info[at]nsec.ir
(+۹۸)-۳۱-۳۳۹۱۵۳۳۶

آسیب‌پذیری‌های حیاتی هفته چهارم اسفندماه

این هفته در محصولات بسیار مهم زیمنس (از جمله کنترل‌کننده‌های صنعتی زیمنس) چندین آسیب‌پذیری با سطح خطر «حیاتی» و «بالا» شناسایی شد. همچنین محصولات پرکاربرد شرکت‌های VMware، Apache و McAfee نیز چندین آسیب‌پذیری حیاتی داشتند. افزونۀ پرکاربرد WordPress Popup Builder نیز چندین آسیب‌پذیری با سطح خطر «حیاتی» داشت. امّا شاید مهم‌ترین آسیب‌پذیری این هفته، آسیب‌پذیری در پروتکل SMB ویندوز بودکه امنیت کاربران بیشماری را به خطر انداخته و هنوز وصله‌ای برای آن ارائه نشده است.

نوع آسیب‌پذیری

محصول آسیب‌پذیر

شناسه آسیب‌پذیری

Privilege Escalation

Ansible Engine Playbook

CVE-2020-1733

Information Disclosure

Ansible svn Command Line

CVE-2020-1739

Code Execution

Apache Commons Configuration YAML File Parser

CVE-2020-1953

Remote Code Execution

Apache ShardingSphere Web Console

CVE-2020-1947

Denial of Service

C++ Facebook Thrift Message Memory Exhaustion

CVE-2019-3553

Information Disclosure

Dell EMC XtremIO XMS

CVE-2019-18576

Privilege Escalation

Dell EMC XtremIO XMS Permission

CVE-2019-18577

Cross Site Scripting

Dell EMC XtremIO XMS Web Application Stored

CVE-2019-18578

Cross Site Scripting

Dell Wyse Management Suite Stored

CVE-2019-3770

Cross Site Scripting

Dell Wyse Management Suite Stored

CVE-2019-3769

Unknown Vulnerability

DEVOME GRR File Upload admin_edit_room.php

CVE-2020-10562

Unknown Vulnerability

DEVOME GRR frmcontactlist.php

CVE-2020-10563

Privilege Escalation

Dojo deepCopy

CVE-2020-5258

Privilege Escalation

dojox jqMix

CVE-2020-5259

Information Disclosure

Eclipse Theia Mini-Browser

CVE-2019-17636

Directory Traversal

File Upload Plugin wfu_include_lib

CVE-2020-10564

Cross Site Scripting

Fortinet FortiADC Stored

CVE-2019-6699

Cross Site Scripting

Fortinet FortiIsolator

CVE-2020-6643

Information Disclosure

Fortinet FortiWeb CLI

CVE-2019-16157

Privilege Escalation

GitLab Community Edition

CVE-2020-10535

Privilege Escalation

GitLab Community Edition/Enterprise Edition Access Control

CVE-2020-10081

Privilege Escalation

GitLab Community Edition/Enterprise Edition Access Control

CVE-2020-10074

Information Disclosure

GitLab Community Edition/Enterprise Edition Badge Image

CVE-2020-10087

Information Disclosure

GitLab Community Edition/Enterprise Edition Contribution Analytics Page

CVE-2020-10080

Cross Site Scripting

GitLab Community Edition/Enterprise Edition

CVE-2020-10091

Cross Site Scripting

GitLab Community Edition/Enterprise Edition

CVE-2020-10075

Denial of Service

GitLab Community Edition/Enterprise Edition

CVE-2020-10089

Denial of Service

GitLab Community Edition/Enterprise Edition

CVE-2020-10082

Directory Traversal

