Tag
#dos
Ubuntu Security Notice 7103-1 - It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled parsing certain PDF files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10.
Ubuntu Security Notice 7101-1 - It was discovered that Pydantic incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause a denial of service via a crafted email string.
Ubuntu Security Notice 7100-2 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Red Hat Security Advisory 2024-9502-03 - An update for expat is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-9481-03 - An update for python-django is now available for Red Hat OpenStack Platform 18.0.3 . Issues addressed include a traversal vulnerability.
Red Hat Security Advisory 2024-9459-03 - An update for buildah is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and traversal vulnerabilities.
Despite having only a scant focus on cybersecurity regulations a decade ago, countries in the Middle East — led by Saudi Arabia and other Gulf nations — have adopted mature frameworks and regulations amid escalating volumes of attacks.
The Patch Tuesday for November of 2024 includes 91 vulnerabilities, including two that Microsoft marked as “critical.” The remaining 89 vulnerabilities listed are classified as “important.”
# Microsoft Security Advisory CVE-2024-43499 | .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. The NrbfDecoder component in .NET 9 contains a denial of service vulnerability due to incorrect input validation. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/333 ## <a name="mitigation-factors"></a>Mitigation factors Applications that do not use the NrbfDecoder component are not affected by this vulnerability. By default, .NET console apps and web apps do not reference this component. ## <a name="affected-software"></a>Affected software * Any .NET 9.0 application running on .NET 9.0.0.RC.2 or earlier. ## <a name="affected-packages"></a>Affected Packages The...
The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.