Defense in Depth update for NuGet Client

Impact This update adds validation of the package ID and version during package download, in addition to the existing package signature validation. Patches NuGet The following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched: |Affected versions|Patched...

GHSA-G4VJ-CJJJ-V7HG Defense in Depth update for NuGet Client

Impact This update adds validation of the package ID and version during package download, in addition to the existing package signature validation. Patches NuGet The following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched: |Affected versions|Patched...

EUVD-2023-1715

Malicious code in bioql PyPI...

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Red Hat is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2016-4074. getaddrinfo is used by IBM Robotic Process Automation for Cloud Pak as part of the ba...

BIT-DOTNET-SDK-2022-41032 NuGet Client Elevation of Privilege Vulnerability

NuGet Client Elevation of Privilege Vulnerability...

GHSA-JW42-5M4V-9C8G Duplicate Advisory: NuGet Client Security Feature Bypass Vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-68w7-72jg-6qpp. This link is maintained to preserve external references. Original Description NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability...

Duplicate Advisory: NuGet Client Security Feature Bypass Vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-68w7-72jg-6qpp. This link is maintained to preserve external references. Original Description NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability...

Rocky Linux 8 : .NET 7.0 (RLSA-2023:3593)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:3593 advisory. - .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability CVE-2023-24936 - .NET, .NET Framework, and Visual Studio Denial of Servic...

Security Bulletin: Multiple security vulnerabilities in .NET may affect IBM Robotic Process Automation for Cloud Pak (CVE-2023-24936, CVE-2023-29337, CVE-2023-33128)

Summary Microsoft .NET is used by IBM Robotic Process Automation for Cloud Pak as the development infrastructure and application runtime. CVE-2023-24936, CVE-2023-29337, CVE-2023-33128 Vulnerability Details CVEID:CVE-2023-24936 DESCRIPTION: Microsoft .NET and Visual Studio could allow a remote...

Important: dotnet6.0

Issue Overview: .NET Denial of Service Vulnerability. CVE-2023-21538 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability CVE-2023-24895 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability CVE-2023-24936 .NET, .NET Framework, and Visual Studio Denia...

Oracle Linux 8 : .NET / 7.0 (ELSA-2023-3593)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3593 advisory. 7.0.107-1.0.1 - Set TargetRid based on os release major version, add OL arm64 RuntimeIdentifier Orabug: 34671152 7.0.107-1 - Update to .NET SDK 7.0.107...

Oracle Linux 9 : .NET / 6.0 (ELSA-2023-3581)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3581 advisory. 6.0.118-1.0.1 - Add missing Oracle Linux Runtime IDs 6.0.118-1 - Update to .NET SDK 6.0.118 and Runtime 6.0.18 - Resolves: RHBZ2212379 6.0.117-1 - Upda...

NuGet Client Remote Code Execution Vulnerability

Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET and NuGet on Linux. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 7.0...

CVE-2023-29337

NuGet Client Remote Code Execution Vulnerability...

DEBIAN-CVE-2023-29337

NuGet Client Remote Code Execution Vulnerability...

CVE-2023-29337

NuGet Client Remote Code Execution Vulnerability...

CVE-2023-29337

NuGet Client Remote Code Execution Vulnerability...

Remote code execution

NuGet Client Remote Code Execution Vulnerability...

CVE-2023-29337

NuGet Client Remote Code Execution Vulnerability...

Ubuntu 22.04 LTS / 23.04 : .NET vulnerabilities (USN-6161-1)

The remote Ubuntu 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6161-1 advisory. It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could...