| 번호 | 제목 | 등록일 | |
|---|---|---|---|
| 316 | MS 12월 보안 위협에 따른 정기 보안 업데이트 권고 | ||
| 2025-12-15 | |||
□ 12월 보안업데이트 개요 (총 11 종 ) o 등급 : 긴급 (Critical) 2 종 , 중요 (Important) 9 종 o 발표일 : 2025.12.9.(화) o 업데이트 내용 제품군 중요도 영향 Windows 11 25H2 중요 권한 상승 Windows 11 24H2 중요 권한 상승 Windows 11 23H2 중요 권한 상승 Windows Server 2025, Windows Server 2025(Server Core 설치) 중요 권한 상승 Windows Server 2022 23H2 버전(Server Core 설치), Windows Server 2022, Windows Server 2022(Server Core 설치) 중요 권한 상승 Windows Server 2019 중요 권한 상승 Windows Server 2016 중요 권한 상승 Microsoft Office 긴급 원격 코드 실행 Microsoft SharePoint 긴급 원격 코드 실행 Microsoft Exchange Server 중요 권한 상승 Microsoft Azure 중요 원격 코드 실행 [참고 사이트] [1] (한글) https://msrc.microsoft.com/update-guide/ko-kr/ [2] (영문) https://msrc.microsoft.com/update-guide/en-us/ [3] https://msrc.microsoft.com/update-guide/ko-kr/releaseNote/2025-Dec o 취약점 요약 정보 (총 248개) 제품 카테고리 CVE 번호 CVE 제목 Mariner CVE-2025-66476 Vim for Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability Mariner CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite Mariner CVE-2025-66200 Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo Mariner CVE-2025-65637 A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Mariner CVE-2025-65082 Apache HTTP Server: CGI environment variable override Windows DWM Core Library CVE-2025-64680 Windows DWM 핵심 라이브러리 권한 상승 취약성 Windows DWM Core Library CVE-2025-64679 Windows DWM 핵심 라이브러리 권한 상승 취약성 Windows Routing and Remote Access Service (RRAS) CVE-2025-64678 Windows RRAS(Routing and Remote Access Service) 원격 코드 실행 취약성 Storvsp.sys Driver CVE-2025-64673 Windows 저장소 VSP 드라이버 권한 상승 취약성 Microsoft Office SharePoint CVE-2025-64672 Microsoft SharePoint Server 스푸핑 취약성 Copilot CVE-2025-64671 GitHub Copilot for Jetbrains 원격 코드 실행 취약성 Microsoft Graphics Component CVE-2025-64670 Windows DirectX 정보 유출 취약성 Microsoft Exchange Server CVE-2025-64667 Microsoft Exchange Server 스푸핑 취약성 Microsoft Exchange Server CVE-2025-64666 Microsoft Exchange Server 권한 상승 취약성 Windows Shell CVE-2025-64661 Windows Shell 권한 상승 취약성 GitHub Copilot and Visual Studio Code CVE-2025-64660 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability Windows Shell CVE-2025-64658 Windows 파일 탐색기 권한 상승 취약성 Azure Application Gateway CVE-2025-64657 Azure 응용 프로그램 게이트웨이 권한 상승 취약성 Application Gateway CVE-2025-64656 Azure Application Gateway Elevation of Privilege Vulnerability Dynamics OmniChannel SDK Storage Containers CVE-2025-64655 Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability Mariner CVE-2025-64324 KubeVirt Vulnerable to Arbitrary Host File Read and Write Mariner CVE-2025-62689 NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition. Windows DirectX CVE-2025-62573 DirectX Graphics 커널 권한 상승 취약성 Application Information Services CVE-2025-62572 애플리케이션 정보 서비스 권한 상승 취약성 Windows Installer CVE-2025-62571 Windows Installer 권한 상승 취약성 Windows Camera Frame Server Monitor CVE-2025-62570 Windows 카메라 프레임 서버 모니터 정보 공개 취약성 Microsoft Brokering File System CVE-2025-62569 Microsoft Brokering File System 권한 상승 취약성 Windows Hyper-V CVE-2025-62567 Windows Hyper-V 서비스 거부 취약성 Windows Shell CVE-2025-62565 Windows 파일 탐색기 권한 상승 취약성 Microsoft Office Excel CVE-2025-62564 Microsoft Excel 원격 코드 실행 취약성 Microsoft Office Excel CVE-2025-62563 Microsoft Excel 원격 코드 실행 취약성 Microsoft Office Outlook CVE-2025-62562 Microsoft Outlook 원격 코드 실행 취약성 Microsoft Office Excel CVE-2025-62561 Microsoft Excel 원격 코드 실행 취약성 Microsoft Office