Ọdịmma dị ize ndụ na QEMU, Node.js, Grafana na gam akporo
Ọtụtụ adịghị ike achọpụtara nso nso a:
Mgbanwe (CVE-2020-13765) na QEMU, nke nwere ike ime ka koodu mee ihe na ikike usoro QEMU n'akụkụ ndị ọbịa mgbe a na-etinye ihe oyiyi kernel omenala n'ime onye ọbịa ahụ. Ihe kpatara nsogbu a bụ njupụta nke nkpuchi na koodu nnomi ROM n'oge buut sistemụ na-eme mgbe etinyere ọdịnaya nke onyonyo kernel 32-bit na ebe nchekwa. Ndozi ahụ dị ugbu a naanị n'ụdị kwachie.
CVE-2020-8172 - Na-enye ohere ịgafe nkwenye asambodo onye ọbịa mgbe ị na-ejigharị nnọkọ TLS.
CVE-2020-8174 - Enwere ike na-enye ohere igbu koodu na sistemụ n'ihi oke njupụta na ọrụ napi_get_value_string_* () na-eme n'oge ụfọdụ oku na-aga. N-API (C API maka ide ihe mgbakwunye ala ala).
CVE-2020-10531 bụ integer njupụta na ICU (International Components for Unicode) maka C/C++ nke nwere ike iduga oke njupụta mgbe ị na-eji UnicodeString:: doAppend().
CVE-2020-11080 - na-enye ohere ịgọnarị ọrụ (ibu 100% CPU) site na nnyefe nke nnukwu "SETTINGS" mgbe ị na-ejikọta site na HTTP/2.
Mgbanwe na Grafana interactive metrics visualization platform, eji wuo eserese nlele anya dabere na isi mmalite data dị iche iche. Njehie dị na koodu maka ịrụ ọrụ na avatars na-enye gị ohere ibido izipu arịrịọ HTTP site na Grafana na URL ọ bụla na-agafeghị nyocha wee hụ nsonaazụ nke arịrịọ a. Enwere ike iji njirimara a, dịka ọmụmaatụ, mụọ netwọk nke ụlọ ọrụ na-eji Grafana. Nsogbu kpochapuru na nsogbu
Grafana 6.7.4 na 7.0.2. Dị ka nchekwa nchekwa, a na-atụ aro ka amachibido ịbanye URL "/ avatar/*" na ihe nkesa na-agba Grafana.
bipụtara Ntọala nchekwa June maka gam akporo, nke na-edozi adịghị ike 34. Enyerela okwu anọ dị oke egwu dị oke egwu: adịghị ike abụọ (CVE-2019-14073, CVE-2019-14080) na akụrụngwa Qualcomm nkeonwe) yana adịghị ike abụọ na sistemụ na-enye ohere igbu koodu mgbe ị na-ahazi data mpụga emebere nke ọma (CVE-2020). -0117 - ọnụọgụgụ jubigara ókè n'ime oghere Bluetooth, CVE-2020-8597 - EAP na-ejupụta na ppd).