ProHoster > Blog > internet nhau > Kusagadzikana kune njodzi muQEMU, Node.js, Grafana uye Android

Kusagadzikana kune njodzi muQEMU, Node.js, Grafana uye Android

Zvizhinji zvichangobva kuonekwa kusasimba:

  • Kunetseka (CVE-2020-13765) muQEMU, izvo zvinogona kuita kuti kodhi iitwe neQEMU process ropafadzo padivi remuenzi kana mufananidzo wekernel waiswa muenzi. Dambudziko rinokonzerwa nekufashukira kwebhafa muROM kopi kodhi panguva yesystem boot uye inoitika kana zviri mukati meiyo 32-bit kernel mufananidzo zvinoiswa mundangariro. Iyo gadziriso iripo chete mune fomu chigamba.
  • Huna hurema muNode.js. Vulnerabilities kubviswa mune zvinoburitswa 14.4.0, 10.21.0 uye 12.18.0.
    • CVE-2020-8172 - Inobvumira kuchengetedzwa kwechitupa chekugamuchira kuti chipfurwe kana uchishandisa zvakare chikamu cheTLS.
    • CVE-2020-8174 - Inogona kubvumira kodhi kuuraya pane sisitimu nekuda kwekuyerera kwebuffer mu napi_get_value_string_*() mabasa anoitika panguva dzedzimwe mafoni kuenda. N-API (C API yekunyora maadd-ons emunharaunda).
    • CVE-2020-10531 ihuwandu hwekufashukira muICU (International Components for Unicode) yeC/C++ inogona kutungamira kune buffer kufashama kana uchishandisa iyo UnicodeString::doAppend() basa.
    • CVE-2020-11080 - inobvumira kurambwa kwesevhisi (100% CPU mutoro) kuburikidza nekufambisa kwemafuremu makuru "SETTINGS" paunenge uchibatanidza kuburikidza neHTTP/2.
  • Kunetseka muGrafana interactive metrics visualization platform, inoshandiswa kugadzira magirafu ekutarisa anoenderana neakasiyana data masosi. Iko kukanganisa mukodhi yekushanda neavatars inokubvumira kuti utange kutumira chikumbiro cheHTTP kubva kuGrafana kune chero URL pasina kupfuura huchokwadi uye ona mhedzisiro yechikumbiro ichi. Iyi ficha inogona kushandiswa, semuenzaniso, kudzidza iyo yemukati network yemakambani anoshandisa Grafana. Dambudziko kubviswa munyaya
    Grafana 6.7.4 uye 7.0.2. Senzira yekuchengetedza, zvinokurudzirwa kurambidza kupinda kune iyo URL "/ avatar/*" pane server inomhanya Grafana.

  • rakabudiswa Chikumi seti yekuchengetedzwa kwekugadzirisa kwe Android, iyo inogadzirisa 34 kusasimba. Nyaya ina dzakapihwa nhanho yakaomesesa: kusasimba kuviri (CVE-2019-14073, CVE-2019-14080) mune zvevaridzi Qualcomm zvikamu) uye maviri kusasimba muhurongwa kunobvumira kuurayiwa kwekodhi kana uchigadzira yakanyatso gadzirwa data yekunze (CVE-2020). -0117 - nhamba yakazara kufashukira muBluetooth stack, CVE-2020-8597 - EAP kufashukira muppd).

Source: opennet.ru

Voeg