취약점 정보1 썸네일형 리스트형 Something is amiss with the Interwebs! BGP is a flapping. [Update] See http://www.bgpmon.net/what-caused-todays-internet-hiccup/ for a good summary of what happened. Tuesday Morning, various networks experienced outages from 4-6am EDT (8-10am UTC) [1]. I appears the outage was the result of a somewhat anticipated problem with older routers and their inability to deal with the ever increasing size of the Internet's routing table.These BGP routers need t.. 더보기 2014-08-09 취약점 정리 OpenSSL 'ssl3_release_read_buffer()' Use-After-Free Memory Corruption Vulnerability 2014-08-09 http://www.securityfocus.com/bid/66801 OpenSSL DTLS CVE-2014-0221 Remote Denial of Service Vulnerability 2014-08-09 http://www.securityfocus.com/bid/67901 OpenSSL CVE-2014-0076 Information Disclosure Weakness 2014-08-09 http://www.securityfocus.com/bid/66363 OpenSSL 'so_ssl3_write()' Function NULL Poin.. 더보기 Cobham Sailor 6000 series satellite terminal contain hardcoded credentials Cobham Sailor 6000 series satellite terminals contain hardcoded credentials for communicating via the Tbus 2 protocol.DescriptionNote: this is a different vulnerability from VU#460687CWE-798: Use of Hard-coded Credentials IOActive reports that Cobham Sailor 6000 series satellite communication terminals contain hardcoded credentials to communicate via the Tbus 2 protocol. The Tbus 2 protocol is a.. 더보기 OpenSSL 취약점 보안업데이트 권고 OpenSSL에서 발생한 메모리 정보 노출 취약점, 서비스 거부 취약점, 버퍼 오버런 취약점 등 9개의 취약점을 보완한 보안업데이트를 발표함[1]설명OpenSSL 출력 함수에서 발생하는 메모리 정보 노출 취약점 (CVE-2014-3508)TLS-SRP 암호화 모듈 메모리 충돌 취약점 (CVE-2014-5139)SSL 서버 헬로우 메시지 Race condition 취약점 (CVE-2014-3509)DTLS 메시지에서 발생하는 Double Free 취약점 (CVE-2014-3505)DTLS 핸드쉐이크 메시지를 처리하는 중 발생하는 메모리 고갈 취약점 (CVE-2014-3506)DTLS 메시지를 처리하는 중 발생하는 서비스 거부 취약점 (CVE-2014-3507)DTLS Anonymous EC(DH) 암호화 .. 더보기 Cisco IOS 와 IOS XE Software EnergyWise 서비스 거부 공격 보안업데이트 권고 Cisco社는 Cisco IOS와 IOS XE Software의 EnergyWise모듈에서 발생하는 서비스 거부 취약점을 해결한 보안 업데이트를 발표[1]공격자가 특수하게 조작한 패킷을 EnergyWise 모듈이 탑재된 장비에 전송할 경우, 서비스 거부를 유발할 수 있음취약점에 영향을 받는 제품을 사용하고 있을 경우, 서비스 거부, 장비 재부팅 현상 등의 피해를 입을 수 있으므로, 최신버전으로 업데이트 권고해당 시스템영향을 받는 제품EnergyWise모듈을 사용하는 Cisco IOS 와 IOS XE 소프트웨어EnergyWise 기능은 Cisco IOS와 IOS XE 장비에서 기본적으로 비활성화 되어 있음Cisco IOS와 IOS XE 장비에서 EnergyWise모듈의 활성화 여부 확인명령어 : show .. 더보기 UEFI EDK2 Capsule Update vulnerabilities The EDK2 UEFI reference implementation contains multiple vulnerabilities in the Capsule Update mechanism.DescriptionThe open source EDK2 project provides a reference implementation of the Unified Extensible Firmware Interface (UEFI). Researchers at The MITRE Corporation have discovered multiple vulnerabilities in the EDK2 Capsule Update mechanism. Commercial UEFI implementations may incorporate .. 더보기 Internet Explorer begins blocking out-of-date ActiveX controls As part of our ongoing commitment to delivering a more secure browser, starting August 12th Internet Explorer will block out-of-date ActiveX controls. ActiveX controls are small apps that let Web sites provide content, like videos and games, and let you interact with content like toolbars. Unfortunately, because many ActiveX controls aren’t automatically updated, they can become outdated as new .. 더보기 WordPress and Drupal Denial Of Service Vulnerability Full Disclosure - See more at: http://www.breaksec.com/?p=6362#sthash.zVny3nnl.dpuf This post concerns the XML Denial of Service, which I detected in both WordPress and Drupal http://wordpress.org/news/2014/08/wordpress-3-9-2 . This phenomenon is predicated on a well-known cyber attack, known as the XML Quadratic Blowup Attack. This is starkly different from the customary XML bomb exploitation, in the sense that it distorts the Memory Limit and MySQL, and Apache Max Clients wor.. 더보기 (CVE-2014-3500/1/2) Cordova for Android Cross-Application Scripting and Data Exfiltration Vulnerabilities IBM X-Force Finds Apache Cordova Vulnerability That Might Expose Nearly 5.8% of Android AppsThe IBM Security X-Force Research team has uncovered a serious vulnerability that affects many Android applications built on the Apache Cordova (previously PhoneGap) platform. According to AppBrain, this affects 5.8 percent of Android apps. While 5.8 percent might sound like a low percentage, some widely-.. 더보기 Synolocker: Why OFFLINE Backups are important One current threat causing a lot of sleepless nights to victims is "Cryptolocker" like malware. Various variations of this type of malware are still haunting small businesses and home users by encrypting files and asking for ransom to obtain the decryption key. Your best defense against this type of malware is a good backup. Shadow volume copies may help, but aren't always available and complete.. 더보기 이전 1 ··· 33 34 35 36 37 38 39 ··· 62 다음