17 matches found
Security Updates for Microsoft .NET Framework (February 2026)
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. CVE-2025-55248 Note that...
MiracleLinux 9 : dotnet9.0-9.0.111-1.el9_6.ML.1 (AXSA:2025-10978:23)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10978:23 advisory. dotnet: .NET Information Disclosure Vulnerability CVE-2025-55248 dotnet: .NET Security Feature Bypass Vulnerability CVE-2025-55315 dotnet: .NET...
Amazon Linux 2023 : aspnetcore-runtime-9.0, aspnetcore-runtime-dbg-9.0, aspnetcore-targeting-pack-9.0 (ALAS2023-2025-1231)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1231 advisory. Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate privileges locally. CVE-2025-55247 Inadequate encryption strength in .NET, .NET...
AlmaLinux 8 : .NET 8.0 (ALSA-2025:18148)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:18148 advisory. dotnet: .NET Information Disclosure Vulnerability CVE-2025-55248 dotnet: .NET Security Feature Bypass Vulnerability CVE-2025-55315 dotnet: .NET Denial of...
AlmaLinux 9 : .NET 8.0 (ALSA-2025:18149)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:18149 advisory. dotnet: .NET Information Disclosure Vulnerability CVE-2025-55248 dotnet: .NET Security Feature Bypass Vulnerability CVE-2025-55315 dotnet: .NET Denial of...
.NET 9.0 security update
An update is available for dotnet9.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...
RLSA-2025:18153 Important: .NET 9.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.111 and .NET Runtime...
Security Update for Microsoft .NET Core (October 2025)
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by information disclosure vulnerability as referenced in the vendor advisory. - Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to...
SUSE CVE-2025-55248
unknown...
RHEL 9 : .NET 8.0 (RHSA-2025:18256)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:18256 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
GHSA-GWQ6-FMVP-QP68 Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability
Microsoft Security Advisory CVE-2025-55248 | .NET Information Disclosure Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update...
ALSA-2025:18150 Important: .NET 9.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.111 and .NET Runtime...
CVE-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
...
CVE-2025-55248
CVE-2025-55248 is an information-disclosure vulnerability in the .NET ecosystem (affecting .NET 8.0/9.0 runtimes) caused by insufficient encryption, enabling an authorized network attacker to access leaked data. The issue is discussed in Microsoft and ENISA/ALMAS advisories, which indicate affect...
CVE-2025-55248
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network...
October 14, 2025-KB5066129 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2
October 14, 2025-KB5066129 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2 Release Date: October 14, 2025 Version: .NET Framework 3.5 and 4.8.1 The October 14, 2025 update for Microsoft server operating system, version 23H2 includes security...
CVE-2025-55248
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network...