GitLab Community Edition/Enterprise Edition Endpoint

CVE-2020-10086

Cross Site Scripting

GitLab Community Edition/Enterprise Edition Grafana Integration

CVE-2020-10092

Information Disclosure

GitLab Community Edition/Enterprise Edition

CVE-2020-10090

Information Disclosure

GitLab Community Edition/Enterprise Edition

CVE-2020-10085

Privilege Escalation

GitLab Community Edition/Enterprise Edition Permission

CVE-2020-10088

Privilege Escalation

GitLab Community Edition/Enterprise Edition Permission

CVE-2020-10083

Cross Site Scripting

GitLab Community Edition/Enterprise Edition Stored

CVE-2020-10078

Cross Site Scripting

GitLab Community Edition/Enterprise Edition Stored

CVE-2020-10076

Weak Authentication

GitLab Community Edition/Enterprise Edition Two-factor Authentication

CVE-2020-10079

Denial of Service

GitLab Enterprise Edition Color Codes Decoder Resource Exhaustion

CVE-2019-13010

Denial of Service

GitLab Enterprise Edition

CVE-2020-10073

Information Disclosure

GitLab Enterprise Edition Endpoint

CVE-2020-10084

Server-Side Request Forgery

GitLab Enterprise Edition Project

CVE-2019-13121

Server-Side Request Forgery

GitLab Enterprise Edition

CVE-2020-10077

Weak Authentication

GitLab Enterprise Edition

CVE-2019-13011

Information Disclosure

Google Android ActivityManagerService.java getProcessPss

CVE-2020-0087

memory corruption

Google Android binder.c binder_transaction

CVE-2020-0041

Information Disclosure

Google Android btm_ble_batchscan.cc btm_ble_batchscan_filter_track_adv_vse_cback

CVE-2020-0059

Information Disclosure

Google Android btm_inq.cc btm_process_inq_results

CVE-2020-0057

Information Disclosure

Google Android btu_hcif.cc btu_hcif_connection_comp_evt

CVE-2020-0056

memory corruption

Google Android CryptoPlugin.cpp decrypt

CVE-2020-0033

Information Disclosure

Google Android decodeframe.c vp8_decode_frame

CVE-2020-0034

memory corruption

Google Android DrmPlugin.cpp releaseSecureStops

CVE-2020-0046

Information Disclosure

Google Android Euicc

CVE-2020-0062

Information Disclosure

Google Android fpc_ta_hw_auth.c authorize_enrol

CVE-2020-0043

memory corruption

Google Android fpc_ta_hw_auth.c get_auth_result

CVE-2020-0011

Information Disclosure

Google Android fpc_ta_hw_auth_qsee.c fpc_ta_hw_auth_unwrap_key

CVE-2020-0042

memory corruption

Google Android fpc_ta_kpi.c fpc_ta_get_build_info

CVE-2020-0010

memory corruption

Google Android fpc_ta_pn.c fpc_ta_pn_get_unencrypted_image

CVE-2020-0012

Information Disclosure

Google Android fpc_ta_qc_auth.c set_nonce

CVE-2020-0044

memory corruption

Google Android hidl_struct_util.cpp convertHidlNanDataPathIndicationResponseToLegacy

