No Image

USN-6277-1: Dompdf vulnerabilities

2023-08-08 KENNETH 0

USN-6277-1: Dompdf vulnerabilities It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2014-5011, CVE-2014-5012, CVE-2014-5013) It was discovered that Dompdf was not properly validating processed HTML content that referenced PHAR files, which could result in the deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-3838) It was discovered that Dompdf was not properly validating processed HTML content that referenced both a remote base and a local file, which could result in the bypass of a chroot check. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-2400) Source: USN-6277-1: Dompdf vulnerabilities

No Image

USN-6267-2: Firefox regressions

2023-08-08 KENNETH 0

USN-6267-2: Firefox regressions USN-6267-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-4047, CVE-2023-4048, CVE-2023-4049, CVE-2023-4051, CVE-2023-4053, CVE-2023-4055, CVE-2023-4056, CVE-2023-4057, CVE-2023-4058) Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy. (CVE-2023-4045) Alexander Guryanov discovered that Firefox did not properly update the value of a global variable in WASM JIT analysis in some circumstances. An attacker could potentially exploit this issue to cause a [ more… ]

[도서] 오토캐드 기계설계제도 테크니컬 가이드북

2023-08-08 KENNETH 0

[도서] 오토캐드 기계설계제도 테크니컬 가이드북 분야별 신상품 – 국내도서 – 컴퓨터와 인터넷 [도서]오토캐드 기계설계제도 테크니컬 가이드북 메카피아교육사업부 저 | 메카피아 | 2023년 09월 판매가 25,200원 (10%할인) | YES포인트 1,400원(5%지급) 본 서는 기계제조 엔지니어링 분야의 CAD 입문자를 위한 도면작성 위주의 내용으로 구성을 하였으며 실무에서도 사용 가능하도록 주요 핵심 명령어들에 대한 상세한 해설과 실습 위주로 기술하고 있을뿐만 아니라 기 Source: [도서] 오토캐드 기계설계제도 테크니컬 가이드북

[도서] 인공지능 수업 혁명

2023-08-08 KENNETH 0

[도서] 인공지능 수업 혁명 분야별 신상품 – 국내도서 – 컴퓨터와 인터넷 [도서]인공지능 수업 혁명 신정 저 | 포르체 | 2023년 08월 판매가 15,300원 (10%할인) | YES포인트 850원(5%지급) 생성형 AI를 활용하여 기르는 자기주도적 문제 해결 능력! “AI 프로젝트 수업”이 시작된다! 부산교육청지정 SW·AI 교육연구회장이자 현직 초등 교사인 저자는 소프트웨어 교육이 다른 과목 수업과 동떨어지지 Source: [도서] 인공지능 수업 혁명

No Image

USN-6276-1: unixODBC vulnerability

2023-08-07 KENNETH 0

USN-6276-1: unixODBC vulnerability It was discovered that unixODBC incorrectly handled certain unicode to ansi copies. An attacker could possibly use this issue to cause a denial of service. Source: USN-6276-1: unixODBC vulnerability