all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

USN-6731-1: YARD vulnerabilities

Add to bookmarks
April 15, 2024, 10:27 a.m. |

Ubuntu security notices ubuntu.com

It was discovered that YARD before 0.9.11 does not block relative paths
with an initial ../ sequence, which allows attackers to conduct
directory traversal attacks and read arbitrary files. This issue only
affected Ubuntu 16.04 LTS. (CVE-2017-17042)

It was discovered that yard before 0.9.20 is affected by a path
traversal vulnerability, allowing HTTP requests to access arbitrary
files under certain conditions. This issue only affected Ubuntu 18.04
LTS. (CVE-2019-1020001)

Aviv Keller discovered that the "frames.html" file within the Yard
Doc's …

access arbitrary files attackers attacks block cve directory directory traversal files http http requests issue lts path path traversal path traversal vulnerability relative requests ubuntu ubuntu 16.04 usn vulnerabilities vulnerability

Visit resource

More from ubuntu.com / Ubuntu security notices

USN-6760-1: Gerbv vulnerability 2 hours ago | ubuntu.com
application attacker crash data +10
LSN-0103-1: Kernel Live Patch Security Notice 14 hours ago | ubuntu.com
attacker con cve data +21
USN-6758-1: JSON5 vulnerability 14 hours ago | ubuntu.com
access application attacker denial of service +12
USN-6761-1: Anope vulnerability 17 hours ago | ubuntu.com
accounts attacker changing credentials +7
USN-6759-1: FreeRDP vulnerabilities 1 day, 8 hours ago | ubuntu.com
attacker crash denial of service issue +7
USN-6757-1: PHP vulnerabilities 1 day, 11 hours ago | ubuntu.com
arbitrary code attacker code cookie +15
USN-6744-3: Pillow vulnerability 1 day, 12 hours ago | ubuntu.com
advisory automated buffer buffer overflow +12
USN-6734-2: libvirt vulnerabilities 1 day, 13 hours ago | ubuntu.com
advisory api attacker crash +13
USN-6733-2: GnuTLS vulnerabilities 1 day, 13 hours ago | ubuntu.com
advisory attacker channel cve +18

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Senior Security Architect - Northwest region (Remote)

@ GuidePoint Security LLC | Remote
View on infosec-jobs.com

Senior Consultant, Cyber Security Architecture

@ 6point6 | Manchester, United Kingdom
View on infosec-jobs.com

Junior Security Architect

@ IQ-EQ | Port Louis, Mauritius
View on infosec-jobs.com

Senior Detection & Response Engineer

@ Expel | Remote
View on infosec-jobs.com

Cyber Security Systems Engineer ISSE Splunk

@ SAP | Southbank (Melbourne), VIC, AU, 3006
View on infosec-jobs.com
View more jobs