HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. "A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel,...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit -...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...

HTTP Request Smuggling

Overview Microsoft.AspNetCore.App.Runtime.linux-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the msdia140.dll process. An attacker can execute arbitrary code by supplying specially crafted input that triggers an integer overflow and subsequent heap-bas...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the loading of a specially crafted file. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 8.0.12, 9.0.1 or higher. References - GitHub Issue...

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information via the TlsStream process. An attacker can gain access to sensitive information by intercepting unencrypted data. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 8.0...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation through the parsing of X.509 certificates. An attacker can cause excessive CPU consumption and disrupt service by submitting a specially crafted malicious certificate. Remediation Upgrade...

Use After Free

Overview Microsoft.AspNetCore.App.Runtime.linux-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free through the handling of HTTP/3 request...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to a stack buffer overrun in the Double Parse routine. An attacker can execute arbitrary code by supplying a specially crafted input that triggers the buffer overrun. Remediation Upgrade...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.linux-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS when parsing X509 certificates...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in .NET source generator for P/Invokes that can lead to generated code freeing uninitialized memory and crashing. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version...

Privilege Escalation

Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 6.0.18, 7.0.7 or...

Privilege Escalation

Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET using extracting the contents of a Tar file which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 6.0.18, 7.0.7 or higher...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.linux-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS via excess memory allocations...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64 to version 6.0.3 or higher. References - Dotnet Announcement - Dotnet...

.NET Core 3.1 security and bugfix update

3.1.423-1.0.1 - Add missing Oracle Linux Runtime IDs 3.1.423-1 - Update to .NET SDK 3.1.423 and Runtime 3.1.29 - Resolves: RHBZ2123785...

.NET Core 3.1 security, bug fix, and enhancement update

3.1.422-1.0.1 - Add missing Oracle Linux Runtime IDs 3.1.422-1 - Update to .NET SDK 3.1.422 and Runtime 3.1.28 - Resolves: RHBZ2115351...

.NET Core 3.1 security and bugfix update

3.1.417-1.0.1 - Add missing Oracle Linux Runtime IDs 3.1.417-1 - Update to .NET SDK 3.1.417 and Runtime 3.1.23 - Resolves: RHBZ2060567...