info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته اول بهمن‌ماه

 

این هفته آسیب‌پذیری‌های زیادی با سطح خطر حیاتی در محصولات مهم سیسکو شناسایی شده است. از آسیب‌پذیری‌های محصولات پرکاربرد و محبوب دیگری که در این هفته منتشر شده‌اند، می‌توان به آسیب‌پذیری‌های خطرناک و حیاتی محصولات SuSE، نصب‌کنندۀ EasyInstall و کتابخانه‌های پرکاربرد GNU/Linux اشاره کرد. همچنین در چندین نرم‌افزار مهم Fortinet شامل FortiSIEM، FortiOS و FortiMail آسیب‌پذیری‌هایی با قابلیت ارتقا امتیاز و افشای اطلاعات وجود داشت.

 

نوع آسیب‌پذیری

محصول آسیب‌پذیر

شناسۀ آسیبپذیری

privilege escalation

Apache XML-RPC

CVE-2019-17570

privilege escalation

ApexPro/CARESCAPE Telemetry Server Keyboard Switching

CVE-2020-6964

weak authentication

ApexPro/CARESCAPE Telemetry Server SMB Default Credentials

CVE-2020-6963

Remote Code Execution

ApexPro/CARESCAPE Telemetry Server Web-based Configuration Utility

CVE-2020-6962

command injection

BibTeX-ruby

CVE-2019-10780

SQL Injection

Cacti graphs.php

CVE-2019-17357

weak encryption

CarbonFTP Default Credentials

CVE-2020-6857

Authentication Bypass

Cisco Firepower Management Center Lightweight Directory Access Protocol

CVE-2019-16028

Unauthenticated Meeting Join

Cisco Webex Meetings Suite and Cisco Webex Meetings Online

CVE-2020-3142

Denial of Service

Cisco IOS XR Software BGP EVPN Operational Routes

CVE-2019-16018

Cross-Site Scripting

Cisco Small Business Smart and Managed Switches

CVE-2020-3121

Path Traversal

Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software

CVE-2020-3143

Authentication Bypass

Cisco IOS XE SD-WAN Software Default Credentials

CVE-2019-1950

privilege escalation

Cisco SD-WAN Solution Local

CVE-2020-3115

Denial of Service

Cisco Smart Software Manager On-Prem Web Interface

CVE-2019-16029

Denial of Service

Cisco IOS XR Software BGP EVPN  Vulnerabilities

CVE-2019-16019

CVE-2019-16020

CVE-2019-16021

CVE-2019-16022

CVE-2019-16023

Denial of Service

Cisco IOS XR Software Intermediate System–to–Intermediate System

CVE-2019-16027

Denial of Service

Cisco IOS XR Software Border Gateway Protocol

CVE-2019-1909

Denial of Service

Cisco Webex Teams Adaptive Cards

CVE-2020-3131

Cross-Site Request Forgery

Cisco Unified Communications Manager

CVE-2020-3135

Cross-Site Scripting

Cisco Jabber Guest

CVE-2020-3136

IP Tables Bypass

Cisco Application Policy Infrastructure Controller Out Of Band Management

CVE-2020-3139

Denial of Service

Cisco Email Security Appliance Zip Decompression Engine

CVE-2020-3134

Filter Bypass

Cisco Email Security Appliance Content

CVE-2020-3133

Cross-Site Scripting

Cisco Email Security Appliance

CVE-2020-3137

Directory Traversal

Cisco Unity Connection

CVE-2020-3130

HTTP Header Injection

Cisco Web Security Appliance and Cisco Content Security Management Appliance

CVE-2020-3117

Unknown Vulnerability

Cisco Umbrella Roaming Client for Windows Install

CVE-2019-16000

Cross-Site Scripting

Cisco Unity Connection Stored

CVE-2020-3129

SQL Injection

Cisco SD-WAN Solution

CVE-2019-12619

SQL Injection

Cisco SD-WAN Solution

CVE-2019-12628

command injection

Cisco SD-WAN vManage

CVE-2019-12629

command injection

Cisco SD-WAN vManage

CVE-2019-12629

Denial of Service

 

