info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته سوم فروردین‌ماه

 

این هفته در محصولات مهم سیسکو، IBM و Apache چندین آسیب‌پذیری با سطح خطر «حیاتی» و «بالا» شناسایی شد. همچنین محصولات پرکاربرد شرکت‌های Avast و McAfee ، مرورگر محبوب Mozilla Firefox  و کرنل لینوکس نیز چندین آسیب‌پذیری حیاتی داشتند. افزونۀ پرکاربرد WordPress Auth0(با بیش از ۴ هزار نصب فعال) نیز آسیب‌پذیری‌های با سطح خطر « حیاتی» داشت. بیشتر آسیب‌پذیری‌های این هفته از نوع ارتقاء امتیاز بودند.

نوع آسیب‌پذیری

محصول آسیب‌پذیری

شناسه آسیب‌پذیری

Memory Corruption

۳S-Smart CODESYS GatewayService Name Service Client GatewayService.exe

CVE-2019-5105

Information Disclosure

ABB eSOMS ASP.NET Viewstate

CVE-2019-19092

SQL Injection

ABB eSOMS Backend Database

CVE-2019-19094

Cross Site Scripting

ABB eSOMS Content Security Policy

CVE-2019-19002

Information Disclosure

ABB eSOMS HTTP Header

CVE-2019-19000

Cross Site Scripting

ABB eSOMS httponly

CVE-2019-19003

Information Disclosure

ABB eSOMS HTTPS Response

CVE-2019-19091

Weak Authentication

ABB eSOMS Password Complexity

CVE-2019-19093

Information Disclosure

ABB eSOMS Password Storage

CVE-2019-19096

Weak Encryption

ABB eSOMS Secure Flag

CVE-2019-19090

Cross Site Scripting

ABB eSOMS Stored

CVE-2019-19095

Weak Encryption

ABB eSOMS

CVE-2019-19097

Cross Site Scripting

ABB eSOMS X-Content-Type-Options Header

CVE-2019-19089

Privilege Escalation

ABB eSOMS X-Frame-Options Clickjacking

CVE-2019-19001

Information Disclosure

Advantech WebAccess RPC

CVE-2019-3942

Memory Corruption

Advantech WebAccess Stack-based

CVE-2020-10607

unknown vulnerability

Apache CXF JMX Man-in-the-Middle

CVE-2020-1954

Privilege Escalation

Apache Druid LDAP Authentication

CVE-2020-1958

Privilege Escalation

Apache Dubbo Deserialization

CVE-2019-17564

Memory Corruption

Apache HTTP Server mod_proxy_ftp Uninitialized Memory

CVE-2020-1934

Privilege Escalation

Apache HTTP Server mod_rewrite

CVE-2020-1927

Weak Authentication

Apache NetBeans AutoUpdate

CVE-2019-17561

Weak Authentication

Apache NetBeans AutoUpdate

CVE-2019-17560

Cross Site Scripting

Apache OFBiz stream

CVE-2020-1943

Privilege Escalation

Apache Solr Node

CVE-2018-11802

Cross Site Request Forgery

Auth0 Plugin

CVE-2020-5391

Privilege Escalation

Auth0 Plugin Export CSV Injection

CVE-2020-7947

Cross Site Scripting

Auth0 Plugin Login Stored

CVE-2020-6753

Privilege Escalation

Auth0 Plugin

CVE-2020-7948

Cross Site Scripting

Auth0 Plugin Settings Page Stored

CVE-2020-5392

Information Disclosure

Avast Access Point TaskEx Library AvastSvc.exe

CVE-2020-10866

Denial of Service

Avast Antivirus aswAvLog Log Library AvastSvc.exe

CVE-2020-10860

Denial of Service

Avast Antivirus TaskEx Library AvastSvc.exe

CVE-2020-10864

Denial of Service

Avast Antivirus TaskEx Library AvastSvc.exe

CVE-2020-10863

Denial of Service

Avast Antivirus TaskEx Library AvastSvc.exe

CVE-2020-10861

Privilege Escalation

Avast Antivirus TaskEx Library AvastSvc.exe

CVE-2020-10868

Privilege Escalation

Avast Antivirus TaskEx Library AvastSvc.exe

CVE-2020-10867

Privilege Escalation

Avast Antivirus TaskEx Library AvastSvc.exe

CVE-2020-10865

Privilege Escalation

Avast Antivirus TaskEx Library AvastSvc.exe

CVE-2020-10862

XML External Entity

Azkaban XmlValidatorManager.java

CVE-2020-10992

Weak Authentication

CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP RTSP Service

CVE-2020-9349

Weak Authentication

CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP Telnet Service

CVE-2020-6852

Privilege Escalation

Cisco Unified Contact Center Express

CVE-2019-1888

Cross-Site Scripting

Cisco Finesse

CVE-2019-15278

Denial of Service

Cisco NX-OS Software Authenticated Simple Network Management Protocol

CVE-2018-0291

Denial of Service

Cisco FXOS and NX-OS Software Cisco Fabric Services

CVE-2018-0311

Information Disclosure

Cisco Wi-Fi Protected Network and Wi-Fi Protected Network 2

CVE-2019-15126

Privilege Escalation

Cisco SD-WAN Solution

CVE-2020-3265

Command Injection

Cisco SD-WAN Solution

CVE-2020-3266

 

