본문 바로가기

취약점 정보1

2014-04-13 취약점 정리 JBIG-KIT LibJbig Image File Handling CVE-2013-6369 Remote Buffer Overflow Vulnerability 2014-04-13 http://www.securityfocus.com/bid/66697 Fortinet FortiADC 'locale' Parameter Cross Site Scripting Vulnerability 2014-04-13 http://www.securityfocus.com/bid/66642 OpenSSL TLS 'heartbeat' Extension Multiple Information Disclosure Vulnerabilities 2014-04-13 http://www.securityfocus.com/bid/66690 OpenSS.. 더보기
PivotX 2.3.8 contains multiple vulnerabilities OverviewPivotX 2.3.8, and possibly earlier versions, contains cross-site scripting (CWE-79) and unsafe file upload (CWE-434) vulnerabilities.DescriptionPivotX 2.3.8, and possibly earlier versions, contains cross-site scripting (CWE-79) and unsafe file upload (CWE-434) vulnerabilities.CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CVE-2014-0341 Pivo.. 더보기
Amtelco miSecureMessages app lacks authentication OverviewAmtelco miSecureMessages lacks authentication for access to user messages. (CWE-287)DescriptionAmtelco miSecureMessages lacks authentication for access to user messages. The miSecureMessages app has been reported to lack authentication and session management. An attacker only needs to provide a contactID and valid license key in their xml request to the server to access any user's messag.. 더보기
ZyXEL Wireless N300 NetUSB Router NBG-419N devices contain multiple vulnerabilities OverviewZyXEL Wireless N300 NetUSB Router NBG-419N running firmware version 1.00(BFQ.6)C0, and possibly earlier versions, is susceptible to multiple vulnerabilities. Other device models that use similar firmware may also be vulnerable.DescriptionZyXEL Wireless N300 NetUSB Router NBG-419N running firmware version 1.00(BFQ.6)C0, and possibly earlier versions, has been reported to contain multiple .. 더보기
Fortinet FortiADC contains a cross-site scripting vulnerability OverviewFortinet FortiADC 3.2, and possibly earlier versions, contains a cross-site scripting vulnerability. (CWE-79)DescriptionCWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Fortinet FortiADC 3.2, and possibly earlier versions, contains a cross-site scripting vulnerability. The "locale" parameter in the "/FortiADC/gui_partA/?locale=en" page is vulner.. 더보기
Interested in a Heartbleed Challenge? CloudFlare lunched a challenge yesterday: Can You Get Private SSL Keys Using Heartbleed?[1] The site created by CloudFlare engineers is located here and is intentionally vulnerable to heartbleed. If you manage to steal the private key from the site, they will post the full details on that site. So far two individuals have succeeded: Fedor Indutny (@indutny) and Ilkka Mattila of NCSC-F.[2]If you .. 더보기
Jetpack 2.9.3: Critical Security Update Jetpack version 2.9.3 contains a critical security update, and you should update your site and any you help manage as soon as possible. You can update through your dashboard, or download Jetpack manually here.During an internal security audit, we found a bug that allows an attacker to bypass a site’s access controls and publish posts. This vulnerability could be combined with other attacks to es.. 더보기
VMware Security Advisories VMware vSphere Client updates address security vulnerabilitiesVMware Security AdvisoryAdvisory ID:VMSA-2014-0003Synopsis:VMware vSphere Client updates address security vulnerabilitiesIssue date:2014-04-10Updated on:2014-04-10 (initial advisory)CVE numbers:CVE-2014-1209, CVE-2014-12101. SummaryVMware vSphere Client updates address security vulnerabilities2. Relevant ReleasesvSphere Client 5.1 vSp.. 더보기
2014-04-11 취약점 정리 JBIG-KIT LibJbig Image File Handling CVE-2013-6369 Remote Buffer Overflow Vulnerability 2014-04-11 http://www.securityfocus.com/bid/66697 Fortinet FortiADC 'locale' Parameter Cross Site Scripting Vulnerability 2014-04-11 http://www.securityfocus.com/bid/66642 OpenSSL TLS 'heartbeat' Extension Multiple Information Disclosure Vulnerabilities 2014-04-11 http://www.securityfocus.com/bid/66690 OpenSS.. 더보기
Cisco ASA 소프트웨어 다중 취약점 보안 업데이트 권고 개요CISCO社는 ASA 소프트웨어에 영향을 주는 다중 취약점을 해결한 보안 업데이트를 발표[1]공격자는 취약점에 영향 받는 시스템에 권한상승 및 서비스 거부 등의 피해를 발생시킬 수 있으므로, 최신버전으로 업데이트 권고 설명Cisco ASA ASDM 권한상승 취약점 (CVE-2014-2126)Cisco ASA SSL VPN 권한상승 취약점 (CVE-2014-2127)Cisco ASA SSL VPN 인증 우회 취약점 (CVE-2014-2128)Cisco ASA SIP 서비스 거부 취약점 (CVE-2014-2129) 해당 시스템참고사이트의 “Software Versions and Fixes” 내용 참조 해결 방안취약점이 발생한 Cisco 소프트웨어가 설치된 Cisco장비의 운영자는, 해당되는 참고사이트에 .. 더보기

티스토리툴바