info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته سوم آبان‌ماه

در این هفته در بسیاری از محصولات پرکاربرد آسیب‌پذیری‌های حیاتی کشف شده است. از مهم‌ترین این آسیب‌پذیری‌ها، آسیب‌پذیری است که در برخی از روترهای شرکت سیسکو یافت شده است. این روترها اگر از سفت‌افزار نسخه‌های پیش از ۴.۲.۳.۱۰ برخوردار باشند باید سریعاً به‌روزرسانی شوند. قابل ذکر است که آسیب‌پذیری‌های نرم‌افزار پایتون و مرورگر کروم نیز حیاتی است. 

آسیب‌پذیری‌های هفته سوم آبان‌ماه

نوع آسیب‌پذیری

محصول آسیب‌پذیر

شناسه

privilege escalation

Drupal Session Lockout

CVE-2010-2473

memory corruption

shadow/sudo Session

CVE-2005-4890

privilege escalation

sudo Descriptor 3

CVE-2019-18684

memory corruption

Linux Kernel V4L2 Subsystem vivid vivid_stop_generating_vid_cap()‎

CVE-2019-18683

privilege escalation

Linux Kernel

CVE-2006-4243

memory corruption

Linux Kernel audit.c aa_label_parse()‎

CVE-2019-18814

unknown vulnerability

Linux Kernel clocksource.c

CVE-2010-2243

memory corruption

Linux Kernel sysctl_net_ipv4.c tcp_ack_update_rtt()‎

CVE-2019-18805

privilege escalation

PHPOffice PhpSpreadsheet XML Data std_table.php XML External Entity

CVE-2019-12331

Code Execution

php-gettext Plural Form Formula Remote

CVE-2015-8980

Remote Code Execution

Python Software Foundation Djblets eval()‎

CVE-2013-4409

weak authentication

Python PIP DNS Query Man-in-the-Middle

CVE-2013-5123

unknown vulnerability

Google Chrome

CVE-2019-13720

unknown vulnerability

Google Chrome

CVE-2019-13721

unknown vulnerability

Google Chrome Blink AnimationControllerPrivate

CVE-2011-2336

unknown vulnerability

Google Chrome Blink

CVE-2011-2337

memory corruption

Google Chrome WebKit replaceDocument

CVE-2011-2353

unknown vulnerability

Google Chrome WebKit Timer.cpp

CVE-2011-2807

memory corruption

Google Chrome WebKit fillRect

CVE-2011-1298

unknown vulnerability

Google Chrome WebKit

CVE-2011-2808

unknown vulnerability

Google Chrome WebKit

CVE-2011-1460

privilege escalation

Redhat vsdm Temp File

CVE-2013-4280

weak authentication

Red Hat Enterprise Virtualization Manager SSL Certificate Verification Service Man-in-the-Middle

