آسیب‌پذیری‌های حیاتی هفته چهارم مهرماه

در هفته چهارم مهرماه، آسیب‌پذیری‌هایی با سطح خطر بالا در محصولات پرکاربردی از جمله وردپرس، نرم‌افزار Acrobat Reader، محصولات مختلف شرکت سیسکو و اراکل کشف شده‌اند. در دستور sudo نیز که یکی از دستورات کلیدی سیستم عامل لینوکس است، یک آسیب‌پذیری جدی یافت شده است. لطفاً در صورتی که از این محصولات استفاده می‌کنید سریعاً نسبت به به‌روزرسانی آن‌ها اقدام کنید.

آسیب‌پذیری‌های هفته چهارم مهرماه
Request Forgery	WordPress URL Server-Side	CVE-2019-17669 CVE-2019-17670
information disclosure	WordPress Static Query	CVE-2019-17671
privilege escalation	WordPress Cache	CVE-2019-17673
memory corruption	Linux Kernel ps.c rtl_p2p_noa_ie	CVE-2019-17666
memory corruption	Linux Kernel fib6_rules.c fib6_rule_suppress()‎	CVE-2019-18198
privilege escalation	ESET Cyber Security Scheduled Task	CVE-2019-16519
weak authentication	D-Link DIR-412 log_clear.php	CVE-2019-17512
memory corruption	D-Link DIR-880L/DIR-895 fileaccess.cgi	CVE-2017-14948
information disclosure	D-Link DIR-412 Web Interface log_get.php	CVE-2019-17511
unescape memory corruption	GNU Aspell getdata.cpp	CVE-2019-17544
privilege escalation	GNU Guix	CVE-2019-18192
privilege escalation	sudo Runas Restriction	CVE-2019-14287
privilege escalation	Adobe Download Manager	CVE-2019-8071
memory corruption	Adobe Acrobat Reader Pointer Dereference	CVE-2019-8205 CVE-2019-8196 CVE-2019-8195 CVE-2019-8174



privilege escalation	Adobe Acrobat Reader Type Confusion privilege escalation	CVE-2019-8200 CVE-2019-8169 CVE-2019-8167 CVE-2019-8161



race condition	Adobe Acrobat Reader	CVE-2019-8162
memory corruption	Adobe Acrobat Reader	CVE-2019-8166
Heap-based memory corruption	Adobe Acrobat Reader	CVE-2019-8197 CVE-2019-8183 CVE-2019-8170


Use-After-Free	Adobe Acrobat Reader	CVE-2019-8225 CVE-2019-8224 CVE-2019-8223 CVE-2019-8221 CVE-2019-8220 CVE-2019-8219 CVE-2019-8217 CVE-2019-8215 CVE-2019-8214 CVE-2019-8213 CVE-2019-8212 CVE-2019-8211 CVE-2019-8210 CVE-2019-8209 CVE-2019-8208 CVE-2019-8203 CVE-2019-8192 CVE-2019-8188 CVE-2019-8187 CVE-2019-8181 CVE-2019-8180 CVE-2019-8179 CVE-2019-8178 CVE-2019-8177 CVE-2019-8176 CVE-2019-8175
Out-of-Bounds memory corruption	Adobe Acrobat Reader	CVE-2019-8206 CVE-2019-8199 CVE-2019-8191 CVE-2019-8165 CVE-2019-8186 CVE-2019-8171





privilege escalation	Cisco TelePresence Collaboration Endpoint CLI root privilege escalation	CVE-2019-15962
information disclosure	Cisco Identity Services Engine Web-based Management Interface	CVE-2019-15282
privilege escalation	Cisco TelePresence Collaboration Endpoint Privileges privilege escalation	CVE-2019-15277
privilege escalation	Cisco TelePresence Collaboration Endpoint CLI Command	CVE-2019-15275
command injection	Cisco TelePresence Collaboration Endpoint CLI	CVE-2019-15274
cross site scripting	Cisco FirePOWER Management Center Web-based Management Interface	CVE-2019-15270
denial of service	Cisco Wireless LAN Controller SSH Session Management	CVE-2019-15262
denial of service	Cisco Aironet Access Point PPTP VPN Crash	CVE-2019-15261
privilege escalation	Cisco Aironet Access Point URL privilege escalation	CVE-2019-15260
privilege escalation	Cisco SPA100 ATA Web-based Management Interface	CVE-2019-15252 CVE-2019-15251 CVE-2019-15250 CVE-2019-15249 CVE-2019-15248 CVE-2019-15247 CVE-2019-15246 CVE-2019-15245 CVE-2019-15244 CVE-2019-15243 CVE-2019-15242 CVE-2019-15241 CVE-2019-15240












privilege escalation	MuleSoft Mule Runtime Engine Apache Commons Collections Deserialization	CVE-2019-13116
information disclosure	Oracle VM VirtualBox information disclosure	CVE-2019-3031 CVE-2019-3026
denial of service	Oracle VM VirtualBox	CVE-2019-3005 CVE-2019-3002 CVE-2019-2984 CVE-2019-3021



unknown vulnerability	Oracle VM VirtualBox	CVE-2019-2944 CVE-2019-3017 CVE-2019-3028


