Privilege Escalation

Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 6.0.18, 7.0.7 or...

Privilege Escalation

Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm64 to version 6.0.18, 7.0.7 or...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in .NET source generator for P/Invokes that can lead to generated code freeing uninitialized memory and crashing. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x86 to version 7.0...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. A vulnerability exists in .NET when processing malicious X.509 client certificates that may consume excessive CPU. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

Privilege Escalation

Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.osx-x64 to version 6.0.18, 7.0.7 or...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in .NET source generator for P/Invokes that can lead to generated code freeing uninitialized memory and crashing. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 7.0...

Privilege Escalation

Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm to version 6.0.18, 7.0.7 or...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in .NET source generator for P/Invokes that can lead to generated code freeing uninitialized memory and crashing. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm64 to version...

Privilege Escalation

Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET using extracting the contents of a Tar file which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm64 to version 6.0.18, 7.0.7 or higher...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in how WPF applications load and render XPS documents which may result in remote code execution. Remediation Upgrade Microsoft.WindowsDesktop.App.Runtime.win-x64 to version 6.0.18, 7.0.7...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. A vulnerability exists in .NET during crash and stack trace scenarios that could lead to loading arbitrary binaries. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm64 to version 6.0.18, 7.0.7 or highe...

Privilege Escalation

Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET using extracting the contents of a Tar file which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-arm64 to version 6.0.18, 7.0.7 or...

Security fix for the ALT Linux 10 package dotnet-runtime-7.0 version 7.0.3-alt1

7.0.3-alt1 built March 18, 2023 Vitaly Lipatov in task 316692 March 13, 2023 Vitaly Lipatov - .NET 7.0.1 - CVE-2023-21808: .NET Remote Code Execution Vulnerability - restore build and pack singlefilehost...

Security fix for the ALT Linux 10 package dotnet-runtime-5.0 version 5.0.17-alt1

5.0.17-alt1 built March 18, 2023 Vitaly Lipatov in task 316692 March 13, 2023 Vitaly Lipatov - new version 5.0.17 with rpmgs script - CVE-2022-29117: .NET Denial of Service Vulnerability - CVE-2022-29145: .NET Denial of Service Vulnerability - CVE-2022-23267: .NET Denial of Service Vulnerability...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution in the way it reads debugging symbols, where reading a malicious symbols file may result in the exploitation of this vulnerability. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm64 to version 6.0.13,...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS by sending an invalid request to an exposed endpoint. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS by sending an invalid request to an exposed endpoint. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...

Security fix for the ALT Linux 10 package dotnet-runtime-7.0 version 6.0.12-alt1

Dec. 27, 2022 Vitaly Lipatov 6.0.12-alt1 - new version 6.0.12 with rpmrb script - CVE-2022-41032: .NET Elevation of Privilege Vulnerability - CVE-2022-38013: .NET Denial of Service Vulnerability - CVE-2022-34716: .NET Information Disclosure Vulnerability...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.linux-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS when the Kestrel web server...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-arm64 to version 6.0.3 or higher. References - Dotnet Announceme...