آسیبپذیریهای حیاتی هفته سوم دیماه
این هفته آسیبپذیریهای با سطح خطر بالا در مرررگرهای فایرفاکس و گوگل کروم شناسایی شده است. در برخی از ابزارهای PHP مانند phpMyAdmin آسیبپذیریهای از توع تزریق SQL پیدا شده است. در سامانه مدیریت محتوای وردپرس نیز دو آسیبپذیریهایی مهم کشف شده است. یکی از افزونههای معروف این سامانه نیز به نام Email Subscribers & Newsletters آسیبپذیر شناخته شده است. از دیگر محصولات مهم و کاربردی که در این هفته آسیبپذیر شناخته شدهاند میتوان به کتابخانۀ Apache Olingo، آنتیویروس کسپراسکی، نرمافزار نیترو، نرمافزار E2fsprogs (در سیستمعامل لینوکس) و مودمهای TP-LINK و D-Link اشاره کرد.
نوع آسیبپذیری |
محصول آسیبپذیر |
شناسه آسیبپذیری |
Server-Side Request Forgery |
Apache Olingo URL AsyncRequestWrapperImpl |
CVE-2020-1925 |
privilege escalation |
Billion Smart Energy Router SG600R2 system_command.asp |
CVE-2019-14920 |
privilege escalation |
Billion Smart Energy Router SG600R2 Telnet Service Default Admin Password |
CVE-2019-14919 |
memory corruption |
bftpd File Transfer Off-By-One |
CVE-2020-6835 |
memory corruption |
Broadcom Cablemodem Kernel |
CVE-2019-19494 |
memory corruption |
D-Link DCS-960L HNAP Service Stack-based |
CVE-2019-17146 |
privilege escalation |
Dell RSA Authentication Manager XML Data |
CVE-2019-3768 |
cross site scripting |
Dell EMC Unisphere for PowerMax/PowerMax OS |
CVE-2019-18588 |
Remote code execution |
E2fsprogs |
- |
sql injection |
Email Subscribers & Newsletters |
CVE-2019-20361 |
information disclosure |
Fortinet FortiSIEM External Authentication Profile Form Password |
|
memory corruption |
FontForge sfd.c SFD_GetFontMetaData |
CVE-2020-5395 |
memory corruption |
FontForge splinesave.c Type2NotDefSplines() |
CVE-2020-5496 |
privilege escalation |
GitLab Community Edition/Enterprise Edition Access Control |
CVE-2019-19260 |
privilege escalation |
GitLab Enterprise Edition Access Control |
CVE-2019-19312 |
privilege escalation |
GitLab Enterprise Edition Access Control |
CVE-2019-19309 |
Remote code execution |
GitLab Enterprise Edition Maven Package Registry |
CVE-2019-19628 |
privilege escalation |
GitLab Enterprise Edition Permission |
CVE-2019-19263 |
privilege escalation |
GitLab Enterprise Edition Permission |
CVE-2019-19262 |
Server-Side Request Forgery |
GitLab Enterprise Edition |
CVE-2019-19261 |
weak authentication |
give Plugin API |
CVE-2019-20360 |
memory corruption |
GNU LibreDWG bits.c bit_search_sentinel |
CVE-2020-6613 |
memory corruption |
GNU LibreDWG decode.c bfr_read |
CVE-2020-6614 |
memory corruption |
GNU LibreDWG decode_r2007.c copy_compressed_bytes |
CVE-2020-6612 |
memory corruption |
GNU LibreDWG decode_r2007.c read_pages_map |
CVE-2020-6609 |
privilege escalation |
Google Android ActivityManagerService.java getProcessRecordLocked |
CVE-2020-0001 |
memory corruption |
Google Android ih264d_api.c ih264d_init_decoder |
CVE-2020-0002 |
privilege escalation |
Google Android InstallStart.java onCreate |
CVE-2020-0003 |
memory corruption |
Google Android Shared Memory ashmem.c calc_vm_may_flags |
CVE-2020-0009 |
memory corruption |
Google Chrome Content Delivery Manager Use-After-Free |
CVE-2019-13765 |
memory corruption |
Google Chrome Swiftshader Out-of-Bounds |
CVE-2019-5846 CVE-2019-5845 CVE-2019-5844 |
memory corruption |
Google Chrome Use-After-Free |
CVE-2019-13766 |
memory corruption |
Google Chrome Audio Use-After-Free |
CVE-2020-6377 |
privilege escalation |
HP Access Control |
CVE-2019-6330 |
privilege escalation |
hot-formula-parser Package grammar-parser.jison parse |
CVE-2020-6836 |
denial of service |
Huawei Product MPLS Echo Request Message |
CVE-2019-5304 |
privilege escalation |
Huawei Mate 20 |
CVE-2020-1787 |
privilege escalation |
Huawei Mate 20 Pro APK File |
CVE-2020-1786 |
information disclosure |
IBM QRadar SIEM |
CVE-2019-4559 |
cross site scripting |
Ignite Realtime Openfire |
CVE-2019-20366 CVE-2019-20363 |
cross site scripting |
Ignite Realtime Openfire Search Page |
CVE-2019-20365 |
cross site scripting |
Ignite Realtime Openfire SystemCacheDetails.jsp |
CVE-2019-20364 |
weak authentication |
Intelbras IWR 3000N IP Address |
CVE-2019-20004 |
memory corruption |
Kyrol Internet Security Driver kyrld.sys |
CVE-2019-19820 |
privilege escalation |
keycloack Reset Password |
