info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته دوم اسفندماه

 

این هفته در محصولات بسیار مهم سیسکو چندین آسیب‌پذیری با سطح خطر «حیاتی» و «بالا» شناسایی شد. همچنین محصولات پرکاربرد شرکت Apache و کرنل لینوکس نیز چندین آسیب‌پذیری خطرناک داشتند. مرورگر محبوب کروم، درایورهای NVIDIA،  و محصول مهم حفاظت دادۀ IBM نیز دارای چندین آسیب‌پذیری با سطح خطر «حیاتی» بودند. امّا شاید مهم‌ترین آسیب‌پذیری این هفته، آسیب‌پذیری تراشه‌های WiFi بود که امنیت بیش از یک میلیارد دستگاه را به خطر انداخت.

نوع آسیبپذیری

محصول آسیب‌پذیر

شناسه آسیب‌پذیری

Privilege Escalation

Apache Tomcat Header Parsing Request Smuggling

CVE-2020-1935

Privilege Escalation

Apache Tomcat Header Request Smuggling

CVE-2019-17569

Command Injection

Aruba AirWave Input Fields

CVE-2019-5323

Code Execution

Aruba Airwave VisualRF

CVE-2019-5326

Information Disclosure

Asus Asuswrt-Merlin AsusWRT-Merlin blocking.asp

CVE-2018-8878

information disclosure

Asus Asuswrt-Merlin AsusWRT-Merlin error_page.htm

CVE-2018-8877

Privilege Escalation

CardGate Payments Plugin Callback.php

CVE-2020-8818

Privilege Escalation

CardGate Payments Plugin PIN Callback cardgate.php

CVE-2020-8819

Privilege Escalation

Cisco FXOS CLI

CVE-2020-3169

Privilege Escalation

Cisco FXOS CLI

CVE-2020-3166

memory corruption

Cisco FXOS/NX-OS Discovery Protocol

CVE-2020-3172

Privilege Escalation

Cisco FXOS/UCS Manager Software CLI

CVE-2020-3167

Command Injection

Cisco FXOS/UCS Manager Software Local Management

CVE-2020-3171

Denial of Service

Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements

CVE-2020-3168

Denial of Service

Cisco NX-OS Anycast Gateway

CVE-2020-3174

Weak Authentication

Cisco NX-OS Border Gateway Protocol

CVE-2020-3165

Denial of Service

Cisco NX-OS Management Interface Crash

CVE-2020-3175

Denial of Service

Cisco NX-OS NX-API Service Restart

CVE-2020-3170

Command Injection

Cisco UCS Manager Local Management CLI

CVE-2020-3173

information disclosure

Cloud Foundry Cloud Controller Job

CVE-2020-5400

Denial of Service

Cloud Foundry Routing Gorouter

CVE-2020-5401

Cross Site Request Forgery

Cloud Foundry UAA OAuth2

CVE-2020-5402

Privilege Escalation

compile-sass index.js setupCleanupOnExit‪(cssPath)‬

CVE-2019-10799

Cross Site Scripting

DNN

CVE-2020-5186

Directory Traversal

DNN

CVE-2020-5187

Privilege Escalation

DNN Permission

CVE-2020-5188

Weak Authentication

Drobo 5N2

CVE-2018-14705

Code Execution

Dropwizard-Validation Self-validating Remote

CVE-2020-5245

Privilege Escalation

Druva inSync Mac OS Client Python

CVE-2019-4000

Privilege Escalation

Druva inSync Windows Client OS

CVE-2019-3999

Cross Site Scripting

Envira Photo Gallery Plugin Stored

CVE-2020-9334

Memory Corruption

GNU screen Escape

CVE-2020-9366

Memory Corruption

Google Chrome Speech Use-After-Free

CVE-2020-6386

Memory Corruption

Google Chrome Stream Out-of-Bounds

CVE-2020-6407

Memory Corruption

Google Chrome v8 Heap-based

CVE-2020-6383

Memory Corruption

Google Chrome v8 Type Confusion

