Vulnerability-Lookup

CVE-2024-21319 (GCVE-0-2024-21319)

Vulnerability from cvelistv5 – Published: 2024-01-09 18:59 – Updated: 2025-06-03 14:29

Title

Microsoft Identity Denial of service vulnerability

Summary

Microsoft Identity Denial of service vulnerability

Severity

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE

CWE-20 - Improper Input Validation

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

13 products

Vendor	Product	Version
Microsoft	.NET 6.0	Affected: 6.0.0 , < 6.0.26 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.2	Affected: 17.2.0 , < 17.2.23 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.6	Affected: 17.6.0 , < 17.6.11 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.4	Affected: 17.4.0 , < 17.4.15 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.8	Affected: 17.8.0 , < 17.8.4 (custom)
Microsoft	.NET 7.0	Affected: 7.0.0 , < 7.0.15 (custom)
Microsoft	.NET 8.0	Affected: 8.0 , < 8.0.1 (custom)
Microsoft	Microsoft Identity Model v6.0.0 forNuget	Affected: 6.0 , < 6.34.0 (custom)
Microsoft	Microsoft Identity Model v7.0.0 for Nuget	Affected: 7.0 , < 7.1.2 (custom)
Microsoft	Microsoft Identity Model v6.0.0	Affected: 6.0 , < 6.34.0 (custom)
Microsoft	Microsoft Identity Model v5.0.0	Affected: 5.0 , < 5.7.0 (custom)
Microsoft	Microsoft Identity Model v7.0.0	Affected: 7.0 , < 7.1.2 (custom)
Microsoft	Microsoft Identity Model v5.0.0 for Nuget	Affected: 5.0 , < 5.7.0 (custom)

