본문 바로가기

취약점 정보2

OpenSSL Security Advisory Encrypt-Then-Mac renegotiation crash (CVE-2017-3733) ==================================================== Severity: High During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers are affected. OpenSSL 1.1.0 users should upgrad.. 더보기
금주 취약점 정리 ID: CVE-2016-9244 Title: F5 BIG-IP SSL Information Disclosure Vulnerability Vendor: F5 Description: A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possibl.. 더보기
Apache Brooklyn 다중취약점 Apache Brooklyn는 애플리케이션의 모델링 및 모니터링, 관리를위한 소프트웨어입니다. Apache Brooklyn 다음의 여러 취약점이 존재합니다. 또한 이러한 취약점을 이용한 공격 코드가 확인되고 있습니다. 크로스 사이트 스크립팅 ( CWE-79 ) - CVE-2017-3165CVSS v3CVSS : 3.0 / AV : N / AC : L / PR : L / UI : R / S : C / C : L / I : L / A : NBase Score : 5.4CVSS v2AV : N / AC : M / Au : S / C : N / I : P / A : NBase Score : 3.5 사이트 간 요청 위조 ( CWE-352 ) - CVE-2016-8737CVSS v3CVSS : 3.0 / AV : .. 더보기
Adobe 제품군 보안 업데이트 권고 o Adobe社는 Adobe Flash Player, Digital Editions, Campaign에 영향을 주는 취약점을 해결한 보안 업데이트를 발표[1][2][3] o 낮은 버전 사용자는 악성코드 감염에 취약할 수 있으므로 해결방안에 따라 최신 버전으로 업데이트 권고 □ 설명 o Adobe Flash Player에서 발생하는 13개의 취약점을 해결하는 보안 업데이트를 발표[1] - 임의코드 실행으로 이어질 수 있는 타입 혼란 취약점 (CVE-2017-2995) - 임의코드 실행으로 이어질 수 있는 정수형 오버플로우 취약점 (CVE-2017-2987) - 임의코드 실행으로 이어질 수 있는 Use-Ater-Free 취약점(CVE-2017-2982, CVE-2017-2985, CVE-2017-2993, .. 더보기
Security update available for Adobe Campaign Release date: February 14, 2017Vulnerability identifier: APSB17-06Priority: 3CVE number: CVE-2017-2968, CVE-2017-2969Platform: Windows and LinuxSummaryAdobe has released a security update for Adobe Campaign v6.11 for Windows and Linux. This update resolves a moderate security bypass affecting the Adobe Campaign client console. An authenticated user with access to the client console could upload .. 더보기
Security update available for Adobe Digital Editions Release date: February 14, 2017Vulnerability identifier: APSB17-05Priority: 3CVE numbers: CVE-2017-2973, CVE-2017-2974, CVE-2017-2975, CVE-2017-2976, CVE-2017-2977, CVE-2017-2978, CVE-2017-2979, CVE-2017-2980, CVE-2017-2981 Platform: Windows, Macintosh and AndroidSummaryAdobe has released a security update for Adobe Digital Editions for Windows, Macintosh and Android. This update resolves a crit.. 더보기
어도비 플래쉬 플레이어 업데이트 안내 Release date: February 14, 2017Vulnerability identifier: APSB17-04Priority: See table belowCVE number: CVE-2017-2982,CVE-2017-2984, CVE-2017-2985, CVE-2017-2986, CVE-2017-2987, CVE-2017-2988,CVE-2017-2990, CVE-2017-2991, CVE-2017-2992, CVE-2017-2993, CVE-2017-2994, CVE-2017-2995, CVE-2017-2996Platform: Windows, Macintosh, Linux and Chrome OSSummaryAdobe has released security updates for Adobe Fl.. 더보기
GarageBand 10.1.6 update GarageBand 10.1.6Released February 13, 2017ProjectsAvailable for: OS X Yosemite v10.10 and laterImpact: Opening a maliciously crafted GarageBand project file may lead to arbitrary code executionDescription: A memory corruption issue was addressed through improved memory handling.CVE-2017-2374: Tyler Bohan of Cisco Talos 더보기
lg모바일 2월 정기 업데이트 내역 LG Mobile Security Maintenance Release Summary (SMR)The February Security Bulletin contains the 72 patches for the vulnerabilities from Google. The most severe of these vulnerabilities is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files. The security patch leve.. 더보기
삼성모바일 2월 업데이트 패치 내역 Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung. Google patches include patches up to Android Security Bulletin - February 2017 package. The Bulletin (February 2017) contains the following CVE items: CVE-2016-2108(C), CVE-2016-3915(H), CVE-2016-3916.. 더보기

티스토리툴바