CVE-2020-6418

Memory Corruption

Google Chrome WebAudio Use-After-Free

CVE-2020-6384

directory traversal

Gurux GXDLMS Director

CVE-2020-8810

Code Execution

Gurux GXDLMS Director Update files.xml

CVE-2020-8809

information disclosure

IBL Online Weather Cookie

CVE-2020-9407

Privilege Escalation

IBL Online Weather queryBCP

CVE-2020-9406

Cross Site Scripting

IBL Online Weather Redirect Page Reflected

CVE-2020-9405

SQL Injection

IBM Business Automation Workflow Back-End Database

CVE-2019-4669

information disclosure

IBM Maximo Asset Management

CVE-2019-4745

information disclosure

IBM QRadar Advisor

CVE-2019-4672

weak encryption

IBM QRadar Advisor Watson

CVE-2019-4557

Privilege Escalation

IBM Spectrum Protect Plus HTTP Command

CVE-2020-4222

Privilege Escalation

IBM Spectrum Protect Plus HTTP Command

CVE-2020-4213

Privilege Escalation

IBM Spectrum Protect Plus HTTP Command

CVE-2020-4212

Privilege Escalation

IBM Spectrum Protect Plus HTTP Command

CVE-2020-4211

Privilege Escalation

IBM Spectrum Protect Plus HTTP Command

CVE-2020-4210

information disclosure

IBM Spectrum Protect Plus

CVE-2019-4703

SQL Injection

IBM Sterling B2B Integrator Standard Edition Back-End Database

CVE-2019-4598

SQL Injection

IBM Sterling B2B Integrator Standard Edition Back-End Database

CVE-2019-4597

Cross Site Request Forgery

IBM Sterling B2B Integrator Standard Edition

CVE-2019-4726

Open Redirect

IBM Sterling B2B Integrator Standard Edition

CVE-2019-4595

Cross Site Scripting

IBM Sterling B2B Integrator Standard Edition Web UI

CVE-2019-4596

information disclosure

IBM WebSphere Service Registry and Repository

CVE-2019-4537

SQL Injection

ISPConfig

CVE-2020-9398

Privilege Escalation

Kylin REST API

CVE-2020-1937

Memory Corruption

Linux Kernel floppy.c set_fdc

CVE-2020-9383

Memory Corruption

Linux Kernel GNU C Library Heap-based

CVE-2020-9391

Cross Site Request Forgery

LiteCart

CVE-2020-9018

Privilege Escalation

LiteCart Customer Profile CSV Injection

CVE-2020-9017

Code Execution

McAfee Web Advisor Web Interface

CVE-2019-3670

Command Injection

Moxa AWK-3131A Encrypted Diagnostic Script

CVE-2019-5138

Code Execution

Moxa AWK-3131A iw_console

CVE-2019-5143

Privilege Escalation

Moxa AWK-3131A iw_console

CVE-2019-5136

memory corruption

Moxa AWK-3131A iw_webs

CVE-2019-5153

Privilege Escalation

Moxa AWK-3131A iw_webs Code Injection

CVE-2019-5141

Memory Corruption

Moxa AWK-3131A iw_webs

CVE-2019-5162

Privilege Escalation

Moxa AWK-3131A iwwebs Reflected

CVE-2019-5140

Command Injection

Moxa AWK-3131A Network Configuration

CVE-2019-5142

weak encryption

Moxa AWK-3131A serviceAgent Default Key

CVE-2019-5137

Denial of Service

Moxa AWK-3131A serviceAgent Integer Underflow

CVE-2019-5148

weak encryption

Moxa AWK-3131A Utilities Default Key

CVE-2019-5139

Weak Authentication

Moxa AWK-3131A Web Authentication

CVE-2019-5165

weak encryption

Moxa ioLogik 2542-HSPA/Ioxpress Configuration Utility Configuration File Cleartext

