It was discovered that .NET did not properly handle input provided to its
Convert.TryToHexString method. An attacker could possibly use this issue
to execute arbitrary code. (CVE-2025-21171)
It was discovered that .NET did not properly handle an integer overflow
when processing certain specially crafted files. An attacker could
possibly use this issue to execute arbitrary code. (CVE-2025-21172)
Daniel Plaisted and Noah Gilson discovered that .NET insecurely handled
temporary file usage which could result in malicious package dependency
injection. An attacker could possibly use this issue to elevate privileges.
(CVE-2025-21173)
It was discovered that .NET did not properly perform input data validation
when processing certain specially crafted files. An attacker could
possibly use this issue to execute arbitrary code. (CVE-2025-21176)
More Stories
APPLE-SA-04-01-2025-1 watchOS 11.4
Posted by Apple Product Security via Fulldisclosure on Apr 02 APPLE-SA-04-01-2025-1 watchOS 11.4 watchOS 11.4 addresses the following issues. Information...
APPLE-SA-03-31-2025-11 visionOS 2.4
Posted by Apple Product Security via Fulldisclosure on Apr 02 APPLE-SA-03-31-2025-11 visionOS 2.4 visionOS 2.4 addresses the following issues. Information...
APPLE-SA-03-31-2025-10 tvOS 18.4
Posted by Apple Product Security via Fulldisclosure on Apr 02 APPLE-SA-03-31-2025-10 tvOS 18.4 tvOS 18.4 addresses the following issues. Information...
APPLE-SA-03-31-2025-9 macOS Ventura 13.7.5
Posted by Apple Product Security via Fulldisclosure on Apr 02 APPLE-SA-03-31-2025-9 macOS Ventura 13.7.5 macOS Ventura 13.7.5 addresses the following...
APPLE-SA-03-31-2025-8 macOS Sonoma 14.7.5
Posted by Apple Product Security via Fulldisclosure on Apr 02 APPLE-SA-03-31-2025-8 macOS Sonoma 14.7.5 macOS Sonoma 14.7.5 addresses the following...
APPLE-SA-03-31-2025-7 macOS Sequoia 15.4
Posted by Apple Product Security via Fulldisclosure on Apr 02 APPLE-SA-03-31-2025-7 macOS Sequoia 15.4 macOS Sequoia 15.4 addresses the following...