CVE-2019-14837 |
|
Kaspersky Generic Malformed Archive bypass (ZIP compressed size) |
- |
denial of service |
Linux Kernel KVM Hypervisor kvm |
CVE-2019-19332 |
privilege escalation |
LTSP LDM Shell |
CVE-2019-20373 |
Remote code execution |
MongoDB using ‘toBSON’ method |
CVE-2019-10758 |
privilege escalation |
Mozilla Firefox Content Security Policy Cross-Origin |
CVE-2019-17000 |
privilege escalation |
Mozilla Firefox Content Security Policy |
CVE-2019-17020 |
privilege escalation |
Mozilla Firefox Content Security Policy |
CVE-2019-17002 |
information disclosure |
Mozilla Firefox Image Cross-Origin |
CVE-2019-17014 |
memory corruption |
Mozilla Firefox |
CVE-2019-17025 CVE-2019-17013 |
cross site scripting |
Mozilla Firefox Object Tag |
CVE-2019-17001 |
privilege escalation |
Mozilla Firefox Permission |
CVE-2019-11765 |
information disclosure |
Mozilla Firefox Private Browsing |
CVE-2019-17018 |
privilege escalation |
Mozilla Firefox Python |
CVE-2019-17019 |
memory corruption |
Mozilla Firefox Soft Token Session Use-After-Free |
CVE-2019-11756 |
unknown vulnerability |
Mozilla Firefox TLS 1.3 |
CVE-2019-17023 |
privilege escalation |
Mozilla Firefox/Firefox ESR Clipboard Injection |
CVE-2019-17016 |
memory corruption |
Mozilla Firefox/Firefox ESR Heap-based |
CVE-2019-17021 |
memory corruption |
Mozilla Firefox/Firefox ESR |
CVE-2019-17024 CVE-2019-17015 |
cross site scripting |
Mozilla Firefox/Firefox ESR Rich Text Editor |
CVE-2019-17022 |
denial of service |
Mozilla Firefox/Firefox ESR Type Confusion |
CVE-2019-17017 |
memory corruption |
Mozilla Firefox/Firefox ESR/Thunderbird 360 Total Security |
CVE-2019-11758 |
memory corruption |
Mozilla Firefox/Firefox ESR/Thunderbird Antitracking Use-After-Free |
CVE-2019-17011 |
memory corruption |
Mozilla Firefox/Firefox ESR/Thunderbird Block Cipher NSC_EncryptUpdate |
CVE-2019-11745 |
privilege escalation |
Mozilla Firefox/Firefox ESR/Thunderbird Cross-Origin |
CVE-2019-11762 |
cross site scripting |
Mozilla Firefox/Firefox ESR/Thunderbird Entity Parser |
CVE-2019-11763 |
memory corruption |
Mozilla Firefox/Firefox ESR/Thunderbird HMAC Stack-based |
CVE-2019-11759 |
memory corruption |
Mozilla Firefox/Firefox ESR/Thunderbird |
CVE-2019-17012 CVE-2019-11764 |
memory corruption |
Mozilla Firefox/Firefox ESR/Thunderbird Plain Text Serializer |
CVE-2019-17005 |
memory corruption |
Mozilla Firefox/Firefox ESR/Thunderbird Resist Fingerprinting Use-After-Free |
CVE-2019-17010 |
privilege escalation |
Mozilla Firefox/Firefox ESR/Thunderbird Sandbox |
CVE-2019-9812 |
privilege escalation |
Mozilla Firefox/Firefox ESR/Thunderbird Updater Service |
CVE-2019-17009 |
privilege escalation |
Mozilla Firefox/Firefox ESR/Thunderbird URI |
CVE-2019-11761 |
memory corruption |
Mozilla Firefox/Firefox ESR/Thunderbird Value Prototype Use-After-Free |
CVE-2019-11757 |
memory corruption |
Mozilla Firefox/Firefox ESR/Thunderbird WebRTC Stack-based |
CVE-2019-11760 |
memory corruption |
Mozilla Firefox/Firefox ESR/Thunderbird Worker Use-After-Free |
CVE-2019-17008 |
memory corruption |
Nitro Free PDF Reader Unicode npdf.dll PDAnnotHandlerDestroyData2+0x2e8a |
CVE-2019-19817 |
unknown vulnerability |
Nitro Free PDF Reader Unicode npdf.dll PDAnnotHandlerDestroyData2+0x90ec |
CVE-2019-19819 |
privilege escalation |
OpenShift Container Platform 3 CRI-O |
CVE-2019-14819 |
sql injection |
PHP Scripts Mall advanced-real-estate-script news_edit.php |
CVE-2019-20337 |
sql injection |
PHPGurukul Hospital Management System in PHP |
CVE-2020-5192 |
sql injection |
PHPGurukul Dairy Farm Shop Management System index.php |
CVE-2020-5307 |
sql injection |
PHPGurukul Management System full-profile.php |
CVE-2020-5510 |
sql injection |
PHPGurukul Small CRM Administrator Login Page |
CVE-2020-5511 |
sql injection |
phpMyAdmin |
CVE-2020-5504 |
memory corruption |
Red Hat SDL Heap-based |
CVE-2019-14906 |
memory corruption |
SQLite INSERT INTO zipfile.c |
CVE-2019-19959 |
privilege escalation |
Tencent WeChat |
CVE-2019-17151 |
memory corruption |
TP-LINK TL-WR841N Web Service |
CVE-2019-17147 |
privilege escalation |
WordPress REST API |
CVE-2019-16788 |
cross site scripting |
WordPress wp_targeted_link_rel() |
CVE-2019-16773 |