24 matches found
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...
OPENSUSE-SU-2026:20650-1 Security update for python-PyNaCl
This update for python-PyNaCl fixes the following issues: Security fixes: - CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint function bsc1255764. Other fixes: - update to 1.6.2 bsc1255764, CVE-2025-69277:...
SUSE-SU-2026:21431-1 Security update for python-PyNaCl
This update for python-PyNaCl fixes the following issues: Security fixes: - CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint function bsc1255764. Other fixes: - update to 1.6.2 bsc1255764, CVE-2025-69277:...
Metasploit Wrap Up 10/09/2025
Meterpreter: Kickstarting Windows ARM64 and Reducing Memory Footprint This Metasploit-Framework release includes two important milestones for our payloads capability. The first, spearheaded by community contributor Alexander "xaitax" Hagenah, is an enhancement of our ReflectiveLoader, a crucial...
EUVD-2024-48676
Malicious code in bioql PyPI...
CVE-2025-49459
Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access...
Zoom Workplace < 6.5.0 Vulnerability (ZSB-25032)
The version of Zoom Workplace installed on the remote host is prior to 6.5.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-25032 advisory. - Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user ...
Buffer Over-read
Overview Affected versions of this package are vulnerable to Buffer Over-read via the DiaSymReader.dll process. An attacker can execute arbitrary code by exploiting a buffer over-read condition when the application processes specially crafted input. This issue affects EOL ASP.NET 6.0.0 = 6.0.36 a...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the msdia140.dll process. An attacker can execute arbitrary code by supplying specially crafted input that triggers an integer overflow and subsequent heap-bas...
Buffer Over-read
Overview Affected versions of this package are vulnerable to Buffer Over-read through the loading of a specially crafted file. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm to version 8.0.12, 9.0.1 or higher. References - GitHub Issue - GitHub Issue - Security Advisory...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow. An attacker can execute arbitrary code by sending malicious requests designed to exploit the vulnerability. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm to version 9.0.1 or higher. References -...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation through the parsing of X.509 certificates. An attacker can cause excessive CPU consumption and disrupt service by submitting a specially crafted malicious certificate. Remediation Upgrade...
Race Condition
Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Race Condition through the...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to the handling of specially crafted requests that may cause a resource leak. An attacker can cause a denial of service by sending these requests. Details Denial of Service DoS describes a family of attacks, al...
Access Restriction Bypass
Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Access Restriction Bypass. A vulnerability exist in...
Privilege Escalation
Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET using extracting the contents of a Tar file which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm to version 6.0.18, 7.0.7 or higher...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE by allowing an attacker to load a runtime DLL from an unexpected location. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm to version 6.0.16, 7.0.5 or higher. References - Advisory - GitHub Commit -...
Arbitrary Code Execution
Overview Affected versions of this package are vulnerable to Arbitrary Code Execution in the way it reads debugging symbols, where reading a malicious symbols file may result in the exploitation of this vulnerability. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm to version 6.0.13,...
Denial of Service (DoS)
Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS via excess memory allocations...
MAL-2022-2687 Malicious code in elasticagent-windows-arm (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8fd93a88c0e4bf8dd5127882f549df0e66fa8ab99798fdf7f45aa428073aa6e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...