Cisco SD-WAN Solution Buffer Overflow

CVE-2020-3264

Cross-Site Scripting

Cisco SD-WAN Solution vManage Stored

CVE-2019-16010

SQL Injection

Cisco SD-WAN Solution vManage

CVE-2019-16012

Memory Corruption

CODESYS V3 Web Server

CVE-2020-10245

Memory Corruption

Dell EMC iDRAC7/iDRAC8/iDRAC9 Stack-based

CVE-2020-5344

Cross Site Scripting

Dell RSA Authentication Manager Security Console Stored

CVE-2020-5340

Cross Site Scripting

Dell RSA Authentication Manager Security Console Stored

CVE-2020-5339

Privilege Escalation

Deskpro email_accounts

CVE-2020-11463

Information Disclosure

Deskpro Endpoint people

CVE-2020-11464

Information Disclosure

Deskpro Endpoint tickets

CVE-2020-11466

Information Disclosure

Deskpro Helpdesk Application

CVE-2020-11465

Remote Code Execution

Deskpro Helpdesk Interface template-source

CVE-2020-11467

Memory Corruption

DrayTek Vigor3900/Vigor2960/Vigor300B activate.cgi

CVE-2020-10825

Memory Corruption

DrayTek Vigor3900/Vigor2960/Vigor300B activate.cgi

CVE-2020-10824

Memory Corruption

DrayTek Vigor3900/Vigor2960/Vigor300B activate.cgi

CVE-2020-10823

Command Injection

DrayTek Vigor3900/Vigor2960/Vigor300B Debug Mode activate.cgi

CVE-2020-10826

Memory Corruption

DrayTek Vigor3900/Vigor2960/Vigor300B Stack-based

CVE-2020-10828

Memory Corruption

DrayTek Vigor3900/Vigor2960/Vigor300B Stack-based

CVE-2020-10827

Privilege Escalation

ENS Access Control ESConfigTool.exe

CVE-2020-7263

Privilege Escalation

ENS Access Control ESConfigTool.exe

CVE-2020-7263

Privilege Escalation

Exim Symlink

CVE-2020-8015

Denial of Service

F5 BIG-IP HTTP

CVE-2020-5857

Denial of Service

F5 BIG-IP TMM Crash

CVE-2020-5862

Denial of Service

F5 BIG-IP TMM

CVE-2020-5861

Denial of Service

F5 BIG-IP TMM

CVE-2020-5859

Privilege Escalation

F5 BIG-IP/BIG-IQ High Availability

CVE-2020-5860

Privilege Escalation

F5 BIG-IP/BIG-IQ tmsh Shell

CVE-2020-5858

Privilege Escalation

FasterXML jackson-databind Gadget

CVE-2020-10969

unknown vulnerability

FasterXML jackson-databind Gadget

CVE-2020-10968

Privilege Escalation

FasterXML jackson-databind Serialized

CVE-2020-11113

Privilege Escalation

FasterXML jackson-databind Serialized

CVE-2020-11112

Privilege Escalation

FasterXML jackson-databind Serialized

CVE-2020-11111

Privilege Escalation

Fortinet FortiOS ZebOS

CVE-2018-13371

Privilege Escalation

Fortinet FortiOS ZebOS

CVE-2018-13371

Command Injection

get-git-data

CVE-2020-7619

Command Injection

git-add-remote

CVE-2020-7630

Privilege Escalation

GitLab Community Edition/Enterprise Edition Docker Images

CVE-2020-10952

Denial of Service

GitLab Community Edition/Enterprise Edition Project Import

CVE-2020-10956

Denial of Service

GitLab Community Edition/Enterprise Edition Repository Archive

CVE-2020-10954

Information Disclosure

GitLab Community Edition/Enterprise Edition Upload

CVE-2020-10955

Directory Traversal

GitLab Enterprise Edition

CVE-2020-10953

Memory Corruption

GNU C Library Comparison memcpy()‎

CVE-2020-6096

Information Disclosure

Google Closure Library URL Parser

CVE-2020-8910

SQL Injection

Grandstream UCM6200 CTI Server

CVE-2020-5726

SQL Injection

Grandstream UCM6200 HTTP Server

CVE-2020-5725

SQL Injection

Grandstream UCM6200 HTTP Server

CVE-2020-5724

Memory Corruption

HAProxy HPACK Decoder hpack-tbl.c hpack_dht_insert

CVE-2020-11100

unknown vulnerability

http-client Injection

CVE-2020-7611

Privilege Escalation

Huawei P30 Access Control

CVE-2020-1800

Privilege Escalation

