본문 바로가기

취약점 정보2

MS 9월 보안 위협에 따른 보안 업데이트 권고 □ 9월 보안업데이트 개요(총 12종)o 발표일 : 2017.09.13.(수)o 등급 : 긴급(Critical) 9종, 중요(Important) 3종o 업데이트 내용제품군중요도영향KB번호Windows 10, Server 2016, Edge긴급원격코드실행4038781 등 4개Windows 8.1, Server 2012 R2긴급원격코드실행4038792 등 2개Windows RT 8.1긴급원격코드실행4038792Windows Server 2012긴급원격코드실행4038786 등 2개Windows 7, Server 2008 R2긴급원격코드실행4038777 등 2개Windows Server 2008긴급원격코드실행4032201 등 7개Internet Explorer긴급원격코드실행4036586 등 8개Office긴급원.. 더보기
WiseGiga NAS 취약점 소식 WiseGiga NAS 취약점 소식 보안업데이트 권고를 드립니다.Vulnerabilities summaryThe following advisory describes five (5) vulnerabilities and default accounts / passwords found in WiseGiga NAS devices.WiseGiga is a Korean company selling NAS products.The vulnerabilities found in WiseGiga NAS are:Pre-Authentication Local File Inclusion (4 different vulnerabilities)Post-Authentication Local File InclusionRemote Comman.. 더보기
DLink 850L 취약점 정리 ## Vulnerabilities Summary The Dlink 850L is a router overall badly designed with a lot of vulnerabilities. Basically, everything was pwned, from the LAN to the WAN. Even thecustom MyDlink cloud protocol was abused. My research in analyzing the security of Dlink 850L routers startsfrom a recent security contest organized by a security company.The Dlink 850L has 2 versions of these routers with v.. 더보기
Cisco 제품군 취약점 보안 업데이트 권고 □ 개요 o Cisco社는 자사의 제품에 영향을 주는 취약점을 해결한 보안 업데이트를 발표 o 공격자는 해당 취약점을 악용하여 원격 코드 실행 및 서비스 거부 등의 피해를 발생시킬 수 있으므로, 최신 버전으로 업데이트 권고 □ 내용 o Apache Struts REST 플러그인에서 XML 페이로드를 처리할 때 발생하는 원격 코드 실행 취약점(CVE-2017-9805) [1] o Apache Struts REST 플러그인에서 입력 값 검증 미흡으로 발생하는 서비스 거부 취약점(CVE-2017-9793) [1] o Apache Struts URLValidator 기능 사용 시 URL 유효성 검증 미흡으로 발생하는 서비스 거부 취약점(CVE-2017-9804) [1] o Cisco IOS 및 Cisco IOS.. 더보기
Lg 모바일 9월 업데이트 내역 Security issues Summary CVE Items from Google patch (Android Bulletin August 2017) critical: CVE-2017-0714, CVE-2017-0715, CVE-2017-0716, CVE-2017-0718, CVE-2017-0719, CVE-2017-0720, CVE-2017-0721, CVE-2017-0722, CVE-2017-0723, CVE-2017-0745, CVE-2017-0407, CVE-2017-9417high: CVE-2017-0713, CVE-2017-0724, CVE-2017-0725, CVE-2017-0726, CVE-2017-0727, CVE-2017-0728, CVE-2017-0729, CVE-2017-0730, C.. 더보기
삼성 모바일 9월 업데이트 내역 Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This Security Update package includes patches from Google and Samsung. The following CVE items from September 2017 Android Security Bulletin are included in this Security Update package: CriticalCVE-2016-9794, CVE-2017-0756, CVE-2017-0757, CVE-2017-0758, CVE-.. 더보기
Apache Struts 2 취약점 (S2-053) SummaryA possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literalsWho should read thisAll Struts 2 developers and usersImpact of vulnerabilityA RCE attack is possible when developer is using wrong construction in Freemarker tagsMaximum security ratingModerateRecommendationUpgrade to Struts 2.5.12 or Struts 2.3.34Affected SoftwareStr.. 더보기
Chrome Releases 업데이트 안내 The Chrome team is delighted to announce the promotion of Chrome 61 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 61.0.3163.79 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 61.Security Fixes and.. 더보기
공유기 취약점 악용 악성코드 유포주의 공유기 취약점 악용 악성코드 유포주의 국내 백신 미진단.... 더보기
Apache Software Foundation Releases SummaryPossible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloadsWho should read thisAll Struts 2 developers and usersImpact of vulnerabilityA RCE attack is possible when using the Struts REST plugin with XStream handler to deserialise XML requestsMaximum security ratingCriticalRecommendationUpgrade to Struts 2.5.13 or Struts 2.3.34Affecte.. 더보기

티스토리툴바