آسیبپذیریهای حیاتی هفته سوم آذرماه
این هفته سهشنبههای بهروزرسانی مایکروسافت در ماه دسامبر را سپری کردیم که در دومین سهشنبه هر ماه اتفاق میافتد. در این روز شرکت مایکروسافت بهروزرسانیهای لازم را برای محصولات خود منتشر میکند. مهمترین این آسیبپذیریها مربوط به ویندوز، مرورگر اینترنت اکسپلورر، پاورپوینت و نرمافزار ویژوال استودیو بوده است. اما علاوه بر محصولات مایکروسافت، آسیبپذیریهای متعددی دیگر نیز کشف شده است که از جمله آنها میتوان به آسیبپذیری فریمورک وردپرس، نرمافزار پایتون، مرورگر گوگل کروم، سیستمعامل لینوکس و نرمافزارهای Adobe Acrobat اشاره کرد. لطفاً هرچه سریعتر این نرمافزارها را بهروزرسانی کنید.
نوع آسیبپذیری |
محصولات آسیبپذیر |
شناسه آسیبپذیری |
weak encryption |
Linux/FreeBSD/OpenBSD/MacOS/iOS/Android VPN |
CVE-2019-14899 |
memory corruption |
Linux Kernel f2fs Filesystem Image segment.c f2fs_build_segment_manager |
CVE-2019-19449 |
memory corruption |
Linux Kernel btrfs Filesystem free-space-cache.c try_merge_free_space |
CVE-2019-19448 |
memory corruption |
Linux Kernel ext4 Filesystem Image super.c ext4_put_super |
CVE-2019-19447 |
memory corruption |
Linux Kernel blktrace.c __blk_add_trace |
CVE-2019-19768 |
memory corruption |
Linux Kernel inode.c debugfs_remov |
CVE-2019-19770 |
memory corruption |
Linux Kernel inode.c ext4_xattr_set_entry |
CVE-2019-19767 |
memory corruption |
Linux Kernel lock.h perf_trace_lock_acquire |
CVE-2019-19769 |
privilege escalation |
IBM DataPower Gateway IPMI LAN Channel |
CVE-2019-4621 |
privilege escalation |
IBM Planning Analytics My Account Portal File Upload |
CVE-2019-4612 |
request forgery |
IBM Cloud Pak System cross site |
CVE-2019-4095 |
privilege escalation |
IBM Cloud Pak System Platform System Manager CSV Injection |
CVE-2019-4521 |
privilege escalation |
IBM SmartCloud Analytics Zookeeper |
CVE-2019-4244 |
privilege escalation |
IBM Spectrum Scale Command |
CVE-2019-4715 |
privilege escalation |
IBM DB2 High Performance Unload |
CVE-2019-4606 |
privilege escalation |
Symantec Industrial Control System Protection |
CVE-2019-18380 |
request forgery |
Symantec Messaging Gateway Server-Side |
CVE-2019-18379 |
privilege escalation |
Symantec Messaging Gateway |
CVE-2019-18377 |
memory corruption |
Adobe Acrobat Reader |
CVE-2019-16462 |
memory corruption |
Adobe Acrobat Reader Heap-based |
CVE-2019-16451 |
memory corruption |
Adobe Acrobat Reader Out-of-Bounds |
CVE-2019-16454 |
memory corruption |
Adobe Acrobat Reader Out-of-Bounds |
CVE-2019-16450 |
memory corruption |
Adobe Acrobat Reader Pointer Dereference |
CVE-2019-16463 |
memory corruption |
Adobe Acrobat Reader Pointer Dereference |
CVE-2019-16460 |
memory corruption |
Adobe Acrobat Reader Pointer Dereference |
CVE-2019-16455 |
memory corruption |
Adobe Acrobat Reader Pointer Dereference |
CVE-2019-16446 |
privilege escalation |
Adobe Acrobat Reader |
CVE-2019-16453 |
privilege escalation |
Adobe Acrobat Reader |
CVE-2019-16444 |
memory corruption |
Adobe Acrobat Reader Use-After-Free |
CVE-2019-16464 |
memory corruption |
Adobe Acrobat Reader Use-After-Free |
CVE-2019-16459 |
memory corruption |
Adobe Acrobat Reader Use-After-Free |
CVE-2019-16452 |
memory corruption |
Adobe Acrobat Reader Use-After-Free |
CVE-2019-16448 |
memory corruption |
Adobe Acrobat Reader Use-After-Free |
CVE-2019-16445 |
privilege escalation |
Google Chrome Blink |
CVE-2019-13741 |
memory corruption |
Google Chrome Bluetooth Use-After-Free |
CVE-2019-13725 |
Download spoofing |
Google Chrome |
CVE-2019-13762 |
privilege escalation |
Google Chrome Extension |
CVE-2019-13754 |
memory corruption |
Google Chrome Heap-based |
CVE-2019-13747 |
Domain spoofing |
Google Chrome interstitials |
CVE-2019-13759 |
memory corruption |
Google Chrome Javascript Heap-based |
CVE-2019-13764 |
memory corruption |