Date Public

2024-01-09 08:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:20:39.921Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Identity Denial of service vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21319",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T15:56:18.714850Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-03T14:29:52.502Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.26",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.23",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.11",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.15",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.4",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 7.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.0.15",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 8.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.0.1",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Identity Model v6.0.0 forNuget",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.34.0",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Identity Model v7.0.0 for Nuget",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.1.2",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Identity Model v6.0.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.34.0",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Identity Model v5.0.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5.7.0",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Identity Model v7.0.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.1.2",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Identity Model v5.0.0 for Nuget",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5.7.0",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.26",
                  "versionStartIncluding": "6.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.2.23",
                  "versionStartIncluding": "17.2.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.6.11",
                  "versionStartIncluding": "17.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.4.15",
                  "versionStartIncluding": "17.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.8.4",
                  "versionStartIncluding": "17.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0.15",
                  "versionStartIncluding": "7.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "8.0.1",
                  "versionStartIncluding": "8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:identitymodel_for_nuget:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.34.0",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:identitymodel_for_nuget:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.1.2",
                  "versionStartIncluding": "7.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:identitymodel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.34.0",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:identitymodel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.7.0",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:identitymodel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.1.2",
                  "versionStartIncluding": "7.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:identitymodel_for_nuget:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.7.0",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-01-09T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Identity Denial of service vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-03T01:46:56.518Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Identity Denial of service vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319"
        }
      ],
      "title": "Microsoft Identity Denial of service vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-21319",
    "datePublished": "2024-01-09T18:59:01.270Z",
    "dateReserved": "2023-12-08T22:45:19.367Z",
    "dateUpdated": "2025-06-03T14:29:52.502Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-21319",
      "date": "2026-05-26",
      "epss": "0.00593",
      "percentile": "0.69454"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndExcluding\": \"6.0.26\", \"matchCriteriaId\": \"498DF6C9-EC7C-4A4F-A188-B22E82FD6540\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndExcluding\": \"7.0.15\", \"matchCriteriaId\": \"3CE00AC7-D405-4567-8CB1-C3ED7E2925C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndExcluding\": \"8.0.1\", \"matchCriteriaId\": \"8583992E-20C5-4437-ACFE-22FEBD539E4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:identity_model:*:*:*:*:*:.net:*:*\", \"versionStartIncluding\": \"5.0.0\", \"versionEndExcluding\": \"5.7.0\", \"matchCriteriaId\": \"F39C475D-FDCE-4DE1-B936-01D268FD7645\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:identity_model:*:*:*:*:*:.net:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndExcluding\": \"6.34.0\", \"matchCriteriaId\": \"A286ABF0-E7B7-44E0-9EF1-0226BDD5338A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:identity_model:*:*:*:*:*:.net:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndExcluding\": \"7.1.2\", \"matchCriteriaId\": \"B12074D2-B6C2-4797-BCE8-27A5E6314FB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.2.0\", \"versionEndExcluding\": \"17.2.23\", \"matchCriteriaId\": \"42B33777-27CB-45CC-A95A-3F4369DBB31D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.4.0\", \"versionEndExcluding\": \"17.4.15\", \"matchCriteriaId\": \"E578915C-4563-4767-A1F9-7C0ADF58BDA6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.6.0\", \"versionEndExcluding\": \"17.6.11\", \"matchCriteriaId\": \"AB1E1DB4-BE9A-48E9-808D-E239CFDB26BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.8.0\", \"versionEndExcluding\": \"17.8.4\", \"matchCriteriaId\": \"1A6D3ECE-ED4D-4778-900F-4D4E1D05F00E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Identity Denial of service vulnerability\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de denegaci\\u00f3n de servicio de identidad de Microsoft\"}]",
      "id": "CVE-2024-21319",
      "lastModified": "2024-11-21T08:54:06.097",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 4.0}]}",
      "published": "2024-01-09T19:15:12.070",