CVE-2020-0053

Information Disclosure

Google Android IAudioFlinger.cpp onTransact

CVE-2020-0048

memory corruption

Google Android ih264d_utils.c ih264d_release_display_bufs

CVE-2020-0032

Information Disclosure

Google Android l2c_link.cc l2c_link_process_num_completed_pkts

CVE-2020-0055

Information Disclosure

Google Android l2c_main.cc l2c_rcv_acl_data

CVE-2020-0058

Privilege Escalation

Google Android Lock Screen AnswerFragment.java smsSelected

CVE-2020-0052

memory corruption

Google Android MediaTek Command Queue Driver Out-of-Bounds

CVE-2020-0069

memory corruption

Google Android netlink Driver Out-of-Bounds

CVE-2020-0066

memory corruption

Google Android NFC nfa_hci_utils.cc nfa_hciu_send_msg

CVE-2020-0050

Information Disclosure

Google Android NFC rw_i93.cc rw_i93_sm_set_read_only

CVE-2020-0037

Unknown Vulnerability

Google Android Permission Check AudioService.java setMasterMute

CVE-2020-0047

Privilege Escalation

Google Android Permission Check NotificationManagerService.java

CVE-2020-0084

Privilege Escalation

Google Android Permission Check PanService.java setBluetoothTethering

CVE-2020-0085

Information Disclosure

Google Android Permission Check TelephonyProvider.java query

CVE-2020-0035

Privilege Escalation

Google Android Permission PermissionMonitor.java hasPermissions

CVE-2020-0036

Information Disclosure

Google Android Pixel Recorder

CVE-2020-0061

Information Disclosure

Google Android rw_i93.cc rw_i93_sm_update_ndef

CVE-2020-0039

Information Disclosure

Google Android rw_i93.cc rw_i93_sm_update_ndef

CVE-2020-0038

Information Disclosure

Google Android Session.java triggerAugmentedAutofillLocked

CVE-2020-0031

Privilege Escalation

Google Android SettingsHomepageActivity

CVE-2020-0051

Privilege Escalation

Google Android SmsProvider.java query

CVE-2020-0060

Denial of Service

Google Android sta_network.cpp setRequirePmfInternal

CVE-2020-0083

memory corruption

Google Android StatsService.cpp command

CVE-2020-0045

Information Disclosure

Google Android StreamingSource.cpp onReadBuffer()‎

CVE-2020-0049

Privilege Escalation

Google Android Surfaceflinger

CVE-2020-0063

Information Disclosure

Google Android WifiConfigManager

CVE-2020-0029

Privilege Escalation

Google Android WifiNetworkSuggestionsManager.java WifiNetworkSuggestionsManager

CVE-2020-0054

Code Execution

grub2-bhyve grub2.cfg

CVE-2020-10565

memory corruption

grub2-bhyve grub2.cfg

CVE-2020-10566

Information Disclosure

Huawei Honor V30

CVE-2020-9064

memory corruption

Huawei USG6000V JSON Parser Out-of-Bounds

CVE-2020-1863

Cross Site Scripting

IBM InfoSphere Information Server Web UI

CVE-2020-4162

Cross Site Scripting

IBM Tivoli Workload Scheduler Web UI

CVE-2019-4608

Privilege Escalation

Kantech EntraPass Global Edition SmartService API

CVE-2019-7589

Information Disclosure

Kyocera ECOSYS M5526cdw Configuration Parameter

CVE-2019-13205

cross site request forgery

Kyocera ECOSYS M5526cdw

CVE-2019-13199

memory corruption

Kyocera ECOSYS M5526cdw IPP Service

CVE-2019-13204

memory corruption

Kyocera ECOSYS M5526cdw LPD Service

CVE-2019-13201

Directory Traversal

Kyocera ECOSYS M5526cdw Web Application

CVE-2019-13195

memory corruption

Kyocera ECOSYS M5526cdw Web Application Integer Overflow

CVE-2019-13203

memory corruption

Kyocera ECOSYS M5526cdw Web Application

CVE-2019-13206

memory corruption

Kyocera ECOSYS M5526cdw Web Application

CVE-2019-13202

memory corruption

Kyocera ECOSYS M5526cdw Web Application

CVE-2019-13197

memory corruption

Kyocera ECOSYS M5526cdw Web Application

CVE-2019-13196

Cross Site Scripting

Kyocera ECOSYS M5526cdw Web Application Reflected

CVE-2019-13200

Cross Site Scripting

Kyocera ECOSYS M5526cdw Web Application Stored

CVE-2019-13198

Information Disclosure

Lenovo XClarity Administrator Driver Update Credentials

CVE-2019-19756

memory corruption

libarchive LHA Archive archive_read_support_format_lha.c

CVE-2019-20509

Privilege Escalation

McAfee Advanced Threat Defense Command Line Interface

CVE-2020-7254

Privilege Escalation

McAfee Agent Self-Protection masvc.exe

CVE-2020-7253

Remote Code Execution

Microsoft SMBv3

CVE-2020-0796

