[월:] 2020년 10월

USN-4569-1: Yaws vulnerabilities It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity (XXE) injection attack. (CVE-2020-24379) It was discovered that Yaws mishandled certain input when running CGI scripts. A remote attacker could use this vulnerability to execute arbitrary commands. (CVE-2020-24916) Source: USN-4569-1: Yaws vulnerabilities

USN-4565-1: OpenConnect vulnerability It was discovered that OpenConnect has a buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. An attacker could use it to provoke a denial of service (crash). Source: USN-4565-1: OpenConnect vulnerability

USN-4568-1: Brotli vulnerability It was discovered that Brotli incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. Source: USN-4568-1: Brotli vulnerability