#js

Red Hat Security Advisory 2024-4427-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-4425-03 - An update for openstack-cinder, openstack-glance, and openstack-nova is now available for Red Hat OpenStack Platform 16.1.

Red Hat Security Advisory 2024-4422-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-4421-03 - An update for the python39:3.9 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4420-03 - An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8.10.

Red Hat Security Advisory 2024-4316-03 - Red Hat OpenShift Container Platform release 4.16.2 is now available with updates to packages and images that fix several bugs and add enhancements.

### Impact A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. **This vulnerability can affect all Next.js deployments on the affected versions.** ### Patches This vulnerability was resolved in Next.js 13.5 and later. We recommend that users upgrade to a safe version. ### Workarounds There are no official workarounds for this vulnerability. #### Credit We'd like to thank Thai Vu of [flyseccorp.com](http://flyseccorp.com/) for responsible disclosure of this vulnerability.

Talos is releasing a new list of CyberChef recipes that enable faster and easier reversal of encoded JavaScript code contained in the observed HTML attachments.

All versions of the package @discordjs/opus are vulnerable to Denial of Service (DoS) due to providing an input object with a property toString to several different functions. Exploiting this vulnerability could lead to a system crash.

# Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Vulnerability exists when System.Formats.Asn1 in .NET parses an X.509 certificate or collection of certificates, a malicious certificate can result in excessive CPU consumption on all platforms result in Denial of Service. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/312 ## <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 6.0 application running on .NET 6.0.31 or earlier. * Any .NET 8.0 application runni...