Information Disclosure

Moxa MGate MB3180 Configuration File Password

CVE-2019-9104

cross site request forgery

Moxa MGate MB3180

CVE-2019-9102

Denial of Service

Moxa MGate MB3180 Memory Exhaustion

CVE-2019-9097

Weak Authentication

Moxa MGate MB3180 Password Requirements

CVE-2019-9096

Weak Encryption

Moxa MGate MB3180

CVE-2019-9095

Weak Encryption

Moxa MGate MB3180 Web Server Cleartext

CVE-2019-9101

Denial of Service

Moxa MGate MB3180 Web Server Integer Overflow

CVE-2019-9098

memory corruption

Moxa MGate MB3180 Web Server

CVE-2019-9099

Information Disclosure

Moxa MGate MB3180 Web Service

CVE-2019-9103

Privilege Escalation

NetHack Configuration File

CVE-2020-5253

memory corruption

NetHack hilite_status Out-of-Bounds

CVE-2020-5254

Denial of Service

NVIDIA vGPU Graphics Driver

CVE-2020-5961

Denial of Service

NVIDIA Virtual GPU Manager Kernel Module NULL Pointer Dereference

CVE-2020-5960

Denial of Service

NVIDIA Virtual GPU Manager vGPU Plugin

CVE-2020-5959

Code Execution

NVIDIA Windows GPU Display Driver Control Panel

CVE-2020-5958

Information Disclosure

Open Ticket Request System Company Ticket

CVE-2019-13457

Privilege Escalation

OpenStack Manila

CVE-2020-9543

Command Injection

Palo Alto PAN-OS CLI

CVE-2020-1980

Format String

Palo Alto PAN-OS Log Daemon

CVE-2020-1979

Privilege Escalation

Palo Alto PAN-OS Temp File

CVE-2020-1981

Weak Authentication

Phoenix Contact TC ROUTER 3002T-4G Man-in-the-Middle

CVE-2020-9435

Privilege Escalation

Phoenix Contact TC ROUTER 3002T-4G OS  

CVE-2020-9436

cross site request forgery

phpBB Token

CVE-2019-16107

Information Disclosure

popup-builder Plugin Actions.php

CVE-2020-10195

Cross Site Scripting

popup-builder Plugin Ajax.php

CVE-2020-10196

memory corruption

QEMU bochs-display.c

CVE-2019-15034

Cross Site Scripting

RegistrationMagic Plugin

CVE-2020-8436

SQL Injection

RegistrationMagic Plugin sql injection

CVE-2020-8435

Information Disclosure

Ricoh SP C250DN Account Lockout

CVE-2019-14299

Weak Authentication

Ricoh SP C250DN FTP Service Default Credentials

CVE-2019-14309

memory corruption

Ricoh SP C250DN IPP Service

CVE-2019-14310

Denial of Service

Ricoh SP C250DN LPD Service

CVE-2019-14303

SQL Injection

rubygem Dashboard sql injection

CVE-2020-5257

Directory Traversal

Safescan Timemoto/TA-8000 Administrative API

CVE-2019-12182

Privilege Escalation

SAP Business Intelligence Platform Code Injection

CVE-2020-6208

Denial of Service

SAP BusinessObjects Mobile

CVE-2020-6196

Cross Site Scripting

SAP Cloud Platform Error Message Reflected

CVE-2020-6206

Cross Site Scripting

SAP Commerce AngularJS Template

CVE-2020-6200

Cross Site Scripting

SAP Commerce Reflected

CVE-2020-6201

Privilege Escalation

SAP Disclosure Management

CVE-2020-6209

Information Disclosure

SAP Enable Now Session ID Cookie

CVE-2020-6178

Information Disclosure

SAP Enable Now Session Token

CVE-2020-6197

Privilege Escalation

SAP ERP/EAPPGLO/S-4HANA/S4CORE View

CVE-2020-6199

Cross Site Scripting

SAP Fiori Launchpad Reflected

CVE-2020-6210

Unknown Vulnerability

SAP NetWeaver Application Server LDAP

CVE-2020-6202

Cross Site Scripting

SAP NetWeaver AS ABAP Reflected

CVE-2020-6205

Directory Traversal

SAP NetWeaver UDDI Server File API

CVE-2020-6203

Weak Encryption

SAP Solution Manager Diagnostics Agent

CVE-2020-6198

Privilege Escalation

SAP Solution Manager

CVE-2020-6207

Privilege Escalation

SAP Treasury and Risk Management

CVE-2020-6204

Denial of Service

Siemens OpenPCS 7/SIMATIC

CVE-2019-19282

Cross Site Scripting

Siemens SCALANCE S602 Configuration Web Server

CVE-2019-6585

Denial of Service

Siemens SIMATIC S7-1500

CVE-2019-19281

Denial of Service

Siemens SIMATIC S7-300 CPU/SINUMERIK 840D sl

CVE-2019-18336

Denial of Service

Siemens SiNVR 3 Central Control Server

CVE-2019-19298

Directory Traversal

Siemens SiNVR 3 Central Control Server

CVE-2019-19297

Directory Traversal

Siemens SiNVR 3 Central Control Server FTP Service

CVE-2019-19296

Weak Encryption

Siemens SiNVR 3 Central Control Server FTP Service Password

CVE-2019-19291

Privilege Escalation

Siemens SiNVR 3 Central Control Server Log

CVE-2019-19295