Excel CVE-2025-62560 Microsoft Excel 원격 코드 실행 취약성 Microsoft Office Word CVE-2025-62559 Microsoft Word 원격 코드 실행 취약성 Microsoft Office Word CVE-2025-62558 Microsoft Word 원격 코드 실행 취약성 Microsoft Office CVE-2025-62557 Microsoft Office 원격 코드 실행 취약성 Microsoft Office Excel CVE-2025-62556 Microsoft Excel 원격 코드 실행 취약성 Microsoft Office Word CVE-2025-62555 Microsoft Word 원격 코드 실행 취약성 Microsoft Office CVE-2025-62554 Microsoft Office 원격 코드 실행 취약성 Microsoft Office Excel CVE-2025-62553 Microsoft Excel 원격 코드 실행 취약성 Microsoft Office Access CVE-2025-62552 Microsoft Access 원격 코드 실행 취약성 Azure Monitor Agent CVE-2025-62550 Azure Monitor 에이전트 원격 코드 실행 취약성 Windows Routing and Remote Access Service (RRAS) CVE-2025-62549 Windows RRAS(Routing and Remote Access Service) 원격 코드 실행 취약성 Windows Remote Access Connection Manager CVE-2025-62474 Windows 원격 액세스 연결 관리자 권한 상승 취약성 Windows Routing and Remote Access Service (RRAS) CVE-2025-62473 Windows RRAS(Routing and Remote Access Service) 정보 공개 취약성 Windows Remote Access Connection Manager CVE-2025-62472 Windows 원격 액세스 연결 관리자 권한 상승 취약성 Windows Common Log File System Driver CVE-2025-62470 Windows 공용 로그 파일 시스템 드라이버 권한 상승 취약성 Microsoft Brokering File System CVE-2025-62469 Microsoft Brokering File System 권한 상승 취약성 Windows Defender Firewall Service CVE-2025-62468 Windows Defender 방화벽 서비스 정보 공개 취약성 Windows Projected File System CVE-2025-62467 Windows 예상 파일 시스템 권한 상승 취약성 Windows Client-Side Caching (CSC) Service CVE-2025-62466 Windows 클라이언트 쪽 캐싱 권한 상승 취약성 Windows DirectX CVE-2025-62465 DirectX Graphics 커널 서비스 거부 취약성 Windows Projected File System CVE-2025-62464 Windows 예상 파일 시스템 권한 상승 취약성 Windows DirectX CVE-2025-62463 DirectX Graphics 커널 서비스 거부 취약성 Windows Projected File System CVE-2025-62462 Windows 예상 파일 시스템 권한 상승 취약성 Windows Projected File System Filter Driver CVE-2025-62461 Windows 예상 파일 시스템 권한 상승 취약성 Microsoft Defender Portal CVE-2025-62459 Microsoft Defender Portal Spoofing Vulnerability Windows Win32K - GRFX CVE-2025-62458 Win32k 권한 상승 취약성 Windows Cloud Files Mini Filter Driver CVE-2025-62457 Windows 클라우드 파일 미니 필터 드라이버 권한 상승 취약성 Windows Resilient File System (ReFS) CVE-2025-62456 Windows ReFS(복원 파일 시스템) 원격 코드 실행 취약성 Windows Message Queuing CVE-2025-62455 Microsoft MSMQ(메시지 큐) 권한 상승 취약성 Windows Cloud Files Mini Filter Driver CVE-2025-62454 Windows 클라우드 파일 미니 필터 드라이버 권한 상승 취약성 Microsoft Edge for iOS CVE-2025-62223 Mac용 Microsoft Edge(Chromium 기반) 스푸핑 취약성 Windows Cloud Files Mini Filter Driver CVE-2025-62221 Windows 클라우드 파일 미니 필터 드라이버 권한 상승 취약성 Windows Subsystem for Linux GUI CVE-2025-62220 Windows Subsystem for Linux GUI Remote Code Execution Vulnerability Windows License Manager CVE-2025-62209 Windows License Manager Information Disclosure Vulnerability Windows License Manager CVE-2025-62208 Windows License Manager Information Disclosure Vulnerability Azure Monitor CVE-2025-62207 Azure Monitor Elevation of Privilege Vulnerability Mariner CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509 Mariner CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509 Mariner CVE-2025-61664 Grub2: missing unregister call for normal_exit command may lead to use-after-free Mariner CVE-2025-61663 Grub2: missing unregister call for normal commands may lead to use-after-free Mariner CVE-2025-61662 Grub2: missing unregister call for gettext command may lead to use-after-free Mariner CVE-2025-61661 Grub2: grub2: out-of-bounds write via malicious usb device