Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28476PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
CVE-2020-28473PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...
CVE-2021-25173PUBLISHED: 2021-01-18An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
CVE-2021-25174PUBLISHED: 2021-01-18An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).
CVE-2021-25175PUBLISHED: 2021-01-18An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). This is issue 1 of 3.
User Rank: Ninja
7/15/2019 | 3:58:36 PM
Out of the things mentioned in this article, they did not talk specifically about how it could affect IT Security/CyberSecurity. However, we could infuse the topics covered with CyberSecurity to Create Definitions -> Perform Data Extraction -> Data Classification -> Predict Historical Significance -> Pattern Recognition -> Regression Testing -> Predective Analytics; these areas of study can help to create an algorithm or policy to impede possible attacks. The items listed (applications to be used for ML) can be used to mitigate potential threats. The TIM (Threat Intelligence Machine) goes through a specific process that can be applied in numerous areas of IT, review the flow chart listed below:
Todd