dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand

A vulnerability was found in FormatFtpCommand in the .NET package that may result in a CRLF injection arbitrary file write and deletion...

Moderate: Red Hat Security Advisory: dotnet6.0 security update

An update for dotnet6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand

A vulnerability was found in FormatFtpCommand in the .NET package that may result in a CRLF injection arbitrary file write and deletion...

CVE-2023-36049

A vulnerability was found in FormatFtpCommand in the .NET package that may result in a CRLF injection arbitrary file write and deletion. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease...

Moderate: dotnet6.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.125 and .NET Runtime 6.0.25...

Microsoft .NET FormatFtpCommand CRLF Injection Arbitrary File Write and Deletion Vulnerability

This vulnerability allows remote attackers to create or delete arbitrary files on FTP servers implemented using affected versions of Microsoft .NET. Interaction with the .NET framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The...

ALSA-2023:7257 Moderate: dotnet6.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.125 and .NET Runtime 6.0.25...

ALSA-2023:7255 Moderate: dotnet7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.114 and .NET Runtime 7.0.14...

Moderate: dotnet8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Security Fixes: dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand CVE-2023-36049 dotnet: ASP.NET Security Feature Bypass...

Moderate: dotnet6.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.125 and .NET Runtime 6.0.25...

ALSA-2023:7253 Moderate: dotnet8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Security Fixes: dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand CVE-2023-36049 dotnet: ASP.NET Security Feature Bypass...

ALSA-2023:7256 Moderate: dotnet7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.114 and .NET Runtime 7.0.14...

Moderate: Red Hat Security Advisory: libreoffice security update

An update for libreoffice is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

libreoffice: Arbitrary file write

A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker...

CVE-2023-45880

GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname and extension. This allows creation of PHP files outside of the uploads...

CVE-2023-45878

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubricsvisualisesaveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set...

CVE-2023-45878

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubricsvisualisesaveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set...

CVE-2023-45878

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubricsvisualisesaveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set...

Design/Logic Flaw

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubricsvisualisesaveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set...

CVE-2023-45878

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubricsvisualisesaveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set...