GHSA-G4VJ-CJJJ-V7HG Defense in Depth update for NuGet Client

Impact This update adds validation of the package ID and version during package download, in addition to the existing package signature validation. Patches NuGet The following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched: |Affected versions|Patched...

Defense in Depth update for NuGet Client

Impact This update adds validation of the package ID and version during package download, in addition to the existing package signature validation. Patches NuGet The following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched: |Affected versions|Patched...

EUVD-2023-1715

Malicious code in bioql PyPI...

Duplicate Advisory: NuGet Client Security Feature Bypass Vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-68w7-72jg-6qpp. This link is maintained to preserve external references. Original Description NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability...

Rocky Linux 8 : .NET 7.0 (RLSA-2023:3593)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:3593 advisory. - .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability CVE-2023-24936 - .NET, .NET Framework, and Visual Studio Denial of Servic...

Security Bulletin: Multiple security vulnerabilities in .NET may affect IBM Robotic Process Automation for Cloud Pak (CVE-2023-24936, CVE-2023-29337, CVE-2023-33128)

Summary Microsoft .NET is used by IBM Robotic Process Automation for Cloud Pak as the development infrastructure and application runtime. CVE-2023-24936, CVE-2023-29337, CVE-2023-33128 Vulnerability Details CVEID:CVE-2023-24936 DESCRIPTION: Microsoft .NET and Visual Studio could allow a remote...

Important: dotnet6.0

Issue Overview: .NET Denial of Service Vulnerability. CVE-2023-21538 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability CVE-2023-24895 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability CVE-2023-24936 .NET, .NET Framework, and Visual Studio Denia...

Oracle Linux 8 : .NET / 7.0 (ELSA-2023-3593)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3593 advisory. 7.0.107-1.0.1 - Set TargetRid based on os release major version, add OL arm64 RuntimeIdentifier Orabug: 34671152 7.0.107-1 - Update to .NET SDK 7.0.107...

Oracle Linux 9 : .NET / 6.0 (ELSA-2023-3581)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3581 advisory. 6.0.118-1.0.1 - Add missing Oracle Linux Runtime IDs 6.0.118-1 - Update to .NET SDK 6.0.118 and Runtime 6.0.18 - Resolves: RHBZ2212379 6.0.117-1 - Upda...

CVE-2023-29337

NuGet Client Remote Code Execution Vulnerability...

CVE-2023-29337

NuGet Client Remote Code Execution Vulnerability...

Remote code execution

NuGet Client Remote Code Execution Vulnerability...

CVE-2023-29337

NuGet Client Remote Code Execution Vulnerability...

Ubuntu 22.04 LTS / 23.04 : .NET vulnerabilities (USN-6161-1)

The remote Ubuntu 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6161-1 advisory. It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could...

UBUNTU-CVE-2023-29337

NuGet Client Remote Code Execution Vulnerability...

Fedora 35 : dotnet3.1 (2022-7f5f9ede26)

The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-7f5f9ede26 advisory. This is the October 2022 release of .NET Core 3.1 This updates .NET Core 3.1 SDK to 3.1.424 and Runtime to 3.1.30. This includes fixes for CVE-2022-41032...

Oracle Linux 9 : dotnet7.0 (ELSA-2022-8434)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-8434 advisory. 7.0.100-0.5.rc2.0.1 - Set TargetRid based on os release major version, add OL arm64 RuntimeIdentifier Orabug: 34671152 7.0.100-0.5.rc2 - Add lldb as a build...

Privilege Escalation

NuGet Client is vulnerable to Privilege Escalation. The vulnerability exists because the library does not properly handle a world-writable cache directory, allowing an attacker to inject and execute malicious code, resulting in the elevation of privilege...

Security Updates for Microsoft .NET Core (October 2022)

A privilege escalation vulnerability exists in .NET core 6.0 6.0.10 and .NET Core 3.1 3.1.30. An authenticated, local attacker can exploit this, via the NuGet client, to cause the user to execute arbitrary code. Note that Nessus has not tested for this issue but has instead relied only on the...

CVE-2022-41032

NuGet Client Elevation of Privilege Vulnerability...