HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path. An attacker can achieve remote code execution by planting malicious files on the victim's system, with knowledge of where they should be placed, then tricking a user to run these files. Remediation Upgrade...

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path. An attacker can achieve remote code execution by planting malicious files on the victim's system, with knowledge of where they should be placed, then tricking a user to run these files. Remediation Upgrade...

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path. An attacker can achieve remote code execution by planting malicious files on the victim's system, with knowledge of where they should be placed, then tricking a user to run these files. Remediation Upgrade...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow. An attacker can execute arbitrary code by sending malicious requests designed to exploit the vulnerability. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm to version 9.0.1 or higher. References -...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation through the parsing of X.509 certificates. An attacker can cause excessive CPU consumption and disrupt service by submitting a specially crafted malicious certificate. Remediation Upgrade...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to the handling of specially crafted requests that may cause a resource leak. An attacker can cause a denial of service by sending these requests. Details Denial of Service DoS describes a family of attacks, al...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in .NET applications where the diagnostic server can be exploited to achieve cross-session/cross-user elevation of privilege EoP and code execution. Remediation Upgrade...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. There is a vulnerability in the MSDIA SDK where corrupted PDBs can cause heap overflow, leading to a crash or remote code execution. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x86 to version 6.0.18,...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. A vulnerability exists in .NET during crash and stack trace scenarios that could lead to loading arbitrary binaries. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 6.0.18, 7.0.7 or higher...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution in the way it reads debugging symbols, where reading a malicious symbols file may result in the exploitation of this vulnerability. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm64 to version 6.0.13,...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE where a stack buffer overrun occurs in .NET Double Parse routine. Remediation Upgrade Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.arm64 to version 6.0.3 or higher. References - Dotnet Announcement - Dotnet...