6 matches found
CVE-2022-30184
CVE-2022-30184 is a .NET/Visual Studio information-disclosure vulnerability. Connected sources confirm it targets Microsoft software via improper input validation, enabling a local attacker to obtain sensitive information when processing crafted content. The CVSSv3.1 base score is 5.5 (AV:L/AC:L/...
CVE-2022-41064
CVE-2022-41064 is a .NET Framework information disclosure vulnerability with CVSS v3.1 base score 5.8 (AV:A, AC:H, PR:L, UI:N, S:C, C:H). It could allow a remote authenticated attacker to obtain sensitive information by sending a specially crafted request. In IBM contexts, the vulnerability affec...
CVE-2023-29337
CVE-2023-29337 is a Linux-specific vulnerability in NuGet Client (and related .NET tooling) describing a race condition that can enable a symlink attack and remote code execution when a victim opens specially crafted content. IBM/IBM RPA advisory confirms remote code execution possibilities via ....
CVE-2019-0757
CVE-2019-0757 is a Tampering Vulnerability in the NuGet Package Manager for Linux and macOS. The issue allows an authenticated attacker to modify a NuGet package’s folder structure (NuGet Package Manager Tampering Vulnerability). Public sources in connected documents indicate this affects .NET Co...
CVE-2019-1258
CVE-2019-1258 concerns the Azure Active Directory Authentication Library (ADAL) On-Behalf-Of flow, where token caching can let an authenticated attacker operate in another user’s context. The vulnerability is described across multiple sources (Microsoft MSRC advisory and related advisories) as an...
CVE-2019-0976
CVE-2019-0976 describes a tampering vulnerability in the NuGet Package Manager for Linux and Mac. An authenticated attacker could modify contents of the intermediate build folder (by default obj), potentially affecting binaries produced by a build. The root cause cited in the Microsoft advisory i...