      "references": "[{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-21319\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2024-01-09T19:15:12.070\",\"lastModified\":\"2024-11-21T08:54:06.097\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Identity Denial of service vulnerability\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de denegaci\u00f3n de servicio de identidad de Microsoft\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.26\",\"matchCriteriaId\":\"498DF6C9-EC7C-4A4F-A188-B22E82FD6540\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.15\",\"matchCriteriaId\":\"3CE00AC7-D405-4567-8CB1-C3ED7E2925C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.0.1\",\"matchCriteriaId\":\"8583992E-20C5-4437-ACFE-22FEBD539E4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:identity_model:*:*:*:*:*:.net:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.7.0\",\"matchCriteriaId\":\"F39C475D-FDCE-4DE1-B936-01D268FD7645\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:identity_model:*:*:*:*:*:.net:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.34.0\",\"matchCriteriaId\":\"A286ABF0-E7B7-44E0-9EF1-0226BDD5338A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:identity_model:*:*:*:*:*:.net:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.1.2\",\"matchCriteriaId\":\"B12074D2-B6C2-4797-BCE8-27A5E6314FB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.2.0\",\"versionEndExcluding\":\"17.2.23\",\"matchCriteriaId\":\"42B33777-27CB-45CC-A95A-3F4369DBB31D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.4.0\",\"versionEndExcluding\":\"17.4.15\",\"matchCriteriaId\":\"E578915C-4563-4767-A1F9-7C0ADF58BDA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.6.0\",\"versionEndExcluding\":\"17.6.11\",\"matchCriteriaId\":\"AB1E1DB4-BE9A-48E9-808D-E239CFDB26BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.8.0\",\"versionEndExcluding\":\"17.8.4\",\"matchCriteriaId\":\"1A6D3ECE-ED4D-4778-900F-4D4E1D05F00E\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Microsoft Identity Denial of service vulnerability\", \"datePublic\": \"2024-01-09T08:00:00.000Z\", \"cpeApplicability\": [{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndExcluding\": \"6.0.26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.2.0\", \"versionEndExcluding\": \"17.2.23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.6.0\", \"versionEndExcluding\": \"17.6.11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.4.0\", \"versionEndExcluding\": \"17.4.15\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.8.0\", \"versionEndExcluding\": \"17.8.4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndExcluding\": \"7.0.15\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0\", \"versionEndExcluding\": \"8.0.1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:identitymodel_for_nuget:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0\", \"versionEndExcluding\": \"6.34.0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:identitymodel_for_nuget:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0\", \"versionEndExcluding\": \"7.1.2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:identitymodel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0\", \"versionEndExcluding\": \"6.34.0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:identitymodel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.0\", \"versionEndExcluding\": \"5.7.0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:identitymodel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0\", \"versionEndExcluding\": \"7.1.2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:identitymodel_for_nuget:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.0\", \"versionEndExcluding\": \"5.7.0\"}]}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \".NET 6.0\", \"platforms\": [\"Unknown\"], \"versions\": [{\"version\": \"6.0.0\", \"lessThan\": \"6.0.26\", \"versionType\": \"custom\", \"status\": \"affected\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.2\", \"platforms\": [\"Unknown\"], \"versions\": [{\"version\": \"17.2.0\", \"lessThan\": \"17.2.23\", \"versionType\": \"custom\", \"status\": \"affected\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.6\", \"platforms\": [\"Unknown\"], \"versions\": [{\"version\": \"17.6.0\", \"lessThan\": \"17.6.11\", \"versionType\": \"custom\", \"status\": \"affected\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.4\", \"platforms\": [\"Unknown\"], \"versions\": [{\"version\": \"17.4.0\", \"lessThan\": \"17.4.15\", \"versionType\": \"custom\", \"status\": \"affected\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.8\", \"platforms\": [\"Unknown\"], \"versions\": [{\"version\": \"17.8.0\", \"lessThan\": \"17.8.4\", \"versionType\": \"custom\", \"status\": \"affected\"}]}, {\"vendor\": \"Microsoft\", \"product\": \".NET 7.0\", \"platforms\": [\"Unknown\"], \"versions\": [{\"version\": \"7.0.0\", \"lessThan\": \"7.0.15\", \"versionType\": \"custom\", \"status\": \"affected\"}]}, {\"vendor\": \"Microsoft\", \"product\": \".NET 8.0\", \"platforms\": [\"Unknown\"], \"versions\": [{\"version\": \"8.0\", \"lessThan\": \"8.0.1\", \"versionType\": \"custom\", \"status\": \"affected\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Identity Model v6.0.0 forNuget\", \"platforms\": [\"Unknown\"], \"versions\": [{\"version\": \"6.0\", \"lessThan\": \"6.34.0\", \"versionType\": \"custom\", \"status\": \"affected\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Identity Model v7.0.0 for Nuget\", \"platforms\": [\"Unknown\"], \"versions\": [{\"version\": \"7.0\", \"lessThan\": \"7.1.2\", \"versionType\": \"custom\", \"status\": \"affected\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Identity Model v6.0.0\", \"platforms\": [\"Unknown\"], \"versions\": [{\"version\": \"6.0\", \"lessThan\": \"6.34.0\", \"versionType\": \"custom\", \"status\": \"affected\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Identity Model v5.0.0\", \"platforms\": [\"Unknown\"], \"versions\": [{\"version\": \"5.0\", \"lessThan\": \"5.7.0\", \"versionType\": \"custom\", \"status\": \"affected\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Identity Model v7.0.0\", \"platforms\": [\"Unknown\"], \"versions\": [{\"version\": \"7.0\", \"lessThan\": \"7.1.2\", \"versionType\": \"custom\", \"status\": \"affected\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Identity Model v5.0.0 for Nuget\", \"platforms\": [\"Unknown\"], \"versions\": [{\"version\": \"5.0\", \"lessThan\": \"5.7.0\", \"versionType\": \"custom\", \"status\": \"affected\"}]}], \"descriptions\": [{\"value\": \"Microsoft Identity Denial of service vulnerability\", \"lang\": \"en-US\"}], \"problemTypes\": [{\"descriptions\": [{\"description\": \"CWE-20: Improper Input Validation\", \"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-20\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2025-05-03T01:46:56.518Z\"}, \"references\": [{\"name\": \"Microsoft Identity Denial of service vulnerability\", \"tags\": [\"vendor-advisory\"], \"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319\"}], \"metrics\": [{\"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}], \"cvssV3_1\": {\"version\": \"3.1\", \"baseSeverity\": \"MEDIUM\", \"baseScore\": 6.8, \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C\"}}]}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:20:39.921Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"Microsoft Identity Denial of service vulnerability\", \"tags\": [\"vendor-advisory\", \"x_transferred\"], \"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21319\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-08T15:56:18.714850Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-08T15:56:20.267Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-21319\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"microsoft\", \"dateReserved\": \"2023-12-08T22:45:19.367Z\", \"datePublished\": \"2024-01-09T18:59:01.270Z\", \"dateUpdated\": \"2025-06-03T14:29:52.502Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2024-AVI-0022

