메뉴열기
메뉴열기
취약점 소개
신고포상제
취약점 신고/조회
기업 및 기관
취약점 정보 공유
알림마당
로그인
Home > 취약점 정보 공유 > 보안공지
보안공지

목록

조회수 : 5,629


美 CISA 발표 주요 Exploit 정보공유(Update. 2025-10-06)2025-10-06
현재 자주 악용되고 있는 취약점 목록으로, 취약한 버전의 SW를 사용 중인 경우 긴급 패치를 권고 드립니다.
* 참조 링크 : https://www.cisa.gov/known-exploited-vulnerabilities-catalog

cveIDvendorProjectvulnerabilityNamedateAddedshortDescriptionrequiredActiondueDate
CVE-2025-61882OracleOracle E-Business Suite Unspecified Vulnerability2025-10-06Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks can result in takeover of Oracle Concurrent Processing.Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.2025-10-27
CVE-2010-3765MozillaMozilla Multiple Products Remote Code Execution Vulnerability2025-10-06Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption.Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.2025-10-27
CVE-2011-3402MicrosoftMicrosoft Windows Remote Code Execution Vulnerability2025-10-06Microsoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page.Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.2025-10-27
CVE-2013-3918MicrosoftMicrosoft Windows Out-of-Bounds Write Vulnerability2025-10-06Microsoft Windows contains a n out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.2025-10-27
CVE-2021-43226MicrosoftMicrosoft Windows Privilege Escalation Vulnerability2025-10-06Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms.Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.2025-10-27
CVE-2010-3962MicrosoftMicrosoft Internet Explorer Uninitialized Memory Corruption Vulnerability2025-10-06Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.2025-10-27
CVE-2021-22555LinuxLinux Kernel Heap Out-of-Bounds Write Vulnerability2025-10-06Linux Kernel contains a heap out-of-bounds write vulnerability that could allow an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space.Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.2025-10-27
출처 사이트 : https://www.cisa.gov/known-exploited-vulnerabilities-catalog