information disclosure	Oracle Clusterware TFA Collectorjackson-databind	CVE-2019-12814
information disclosure	Oracle Diagnostic Assistant jQuery	CVE-2019-11358
information disclosure	Oracle Agile Product Lifecycle Management for Process jQuery	CVE-2019-11358
unknown vulnerability	Oracle Agile PLM Apache Tomcat	CVE-2019-0232
unknown vulnerability	Oracle Agile Recipe Management for Pharmaceuticals Apache Groovy	CVE-2016-6814
unknown vulnerability	Oracle Solaris Filesystem	CVE-2019-2765
information disclosure	Oracle Fujitsu M10-1 NSS	CVE-2018-12404
unknown vulnerability	Oracle Fujitsu M10-1 USB Driver	CVE-2017-17558
information disclosure	Oracle Fujitsu M10-1 OpenSSH	CVE-2019-6109
denial of service	Oracle Fujitsu M10-1 OpenSSL	CVE-2018-0732
denial of service	Oracle Fujitsu M10-1 Net SNMP denial of service	CVE-2018-18066
denial of service	Oracle Fujitsu M10-1 NTP	CVE-2018-7185
denial of service	Oracle Fujitsu M10-1 glibc	CVE-2015-5180
unknown vulnerability	Oracle Solaris XScreenSaver	CVE-2019-3010
unknown vulnerability	Oracle Fujitsu M10-1 cURL	CVE-2018-1000007
information disclosure	Oracle Siebel UI Framework EAI	CVE-2019-2935
information disclosure	Oracle Siebel UI Framework Apache Tomcat	CVE-2018-8037
information disclosure	Oracle Siebel Mobile Applications jQuery	CVE-2019-11358
information disclosure	Oracle Siebel Core - DB Deployment and Configuration Install Configuration	CVE-2019-2965
information disclosure	Oracle Retail Xstore Point of Service jackson-databind	CVE-2019-10247
information disclosure	Oracle Retail Xstore Office Internal Operations	CVE-2018-3300
information disclosure	Oracle Segment	CVE-2019-2884
information disclosure	Oracle MICROS Relate CRM Software Internal Operations	CVE-2019-2896
information disclosure	Oracle Retail Customer Insights jQuery	CVE-2019-11358
information disclosure	Oracle Retail Xstore Point of Service jackson-databind	CVE-2019-12086
denial of service	Oracle Retail Integration Bus Spring Framework	CVE-2018-15756
unknown vulnerability	Oracle MICROS Relate CRM Software Apache Tomcat	CVE-2019-0232
unknown vulnerability	Oracle Retail Xstore Point of Service jackson-databind	CVE-2019-14379
unknown vulnerability	Oracle MICROS Retail XBRi Loss Prevention jackson-databind	CVE-2018-19362
information disclosure	Oracle Policy Automation for Mobile Devices jQuery	CVE-2019-11358
information disclosure	Oracle Policy Automation Connector for Siebel jQuery	CVE-2019-11358
information disclosure	Oracle Policy Automation jQuery	CVE-2019-11358
unknown vulnerability	Oracle Policy Automation Connector for Siebel Apache Axis	CVE-2019-0227
information disclosure	Oracle PeopleSoft Enterprise PeopleTools Integration Broker	CVE-2019-3015
information disclosure	Oracle PeopleSoft Enterprise HCM Human Resources US Federal Specific	CVE-2019-2951
unknown vulnerability	Oracle PeopleSoft Enterprise PeopleTools Stylesheet	CVE-2019-3023
information disclosure	Oracle PeopleSoft Enterprise SCM eProcurement	CVE-2019-3001
information disclosure	Oracle PeopleSoft Enterprise PeopleTools jQuery	CVE-2019-11358 CVE-2019-2931 CVE-2019-2929


information disclosure	Oracle PeopleSoft Enterprise PeopleTools Performance Monitor	CVE-2019-3014
information disclosure	Oracle PeopleSoft Enterprise PeopleTools Fluid Core	CVE-2019-2985
information disclosure	Oracle PeopleSoft Enterprise PeopleTools Fluid Core	CVE-2019-2915
information disclosure	Oracle PeopleSoft Enterprise PeopleTools Tree Manager	CVE-2019-2932
unknown vulnerability	Oracle PeopleSoft Enterprise PeopleTools libssh2	CVE-2019-3862
unknown vulnerability	Oracle PeopleSoft Enterprise PeopleTools Apache Xerces	CVE-2016-0729
information disclosure	Oracle MySQL Workbench OpenSSL	CVE-2019-1549
information disclosure	Oracle MySQL Server Encryption	CVE-2019-2924
information disclosure	Oracle MySQL Server Encryption	CVE-2019-2923
information disclosure	Oracle MySQL Server Encryption	CVE-2019-2922
denial of service	Oracle MySQL Server C API	CVE-2019-2993
denial of service	Oracle MySQL Connectors Connector/ODBC	CVE-2019-2920
unknown vulnerability	Oracle MySQL Server Optimizer	CVE-2019-2991
information disclosure	Oracle MySQL Server Client programs	CVE-2019-2969

خدمات آپا

سایر آسیب پذیری ها

آسیب‌پذیری‌های حیاتی هفته چهارم مهرماه