Mariner CVE-2025-60876 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20). Host Process for Windows Tasks CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability Mariner CVE-2025-59777 NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition. Mariner CVE-2025-59775 Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF Windows Storage VSP Driver CVE-2025-59517 Windows 저장소 VSP 드라이버 권한 상승 취약성 Windows Storage VSP Driver CVE-2025-59516 Windows 저장소 VSP 드라이버 권한 상승 취약성 Copilot CVE-2025-59286 Copilot 스푸핑 취약성 Copilot CVE-2025-59272 Copilot 스푸핑 취약성 Copilot CVE-2025-59252 M365 Copilot 스푸핑 취약성 Microsoft Office SharePoint CVE-2025-59245 Microsoft SharePoint Online 권한 상승 취약성 Windows Projected File System CVE-2025-55233 Windows 예상 파일 시스템 권한 상승 취약성 Mariner CVE-2025-54771 Grub2: use-after-free in grub_file_close() Mariner CVE-2025-54770 Grub2: use-after-free in net_set_vlan Windows Connected Devices Platform Service CVE-2025-54114 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Windows PowerShell CVE-2025-54100 PowerShell 원격 코드 실행 취약성 Windows Ancillary Function Driver for WinSock CVE-2025-54099 WinSock용 Windows 보조 기능 드라이버 권한 상승 취약성 Mariner CVE-2025-52881 runc: LSM labels can be bypassed with malicious config using dummy procfs files Mariner CVE-2025-52565 container escape due to /dev/console mount and related races Software for Open Networking in the Cloud (SONiC) CVE-2025-49752 Azure Bastion 권한 상승 취약성 Mariner CVE-2025-47913 Potential denial of service in golang.org/x/crypto/ssh/agent Mariner CVE-2025-40324 NFSD: Fix crash in nfsd4_read_release() Mariner CVE-2025-40323 fbcon: Set fb_display[i]->mode to NULL when the mode is released Mariner CVE-2025-40322 fbdev: bitblit: bound-check glyph index in bit_putcs* Mariner CVE-2025-40321 wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Mariner CVE-2025-40319 bpf: Sync pending IRQ work before freeing ring buffer Mariner CVE-2025-40317 regmap: slimbus: fix bus_context pointer in regmap init calls Mariner CVE-2025-40315 usb: gadget: f_fs: Fix epfile null pointer access after ep enable. Mariner CVE-2025-40314 usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget Mariner CVE-2025-40313 ntfs3: pretend $Extend records as regular files Mariner CVE-2025-40312 jfs: Verify inode mode when loading from disk Mariner CVE-2025-40311 accel/habanalabs: support mapping cb with vmalloc-backed coherent memory Mariner CVE-2025-40310 amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw Mariner CVE-2025-40309 Bluetooth: SCO: Fix UAF on sco_conn_free Mariner CVE-2025-40308 Bluetooth: bcsp: receive data only if registered Mariner CVE-2025-40307 exfat: validate cluster allocation bits of the allocation bitmap Mariner CVE-2025-40306 orangefs: fix xattr related buffer overflow... Mariner CVE-2025-40305 9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN Mariner CVE-2025-40304 fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Mariner CVE-2025-40303 btrfs: ensure no dirty metadata is written back for an fs with errors Mariner CVE-2025-40301 Bluetooth: hci_event: validate skb length for unknown CC opcode Mariner CVE-2025-40297 net: bridge: fix use-after-free due to MST port state bypass Mariner CVE-2025-40294 Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() Mariner CVE-2025-40293 iommufd: Don't overflow during division for dirty tracking Mariner CVE-2025-40292 virtio-net: fix received length check in big