SQL Injection

Siemens SiNVR 3 Central Control Server sql injection

CVE-2019-19292

Weak Encryption

Siemens SiNVR 3 Central Control Server

CVE-2019-19299

Cross Site Scripting

Siemens SiNVR 3 Central Control Server Web Application Stored

CVE-2019-19294

Directory Traversal

Siemens SiNVR 3 Central Control Server Web Interface

CVE-2019-19290

Cross Site Scripting

Siemens SiNVR 3 Central Control Server Web Interface Reflected

CVE-2019-19293

Privilege Escalation

Siemens SIPORT MP Backdoor

CVE-2019-19277

Denial of Service

Siemens SIPROTEC 4/SIPROTEC Compact EN100 Ethernet Communication Module

CVE-2019-19279

Cross Site Scripting

Siemens Spectrum Power

CVE-2020-7579

Privilege Escalation

SK Hynix/Micron/Samsung DDR4/LPDDR4 Rowhammer Target Row Refresh/TRRespass

CVE-2020-10255

Denial of Service

StorageGRID Webscale

CVE-2020-8571

Privilege Escalation

Sumavision Enhanced Multimedia Router formEMR30

CVE-2020-10181

Weak Encryption

WAGO e!Cockpit Cleartext

CVE-2019-5107

Privilege Escalation

WAGO e!Cockpit Custom Firmware Downgrade

CVE-2019-5158

Weak Encryption

WAGO e!Cockpit Default Key

CVE-2019-5106

Code Execution

WAGO e!Cockpit Firmware Update

CVE-2019-5159

Information Disclosure

WAGO PFC100/PFC200 WBM Web Application crypt()‎

CVE-2019-5135

Denial of Service

WAGO PFC100/PFC200 WBM Web Application Flooding

CVE-2019-5149

Information Disclosure

WAGO PFC100/PFC200 Web-Based Management Authentication Regex

CVE-2019-5134

Code Execution

WAGO PFC200 Cloud Connectivity

CVE-2019-5161

Privilege Escalation

WAGO PFC200 Cloud Connectivity OS  

CVE-2019-5157

Privilege Escalation

WAGO PFC200 Cloud Connectivity OS  

CVE-2019-5156

Privilege Escalation

WAGO PFC200 Cloud Connectivity

CVE-2019-5160

Command Injection

WAGO PFC200

CVE-2019-5155

Command Injection

WAGO PFC200 iocheckd Service sprintf()‎

CVE-2019-5171

Command Injection

WAGO PFC200 iocheckd Service sprintf()‎

CVE-2019-5170

Command Injection

WAGO PFC200 iocheckd Service sprintf()‎

CVE-2019-5169

Command Injection

WAGO PFC200 iocheckd Service sprintf()‎

CVE-2019-5175

Command Injection

WAGO PFC200 iocheckd Service sprintf()‎

CVE-2019-5174

Command Injection

WAGO PFC200 iocheckd Service sprintf()‎

CVE-2019-5173

Command Injection

WAGO PFC200 iocheckd Service sprintf()‎

CVE-2019-5172

Command Injection

WAGO PFC200 iocheckd Service sprintf()‎

CVE-2019-5168

Command Injection

WAGO PFC200 iocheckd Service sprintf()‎

CVE-2019-5167

memory corruption

WAGO PFC200 iocheckd Service sprintf()‎

CVE-2019-5181

memory corruption

WAGO PFC200 iocheckd Service sprintf()‎

CVE-2019-5180

memory corruption

WAGO PFC200 iocheckd Service sprintf()‎

CVE-2019-5178

memory corruption

WAGO PFC200 iocheckd Service sprintf()‎

CVE-2019-5177

memory corruption

WAGO PFC200 iocheckd Service sprintf()‎

CVE-2019-5176

memory corruption

WAGO PFC200 iocheckd Service sprintf()‎

CVE-2019-5182

memory corruption

WAGO PFC200 iocheckd Service Stack-based

CVE-2019-5179

memory corruption

WAGO PFC200 iocheckd Service Stack-based

CVE-2019-5166

Privilege Escalation

wagtail-2fa

CVE-2020-5240

Information Disclosure

Watchguard Fireware AD Helper list

CVE-2020-10532

code injection

WP popup-builder Javascript code injection

CVE-2020-10196

Information Disclosure

WP popup-builder

CVE-2020-10195

Cross Site Scripting

WSC Plugin

CVE-2020-9440

Information Disclosure

Xerox Phaser 3320 Account Lockout

CVE-2019-13166

cross site request forgery

Xerox Phaser 3320

CVE-2019-13170

memory corruption

Xerox Phaser 3320 Google Cloud Print memcpy()‎

CVE-2019-13171

memory corruption

Xerox Phaser 3320 HTTP Header

CVE-2019-13169

memory corruption

Xerox Phaser 3320 IPP Service

CVE-2019-13168

memory corruption

Xerox Phaser 3320 IPP Service

CVE-2019-13165

memory corruption

Xerox Phaser 3320 Web Application

CVE-2019-13172

Cross Site Scripting

Xerox Phaser 3320 Web Application Stored

CVE-2019-13167

Information Disclosure

Zoho ManageEngine Applications Manager WieldFeedServlet

CVE-2019-19799

XML External Entity

Zoho ManageEngine Desktop Central XML Data

CVE-2020-8540

Remote Code Execution

Zoho ManageEngine ManageEngine OpManager API

CVE-2020-10541