Ubuntu security notices
USN-4569-1: Yaws vulnerabilities It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity (XXE) injection attack. (CVE-2020-24379) It was discovered that Yaws mishandled certain input when running CGI scripts. A remote attacker could use this vulnerability to execute arbitrary commands. (CVE-2020-24916) Source: USN-4569-1: Yaws vulnerabilities
USN-4565-1: OpenConnect vulnerability It was discovered that OpenConnect has a buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. An attacker could use it to provoke a denial of service (crash). Source: USN-4565-1: OpenConnect vulnerability
USN-4568-1: Brotli vulnerability It was discovered that Brotli incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. Source: USN-4568-1: Brotli vulnerability
USN-4563-1: NTP vulnerability It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer dereference into NTP. An attacker could use this vulnerability to cause a denial of service (crash). Source: USN-4563-1: NTP vulnerability
USN-4562-1: kramdown vulnerability It was discovered that kramdown insecurely handled certain crafted input. An attacker could use this vulnerability to read restricted files or execute arbitrary code. Source: USN-4562-1: kramdown vulnerability
Copyright © 2024 | WordPress Theme by MH Themes