Google Chrome Javascript Heap-based |
CVE-2019-13730 |
memory corruption |
Google Chrome Javascript Out-of-Bounds |
CVE-2019-5843 |
memory corruption |
Google Chrome Javascript Out-of-Bounds |
CVE-2019-5841 |
memory corruption |
Google Chrome Javascript Out-of-Bounds |
CVE-2019-13735 |
memory corruption |
Google Chrome Javascript Out-of-Bounds |
CVE-2019-13728 |
privilege escalation |
Google Chrome Navigation |
CVE-2019-13758 |
Address spoofing |
Google Chrome Omnibox |
CVE-2019-13749 |
Domain spoofing |
Google Chrome Omnibox |
CVE-2019-13761 |
Domain spoofing |
Google Chrome Omnibox |
CVE-2019-13757 |
Domain spoofing |
Google Chrome Omnibox |
CVE-2019-13742 |
spoofing |
Google Chrome Omnibox |
CVE-2019-13672 |
URL spoofing |
Google Chrome Omnibox |
CVE-2019-13746 |
memory corruption |
Google Chrome Password Manager |
CVE-2019-13726 |
memory corruption |
Google Chrome PDFium Integer Overflow |
CVE-2019-13736 |
Domain spoofing |
Google Chrome Policy Enforcement |
CVE-2019-13739 |
Domain spoofing |
Google Chrome Policy Enforcement |
CVE-2019-13738 |
Domain spoofing |
Google Chrome Security UI |
CVE-2019-13756 |
Domain spoofing |
Google Chrome Security UI |
CVE-2019-13740 |
spoofing |
Google Chrome Security UI |
CVE-2019-13743 |
information disclosure |
Google Chrome SQLite Out-of-Bounds |
CVE-2019-13753 |
memory corruption |
Google Chrome SQLite Out-of-Bounds |
CVE-2019-13734 |
privilege escalation |
Google Chrome SQLite |
CVE-2019-13750 |
memory corruption |
Google Chrome WebAudio Use-After-Free |
CVE-2019-13732 |
privilege escalation |
Google Chrome WebSocket Same-Origin Policy |
CVE-2019-13727 |
memory corruption |
Google Chrome WebSocket Use-After-Free |
CVE-2019-13729 |
memory corruption |
Microsoft Internet Explorer VBScript |
CVE-2019-1485 |
memory corruption |
Microsoft Office PowerPoint |
CVE-2019-1462 |
privilege escalation |
Microsoft Visual Studio Git |
CVE-2019-1387 |
privilege escalation |
Microsoft Visual Studio Git |
CVE-2019-1354 |
privilege escalation |
Microsoft Visual Studio Git |
CVE-2019-1352 |
privilege escalation |
Microsoft Visual Studio Git |
CVE-2019-1350 |
privilege escalation |
Microsoft Visual Studio Git |
CVE-2019-1349 |
privilege escalation |
Microsoft Visual Studio |
CVE-2019-1486 |
privilege escalation |
Microsoft Windows AppX Deployment Server |
CVE-2019-1483 |
privilege escalation |
Microsoft Windows AppX Deployment Service |
CVE-2019-1476 |
privilege escalation |
Microsoft Windows COM Server |
CVE-2019-1478 |
information disclosure |
Microsoft Windows Hyper-V |
CVE-2019-1470 |
memory corruption |
Microsoft Windows Hyper-V |
CVE-2019-1471 |
privilege escalation |
Microsoft Windows OLE |
CVE-2019-1484 |
privilege escalation |
Microsoft Windows Printer Service |
CVE-2019-1477 |
denial of service |
Microsoft Windows Remote Desktop Protocol |
CVE-2019-1453 |
memory corruption |
Microsoft Windows Win32k Graphics |
CVE-2019-1468 |
memory corruption |
Microsoft Windows Win32k |
CVE-2019-1458 |
privilege escalation |
Microsoft Visual Studio Git |
CVE-2019-1351 |
XML External Entity |
modoboa-dmarc Plugin XML Data |
CVE-2019-19702 |
weak authentication |
Monkey HTTP Daemon auth.c |
CVE-2013-2159 |
privilege escalation |
Monkey HTTP Daemon |
CVE-2013-2183 |
weak encryption |
python-keystoneclient Memcache |
CVE-2013-2167 |
weak encryption |
python-keystoneclient Memcache |
CVE-2013-2166 |
privilege escalation |
McAfee Tech Check Microsoft Windows Client |
CVE-2019-3667 |
memory corruption |
Advantech WebAccess Stack-based |
CVE-2019-3951 |
privilege escalation |
Apache SpamAssassin CF File |
CVE-2018-11805 |
memory corruption |
Qualcomm Snapdragon Auto Camera race condition |
CVE-2019-10494 |
memory corruption |
Qualcomm Snapdragon Auto Command |
