Posted by Stefan Kanthak on Apr 24

Hi @ll,

this post is a continuation of
<https://seclists.org/fulldisclosure/2023/Oct/17> and
<https://seclists.org/fulldisclosure/2021/Oct/17>

With the release of .NET Framework 4.8 in April 2019, Microsoft updated
the following paragraph of the MSDN article “What’s new in .NET Framework”
<https://msdn.microsoft.com/en-us/library/ms171868.aspx>

| Starting with .NET Framework 4.5, the clrcompression.dll assembly…

Read More

Posted by Matteo Beccati on Apr 24

CVE-2023-26756 has been recently filed against the Revive Adserver project.

The action was taken without first contacting us, and it did not follow
the security process that is thoroughly documented on our website. The
project team has been given no notice before or after the disclosure.

Our team has been made aware of this report by a community member via a
GitHub issue. All of this resulted in an inability for us to produce an
appropriate…

Read More

It was discovered that FreeRDP incorrectly handled certain context resets.
If a user were tricked into connecting to a malicious server, a remote
attacker could use this issue to cause FreeRDP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2024-22211)

Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory
operations. If a user were tricked into connecting to a malicious server, a
remote attacker could use this issue to cause FreeRDP to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2024-32039, CVE-2024-32040)

Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory
operations. If a user were tricked into connecting to a malicious server, a
remote attacker could possibly use this issue to cause FreeRDP to crash,
resulting in a denial of service. (CVE-2024-32041, CVE-2024-32458,
CVE-2024-32460)

Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
FreeRDP clients and servers to crash, resulting in a denial of service.
(CVE-2024-32459)

Read More

FEDORA-2024-75863445ff

Packages in this update:

libcoap-4.3.4a-2.fc40

Update description:

Patch to fix CVE-2024-31031

Read More

FEDORA-2024-14db7b21a2

Packages in this update:

ruby-3.3.1-7.fc40

Update description:

Upgrade to Ruby 3.3.1.

Read More

FEDORA-2024-391ed3a61d

Packages in this update:

python-dns-2.4.2-2.fc39

Update description:

Fix for CVE-2023-29483 (rhbz#2274685)

Read More

FEDORA-2024-bbd76d7c63

Packages in this update:

python-dns-2.3.0-3.fc38

Update description:

Fix for CVE-2023-29483 (rhbz#2274685)

Read More

FEDORA-FLATPAK-2024-de95fc1445

Packages in this update:

thunderbird-flatpak-115.10.1-1

Update description:

Thunderbird 115.10.1 release.

Read More

FEDORA-2024-450b75e4a0

Packages in this update:

libcoap-4.3.4a-2.fc39

Update description:

Patch to fix CVE-2024-31031

Read More

It was discovered that Sanitize incorrectly handled noscript elements
under certain circumstances. An attacker could possibly use this issue to
execute a cross-site scripting (XSS) attack. This issue only affected
Ubuntu 22.04 LTS. (CVE-2023-23627)

It was discovered that Sanitize incorrectly handled style elements under
certain circumstances. An attacker could possibly use this issue to
execute a cross-site scripting (XSS) attack. (CVE-2023-36823)

Read More