Cisco IOS XR Software Border Gateway Protocol Attribute

CVE-2019-15989

Cross-Site Request Forgery

Cisco Hosted Collaboration Mediation Fulfillment

CVE-2020-3124

Information Disclosure

Cisco Unified Communications Manager

CVE-2019-15963

Remote Code Execution

Comtech Stampede FX-1010 Poll Routes Page

CVE-2020-7244

Remote Code Execution

Comtech Stampede FX-1010 Fetch URL Page

CVE-2020-7243

Remote Code Execution

Comtech Stampede FX-1010 Diagnostics Trace Route Page

CVE-2020-7242

cross site scripting

ConnectWise Control Appearance Modifier Stored

CVE-2019-16512

Code Execution

ConnectWise Control

CVE-2019-16514

privilege escalation

ConnectWise Control CORS

CVE-2019-16517

Cross-Site Request Forgery

ConnectWise Control

CVE-2019-16513

Unknown Vulnerability

ConnectWise Control HTTP Header

CVE-2019-16515

Information Disclosure

ConnectWise Control Username

CVE-2019-16516

privilege escalation

CTFd Registration auth.py reset_password

CVE-2020-7245

privilege escalation

DIMO YellowBox CRM Access Control AfficheExplorateurParam()‎

CVE-2019-14765

Directory Traversal

DIMO YellowBox CRM Apparence

CVE-2019-14767

Directory Traversal

DIMO YellowBox CRM File Browser

CVE-2019-14766

Directory Traversal

DIMO YellowBox CRM File Upload Code Execution

CVE-2019-14768

cross site scripting

Facebook WhatsApp Desktop iPhone Paring

CVE-2019-18426

privilege escalation

FastTrack Admin By Request AdminByRequest.exe

CVE-2019-17201

weak authentication

FastTrack Admin By Request

CVE-2019-17202

cross site scripting

Forcepoint Web Security Header

CVE-2019-6146

weak authentication

Fortinet FortiSIEM Database Default Credentials

CVE-2019-16153

Information Disclosure

Fortinet FortiOS CLI Console Private Key

CVE-2019-5593

privilege escalation

Fortinet FortiMail Admin WebUI Web Console

CVE-2019-15712

Information Disclosure

Fortinet FortiMail Admin WebUI System Backup Config Download

CVE-2019-15707

Unknown Vulnerability

Hashicorp Vault Enterprise

CVE-2020-7220

Remote Code Execution

Honeywell MAXPRO VMS/MAXPRO NVR Deserialization

CVE-2020-6959

SQL Injection

Honeywell MAXPRO VMS/MAXPRO NVR Web User Interface

CVE-2020-6960

privilege escalation

Huawei Honor V30 Authentication

CVE-2020-1788

privilege escalation

Huawei Mate 20

CVE-2020-1840

Denial of Service

Huawei Products LDAP Client Integer Overflow

CVE-2019-19413

Denial of Service

Huawei Products LDAP Server Crash

CVE-2019-19414

weak encryption

Huawei USG9500

CVE-2019-19411

Remote Code Execution

IPX EasyInstall Agent Service

CVE-2019-19897

privilege escalation

IXP EasyInstall Agent Service

CVE-2019-19895

privilege escalation

IXP EasyInstall Agent Service

CVE-2019-19894

Directory Traversal

IXP EasyInstall Engine Service

CVE-2019-19893

Remote Code Execution

IXP EasyInstall Engine Service

CVE-2019-19896

weak encryption

IXP EasyInstall Service Port 20050 Cleartext

CVE-2019-19898

Directory Traversal

libslirp tftp.c

CVE-2020-7211

memory corruption

libsolv repodata.c repodata_schema2id

CVE-2019-20387

Denial of Service

libxml2 parser.c xmlStringLenDecodeEntities

CVE-2020-7595

Denial of Service

libxml2 xmlschemas.c xmlSchemaPreRun

CVE-2019-20388

Denial of Service

libyang lys_extension_instances_free()‎

CVE-2019-20398

Denial of Service

libyang lys_parse_path

CVE-2019-20396

Denial of Service

libyang Memory Consumption

CVE-2019-20395

Denial of Service

libyang resolve_feature_value()‎

CVE-2019-20392

CVE-2019-20391

 