CVE-2019-18238

Privilege Escalation

NetApp FAS 8300

CVE-2019-17274

Cross Site Scripting

Netgear Nighthawk X10-R900 HTTP Header Stored

CVE-2019-12512

Weak Authentication

Netgear Nighthawk X10-R900 SOAP API server_sa

CVE-2019-12510

Privilege Escalation

Netgear Nighthawk X10-R900 SOAP Endpoint

CVE-2019-12511

Cross Site Scripting

Netgear Nighthawk X10-R900 Stored

CVE-2019-12513

Code Execution

OnCommand Cloud Manager Remote

CVE-2019-17275

unknown vulnerability

openfortivpn tunnel.c Uninitialized Memory

CVE-2020-7042

unknown vulnerability

openfortivpn tunnel.c

CVE-2020-7043

Weak Authentication

openfortivpn tunnel.c X509_check_host

CVE-2020-7041

information disclosure

OpenSMTPD makemap.c

CVE-2020-8793

Memory Corruption

OpenSMTPD mta_session.c

CVE-2020-8794

Command Injection

Pacman conf.c download_with_xfercommand()‎

CVE-2019-18182

Command Injection

Pacman sync.c apply_deltas()‎

CVE-2019-18183

Denial of Service

PHP File Upload NULL Pointer Dereference

CVE-2020-7062

Privilege Escalation

PHP Phar Archive buildFromIterator()‎

CVE-2020-7063

Memory Corruption

PHP PHAR File Off-By-One

CVE-2020-7061

Cross Site Request Forgery

pricing-table-by-supsystic Plugin

CVE-2020-9394

Cross Site Scripting

pricing-table-by-supsystic Plugin

CVE-2020-9393

Memory Corruption

Pure-FTPd diraliases.c init_aliases

CVE-2020-9274

Memory Corruption

Pure-FTPd utils.c pure_strcmp

CVE-2020-9365

Privilege Escalation

Rake FileList

CVE-2020-8130

Privilege Escalation

rdf-graph-array rdf.Graph.prototype.add

CVE-2019-10798

Privilege Escalation

rpi gpio.js GPIO

CVE-2019-10796

Cross Site Request Forgery

Selesta Visual Access Manager

CVE-2019-19987

information disclosure

Selesta Visual Access Manager Error Message Path

CVE-2019-19993

Privilege Escalation

Selesta Visual Access Manager

CVE-2019-19989

Cross Site Scripting

Selesta Visual Access Manager s_headmodel.php

CVE-2019-19990

Cross Site Scripting

Selesta Visual Access Manager vam_anagraphic.php

CVE-2019-19991

information disclosure

Selesta Visual Access Manager vam_editXml.php

CVE-2019-19992

Command Injection

Selesta Visual Access Manager vam_monitor_sap.php

CVE-2019-19994

SQL Injection

Selesta Visual Access Manager VamPersonPhoto.php

CVE-2019-19986

Privilege Escalation

Selesta Visual Access Manager XML File vam_editXml.php

CVE-2019-19988

XML External Entity

SmartClient developerConsoleOperations.jsp

CVE-2020-9352

Directory Traversal

SmartClient Remote Procedure Call developerConsoleOperations.jsp

CVE-2020-9354

Local File Inclusion

SmartClient Remote Procedure Call developerConsoleOperations.jsp

CVE-2020-9353

Privilege Escalation

Sophos Endpoint Protection AV Parsing Engine

CVE-2020-9363

Denial of Service

sympa Parameter Flooding

CVE-2020-9369

Weak Authentication

TONNET TAT-76/TAT-77 Authentication Mechanism

CVE-2020-3923

Command Injection

TONNET TAT-76/TAT-77 Patch File

CVE-2020-3924

Remote Code Execution

Total.js CMS POST Request admin.js

CVE-2020-9381

Command Injection

TP-LINK TL-WR849N Traceroute

CVE-2020-9374

unknown vulnerability

Widgets Extension

CVE-2020-9382

information disclosure

WiFi Chips

CVE-2019-15126

Denial of Service

Wireshark EAP Dissector packet-eap.c

CVE-2020-9428

Denial of Service

Wireshark RRC Dissector packet-lte-rrc.c

CVE-2020-9431

Denial of Service

Wireshark WiMax DLMAP Dissector msg_dlmap.c

CVE-2020-9430

Denial of Service

Wireshark WireGuard Dissector packet-wireguard.c

CVE-2020-9429

Cross Site Scripting

WpJobBoard Plugin Add Job Form Persistent

CVE-2020-9019

Remote Code Execution

Yarn

CVE-2020-8131

Denial of Service

Zint libzint upcean.c

CVE-2020-9385

Privilege Escalation

zsh setuid()‎

CVE-2019-20044

Denial of Service

ZTE E8820V3 Access Control

CVE-2020-6863

information disclosure

ZTE E8820V3

CVE-2020-6864