آسیبپذیریهای حیاتی هفته چهارم مهرماه
در هفته چهارم مهرماه، آسیبپذیریهایی با سطح خطر بالا در محصولات پرکاربردی از جمله وردپرس، نرمافزار Acrobat Reader، محصولات مختلف شرکت سیسکو و اراکل کشف شدهاند. در دستور sudo نیز که یکی از دستورات کلیدی سیستم عامل لینوکس است، یک آسیبپذیری جدی یافت شده است. لطفاً در صورتی که از این محصولات استفاده میکنید سریعاً نسبت به بهروزرسانی آنها اقدام کنید.
Request Forgery |
WordPress URL Server-Side
|
CVE-2019-17669 CVE-2019-17670 |
information disclosure |
WordPress Static Query |
CVE-2019-17671 |
privilege escalation |
WordPress Cache |
CVE-2019-17673 |
memory corruption |
Linux Kernel ps.c rtl_p2p_noa_ie |
CVE-2019-17666 |
memory corruption |
Linux Kernel fib6_rules.c fib6_rule_suppress() |
CVE-2019-18198 |
privilege escalation |
ESET Cyber Security Scheduled Task |
CVE-2019-16519 |
weak authentication |
D-Link DIR-412 log_clear.php |
CVE-2019-17512 |
memory corruption |
D-Link DIR-880L/DIR-895 fileaccess.cgi |
CVE-2017-14948 |
information disclosure |
D-Link DIR-412 Web Interface log_get.php |
CVE-2019-17511 |
unescape memory corruption |
GNU Aspell getdata.cpp |
CVE-2019-17544 |
privilege escalation |
GNU Guix |
CVE-2019-18192 |
privilege escalation |
sudo Runas Restriction |
CVE-2019-14287 |
privilege escalation |
Adobe Download Manager |
CVE-2019-8071 |
memory corruption |
Adobe Acrobat Reader Pointer Dereference
|
CVE-2019-8205 CVE-2019-8196 CVE-2019-8195 CVE-2019-8174 |
privilege escalation |
Adobe Acrobat Reader Type Confusion privilege escalation
|
CVE-2019-8200 CVE-2019-8169 CVE-2019-8167 CVE-2019-8161 |
race condition |
Adobe Acrobat Reader |
CVE-2019-8162 |
memory corruption |
Adobe Acrobat Reader |
CVE-2019-8166 |
Heap-based memory corruption |
Adobe Acrobat Reader
|
CVE-2019-8197 CVE-2019-8183 CVE-2019-8170 |
Use-After-Free |
Adobe Acrobat Reader
|
CVE-2019-8225 CVE-2019-8224 CVE-2019-8223 CVE-2019-8221 CVE-2019-8220 CVE-2019-8219 CVE-2019-8217 CVE-2019-8215 CVE-2019-8214 CVE-2019-8213 CVE-2019-8212 CVE-2019-8211 CVE-2019-8210 CVE-2019-8209 CVE-2019-8208 CVE-2019-8203 CVE-2019-8192 CVE-2019-8188 CVE-2019-8187 CVE-2019-8181 CVE-2019-8180 CVE-2019-8179 CVE-2019-8178 CVE-2019-8177 CVE-2019-8176 CVE-2019-8175 |
Out-of-Bounds memory corruption |
Adobe Acrobat Reader
|
CVE-2019-8206 CVE-2019-8199 CVE-2019-8191 CVE-2019-8165 CVE-2019-8186 CVE-2019-8171 |
privilege escalation |
Cisco TelePresence Collaboration Endpoint CLI root privilege escalation |
CVE-2019-15962 |
information disclosure |
Cisco Identity Services Engine Web-based Management Interface |
CVE-2019-15282 |
privilege escalation |
Cisco TelePresence Collaboration Endpoint Privileges privilege escalation |
CVE-2019-15277 |
privilege escalation |
Cisco TelePresence Collaboration Endpoint CLI Command |
CVE-2019-15275 |
command injection |
Cisco TelePresence Collaboration Endpoint CLI |
CVE-2019-15274 |
cross site scripting |
Cisco FirePOWER Management Center Web-based Management Interface |
CVE-2019-15270 |
denial of service |
Cisco Wireless LAN Controller SSH Session Management |
CVE-2019-15262 |
denial of service |
Cisco Aironet Access Point PPTP VPN Crash |
CVE-2019-15261 |
privilege escalation |
Cisco Aironet Access Point URL privilege escalation |
CVE-2019-15260 |
privilege escalation |
Cisco SPA100 ATA Web-based Management Interface
|
CVE-2019-15252 CVE-2019-15251 CVE-2019-15250 CVE-2019-15249 CVE-2019-15248 CVE-2019-15247 CVE-2019-15246 CVE-2019-15245 CVE-2019-15244 CVE-2019-15243 CVE-2019-15242 CVE-2019-15241 CVE-2019-15240 |
privilege escalation |
MuleSoft Mule Runtime Engine Apache Commons Collections Deserialization |
CVE-2019-13116 |
information disclosure |
Oracle VM VirtualBox information disclosure |
CVE-2019-3031 |
denial of service |
Oracle VM VirtualBox
|
CVE-2019-3005 CVE-2019-3002 CVE-2019-2984 CVE-2019-3021 |
unknown vulnerability
|
Oracle VM VirtualBox
|
CVE-2019-2944 CVE-2019-3017 CVE-2019-3028 |
information disclosure |
Oracle Clusterware TFA Collectorjackson-databind |
CVE-2019-12814 |
information disclosure |
Oracle Diagnostic Assistant jQuery |
CVE-2019-11358 |
information disclosure |
Oracle Agile Product Lifecycle Management for Process jQuery |
CVE-2019-11358 |
unknown vulnerability |