CVE-2009-3552

unknown vulnerability

Apache Arrow Parquet Uninitialized Memory

CVE-2019-12410

unknown vulnerability

Apache Arrow Array Uninitialized Memory

CVE-2019-12408

memory corruption

ARM Mbed OS CoAP Library sn_coap_builder_calc_needed_packet_data_size_2()‎

CVE-2019-17211

memory corruption

ARM Mbed OS CoAP Library sn_coap_parser_options_parse()‎

CVE-2019-17212

Code Execution

Centrify Authentication and Privileged Elevation Services

CVE-2019-18631

information disclosure

Cisco Enterprise Chat and Email HTTP API

CVE-2019-1877

privilege escalation

Cisco Firepower Threat Defense Software HTTP Traffic Filter

CVE-2019-1982

privilege escalation

Cisco Firepower Threat Defense Software Normalization

CVE-2019-1981

privilege escalation

Cisco Firepower Threat Defense Software Protocol Detection

CVE-2019-1980

privilege escalation

Cisco Firepower Threat Defense Software Stream Reassembly

CVE-2019-1978

Arbitrary Command Execution Vulnerability

Cisco Small Business RV016, RV042, RV042G, and RV082 Routers

CVE-2019-15271

Command Injection Vulnerability

Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325

CVE-2019-15957

Unauthorized Device Reset Vulnerability

Cisco Web Security Appliance

CVE-2019-15956

Denial of Service Vulnerability

Cisco Wireless LAN Controller HTTP Parsing Engine

CVE-2019-15276

Arbitrary Code Execution Vulnerabilities

Cisco Webex Network Recording Player and Cisco Webex Player

CVE-2019-15283

CVE-2019-15284

CVE-2019-15285

CVE-2019-15286

CVE-2019-15287

Privilege Escalation Vulnerability

Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software

CVE-2019-15288

Denial of Service Vulnerabilities

Cisco TelePresence Collaboration Endpoint and RoomOS Software

CVE-2019-15289

Remote Code Execution Vulnerability

Cisco Prime Infrastructure and Evolved Programmable Network Manager

CVE-2019-15958

directory traversal

Atlassian Jira Service Desk Server Customer Context Filter

CVE-2019-15004

Code Execution

NVIDIA GeForce Experience GameStream

CVE-2019-5701

privilege escalation

NVIDIA Virtual GPU Manager Guest Access

CVE-2019-5697

memory corruption

NVIDIA Virtual GPU Manager Guest VM Out-of-Bounds

CVE-2019-5696

Code Execution

NVIDIA Windows GPU Display Driver DLL Loader

CVE-2019-5694

memory corruption

NVIDIA Windows GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape

CVE-2019-5692

memory corruption

NVIDIA Windows GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape

CVE-2019-5691

memory corruption

NVIDIA Windows GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape

CVE-2019-5690

Code Execution

NVIDIA GeForce Experience Downloader

CVE-2019-5689

privilege escalation

IBM QRadar Advisor Blacklist privilege escalation

CVE-2019-4556

privilege escalation

IBM Cognos Analytics Web Server XML External Entity

CVE-2018-1721

unknown vulnerability

Qualcomm Snapdragon Auto ADSP

CVE-2019-10491

memory corruption

Qualcomm Snapdragon Auto Array Index

CVE-2019-10533

memory corruption

Qualcomm Snapdragon Auto Array Index Out-of-Bounds

CVE-2019-2258

memory corruption

Qualcomm Snapdragon Auto Audio

CVE-2019-10512

Use-After-Free

Qualcomm Snapdragon Auto clk Driver

CVE-2019-10524

unknown vulnerability

Qualcomm Snapdragon Auto Crypto Engine

CVE-2019-2323

memory corruption

Qualcomm Snapdragon Auto Data Structure

CVE-2019-10496

unknown vulnerability

Qualcomm Snapdragon Auto DCI Client

CVE-2019-10515

memory corruption

Qualcomm Snapdragon Auto Entry Page set_page_dirty()‎

CVE-2019-10529

unknown vulnerability

Qualcomm Snapdragon Auto FLV Clip

CVE-2019-10541

memory corruption

Qualcomm Snapdragon Auto Header

CVE-2019-10542

memory corruption

Qualcomm Snapdragon Auto HEVC Encoding/AVC Encoding

CVE-2019-10495

Out-of-Bounds

Qualcomm Snapdragon Auto IE Measurement

CVE-2019-10505

Integer Overflow

Qualcomm Snapdragon Auto

CVE-2019-2331

unknown vulnerability

Qualcomm Snapdragon Auto Kernel

CVE-2019-2249

memory corruption

Qualcomm Snapdragon Auto Key Blob Deserialization

CVE-2019-2275

memory corruption

Qualcomm Snapdragon Auto mdlog Session Use-After-Free

CVE-2019-10528

memory corruption

Qualcomm Snapdragon Auto

CVE-2019-2332

memory corruption

Qualcomm Snapdragon Auto

CVE-2019-10531

memory corruption

Qualcomm Snapdragon Auto

CVE-2019-10522

memory corruption

Qualcomm Snapdragon Auto Out-of-Bounds

CVE-2019-2285

memory corruption

Qualcomm Snapdragon Auto Out-of-Bounds

CVE-2019-2283

memory corruption

Qualcomm Snapdragon Auto Sensor Power Double-Free

CVE-2019-10565

memory corruption

Qualcomm Snapdragon Auto Thread

CVE-2019-2246

memory corruption

Qualcomm Snapdragon Auto Vendor Command Integer Overflow

CVE-2019-2302

memory corruption

Qualcomm Snapdragon Compute Camera Module Stack-based

CVE-2019-10502