현재 자주 악용되고 있는 취약점 목록으로, 취약한 버전의 SW를 사용 중인 경우 긴급 패치를 권고 드립니다.
* 참조 링크 : https://www.cisa.gov/known-exploited-vulnerabilities-catalog
| cveID | vendorProject | vulnerabilityName | dateAdded | shortDescription | requiredAction | dueDate |
|---|
| CVE-2022-31463 | Owl Labs | Owl Labs Meeting Owl Improper Authentication Vulnerability | 2023-09-18 | Owl Labs Meeting Owl contains an improper authentication vulnerability that does not require a password for Bluetooth commands, as only client-side authentication is used. | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | 2023-10-09 |
|---|
| CVE-2022-31462 | Owl Labs | Owl Labs Meeting Owl Use of Hard-coded Credentials Vulnerability | 2023-09-18 | Owl Labs Meeting Owl contains a use of hard-coded credentials vulnerability that allows an attacker to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data. | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | 2023-10-09 |
|---|
| CVE-2022-31461 | Owl Labs | Owl Labs Meeting Owl Missing Authentication for Critical Function Vulnerability | 2023-09-18 | Owl Labs Meeting Owl contains a missing authentication for critical functions vulnerability that allows an attacker to deactivate the passcode protection mechanism via a certain c 11 message. | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | 2023-10-09 |
|---|
| CVE-2022-31459 | Owl Labs | Owl Labs Meeting Owl Inadequate Encryption Strength Vulnerability | 2023-09-18 | Owl Labs Meeting Owl contains an inadequate encryption strength vulnerability that allows an attacker to retrieve the passcode hash via a certain c 10 value over Bluetooth. | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | 2023-10-09 |
|---|
| CVE-2021-3129 | Laravel | Laravel Ignition File Upload Vulnerability | 2023-09-18 | Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_put_contents(). | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | 2023-10-09 |
|---|
| CVE-2017-6884 | Zyxel | Zyxel EMG2926 Routers Command Injection Vulnerability | 2023-09-18 | Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI. | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | 2023-10-09 |
|---|
| CVE-2014-8361 | Realtek | Realtek SDK Improper Input Validation Vulnerability | 2023-09-18 | Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request. | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | 2023-10-09 |
|---|
| CVE-2022-22265 | Samsung | Samsung Mobile Devices Use-After-Free Vulnerability | 2023-09-18 | Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution. | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | 2023-10-09
|
|---|
출처 사이트 : https://www.cisa.gov/known-exploited-vulnerabilities-catalog
