- 8/5至8/11 Known Exploited Vulnerabilities Catalog(KEV)週報

內容說明:

CISA於8/5至8/11在Known Exploited Vulnerabilities Catalog(KEV)中發布3個已遭駭客利用之漏洞。


影響平台:

受影響廠商與產品名稱如下:
Microsoft|Microsoft COM for Windows
Apache|OFBiz
Android|Kernel

處置建議:

修補說明請參考以下官方連結:
Microsoft|Microsoft COM for Windows
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2018-0824
Apache|OFBiz
此漏洞影響產品為開源套件,實際修補方式請參考各家廠商的說明,需要更多資訊可參考以下網址:
https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd
Android|Kernel
此漏洞影響產品為開源套件,實際修補方式請參考各家廠商的說明,需要更多資訊可參考以下網址:
https://source.android.com/docs/security/bulletin/2024-08-01
https://lore.kernel.org/linux-cve-announce/20240610090330.1347021-2-lee@kernel.org/T/#u

CVE編號:

CVE-2018-0824
CVE-2024-32113
CVE-2024-36971

參考資料:

https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://nvd.nist.gov/vuln/detail/CVE-2018-0824
https://nvd.nist.gov/vuln/detail/CVE-2024-32113
https://nvd.nist.gov/vuln/detail/CVE-2024-36971
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2018-0824
https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd
https://source.android.com/docs/security/bulletin/2024-08-01
https://lore.kernel.org/linux-cve-announce/20240610090330.1347021-2-lee@kernel.org/T/#u

新聞來源:https://www.nics.nat.gov.tw/core_business/information_security_information_sharing/Vulnerability_Alerts/1569/
發布日期:14/08/2024