info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته سوم آذرماه

این هفته سه‌شنبه‌های به‌روزرسانی مایکروسافت در ماه دسامبر را سپری کردیم که در دومین سه‌شنبه هر ماه اتفاق می‌افتد. در این روز شرکت مایکروسافت به‌روزرسانی‌های لازم را برای محصولات خود منتشر می‌کند. مهم‌ترین این آسیب‌پذیری‌ها مربوط به ویندوز، مرورگر اینترنت اکسپلورر، پاورپوینت و نرم‌افزار ویژوال استودیو بوده است. اما علاوه بر محصولات مایکروسافت، آسیب‌پذیری‌های متعددی دیگر نیز کشف شده است که از جمله آن‌ها می‌توان به آسیب‌پذیری فریم‌ورک وردپرس، نرم‌افزار پایتون، مرورگر گوگل کروم، سیستم‌عامل لینوکس و نرم‌افزارهای Adobe Acrobat اشاره کرد. لطفاً هرچه سریع‌تر این نرم‌افزارها را به‌روزرسانی کنید.

نوع آسیب‌پذیری

محصولات آسیب‌پذیر

شناسه آسیب‌پذیری

weak encryption

Linux/FreeBSD/OpenBSD/MacOS/iOS/Android VPN

CVE-2019-14899

memory corruption

Linux Kernel f2fs Filesystem Image segment.c f2fs_build_segment_manager

CVE-2019-19449

memory corruption

Linux Kernel btrfs Filesystem free-space-cache.c try_merge_free_space  

CVE-2019-19448

memory corruption

Linux Kernel ext4 Filesystem Image super.c ext4_put_super  

CVE-2019-19447

memory corruption

Linux Kernel blktrace.c __blk_add_trace  

CVE-2019-19768

memory corruption

Linux Kernel inode.c debugfs_remov  

CVE-2019-19770

memory corruption

Linux Kernel inode.c ext4_xattr_set_entry  

CVE-2019-19767

memory corruption

Linux Kernel lock.h perf_trace_lock_acquire  

CVE-2019-19769

privilege escalation

IBM DataPower Gateway IPMI LAN Channel

CVE-2019-4621

privilege escalation

IBM Planning Analytics My Account Portal File Upload

CVE-2019-4612

request forgery

IBM Cloud Pak System cross site

CVE-2019-4095

privilege escalation

IBM Cloud Pak System Platform System Manager CSV Injection

CVE-2019-4521

privilege escalation

IBM SmartCloud Analytics Zookeeper

CVE-2019-4244

privilege escalation

IBM Spectrum Scale Command

CVE-2019-4715

privilege escalation

IBM DB2 High Performance Unload

CVE-2019-4606

privilege escalation

Symantec Industrial Control System Protection

CVE-2019-18380

request forgery

Symantec Messaging Gateway Server-Side

CVE-2019-18379

privilege escalation

Symantec Messaging Gateway

CVE-2019-18377

memory corruption

Adobe Acrobat Reader   

CVE-2019-16462

memory corruption

Adobe Acrobat Reader Heap-based  

CVE-2019-16451

memory corruption

Adobe Acrobat Reader Out-of-Bounds  

CVE-2019-16454

memory corruption

Adobe Acrobat Reader Out-of-Bounds  

CVE-2019-16450

memory corruption

Adobe Acrobat Reader Pointer Dereference  

CVE-2019-16463

memory corruption

Adobe Acrobat Reader Pointer Dereference  

CVE-2019-16460

memory corruption

Adobe Acrobat Reader Pointer Dereference  

CVE-2019-16455

memory corruption

Adobe Acrobat Reader Pointer Dereference  

CVE-2019-16446

privilege escalation

Adobe Acrobat Reader

CVE-2019-16453

privilege escalation

Adobe Acrobat Reader

CVE-2019-16444

memory corruption

Adobe Acrobat Reader Use-After-Free  

CVE-2019-16464

memory corruption

Adobe Acrobat Reader Use-After-Free  

CVE-2019-16459

memory corruption

Adobe Acrobat Reader Use-After-Free  

CVE-2019-16452

memory corruption

Adobe Acrobat Reader Use-After-Free  

CVE-2019-16448

memory corruption

Adobe Acrobat Reader Use-After-Free  

CVE-2019-16445

privilege escalation

Google Chrome Blink

CVE-2019-13741

memory corruption

Google Chrome Bluetooth Use-After-Free  

CVE-2019-13725

Download spoofing

Google Chrome

CVE-2019-13762

privilege escalation

Google Chrome Extension

CVE-2019-13754

memory corruption

Google Chrome Heap-based  

CVE-2019-13747

Domain spoofing

Google Chrome interstitials

CVE-2019-13759