Oracle Agile PLM Apache Tomcat |
CVE-2019-0232 |
unknown vulnerability |
Oracle Agile Recipe Management for Pharmaceuticals Apache Groovy |
CVE-2016-6814 |
unknown vulnerability |
Oracle Solaris Filesystem |
CVE-2019-2765 |
information disclosure |
Oracle Fujitsu M10-1 NSS |
CVE-2018-12404 |
unknown vulnerability |
Oracle Fujitsu M10-1 USB Driver |
CVE-2017-17558 |
information disclosure |
Oracle Fujitsu M10-1 OpenSSH |
CVE-2019-6109 |
denial of service |
Oracle Fujitsu M10-1 OpenSSL |
CVE-2018-0732 |
denial of service |
Oracle Fujitsu M10-1 Net SNMP denial of service |
CVE-2018-18066 |
denial of service |
Oracle Fujitsu M10-1 NTP |
CVE-2018-7185 |
denial of service |
Oracle Fujitsu M10-1 glibc |
CVE-2015-5180 |
unknown vulnerability |
Oracle Solaris XScreenSaver |
CVE-2019-3010 |
unknown vulnerability |
Oracle Fujitsu M10-1 cURL |
CVE-2018-1000007 |
information disclosure |
Oracle Siebel UI Framework EAI |
CVE-2019-2935 |
information disclosure |
Oracle Siebel UI Framework Apache Tomcat |
CVE-2018-8037 |
information disclosure |
Oracle Siebel Mobile Applications jQuery |
CVE-2019-11358 |
information disclosure |
Oracle Siebel Core - DB Deployment and Configuration Install Configuration |
CVE-2019-2965 |
information disclosure |
Oracle Retail Xstore Point of Service jackson-databind |
CVE-2019-10247 |
information disclosure |
Oracle Retail Xstore Office Internal Operations |
CVE-2018-3300 |
information disclosure |
Oracle Segment |
CVE-2019-2884 |
information disclosure |
Oracle MICROS Relate CRM Software Internal Operations |
CVE-2019-2896 |
information disclosure |
Oracle Retail Customer Insights jQuery |
CVE-2019-11358 |
information disclosure |
Oracle Retail Xstore Point of Service jackson-databind |
CVE-2019-12086 |
denial of service |
Oracle Retail Integration Bus Spring Framework |
CVE-2018-15756 |
unknown vulnerability |
Oracle MICROS Relate CRM Software Apache Tomcat |
CVE-2019-0232 |
unknown vulnerability |
Oracle Retail Xstore Point of Service jackson-databind |
CVE-2019-14379 |
unknown vulnerability |
Oracle MICROS Retail XBRi Loss Prevention jackson-databind |
CVE-2018-19362 |
information disclosure |
Oracle Policy Automation for Mobile Devices jQuery |
CVE-2019-11358 |
information disclosure |
Oracle Policy Automation Connector for Siebel jQuery |
CVE-2019-11358 |
information disclosure |
Oracle Policy Automation jQuery |
CVE-2019-11358 |
unknown vulnerability |
Oracle Policy Automation Connector for Siebel Apache Axis |
CVE-2019-0227 |
information disclosure |
Oracle PeopleSoft Enterprise PeopleTools Integration Broker |
CVE-2019-3015 |
information disclosure |
Oracle PeopleSoft Enterprise HCM Human Resources US Federal Specific |
CVE-2019-2951 |
unknown vulnerability |
Oracle PeopleSoft Enterprise PeopleTools Stylesheet |
CVE-2019-3023 |
information disclosure |
Oracle PeopleSoft Enterprise SCM eProcurement |
CVE-2019-3001 |
information disclosure |
Oracle PeopleSoft Enterprise PeopleTools jQuery
|
CVE-2019-11358 CVE-2019-2931 CVE-2019-2929 |
information disclosure |
Oracle PeopleSoft Enterprise PeopleTools Performance Monitor |
CVE-2019-3014 |
information disclosure |
Oracle PeopleSoft Enterprise PeopleTools Fluid Core |
CVE-2019-2985 |
information disclosure |
Oracle PeopleSoft Enterprise PeopleTools Fluid Core |
CVE-2019-2915 |
information disclosure |
Oracle PeopleSoft Enterprise PeopleTools Tree Manager |
CVE-2019-2932 |
unknown vulnerability |
Oracle PeopleSoft Enterprise PeopleTools libssh2 |
CVE-2019-3862 |
unknown vulnerability |
Oracle PeopleSoft Enterprise PeopleTools Apache Xerces |
CVE-2016-0729 |
information disclosure |
Oracle MySQL Workbench OpenSSL |
CVE-2019-1549 |
information disclosure |
Oracle MySQL Server Encryption |
CVE-2019-2924 |
information disclosure |
Oracle MySQL Server Encryption |
CVE-2019-2923 |
information disclosure |
Oracle MySQL Server Encryption |
CVE-2019-2922 |
denial of service |
Oracle MySQL Server C API |
CVE-2019-2993 |
denial of service |
Oracle MySQL Connectors Connector/ODBC |
CVE-2019-2920 |
unknown vulnerability |
Oracle MySQL Server Optimizer |
CVE-2019-2991 |
information disclosure |
Oracle MySQL Server Client programs |
CVE-2019-2969 |