CVE-2019-10484 |
memory corruption |
Qualcomm Snapdragon Auto Data Truncation |
CVE-2019-10530 |
memory corruption |
Qualcomm Snapdragon Auto EMM |
CVE-2019-2337 |
memory corruption |
Qualcomm Snapdragon Auto GSNDCP Compressed Mode |
CVE-2019-10511 |
memory corruption |
Qualcomm Snapdragon Auto HLOS |
CVE-2019-2321 |
memory corruption |
Qualcomm Snapdragon Auto HLOS |
CVE-2019-2319 |
memory corruption |
Qualcomm Snapdragon Auto Image |
CVE-2019-2338 |
memory corruption |
Qualcomm Snapdragon Auto |
CVE-2019-10555 |
memory corruption |
Qualcomm Snapdragon Auto OGG File NULL Pointer Dereference |
CVE-2019-10559 |
memory corruption |
Qualcomm Snapdragon Auto Out-of-Bounds |
CVE-2019-2320 |
memory corruption |
Qualcomm Snapdragon Auto Out-of-Bounds |
CVE-2019-2310 |
memory corruption |
Qualcomm Snapdragon Auto QDCM API Integer Overflow |
CVE-2019-10592 |
memory corruption |
Qualcomm Snapdragon Auto Snapshot |
CVE-2019-10571 |
memory corruption |
Qualcomm Snapdragon Auto TZ Out-of-Bounds |
CVE-2019-2288 |
privilege escalation |
Qualcomm Snapdragon Connectivity Driver |
CVE-2019-10618 |
memory corruption |
Siemens EN100 Ethernet Module DNP3 Webserver |
CVE-2019-13942 |
weak authentication |
Siemens SiNVR 3 Central Control Server HTTP Service |
CVE-2019-18339 |
privilege escalation |
Siemens SiNVR 3 Central Control Server SFTP Service |
CVE-2019-18342 |
weak authentication |
Siemens SiNVR 3 Central Control Server |
CVE-2019-18341 |
DIRECTORY TRAVERSAL |
Siemens SiNVR 3 Central Control Server XML Data |
CVE-2019-18338 |
weak authentication |
Siemens SiNVR 3 Central Control Server XML Data |
CVE-2019-18337 |
Code Execution |
Siemens SPPA-T3000 Application Server AdminService |
CVE-2019-18283 |
privilege escalation |
Siemens SPPA-T3000 Application Server AdminService |
CVE-2019-18284 |
privilege escalation |
Siemens SPPA-T3000 Application Server File Upload |
CVE-2019-18320 |
Code Execution |
Siemens SPPA-T3000 Application Server RMI interface Remote |
CVE-2019-18288 |
Code Execution |
Siemens SPPA-T3000 Application Server RMI Remote |
CVE-2019-18314 |
Code Execution |
Siemens SPPA-T3000 Application Server Service Port 1099 Remote |
CVE-2019-18316 |
Code Execution |
Siemens SPPA-T3000 Application Server Service Port 8888 Remote |
CVE-2019-18315 |
privilege escalation |
Siemens SPPA-T3000 MS3000 Migration Server |
CVE-2019-18309 |
privilege escalation |
Siemens SPPA-T3000 MS3000 Migration Server |
CVE-2019-18308 |
privilege escalation |
Siemens SPPA-T3000 MS3000 Migration Server |
CVE-2019-18297 |
Code Execution |
Siemens SPPA-T3000 MS3000 Migration Server RPC Service Remote |
CVE-2019-18313 |
privilege escalation |
Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 |
CVE-2019-18322 |
Code Execution |
Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote |
CVE-2019-18330 |
Code Execution |
Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote |
CVE-2019-18329 |
Code Execution |
Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote |
CVE-2019-18328 |
Code Execution |
Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote |
CVE-2019-18327 |
Code Execution |
Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote |
CVE-2019-18325 |
Code Execution |
Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote |
CVE-2019-18324 |
Code Execution |
Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote |
CVE-2019-18323 |
Code Execution |
Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote |
CVE-2019-18296 |
Code Execution |
Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote |
CVE-2019-18295 |
Code Execution |
Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote |
CVE-2019-18293 |
Code Execution |
Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote |
CVE-2019-18289 |