Okuningana okuhlonziwe kamuva nje:
-
Ukuba sengozini (I-CVE-2020-13765 ) ku-QEMU, okungase kubangele ukuthi ikhodi isetshenziswe ngamalungelo enqubo ye-QEMU ohlangothini lomsingathi lapho isithombe se-kernel yangokwezifiso silayishwa kusivakashi. Inkinga ibangelwa ukuchichima kwebhafa kukhodi yekhophi ye-ROM ngesikhathi sokuqalisa kwesistimu futhi kwenzeka lapho okuqukethwe kwesithombe se-32-bit kernel kulayishwa kumemori. Ukulungisa okwamanje kutholakala kuphela ngefomuisichibi . -
Ubuthakathaka obune ku-Node.js. Ukuba sengozinikuqedwe ekukhishweni okungu-14.4.0, 10.21.0 kanye no-12.18.0.- I-CVE-2020-8172 - Ivumela ukuqinisekiswa kwesitifiketi sosokhaya ukuthi kudliwe lapho kusetshenziswa kabusha iseshini ye-TLS.
- I-CVE-2020-8174 - Ngokunokwenzeka ivumela ukusetshenziswa kwekhodi kusistimu ngenxa yokuchichima kwebhafa emisebenzini ye-napi_get_value_string_*() eyenzeka phakathi nezingcingo ezithile
I-N-API (I-C API yokubhala izengezo zomdabu). - I-CVE-2020-10531 iyinani elichichimayo ku-ICU (Izingxenye Zamazwe Ngamazwe Ze-Unicode) ye-C/C++ engaholela ekuchichimeni kwebhafa lapho usebenzisa umsebenzi we-UnicodeString::doAppend().
- I-CVE-2020-11080 - ivumela ukwenqatshwa kwesevisi (umthwalo we-CPU ongu-100%) ngokudluliswa kwamafreyimu amakhulu "ama-SETTINGS" lapho uxhuma nge-HTTP/2.
-
Ukuba sengozini kuplathifomu ye-Grafana interactive metrics visualization, esetshenziselwa ukwakha amagrafu okuqapha asuselwe emithonjeni ehlukahlukene yedatha. Iphutha kukhodi yokusebenza ngama-avatar likuvumela ukuthi uqalise ukuthumela isicelo se-HTTP ukusuka e-Grafana kunoma iyiphi i-URL ngaphandle kokudlulisa ubuqiniso futhi ubone umphumela walesi sicelo. Lesi sici singasetshenziswa, isibonelo, ukufunda inethiwekhi yangaphakathi yezinkampani ezisebenzisa i-Grafana. Inkingakuqedwe ezindabeni
Grafana 6.7.4 kanye 7.0.2. Njengendlela yokuphepha, kunconywa ukuthi ubeke umkhawulo wokufinyelela ku-URL β/i-avatar/*β kuseva esebenzisa i-Grafana. -
eshicilelwe Isethi kaJuni yokulungiswa kokuvikeleka kwe-Android, elungisa ubungozi obungu-34. Izinkinga ezine zinikezwe izinga lokuqina elibalulekile: ubungozi obubili (CVE-2019-14073, CVE-2019-14080) ezingxenyeni eziphathelene ne-Qualcomm) kanye nokuba sengozini okubili ohlelweni okuvumela ukusetshenziswa kwekhodi lapho kusetshenzwa idatha yangaphandle eklanywe ngokukhethekile (CVE-2020 -0117 - inombolo ephelelekuchichima kusitaki se-Bluetooth,I-CVE-2020-8597 - Ukuchichima kwe-EAP ku-pppd ).
Source: opennet.ru