memory corruption

Google Chrome Javascript Heap-based  

CVE-2019-13764

memory corruption

Google Chrome Javascript Heap-based  

CVE-2019-13730

memory corruption

Google Chrome Javascript Out-of-Bounds  

CVE-2019-5843

memory corruption

Google Chrome Javascript Out-of-Bounds  

CVE-2019-5841

memory corruption

Google Chrome Javascript Out-of-Bounds  

CVE-2019-13735

memory corruption

Google Chrome Javascript Out-of-Bounds

CVE-2019-13728

privilege escalation

Google Chrome Navigation

CVE-2019-13758

Address spoofing

Google Chrome Omnibox

CVE-2019-13749

Domain spoofing

Google Chrome Omnibox

CVE-2019-13761

Domain spoofing

Google Chrome Omnibox

CVE-2019-13757

Domain spoofing

Google Chrome Omnibox

CVE-2019-13742

spoofing

Google Chrome Omnibox

CVE-2019-13672

URL spoofing

Google Chrome Omnibox

CVE-2019-13746

memory corruption

Google Chrome Password Manager

CVE-2019-13726

memory corruption

Google Chrome PDFium Integer Overflow

CVE-2019-13736

Domain spoofing

Google Chrome Policy Enforcement

CVE-2019-13739

Domain spoofing

Google Chrome Policy Enforcement

CVE-2019-13738

Domain spoofing

Google Chrome Security UI

CVE-2019-13756

Domain spoofing

Google Chrome Security UI

CVE-2019-13740

spoofing

Google Chrome Security UI

CVE-2019-13743

information disclosure

Google Chrome SQLite Out-of-Bounds

CVE-2019-13753

memory corruption

Google Chrome SQLite Out-of-Bounds

CVE-2019-13734

privilege escalation

Google Chrome SQLite

CVE-2019-13750

memory corruption

Google Chrome WebAudio Use-After-Free

CVE-2019-13732

privilege escalation

Google Chrome WebSocket Same-Origin Policy

CVE-2019-13727

memory corruption

Google Chrome WebSocket Use-After-Free

CVE-2019-13729

memory corruption

Microsoft Internet Explorer VBScript

CVE-2019-1485

memory corruption

Microsoft Office PowerPoint

CVE-2019-1462

privilege escalation

Microsoft Visual Studio Git

CVE-2019-1387

privilege escalation

Microsoft Visual Studio Git

CVE-2019-1354

privilege escalation

Microsoft Visual Studio Git

CVE-2019-1352

privilege escalation

Microsoft Visual Studio Git

CVE-2019-1350

privilege escalation

Microsoft Visual Studio Git

CVE-2019-1349

privilege escalation

Microsoft Visual Studio

CVE-2019-1486

privilege escalation

Microsoft Windows AppX Deployment Server

CVE-2019-1483

privilege escalation

Microsoft Windows AppX Deployment Service

CVE-2019-1476

privilege escalation

Microsoft Windows COM Server

CVE-2019-1478

information disclosure

Microsoft Windows Hyper-V

CVE-2019-1470

memory corruption

Microsoft Windows Hyper-V

CVE-2019-1471

privilege escalation

Microsoft Windows OLE

CVE-2019-1484

privilege escalation

Microsoft Windows Printer Service

CVE-2019-1477

denial of service

Microsoft Windows Remote Desktop Protocol

CVE-2019-1453

memory corruption

Microsoft Windows Win32k Graphics

CVE-2019-1468

memory corruption

Microsoft Windows Win32k

CVE-2019-1458

privilege escalation

Microsoft Visual Studio Git

CVE-2019-1351

XML External Entity

modoboa-dmarc Plugin XML Data

CVE-2019-19702

weak authentication

Monkey HTTP Daemon auth.c

CVE-2013-2159

privilege escalation

Monkey HTTP Daemon

CVE-2013-2183

weak encryption

python-keystoneclient Memcache

CVE-2013-2167

weak encryption

python-keystoneclient Memcache

CVE-2013-2166

privilege escalation

McAfee Tech Check Microsoft Windows Client

CVE-2019-3667

memory corruption

Advantech WebAccess Stack-based

CVE-2019-3951

privilege escalation

Apache SpamAssassin CF File

CVE-2018-11805

memory corruption

Qualcomm Snapdragon Auto Camera race condition

CVE-2019-10494

memory corruption

