Jony_Juice

**Name of the Vulnerable Software and Affected Versions** .NET versions prior to 8.0.17 .NET versions prior to 9.0.6 **Description** A remote code execution vulnerability exists in .NET 8.0 and 9.0 due to improper validation of search paths in Microsoft.NETCore.App.Runtime. An attacker could exploit this vulnerability by placing malicious files in specific locations, leading to unintended code execution. **Recommendations** To fix the vulnerability, update your system to the following package versions: - .NET SDK 8.0 to version 8.0.117 or later - .NET Runtime 8.0 to version 8.0.17 or later - .NET SDK 9.0 to version 9.0.107 or later - .NET Runtime 9.0 to version 9.0.6 or later Additionally, if you have deployed self-contained applications targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed.

**Name of the Vulnerable Software and Affected Versions** Cisco Meraki Systems Manager (SM) Agent for Windows (affected versions not specified) **Description** A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. This issue is due to incorrect handling of directory search paths at runtime. An attacker could exploit this by placing malicious configuration files and malicious DLL files on an affected system, which would be read and executed when Cisco Meraki SM launches on startup, potentially allowing the attacker to execute arbitrary code on the affected system with SYSTEM privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell Inventory Collector versions prior to 12.3.0.6 **Description** The issue is related to incorrect restriction of a directory path with limited access. Exploitation of this issue may allow an attacker to execute arbitrary code. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system. **Recommendations** For versions prior to 12.3.0.6, update to version 12.3.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive directories to minimize the risk of exploitation.