Denial of Service

libyang yyparse()‎

CVE-2019-20397

memory corruption

libyang yyparse()‎

CVE-2019-20394

 

CVE-2019-20393

weak authentication

 

Meinberg SyncBox/PTP/PTPv2 SSH Server Key

CVE-2019-17584

privilege escalation

MSX Configurator

CVE-2019-6858

privilege escalation

Multitech Conduit MTCDT-LVW2-24XX Debug Options Page ping

CVE-2020-7594

privilege escalation

openSUSE Leap apt-cacher-ng

CVE-2019-18899

privilege escalation

openSUSE Leap privoxy Symlink

CVE-2019-3699

privilege escalation

openSUSE Leap gnump3d Symlink

CVE-2019-3697

privilege escalation

openSUSE Fatory munin Symlink

CVE-2019-3694

memory corruption

Philips Hue Bridge ZCL String Heap-based

CVE-2020-6007

privilege escalation

Plone

CVE-2020-7941

weak authentication

Plone

CVE-2020-7940

SQL Injection

Plone DTML

CVE-2020-7939

privilege escalation

Plone plone.restapi

CVE-2020-7938

cross site scripting

Plone

CVE-2020-7937

Unknown Vulnerability

Plone Login Form Open Redirect

CVE-2020-7936

Unknown Vulnerability

postfix-mta-sts-resolver STS Policy Downgrade

CVE-2019-16791

cross site scripting

PrivateBin Persistent

CVE-2020-5223

memory corruption

Qualcomm Snapdragon Auto Array Index

CVE-2019-14036

memory corruption

Qualcomm Snapdragon Auto Clip Integer Overflow

CVE-2019-14016

memory corruption

Qualcomm Snapdragon Auto Clip

CVE-2019-14006

 

CVE-2019-14005

Denial of Service

Qualcomm Snapdragon Auto Clip Parser NULL Pointer Dereference

CVE-2019-10578

Denial of Service

Qualcomm Snapdragon Auto Data Processing NULL Pointer Dereference

CVE-2019-14008

memory corruption

Qualcomm Snapdragon Auto eeprom Query Use-After-Free

CVE-2019-14034

Unknown Vulnerability

Qualcomm Snapdragon Auto FastRPC HLOS Driver

CVE-2019-10558

memory corruption

Qualcomm Snapdragon Auto HLOS Data

CVE-2019-14023

memory corruption

Qualcomm Snapdragon Auto IPC Use-After-Free

CVE-2019-10548

privilege escalation

Qualcomm Snapdragon Auto Locked Region

CVE-2019-2267

memory corruption

Qualcomm Snapdragon Auto MKV Heap-based

CVE-2019-14017

memory corruption

Qualcomm Snapdragon Auto MKV

CVE-2019-14004

Denial of Service

Qualcomm Snapdragon Auto MKV NULL Pointer Dereference

CVE-2019-14003

memory corruption

Qualcomm Snapdragon Auto mmap find Use-After-Free

CVE-2019-10585

memory corruption

Qualcomm Snapdragon Auto NFC Stack-based

CVE-2019-14024

Denial of Service

Qualcomm Snapdragon Auto NULL Pointer Dereference

CVE-2019-10532

memory corruption

Qualcomm Snapdragon Auto Object Parser

CVE-2019-10611

memory corruption

Qualcomm Snapdragon Auto Sensor Data Use-After-Free

CVE-2019-10583

memory corruption

Qualcomm Snapdragon Auto Sensor HAL Use-After-Free

CVE-2019-10582

Denial of Service

Qualcomm Snapdragon Auto sfs API Pointer Dereference

CVE-2019-10561

memory corruption

Qualcomm Snapdragon Auto Super Index Table Parser

CVE-2019-14013

 

