[월:] 2020년 10월

USN-4564-1: Apache Tika vulnerabilities It was discovered that Apache Tika can have an excessive memory usage by using a crafted or corrupt PSD file. An attacker could use it to cause a denial of service (crash). (CVE-2020-1950, CVE-2020-1951) Source: USN-4564-1: Apache Tika vulnerabilities

USN-4566-1: Cyrus IMAP Server vulnerabilities It was dicovered that Cyrus IMAP Server could execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. (CVE-2019-11356) It was discovered that the Cyrus IMAP Server allow users to create any mailbox with administrative privileges. A local attacker could use this to obtain sensitive information. (CVE-2019-19783) Source: USN-4566-1: Cyrus IMAP Server vulnerabilities

USN-4570-1: urllib3 vulnerability It was discovered that urllib3 incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection. Source: USN-4570-1: urllib3 vulnerability

USN-4567-1: OpenDMARC vulnerability It was discovered that OpenDMARC is prone to a signature-bypass vulnerability with multiple “From:” addresses. An attacker could use it to bypass spam and abuse filters. Source: USN-4567-1: OpenDMARC vulnerability