Qualcomm Snapdragon Auto Command

CVE-2019-10484

memory corruption

Qualcomm Snapdragon Auto Data Truncation

CVE-2019-10530

memory corruption

Qualcomm Snapdragon Auto EMM

CVE-2019-2337

memory corruption

Qualcomm Snapdragon Auto GSNDCP Compressed Mode

CVE-2019-10511

memory corruption

Qualcomm Snapdragon Auto HLOS

CVE-2019-2321

memory corruption

Qualcomm Snapdragon Auto HLOS

CVE-2019-2319

memory corruption

Qualcomm Snapdragon Auto Image

CVE-2019-2338

memory corruption

Qualcomm Snapdragon Auto

CVE-2019-10555

memory corruption

Qualcomm Snapdragon Auto OGG File NULL Pointer Dereference

CVE-2019-10559

memory corruption

Qualcomm Snapdragon Auto Out-of-Bounds

CVE-2019-2320

memory corruption

Qualcomm Snapdragon Auto Out-of-Bounds

CVE-2019-2310

memory corruption

Qualcomm Snapdragon Auto QDCM API Integer Overflow

CVE-2019-10592

memory corruption

Qualcomm Snapdragon Auto Snapshot

CVE-2019-10571

memory corruption

Qualcomm Snapdragon Auto TZ Out-of-Bounds

CVE-2019-2288

privilege escalation

Qualcomm Snapdragon Connectivity Driver

CVE-2019-10618

memory corruption

Siemens EN100 Ethernet Module DNP3 Webserver

CVE-2019-13942

weak authentication

Siemens SiNVR 3 Central Control Server HTTP Service

CVE-2019-18339

privilege escalation

Siemens SiNVR 3 Central Control Server SFTP Service

CVE-2019-18342

weak authentication

Siemens SiNVR 3 Central Control Server

CVE-2019-18341

DIRECTORY TRAVERSAL

Siemens SiNVR 3 Central Control Server XML Data

CVE-2019-18338

weak authentication

Siemens SiNVR 3 Central Control Server XML Data

CVE-2019-18337

Code Execution

Siemens SPPA-T3000 Application Server AdminService

CVE-2019-18283

privilege escalation

Siemens SPPA-T3000 Application Server AdminService

CVE-2019-18284

privilege escalation

Siemens SPPA-T3000 Application Server File Upload

CVE-2019-18320

Code Execution

Siemens SPPA-T3000 Application Server RMI interface Remote

CVE-2019-18288

Code Execution

Siemens SPPA-T3000 Application Server RMI Remote

CVE-2019-18314

Code Execution

Siemens SPPA-T3000 Application Server Service Port 1099 Remote

CVE-2019-18316

Code Execution

Siemens SPPA-T3000 Application Server Service Port 8888 Remote

CVE-2019-18315

privilege escalation

Siemens SPPA-T3000 MS3000 Migration Server

CVE-2019-18309

privilege escalation

Siemens SPPA-T3000 MS3000 Migration Server

CVE-2019-18308

privilege escalation

Siemens SPPA-T3000 MS3000 Migration Server

CVE-2019-18297

Code Execution

Siemens SPPA-T3000 MS3000 Migration Server RPC Service Remote

CVE-2019-18313

privilege escalation

Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010

CVE-2019-18322

Code Execution

Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote

CVE-2019-18330

Code Execution

Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote

CVE-2019-18329

Code Execution

Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote

CVE-2019-18328

Code Execution

Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote

CVE-2019-18327

Code Execution

Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote

CVE-2019-18325

Code Execution

Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote

CVE-2019-18324

Code Execution

Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote

CVE-2019-18323

Code Execution

Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote

CVE-2019-18296

Code Execution

Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote

CVE-2019-18295

Code Execution

Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote

CVE-2019-18293

Code Execution

Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote

CVE-2019-18289