Huawei Smart Phone

CVE-2020-9066

Memory Corruption

Huawei Smart Phone Use-After-Free

CVE-2020-9065

Memory Corruption

Huawei SmartAX MA5600T/SmartAX MA5800/SmartAX EA5800 Code Execution

CVE-2020-9067

Denial of Service

IBM Process Federation Server Global Teams REST API

CVE-2020-4325

Privilege Escalation

IBM Spectrum Protect Plus Command

CVE-2020-4242

Privilege Escalation

IBM Spectrum Protect Plus Command

CVE-2020-4241

Privilege Escalation

IBM Spectrum Protect Plus Command

CVE-2020-4206

Weak Authentication

IBM Spectrum Protect Plus Default Key

CVE-2020-4208

Directory Traversal

IBM Spectrum Protect Plus

CVE-2020-4240

Directory Traversal

IBM Spectrum Protect Plus

CVE-2020-4214

Cross Site Request Forgery

IBM Tivoli Netcool Impact

CVE-2020-4238

Cross Site Request Forgery

IBM Tivoli Netcool Impact

CVE-2020-4237

Denial of Service

IBM Tivoli Netcool Impact

CVE-2020-4236

Information Disclosure

IBM Tivoli Netcool Impact Error Message

CVE-2020-4239

Cross Site Scripting

IBM Tivoli Netcool Impact Web UI

CVE-2020-4235

Cross Site Scripting

IBM WebSphere Application Server Liberty Web UI

CVE-2020-4304

Cross Site Scripting

IBM WebSphere Application Server Liberty Web UI

CVE-2020-4303

Privilege Escalation

IBM WebSphere Application Server SOAP Connector

CVE-2020-4276

Command Injection

install-package

CVE-2020-7629

Command Injection

install-package

CVE-2020-7628

Denial of Service

Kubernetes API Server

CVE-2020-8552

Denial of Service

Kubernetes kube-apiserver CPU Exhaustion

CVE-2019-11254

Denial of Service

Kubernetes kube-apiserver CPU Exhaustion

CVE-2019-11254

SQL Injection

LearnDash Plugin

CVE-2020-6009

SQL Injection

LearnDash Plugin

CVE-2020-6009

Memory Corruption

Linux Kernel BPF Verifier verifier.c

CVE-2020-8835

Information Disclosure

Linux Kernel slcan.c slc_bump

CVE-2020-11494

Privilege Escalation

March Networks Command Client XAML Object

CVE-2019-9163

Privilege Escalation

March Networks Command Client XAML Object

CVE-2019-9163

Privilege Escalation

McAfee Application and Change Control DLL

CVE-2020-7260

SQL Injection

Micro Focus Service Manager Automation

CVE-2020-9521

Server-Side Request Forgery

MicroStrategy Web Admin Panel

CVE-2020-11451

Information Disclosure

MicroStrategy Web happyaxis.jsp

CVE-2020-11450

Cross Site Scripting

MicroStrategy Web HTML Container Stored

CVE-2020-11454

Server-Side Request Forgery

MicroStrategy Web Import

CVE-2020-11452

Server-Side Request Forgery

MicroStrategy Web Test Web Service

CVE-2020-11453

Memory Corruption

Moxa EDS-G516E Setting Pages

CVE-2020-6999

XML External Entity

MuleSoft APIkit RestXmlSchemaValidator.java

CVE-2020-10991

Command Injection

Netgear WC7500/WC7520/WC7600v1/WC7600v2/WC9500 request_handler.php

CVE-2018-11106

Command Injection

Netgear WC7500/WC7520/WC7600v1/WC7600v2/WC9500 request_handler.php

CVE-2018-11106

Directory Traversal

Next.js

CVE-2020-5284

Privilege Escalation

Nginx Controller Controller API

CVE-2020-5863

Command Injection

node-key-sender execute()‎

CVE-2020-7627

Privilege Escalation

Openshift apb-base passwd

CVE-2019-19348

Privilege Escalation

Openshift mariadb-apb passwd

CVE-2019-19346

XML External Entity

Osmand BinaryMapIndexReader.java

CVE-2020-10993

Cross Site Scripting

OTRS Community Edition Article

CVE-2020-1771

Information Disclosure

OTRS Community Edition Login Screen

CVE-2020-1769

Information Disclosure

OTRS Community Edition Password Reset

CVE-2020-1772

Weak Authentication

OTRS Community Edition Password Reset

