Important: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RHEL 9 : .NET 6.0 (RHSA-2023:3581)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3581 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

ALSA-2023:3581 Important: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18. The...

Important: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18. The...

Privilege Escalation

Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-arm64 to version 6.0.18,...

Privilege Escalation

Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm to version 6.0.18, 7.0.7 or...

Privilege Escalation

Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm to version 6.0.18, 7.0.7 or...

Privilege Escalation

Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x86 to version 6.0.18, 7.0.7 or...

Privilege Escalation

Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 6.0.18, 7.0.7 or...

June 13, 2023-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8.1 and Windows Server 2012 R2 (KB5027542)

June 13, 2023-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8.1 and Windows Server 2012 R2 KB5027542 Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microso...

CKAN < 2.9.9 / 2.10.1 RCE

The version of CKAN installed on the remote host is prior to 2.9.9 or 2.10 prior to 2.10.1. It is, therefore, affected by a remote code execution vulnerability. A remote attacker with permissions to create or edit a dataset can upload a resource with a specially crafted id to write the uploaded...

PYSEC-2023-81

A vulnerability classified as problematic was found in MindSpore 2.0.0-alpha/2.0.0-rc1. This vulnerability affects the function JsonHelper::UpdateArray of the file mindspore/ccsrc/minddata/dataset/util/jsonhelper.cc. The manipulation leads to memory corruption. The name of the patch is...

CVE-2023-2970 MindSpore json_helper.cc UpdateArray memory corruption

A vulnerability classified as problematic was found in MindSpore 2.0.0-alpha/2.0.0-rc1. This vulnerability affects the function JsonHelper::UpdateArray of the file mindspore/ccsrc/minddata/dataset/util/jsonhelper.cc. The manipulation leads to memory corruption. The name of the patch is...

PT-2023-24194 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions 1.4.0 through 2.3.16 Xibo versions 2.3.17 is not affected, but versions prior to 3.3.5 are affected, so the correct range is Xibo versions 3.3.0 through 3.3.4 Description: A SQL injection issue was discovered in the...

Remote code execution

CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in resourcecreate and packageupdate actions, using the ResourceUploader object. Also...

CVE-2023-30840

Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid...

CVE-2023-30840

Fluid CVE-2023-30840 affects versions 0.7.0 up to before 0.8.6. If an attacker gains control of a Kubernetes node running the fluid-csi pod, they can use the fluid-csi service account to modify node specs across the cluster, circumventing limited permissions and potentially elevating privileges t...

CVE-2023-30840 On a compromised node, the fluid-csi service account can be used to modify node specs

Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid...

CVE-2023-30840 On a compromised node, the fluid-csi service account can be used to modify node specs

Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid...

[SECURITY] Fedora 36 Update: redis-6.2.12-1.fc36

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...