[월:] 2020년 09월

No Image

USN-4551-1: Squid vulnerabilities

2020-09-29 KENNETH 0

USN-4551-1: Squid vulnerabilities Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. (CVE-2020-15049) Amit Klein discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. (CVE-2020-15810) Régis Leroy discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request splitting attack, resulting in cache poisoning. (CVE-2020-15811) Lubos Uhliarik discovered that Squid incorrectly handled certain Cache Digest response messages sent by trusted peers. A remote attacker could possibly use this issue to cause Squid to consume resources, resulting in a denial of service. (CVE-2020-24606) Source: USN-4551-1: Squid vulnerabilities

No Image

USN-4550-1: DPDK vulnerabilities

2020-09-29 KENNETH 0

USN-4550-1: DPDK vulnerabilities Ryan Hall discovered that DPDK incorrectly handled vhost crypto. An attacker inside a guest could use these issues to perform multiple attacks, including denial of service attacks, obtaining sensitive information from the host, and possibly executing arbitrary code on the host. Source: USN-4550-1: DPDK vulnerabilities

No Image

USN-4547-1: iTALC vulnerabilities

2020-09-29 KENNETH 0

USN-4547-1: iTALC vulnerabilities It was discovered that an information disclosure vulnerability existed in the LibVNCServer vendored in iTALC when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-15681) It was discovered that the LibVNCServer and LibVNCClient vendored in iTALC incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. (CVE-2018-15127 CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681) Source: USN-4547-1: iTALC vulnerabilities

[도서] 인사이트 플랫폼

2020-09-29 KENNETH 0

[도서] 인사이트 플랫폼 분야별 신상품 – 국내도서 – 컴퓨터와 인터넷 [도서]인사이트 플랫폼 이재영,문영상 등저/김길래 감수 | 와이즈베리 | 2020년 10월 판매가 15,300원 (10%할인) | YES포인트 850원(5%지급) 4차 산업혁명을 이끄는 두 개의 축인 ‘빅데이터와 인공지능’의 모든 것을 설명한 책, 『인사이트 플랫폼』이 출간되었다. 정치와 빅데이터를 융합하는 데 매진 중인 이재영 전 국회의원과 숭실대 정보과학대학원에 Source: [도서] 인사이트 플랫폼

No Image

USN-4549-1: ImageMagick vulnerabilities

2020-09-29 KENNETH 0

USN-4549-1: ImageMagick vulnerabilities It was discovered that ImageMagick incorrectly handled certain specially crafted image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or other unspecified impact. (CVE-2019-19948, CVE-2019-19949) Source: USN-4549-1: ImageMagick vulnerabilities