CVE-2020-1773

Information Disclosure

OTRS Community Edition Support Bundle

CVE-2020-1770

Denial of Service

Parrot ANAFI

CVE-2019-3944

Denial of Service

Parrot ANAFI

CVE-2019-3944

Denial of Service

Parrot ANAFI Web Server Crash

CVE-2019-3945

Denial of Service

Parrot ANAFI Web Server Crash

CVE-2019-3945

Privilege Escalation

Phoenix Contact PC WORX SRT Permission

CVE-2020-10939

Privilege Escalation

Phoenix Contact PORTICO SERVER

CVE-2020-10940

Information Disclosure

PHP EXIF Data exif_read_data()‎

CVE-2020-7064

Privilege Escalation

PHP URL get_headers()‎

CVE-2020-7066

Memory Corruption

PHP UTF-32LE Encoding mb_strtolower()‎

CVE-2020-7065

Cross Site Scripting

phpMyAdmin Error Page Reflected

CVE-2020-11441

Privilege Escalation

python-apt Hash package.py

CVE-2019-15796

Weak Authentication

python-apt MD5 package.py

CVE-2019-15795

Weak Authentication

RedpwnCTF Session Fixation

CVE-2020-5290

Weak Authentication

RedpwnCTF Session Fixation

CVE-2020-5290

Cross Site Scripting

Sonatype Nexus Repository

CVE-2020-10203

Privilege Escalation

Sonatype Nexus Repository JavaEL Injection

CVE-2020-10199

Privilege Escalation

Sonatype Nexus Repository Manager Access Control

CVE-2020-11444

Remote Code Execution

Sonatype Nexus Repository

CVE-2020-10204

Denial of Service

SonicWALL SMA1000 HTTP Extraweb Server Crash

CVE-2020-5129

Privilege Escalation

SUNNET eHRD Access Control

CVE-2020-10510

Information Disclosure

SUNNET eHRD Credentials

CVE-2020-10508

Cross Site Scripting

SUNNET eHRD

CVE-2020-10509

Race condition

SuSE/openSUSE Linux Enterprise Module for Desktop Applications Cron Job

CVE-2020-8017

Privilege Escalation

SuSE/openSUSE Linux Enterprise Module for Desktop Applications texlive-filesystem

CVE-2020-8016

Information Disclosure

Symfony Exception

CVE-2020-5274

Denial of Service

Symfony Response

CVE-2020-5255

Privilege Escalation

Symfony security-http Rule

CVE-2020-5275

Weak Authentication

TP-LINK Cloud Camera WiFi Session

CVE-2020-11445

Denial of Service

TP-LINK NC200/NC210/NC220/NC230/NC250/NC260/NC450 NULL Pointer Dereference

CVE-2020-10231

Memory Corruption

TP-LINK TL-WR841N V10

CVE-2020-8423

Weak Encryption

UCM6200

CVE-2020-5723

Weak Encryption

UltraLog Express Device Management Interface Cleartext

CVE-2020-3921

Privilege Escalation

UltraLog Express Device Management Interface

CVE-2020-3920

SQL Injection

UltraLog Express Device Management Interface

CVE-2020-3936

Privilege Escalation

UniFi Video DLL

CVE-2020-8146

Privilege Escalation

UniFi Video Server Privilege Check

CVE-2020-8145

Directory Traversal

UniFi Video Server Web Interface Firmware Update

CVE-2020-8144

unknown vulnerability

USC iLab Cereal Cache shared_ptr

CVE-2020-11105

Memory Corruption

USC iLab Cereal Serialization Stack-based

CVE-2020-11104

Command Injection

Vertiv Avocent UMG-4000 Code Syntax

CVE-2019-9507

Cross Site Scripting

Vertiv Avocent UMG-4000 Web Interface Reflected

CVE-2019-9509

Cross Site Scripting

Vertiv Avocent UMG-4000 Web Interface Stored

CVE-2019-9508

SQL Injection

webERP Import Bank Transaction

CVE-2019-7755

Memory Corruption

X-Plane 

CVE-2019-19605

Privilege Escalation

X-Plane

CVE-2019-19606

Denial of Service

Yamaha FWX120

CVE-2020-5548

Information Disclosure

Zoho ManageEngine Desktop Central PDFGenerationServlet

CVE-2020-8509

Privilege Escalation

Zoom Client for Meetings Installation

CVE-2020-11469

Privilege Escalation

Zoom Client for Meetings Library

CVE-2020-11470