آسیبپذیریهای حیاتی هفته اول دیماه
در هفته پایانی سال ۲۰۱۹ با آسیبپذیری چندین محصول پرکاربرد روبهرو هستیم که از جمله آنها میتوان به آسیبپذیری مجازیساز محبوب VMware، سامانه مدیریت محتوای WordPress، سامانه مدیریت پایگاه داده SQLite و واحد پردازشگر گرافیک GeForce محصول شرکت nvidia اشاره کرد.
نوع آسیبپذیری | محصول آسیبپذیر | شناسه آسیبپذیری |
unknown vulnerability |
Dropbox for Windows |
بدون شناسه |
sql injection |
SQLite Error expr.c sqlite3WindowRewrite() |
CVE-2019-19924 |
denial of service |
SQLite SELECT DISTINCT select.c flattenSubquery |
CVE-2019-19923 |
sql injection |
SQLite Update zipfile.c zipfileUpdate sql injection |
CVE-2019-19925 |
cross site scripting |
WordPress Block Editor |
CVE-2019-16781 |
cross site scripting |
WordPress Block Editor cross site scripting |
CVE-2019-16780 |
unknown vulnerability |
WordPress HTML5 kses.php wp_kses_bad_protocol |
CVE-2019-20041 |
privilege escalation |
WordPress REST API class-wp-rest-posts-controller.php |
CVE-2019-20043 |
directory traversal |
Citrix Application Delivery Controller/Gateway |
CVE-2019-19781 |
privilege escalation |
NVIDIA GeForce Experience GameStream |
CVE-2019-5702 |
privilege escalation |
VMware Workstation/Horizon View Agent DLL Loader |
CVE-2019-5539 |
privilege escalation |
Debian-edu-config ACL |
CVE-2019-8463 |
privilege escalation |
sa-exim CF File Greylisting.pm |
CVE-2019-19920 |
weak authentication |
Apache Tomcat FORM Authentication Session Fixation |
CVE-2019-17563 |
memory corruption |
libIEC61850 ber_decode.c BerDecoder_decodeUint32 |
CVE-2019-19944 |
memory corruption |
libIEC61850 mms_access_result.c MmsValue_decodeMmsData |
CVE-2019-19931 |
memory corruption |
libIEC61850 mms_access_result.c getNumberOfElements |
CVE-2019-19957 |
memory corruption |
libESMTP ntlmstruct.c ntlm_build_type_2 |
CVE-2019-19977 |
unknown vulnerability |
libsixel frompnm.c load_pnm |
CVE-2019-20022 |
memory corruption |
libsixel fromsixel.c image_buffer_resize |
CVE-2019-20024 |
Open Redirect |
Library Information Management System LIMEDIO |
CVE-2019-6021 |
memory corruption |
PHP bcmath |
CVE-2019-11046 |
memory corruption |
PHP EXIF Extension exif_read_data() |
CVE-2019-11050 |
memory corruption |
PHP EXIF Extension exif_read_data() |
CVE-2019-11047 |
privilege escalation |
PHP Filename DirectoryIterator |
CVE-2019-11045 |
privilege escalation |
PHP Filename link() |
CVE-2019-11044 |
memory corruption |
PHP Header mail() |
CVE-2019-11049 |
denial of service |
Red Hat Ceph Storage RADOS Gateway Daemon |
CVE-2019-19337 |
privilege escalation |
Trend Micro Antivirus for Mac 2019 Symlink |
CVE-2019-19695 |
information disclosure |
Java SE Virtual Machine Integer |
CVE-2012-4420 |
privilege escalation |
JetBrains Ktor Framework Response Splitting |
CVE-2019-19389 |
privilege escalation |
GitLab Community Edition/Enterprise Edition Access Control |
CVE-2018-20492 |
privilege escalation |
D-Link DBA-1510P Command Line Interface OS Command Injection |
CVE-2019-6013 |
privilege escalation |
D-Link DBA-1510P Web User Interface OS Command Injection |
CVE-2019-6014 |
cross site request forgery |
D-Link DIR-601 B1 |
CVE-2019-16326 |
weak authentication |
D-Link DIR-601 B1 |
CVE-2019-16327 |
cross site request forgery |
D-Link DWR-113 |
CVE-2014-3136 |
memory corruption |
GNU LibreDWG decode.c decode_R13_R2000 |
CVE-2019-20011 |
memory corruption |
GNU LibreDWG decode.c resolve_objectref_vector |
CVE-2019-20010 |
denial of service |
GNU LibreDWG dwg.spec decode_3dsolid |
CVE-2019-20013 |
denial of service |
GNU LibreDWG dwg.spec dwg_decode_HATCH_private |
CVE-2019-20012 |
denial of service |
GNU LibreDWG dwg.spec dwg_decode_LWPOLYLINE_private |
CVE-2019-20015 |
denial of service |
GNU LibreDWG dwg.spec dwg_decode_SPLINE_private |
CVE-2019-20009 |
memory corruption |
GNU LibreDWG free.c dwg_free |
CVE-2019-20014 |