본문 바로가기

보안정보/2020년 3월

2020년 3월 25일 보안정보 스크래핑

3월 25일 보안정보 스크래핑 

==================================================================== 

+ 주요 취약점 - 메일전송 프로토콜을 이용한 원격 명령어 실행 주의 권고 외 1건

 1. 메일전송 프로토콜을 이용한 원격 명령어 실행 주의 권고
최근 OpenSMTPD* 취약점이 발견되는 등 메일전송 프로토콜에서 원격 명령어 실행이 가능하여 주의를 권고함
공격자는 취약점을 악용하여 피해를 발생시킬 수 있으므로, 해결방안을 참고하여 조치 필요
https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35302

 2. Django 제품 SQL Injection 취약점 보안 업데이트 권고
최근 Django*에서 SQL Injection취약점(CVE-2020-9402)을 악용할 수 있는 개념증명코드(Proof of concept, PoC)가 인터넷상에 공개되어 사용자의 보안 업데이트 필요
https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35301

==================================================================== 

+ 취약점 - Apple Safari 취약점

 1. Apple Safari 취약점
Apple Safari security bypass
CVE-2020-3885
https://exchange.xforce.ibmcloud.com/vulnerabilities/178339

Apple Safari security bypass
CVE-2020-3887
https://exchange.xforce.ibmcloud.com/vulnerabilities/178338

Apple Safari information disclosure
CVE-2020-3894
https://exchange.xforce.ibmcloud.com/vulnerabilities/178337

Apple Safari code execution
CVE-2020-3895
https://exchange.xforce.ibmcloud.com/vulnerabilities/178336

Apple Safari code execution
CVE-2020-3897
https://exchange.xforce.ibmcloud.com/vulnerabilities/178335

Apple Safari code execution
CVE-2020-3899
https://exchange.xforce.ibmcloud.com/vulnerabilities/178334

Apple Safari code execution
CVE-2020-3901
https://exchange.xforce.ibmcloud.com/vulnerabilities/178333

Apple Safari cross-site scripting
CVE-2020-3902
https://exchange.xforce.ibmcloud.com/vulnerabilities/178332

Apple Safari code execution
CVE-2020-9783
https://exchange.xforce.ibmcloud.com/vulnerabilities/178331

Apple Safari security bypass
CVE-2020-9784
https://exchange.xforce.ibmcloud.com/vulnerabilities/178330

Apple Safari code execution
CVE-2020-3900
https://exchange.xforce.ibmcloud.com/vulnerabilities/178329


==================================================================== 

+ 보안이슈 - 특이사항 없음

====================================================================