packets Mariner CVE-2025-40289 drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Mariner CVE-2025-40288 drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Mariner CVE-2025-40287 exfat: fix improper check of dentry.stream.valid_size Mariner CVE-2025-40286 smb/server: fix possible memory leak in smb2_read() Mariner CVE-2025-40285 smb/server: fix possible refcount leak in smb2_sess_setup() Mariner CVE-2025-40284 Bluetooth: MGMT: cancel mesh send timer when hdev removed Mariner CVE-2025-40283 Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF Mariner CVE-2025-40282 Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Mariner CVE-2025-40281 sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto Mariner CVE-2025-40280 tipc: Fix use-after-free in tipc_mon_reinit_self(). Mariner CVE-2025-40279 net: sched: act_connmark: initialize struct tc_ife to fix kernel leak Mariner CVE-2025-40278 net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Mariner CVE-2025-40277 drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Mariner CVE-2025-40275 ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Mariner CVE-2025-40273 NFSD: free copynotify stateid in nfs4_free_ol_stateid() Mariner CVE-2025-40272 mm/secretmem: fix use-after-free race in fault handler Mariner CVE-2025-40269 ALSA: usb-audio: Fix potential overflow of PCM transfer buffer Mariner CVE-2025-40268 cifs: client: fix memory leak in smb3_fs_context_parse_param Mariner CVE-2025-40266 KVM: arm64: Check the untrusted offset in FF-A memory share Mariner CVE-2025-40264 be2net: pass wrb_params in case of OS2BMC Mariner CVE-2025-40263 Input: cros_ec_keyb - fix an invalid memory access Mariner CVE-2025-40262 Input: imx_sc_key - fix memory corruption on unload Mariner CVE-2025-40261 nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Mariner CVE-2025-40259 scsi: sg: Do not sleep in atomic context Mariner CVE-2025-40258 mptcp: fix race condition in mptcp_schedule_work() Mariner CVE-2025-40257 mptcp: fix a race in mptcp_pm_del_add_timer() Mariner CVE-2025-40254 net: openvswitch: remove never-working support for setting nsh fields Mariner CVE-2025-40253 s390/ctcm: Fix double-kfree Mariner CVE-2025-40252 net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Mariner CVE-2025-40251 devlink: rate: Unset parent pointer in devl_rate_nodes_destroy Mariner CVE-2025-40250 net/mlx5: Clean up only new IRQ glue on request_irq() failure Mariner CVE-2025-40248 vsock: Ignore signal/timeout on connect() if already established Mariner CVE-2025-40247 drm/msm: Fix pgtable prealloc error path Mariner CVE-2025-40245 nios2: ensure that memblock.current_limit is set when setting pfn limits Mariner CVE-2025-40244 hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() Mariner CVE-2025-40243 hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Mariner CVE-2025-40242 gfs2: Fix unlikely race in gdlm_put_lock Mariner CVE-2025-40240 sctp: avoid NULL dereference when chunk data buffer is missing Mariner CVE-2025-40233 ocfs2: clear extent cache after moving/defragmenting extents Mariner CVE-2025-40223 most: usb: Fix use-after-free in hdm_disconnect Mariner CVE-2025-40220 fuse: fix livelock in synchronous file put from fuseblk workers Mariner CVE-2025-40219 PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV Mariner CVE-2025-40218 mm/damon/vaddr: do not repeat pte_offset_map_lock() until success Mariner CVE-2025-40217 pidfs: validate extensible ioctls Mariner CVE-2025-40215 xfrm: delete x->tunnel as we delete x Mariner CVE-2025-40211 ACPI: video: Fix use-after-free in acpi_video_switch_brightness() Mariner CVE-2025-40210 Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND" Mariner CVE-2025-40207 media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() Mariner CVE-2025-40206 netfilter: nft_objref: validate objref and objrefmap expressions Mariner CVE-2025-40205 btrfs: avoid potential out-of-bounds in btrfs_encode_fh() Mariner CVE-2025-40204 sctp: Fix MAC comparison to be constant-time Mariner CVE-2025-40202 ipmi: Rework user message limit handling Mariner CVE-2025-40201 kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths Mariner CVE-2025-40200 Squashfs: reject negative file sizes in squashfs_read_inode() Mariner CVE-2025-40198 ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Mariner CVE-2025-40197 media: mc: Clear minor number before put device Mariner CVE-2025-40195 mount: handle NULL values in mnt_ns_release() Mariner CVE-2025-40194 cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() Mariner CVE-2025-40193 xtensa: simdisk: add input size check in proc_write_simdisk Mariner CVE-2025-40192 Revert "ipmi: fix msg stack when IPMI is disconnected" Mariner CVE-2025-40190 ext4: guard against EA inode refcount underflow in xattr update Mariner CVE-2025-40188 pwm: berlin: Fix wrong register in suspend/resume Mariner CVE-2025-40187 net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() Mariner CVE-2025-40180 mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop Mariner CVE-2025-40179 ext4: verify orphan file size is not too big Mariner CVE-2025-40178 pid: Add a judgment for ns null in pid_nr_ns Mariner CVE-2025-40176 tls: wait for pending async decryptions if tls_strp_msg_hold fails Mariner CVE-2025-40173 net/ip6_tunnel: Prevent perpetual tunnel growth Mariner CVE-2025-40172 accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Mariner CVE-2025-40170 net: use dst_dev_rcu() in sk_setup_caps() Mariner CVE-2025-40168 smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). Mariner CVE-2025-40167 ext4: detect invalid INLINE_DATA + EXTENTS flag combination Mariner CVE-2025-40165 media: nxp: imx8-isi: m2m: Fix streaming cleanup on release Mariner CVE-2025-40164 usbnet: Fix using smp_processor_id() in preemptible code warnings Mariner CVE-2025-40158 ipv6: use RCU in ip6_output() Mariner CVE-2025-40149 tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). Mariner CVE-2025-40146 blk-mq: fix potential deadlock while nr_requests grown Mariner CVE-2025-40139 smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set(). Mariner CVE-2025-40136 crypto: hisilicon/qm - request reserved interrupt for virtual function Mariner CVE-2025-40135 ipv6: use RCU in ip6_xmit() Mariner CVE-2025-40111 drm/vmwgfx: Fix Use-after-free in validation Mariner CVE-2025-40110 drm/vmwgfx: Fix a null-ptr access in the cursor snooper Mariner CVE-2025-34297 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc Mariner CVE-2025-31133 runc container escape via "masked path" abuse due to mount race conditions Mariner CVE-2025-13837 Out-of-memory when loading Plist Mariner CVE-2025-13836 Excessive read buffering DoS in http.client Microsoft Edge (Chromium-based) CVE-2025-13721 Chromium: CVE-2025-13721 v8에서 경합 Microsoft Edge (Chromium-based) CVE-2025-13720 Chromium: CVE-2025-13720 로더에서 잘못된 