MiracleLinux 9 : dotnet6.0-6.0.122-1.el9.ML.1 (AXSA:2023-6423:23)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6423:23 advisory. dotnet: Denial of Service with Client Certificates using .NET Kestrel CVE-2023-36799 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : dotnet6.0-6.0.121-1.el8.ML.1 (AXSA:2023-6348:20)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6348:20 advisory. dotnet: RCE under dotnet commands CVE-2023-35390 dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack CVE-2023-381...

MiracleLinux 8 : dotnet6.0-6.0.120-1.el8.ML.1 (AXSA:2023-6237:19)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6237:19 advisory. dotnet: race condition in Core SignInManager PasswordSignInAsync method CVE-2023-33170 Tenable has extracted the preceding description block directly from th...

MiracleLinux 8 : dotnet6.0-6.0.109-1.el8.ML.1 (AXSA:2022-3851:12)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3851:12 advisory. dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion. CVE-2022-38013 CVEs: CVE-2022-38013 Tenable has...

MiracleLinux 9 : dotnet6.0-6.0.108-1.el9.ML.1 (AXSA:2022-4039:17)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4039:17 advisory. dotnet: External Entity Injection during XML signature verification CVE-2022-34716 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : dotnet6.0-6.0.109-1.el9.ML.1 (AXSA:2022-4110:18)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4110:18 advisory. dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion. CVE-2022-38013 Tenable has extracted the precedin...

MiracleLinux 8 : dotnet6.0-6.0.125-1.el8.ML.1 (AXSA:2024-7361:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7361:01 advisory. dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand CVE-2023-36049 dotnet: ASP.NET Security Feature Bypass Vulnerability in...

MiracleLinux 9 : dotnet6.0-6.0.123-1.el9.ML.1 (AXSA:2023-6529:25)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6529:25 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the preceding description...

TencentOS Server 3: .NET 6.0 (TSSA-2023:0183)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0183 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2025-36855

CVE-2025-36855 concerns a buffer over-read in DiaSymReader.dll and affects End-Of-Life .NET components. The issue applies to EOL ASP.NET 6.0.0–6.0.36 and to .NET runtimes in the CVE-2025-21176 family (8.0.0–8.0.11 and 9.0.0–9.0.0). Self-contained deployments targeting affected versions are also v...

CVE-2025-36855 EOL .NET 6.0 Runtime Remote Code Execution Vulnerability

...

CVE-2025-36855 EOL .NET 6.0 Runtime Remote Code Execution Vulnerability

...

CVE-2025-36853 EOL .NET 6.0 Runtime Remote Code Execution Vulnerability

...

CVE-2025-36853

CVE-2025-36853 maps to CVE-2025-21172 and involves a root cause of integer overflow and heap-based overflow in msdia140.dll. The EU/CNNVD references attribute this to Microsoft .NET/Visual Studio, with CVSS v3.1 base score 7.5 (Network, High impact across confidentiality, integrity, availability;...

Important: dotnet6.0

Issue Overview: .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability CVE-2024-43483 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability CVE-2024-43484 .NET and Visual Studio Denial of Service Vulnerability CVE-2024-43485 Affected Packages: dotnet6.0 Issue...

USN-7058-1 dotnet6, dotnet8 vulnerabilities

Brennan Conroy discovered that the .NET Kestrel web server did not properly handle closing HTTP/3 streams under certain circumstances. An attacker could possibly use this issue to achieve remote code execution. This vulnerability only impacted .NET8. CVE-2024-38229 It was discovered that .NET...

Important: dotnet6.0

Issue Overview: .NET and Visual Studio Denial of Service Vulnerability CVE-2024-38095 Affected Packages: dotnet6.0 Issue Correction: Run dnf update dotnet6.0 --releasever 2023.5.20240805 to update your system. New Packages: aarch64: ...

.NET 6.0 Update - August 13, 2024 (KB5042131)

.NET 6.0 Update - August 13, 2024 KB5042131 .NET 6.0 has been refreshed with the latest update as of August 13, 2024. This update contains both security and non-security fixes. See the release notes for details on updated packages..NET 6.0 servicing updates are upgrades. The latest servicing upda...

Important: dotnet6.0

Issue Overview: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability CVE-2024-21409 Affected Packages: dotnet6.0 Issue Correction: Run dnf update dotnet6.0 --releasever 2023.4.20240429 or dnf update --advisory ALAS2023-2024-597 --releasever 2023.4.20240429 to update your...

Important: dotnet6.0

Issue Overview: .NET Denial of Service Vulnerability CVE-2024-20672 .NET Denial of Service Vulnerability CVE-2024-21386 .NET Denial of Service Vulnerability CVE-2024-21404 Affected Packages: dotnet6.0 Issue Correction: Run dnf update dotnet6.0 --releasever 2023.3.20240304 or dnf update --advisory...