#dos

Ubuntu Security Notice 6693-1 - It was discovered that .NET did not properly handle certain specially crafted requests. An attacker could potentially use this issue to cause a resource leak, leading to a denial of service.

Ubuntu Security Notice 6692-1 - It was discovered that Gson incorrectly handled deserialization of untrusted input data. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Microsoft patched 61 vulnerabilities in the March 2024 Patch Tuesday round, including two critical flaws in Hyper-V.

Microsoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues impacting Windows Hyper-V that could lead to denial-of-service (DoS) and remote code execution. Of the 61 vulnerabilities, two are rated Critical, 58 are rated Important, and one is rated Low in severity. None of the flaws are listed as

Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections without requiring proper authentication credentials. This issue affects Apache Pulsar versions from 2.6.0 to 2.10.5, from 2.11.0 to 2.11.2, from 3.0.0 to 3.0.1, and 3.1.0. The known risks include exposing sensitive information such as connected client IP and unauthorized logging level manipulation which could lead to a denial-of-service condition by significantly increasing the proxy's logging overhead. When deployed via the Apache Pulsar Helm chart within Kubernetes environments, the actual client IP might not be revealed through the load balancer's default behavior, which typically obscures the original source IP addresses when externalTrafficPolicy is being configured to "Cluster" by defau...

The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will retrieve the implementation from the URL provided by the user. However, this feature introduces a vulnerability that can be exploited by an attacker to gain unauthorized access to any file that the Pulsar Functions Worker process has permissions to read. This includes reading the process environment which potentially includes sensitive information, such as secrets. Furthermore, an attacker could leverage this vulnerability to use the Pulsar Functions Worker as a proxy to access the content of remote HTTP and HTTPS endpoint URLs. This could also be used to carry out denial of service attacks. This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled...

# Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0 . This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. A vulnerability exists in .NET where specially crafted requests may cause a resource leak, leading to a Denial of Service ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/299 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0 application running on .NET 7.0.16 or earlier. * Any .NET 8.0 application running on .NET 8.0.2 or earlier. ## <a name="affected-packages"></a>Affected Packages The vulnerability ...

March’s Patch Tuesday is relatively light, containing 60 vulnerabilities — only two labeled “critical.”

Ubuntu Security Notice 6689-1 - It was discovered that Rack incorrectly parse some headers. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice 6690-1 - Timothy Redaelli and Haresh Khandelwal discovered that Open vSwitch incorrectly handled certain crafted Geneve packets when hardware offloading via the netlink path is enabled. A remote attacker could possibly use this issue to cause Open vSwitch to crash, leading to a denial of service. It was discovered that Open vSwitch incorrectly handled certain ICMPv6 Neighbor Advertisement packets. A remote attacker could possibly use this issue to redirect traffic to arbitrary IP addresses.