Brennan Conroy discovered that the .NET Kestrel web server did not
properly handle closing HTTP/3 streams under certain circumstances. An
attacker could possibly use this issue to achieve remote code execution.
This vulnerability only impacted .NET8. (CVE-2024-38229)
It was discovered that .NET components designed to process malicious input
were susceptible to hash flooding attacks. An attacker could possibly use
this issue to cause a denial of service, resulting in a crash.
(CVE-2024-43483)
It was discovered that the .NET System.IO.Packaging namespace did not
properly process SortedList data structures. An attacker could possibly
use this issue to cause a denial of service, resulting in a crash.
(CVE-2024-43484)
It was discovered that .NET did not properly handle the deserialization of
of certain JSON properties. An attacker could possibly use this issue to
cause a denial of service, resulting in a crash. (CVE-2024-43485)
More Stories
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful...
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe...
Critical Patches Issued for Microsoft Products, October 8, 2024
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in...
python-virtualenv-20.21.1-25.el10_0~bootstrap
FEDORA-EPEL-2024-34cd7a65de Packages in this update: python-virtualenv-20.21.1-25.el10_0~bootstrap Update description: Prevent command injection by quoting template strings in activation scripts Read More
python-virtualenv-20.21.1-25.fc41
FEDORA-2024-89014f5794 Packages in this update: python-virtualenv-20.21.1-25.fc41 Update description: Prevent command injection by quoting template strings in activation scripts Read More
python-virtualenv-20.21.1-25.fc40
FEDORA-2024-112e897674 Packages in this update: python-virtualenv-20.21.1-25.fc40 Update description: Prevent command injection by quoting template strings in activation scripts Read More