Qualcomm Snapdragon Auto unknown

CVE-2019-14010

memory corruption

Qualcomm Snapdragon Auto USB Driver Out-of-Bounds

CVE-2019-10606

memory corruption

Qualcomm Snapdragon Auto Use-After-Free

CVE-2019-10602

memory corruption

Qualcomm Snapdragon Auto Use-After-Free

CVE-2019-10581

memory corruption

Qualcomm Snapdragon Auto Video Clip

CVE-2019-10579

memory corruption

Qualcomm Snapdragon Consumer IOT Byte Array

CVE-2019-14014

weak authentication

Rapid7 AppSpider Chrome Plugin

CVE-2019-5647

Information Disclosure

Red Hat JBoss EAP Vault System Log

CVE-2019-14885

privilege escalation

Ruckus Wireless Unleashed _cmdstat.jsp

CVE-2019-19842

Information Disclosure

Ruckus Wireless Unleashed Access Control tmp

CVE-2019-19843

privilege escalation

Ruckus Wireless Unleashed emfd _cmdstat.jsp

CVE-2019-19839

 

CVE-2019-19838

privilege escalation

Ruckus Wireless Unleashed emfd _cmdstat.jsp

CVE-2019-19841

Directory Traversal

Ruckus Wireless Unleashed ruckus_cli2

CVE-2019-19834

Information Disclosure

Ruckus Wireless Unleashed Web Interface web.conf

CVE-2019-19837

Remote Code Execution

Ruckus Wireless Unleashed zap _rcmdstat.jsp AjaxRestrictedCmdStat

CVE-2019-19836

Server-Side Request Forgery

Ruckus Wireless Unleashed zap _rcmdstat.jsp AjaxRestrictedCmdStat

CVE-2019-19835

memory corruption

Ruckus Wireless Unleashed zap.c zap_parse_args

CVE-2019-19840

Information Disclosure

Samsung Galaxy Gear hcidump Utility

CVE-2018-16270

privilege escalation

Samsung Galaxy Gear wemail_consumer_service

CVE-2018-16271

privilege escalation

Samsung Galaxy Gear wnoti System Service

CVE-2018-16269

privilege escalation

Samsung Galaxy Gear wpa_supplicant System Service

CVE-2018-16272

privilege escalation

Samsung Tizen BlueZ System

CVE-2018-16264

privilege escalation

Samsung Tizen BT Core System Service

CVE-2018-16265

privilege escalation

Samsung Tizen Enlightenment System Service

CVE-2018-16266

privilege escalation

Samsung Tizen Package Management

CVE-2018-16262

privilege escalation

Samsung Tizen PulseAudio System Service

CVE-2018-16263

privilege escalation

Samsung Tizen SoundServer/FocusServer

CVE-2018-16268

privilege escalation

Samsung Tizen system-popup System Service

CVE-2018-16267

cross site scripting

SimpleSAMLphp Twig Template erroreport.php

CVE-2020-5226

privilege escalation

SimpleSAMLphp Log erroreport.php

CVE-2020-5225

privilege escalation

schema-inspector Javascript

CVE-2019-10781

privilege escalation

secure_headers Gem

CVE-2020-5216

privilege escalation

secure_headers override_content_security_policy_directives OPT_OUT

CVE-2020-5217

SQL Injection

Simplejobscript.com SJS Search Engine class.Job.php countSearchedJobs()‎

CVE-2020-7229

privilege escalation

SuSE Linux Enterprise Server munge

CVE-2019-3691

privilege escalation

SuSE Linux Enterprise Server Symlink

CVE-2019-18898

privilege escalation

SuSE Linux Enterprise Server mailman Symlink

CVE-2019-3693

privilege escalation

SuSE Linux Enterprise Server INN Symlink

CVE-2019-3692

Information Disclosure

SuSE Linux Enterprise Server libzypp

CVE-2019-18900

Directory Traversal

uftpd FTP Command compose_abspath()‎

CVE-2020-5221

Denial of Service

Undertow HTTP Server HTTPS

CVE-2019-14888

privilege escalation

Waitress HTTP Header HTTP Smuggling

CVE-2019-16792

Cross-Site Request Forgery

Umbraco CMS

CVE-2020-7210

Unknown Vulnerability

WordPress Elementor Page Builder Plugin Template

CVE-2020-7109