캐스트 Microsoft Edge (Chromium-based) CVE-2025-13640 Chromium: CVE-2025-13640 암호에서 부적절한 구현 Microsoft Edge (Chromium-based) CVE-2025-13639 Chromium: CVE-2025-13639 WebRTC에서 부적절한 구현 Microsoft Edge (Chromium-based) CVE-2025-13638 Chromium: CVE-2025-13638 미디어 스트림에서 UaF(Use after free) Microsoft Edge (Chromium-based) CVE-2025-13637 Chromium: CVE-2025-13637 다운로드에서 부적절한 구현 Microsoft Edge (Chromium-based) CVE-2025-13636 Chromium: CVE-2025-13636 분할 보기에서 부적절한 구현 Microsoft Edge (Chromium-based) CVE-2025-13635 Chromium: CVE-2025-13635 다운로드에서 부적절한 구현 Microsoft Edge (Chromium-based) CVE-2025-13634 Chromium: CVE-2025-13634 다운로드에서 부적절한 구현 Microsoft Edge (Chromium-based) CVE-2025-13633 Chromium: CVE-2025-13633 디지털 자격 증명에서 UaF(Use after free) Microsoft Edge (Chromium-based) CVE-2025-13632 Chromium: CVE-2025-13632 DevTools에서 부적절한 구현 Microsoft Edge (Chromium-based) CVE-2025-13631 Chromium: CVE-2025-13631 Google Updater에서 부적절한 구현 Microsoft Edge (Chromium-based) CVE-2025-13630 Chromium: CVE-2025-13630 V8에서 유형 혼란 Mariner CVE-2025-13230 Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Mariner CVE-2025-13227 Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Mariner CVE-2025-13226 Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Microsoft Edge (Chromium-based) CVE-2025-13224 Chromium: CVE-2025-13224 Type Confusion in V8 Microsoft Edge (Chromium-based) CVE-2025-13223 Chromium: CVE-2025-13223 Type Confusion in V8 Mariner CVE-2025-13193 Libvirt: information disclosure via world-readable vm snapshots Mariner CVE-2025-13120 mruby array.c sort_cmp use after free Microsoft Edge (Chromium-based) CVE-2025-13042 Chromium: CVE-2025-13042 Inappropriate implementation in V8 Mariner CVE-2025-12889 TLS 1.2 Client Can Downgrade Digest Used Mariner CVE-2025-12888 Constant Time Issue with Xtensa-based ESP32 and X22519 Mariner CVE-2025-12875 mruby array.c ary_fill_exec out-of-bounds write Mariner CVE-2025-12819 Untrusted search path in auth_query connection in PgBouncer Mariner CVE-2025-12818 PostgreSQL libpq undersizes allocations, via integer wraparound Mariner CVE-2025-12817 PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege Mariner CVE-2025-12748 Libvirt: denial of service in xml parsing Mariner CVE-2025-12385 Improper validation of tag size in Text component parser Mariner CVE-2025-12084 Quadratic complexity in node ID cache clearing Mariner CVE-2025-11936 Potential DoS Vulnerability through Multiple KeyShareEntry with Same Group in TLS 1.3 ClientHello Mariner CVE-2025-11935 Forward Secrecy Violation in WolfSSL TLS 1.3 Mariner CVE-2025-11934 Improper Validation of Signature Algorithm Used in TLS 1.3 CertificateVerify Mariner CVE-2025-11933 DoS Vulnerability in wolfSSL TLS 1.3 CKS Extension Mariner CVE-2025-11932 Timing Side-Channel in PSK Binder Verification Mariner CVE-2025-11931 Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt Mariner CVE-2025-11230 Denial of service vulnerability in HAProxy mjson library Mariner CVE-2025-10158 Rsync: Out of bounds array access via negative index Mariner CVE-2024-47866 RGW DoS attack with empty HTTP header in S3 object copy Windows Cryptographic Services CVE-2024-30098 Windows Cryptographic Services 보안 기능 바이패스 취약성 Mariner CVE-2024-25621 containerd affected by a local privilege escalation via wide permissions on CRI directory Mariner CVE-2023-53749 x86: fix clear_user_rep_good() exception handling annotation □ 작성 : 위협분석단 취약점분석팀 |
|||
