵	python-lxml Clean Module cross site scripting	$۰-$۱k	Not Defined
CVE-2020-28916	۳.۵	QEMU RX Descriptor e1000e_core.c infinite loop	$۲k-$5k	Not Defined
CVE-2020-25723	۳.۵	QEMU USB EHCI Emulation assertion	$۲k-$5k	Not Defined
CVE-2020-27585	۴.۲	Quick Heal Total Security excessive authentication	$۰-$۱k	Official Fix
CVE-2020-27587	۳.۹	Quick Heal Total Security File Vault excessive authentication	$۰-$۱k	Official Fix
CVE-2020-27586	۳.۵	Quick Heal Total Security Quarantine inadequate encryption	$۰-$۱k	Official Fix
CVE-2020-14383	۳.۵	Samba DNS Server denial of service	$۰-$۱k	Not Defined
CVE-2020-14318	۳.۵	Samba privileges assignment	$۱k-$2k	Not Defined
CVE-2020-7547	۵.۵	Schneider Electric EcoStruxure/SmartStruxure access control	$۱k-$2k	Not Defined
CVE-2020-7545	۵.۵	Schneider Electric EcoStruxure/SmartStruxure access control	$۱k-$2k	Not Defined
CVE-2020-7546	۳.۵	Schneider Electric EcoStruxure/SmartStruxure Web Page Generation cross site scripting	$۰-$۱k	Not Defined
CVE-2020-7533	۶.۳	Schneider Electric Modicon Quantum/ModiconPremium Legacy Communication Module credentials management	$۲k-$5k	Not Defined
CVE-2020-7548	۴.۳	Schneider Electric Smartlink/PowerTag/Wiser Series Gateway random values	$۰-$۱k	Not Defined
CVE-2020-28273	۶.۳	set-in Prototype code injection	$۲k-$5k	Official Fix
CVE-2020-29439	۶.۳	Tesla Model X Authentication improper authentication	$۱k-$2k	Official Fix
CVE-2020-29440	۶.۳	Tesla Model X Pairing certificate validation	$۱k-$2k	Official Fix
CVE-2020-29438	۳.۵	Tesla Model X Signature Verification signature verification	$۰-$۱k	Official Fix
CVE-2020-28583	۴.۳	Trend Micro Apex One/OfficeScan XG information disclosure	$۵k-$10k	Not Defined
CVE-2020-28582	۴.۳	Trend Micro Apex One/OfficeScan XG information disclosure	$۵k-$10k	Not Defined
CVE-2020-28577	۴.۳	Trend Micro Apex One/OfficeScan XG information disclosure	$۵k-$10k	Not Defined
CVE-2020-28576	۴.۳	Trend Micro Apex One/OfficeScan XG information disclosure	$۵k-$10k	Not Defined
CVE-2020-28573	۴.۳	Trend Micro Apex One/OfficeScan XG information disclosure	$۵k-$10k	Not Defined
CVE-2020-28575	۵.۰	Trend Micro ServerProtect for Linux heap-based buffer overflow	$۱۰k-$25k	Not Defined
CVE-2020-29454	۵.۵	Umbraco LogViewerController.cs access control	$۱k-$2k	Not Defined
CVE-2020-29441	۷.۳	Upload Widget in OutSystems Platform unrestricted upload	$۲k-$5k	Official Fix
CVE-2020-6018	۶.۳	Valve Game Networking Sockets libsodium Decrypt stack-based buffer overflow	$۲k-$5k	Official Fix
CVE-2020-6017	۶.۳	Valve Game Networking Sockets Plain-Text Message SNP_ReceiveUnreliableSegment heap-based buffer overflow	$۲k-$5k	Official Fix
CVE-2020-29280	۷.۳	Victor CMS search.php sql injection	$۲k-$5k	Not Defined
CVE-2020-13584	۶.۳	WebKit WebKitGTK Web Page use after free	$۲k-$5k	Not Defined
CVE-2020-13543	۶.۳	WebKit WebKitGTK Websocket use after free	$۲k-$5k	Not Defined
CVE-2020-25181	۵.۵	WECON PLC Editor heap-based buffer overflow	$۲k-$5k	Not Defined
CVE-2020-25177	۵.۵	WECON PLC Editor stack-based buffer overflow	$۲k-$5k	Not Defined
CVE-2020-28970	۶.۳	Western Digital My Cloud OS Cookie improper authentication	$۱k-$2k	Official Fix
CVE-2020-28971	۶.۳	Western Digital My Cloud OS improper authentication	$۱k-$2k	Official Fix
CVE-2020-28940	۴.۳	Western Digital My Cloud OS NAS Admin Dashboard improper authentication	$۰-$۱k	Official Fix
CVE-2020-23726	۵.۵	Wise Care 365 denial of service	$۰-$۱k	Not Defined
CVE-2020-27177	۶.۳	Xerox DocuShare XML xml entity expansion	$۲k-$5k	Official Fix
CVE-2020-6880	۷.۳	ZXELINK ZXV10 W908 sql injection	$۲k-$5k	Official Fix

سطح خطر حدود ۸% آسیب‌پذیری‌های هفته، «پرخطر» و «حیاتی» برآورد شده است.

ارزش روز صفرم ۲۰% آسیب‌پذیری‌های هفته بیش از ۵۰۰۰ دلار بوده است.

متأسفانه تنها برای ۴۹% آسیب‌پذیری‌‌های هفته، به‌روزرسانی‌ها و یا وصله‌هایی رسماً ارائه شده که برای جلوگیری از سوءاستفاده ازآسیب‌پذیری‌ها بهتر است سریعاً اعمال شوند.

خدمات آپا

سایر آسیب پذیری ها

آسیب‌پذیری‌های حیاتی هفته سوم آذر‌ماه