지락문화예술공작단

USN-6161-1: .NET vulnerabilities It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. (CVE-2023-24936) Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-29331) Kalle Niemitalo discovered that the .NET package manager, NuGet, was susceptible to a potential race condition. An attacker could possibly use this issue to perform remote code execution. (CVE-2023-29337) Tom Deseyn discovered that .NET did not properly process certain arguments when extracting the contents of a tar file. An attacker could possibly use this issue to elevate their privileges. This issue only affected the dotnet7 package. (CVE-2023-32032) It was discovered that .NET did not properly [ more… ]

USN-6160-1: GNU binutils vulnerability It was discovered that GNU binutils incorrectly performed bounds checking operations when parsing stabs debugging information. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Source: USN-6160-1: GNU binutils vulnerability