현재 자주 악용되고 있는 취약점 목록으로, 취약한 버전의 SW를 사용 중인 경우 긴급 패치를 권고 드립니다. * 참조 링크 : https://www.cisa.gov/known-exploited-vulnerabilities-catalog| cveID | vendorProject | vulnerabilityName | dateAdded | shortDescription | requiredAction | dueDate |
|---|
| CVE-2025-4008 | Smartbedded | Smartbedded Meteobridge Command Injection Vulnerability | 2025-10-02 | Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges (root) on affected devices. | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | 2025-10-23 |
|---|
| CVE-2025-21043 | Samsung | Samsung Mobile Devices Out-of-Bounds Write Vulnerability | 2025-10-02 | Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code. | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | 2025-10-23 |
|---|
| CVE-2015-7755 | Juniper | Juniper ScreenOS Improper Authentication Vulnerability | 2025-10-02 | Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device. | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | 2025-10-23 |
|---|
| CVE-2017-1000353 | Jenkins | Jenkins Remote Code Execution Vulnerability | 2025-10-02 | Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing blocklist-based protection mechanism. | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | 2025-10-23 |
|---|
| CVE-2014-6278 | GNU | GNU Bash OS Command Injection Vulnerability | 2025-10-02 | GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment. | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | 2025-10-23 |
|---|
|
|
로그인
보안공지