Aggregator

USN-8085-1: .NET vulnerabilities

6 days 22 hours ago
It was discovered that the .NET Microsoft.Bcl.Memory NuGet package did not properly handle certain malformed Base64Url encoded input. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. This issue only affected .NET 9.0 and .NET 10.0. (CVE-2026-26127) Bartłomiej Dach discovered that .NET's SignalR server component did not properly manage resource consumption when processing certain messages. An attacker could possibly use this issue to exhaust internal buffers, resulting in a denial of service. (CVE-2026-26130)

bpfman-0.5.4-4.fc43

6 days 22 hours ago
FEDORA-2026-2fef29d32a Packages in this update:
  • bpfman-0.5.4-4.fc43
Update description:

Fix CVE-2026-31812: Bump quinn-proto to 0.11.14 - Closes rhbz#2446359