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer un contournement de la fonctionnalité de sécurité et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft .NET Framework 4.8
Microsoft	N/A	Microsoft .NET Framework 3.0 Service Pack 2
Microsoft	N/A	.NET 8.0
Microsoft	N/A	Microsoft .NET Framework 3.5
Microsoft	N/A	Microsoft .NET Framework 3.5 et 4.8.1
Microsoft	N/A	Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft	N/A	Microsoft .NET Framework 3.5 et 4.8
Microsoft	N/A	Microsoft .NET Framework 3.5 et 4.7.2
Microsoft	N/A	.NET 7.0
Microsoft	N/A	Microsoft .NET Framework 2.0 Service Pack 2
Microsoft	N/A	.NET 6.0

References

Title

Publication Time

CERTFR-2024-AVI-0024

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer un contournement de la fonctionnalité de sécurité, une exécution de code arbitraire à distance, un déni de service et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.8
Microsoft	N/A	Microsoft.Data.SqlClient 2.1
Microsoft	N/A	Microsoft.Data.SqlClient 5.1
Microsoft	N/A	Microsoft SharePoint Enterprise Server 2016
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.2
Microsoft	N/A	System.Data.SqlClient
Microsoft	N/A	CBL Mariner 1.0 ARM
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 à 16.10)
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.6
Microsoft	N/A	Microsoft Identity Model v6.0.0
Microsoft	N/A	Microsoft Identity Model v5.0.0
Microsoft	N/A	Microsoft SQL Server 2022 pour systèmes x64 (GDR)
Microsoft	N/A	Microsoft Identity Model v7.0.0 pour Nuget
Microsoft	N/A	Microsoft.Data.SqlClient 3.1
Microsoft	N/A	CBL Mariner 2.0 x64
Microsoft	N/A	CBL Mariner 2.0 ARM
Microsoft	N/A	Microsoft Identity Model v5.0.0 pour Nuget
Microsoft	N/A	Microsoft Visual Studio 2015 Update 3
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.4
Microsoft	N/A	Microsoft SharePoint Server Subscription Edition
Microsoft	N/A	Microsoft.Data.SqlClient 4.0
Microsoft	N/A	Microsoft Printer Metadata Troubleshooter Tool
Microsoft	N/A	Microsoft SQL Server 2022 pour systèmes x64 (CU 10)
Microsoft	N/A	Microsoft Identity Model v7.0.0
Microsoft	N/A	Microsoft Identity Model v6.0.0 pour Nuget
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 à 15.8)
Microsoft	N/A	Microsoft SharePoint Server 2019
Microsoft	N/A	CBL Mariner 1.0 x64

References

Title

Publication Time

alsa-2024:0150

Vulnerability from osv_almalinux

Published

2024-01-10 00:00

Modified

2024-01-11 20:16

Summary

Important: .NET 8.0 security update

Details

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.101 and .NET Runtime 8.0.1.

Security Fix(es):

dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)
dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)
dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:0150	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-0056	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0057	REPORT
	https://access.redhat.com/security/cve/CVE-2024-21319	REPORT
	https://bugzilla.redhat.com/2255384	REPORT
	https://bugzilla.redhat.com/2255386	REPORT
	https://bugzilla.redhat.com/2257566	REPORT
	https://errata.almalinux.org/8/ALSA-2024-0150.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aspnetcore-runtime-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aspnetcore-targeting-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.101-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-apphost-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-host"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-hostfxr-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-runtime-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-sdk-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.101-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-sdk-8.0-source-built-artifacts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.101-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-targeting-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-templates-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.101-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "netstandard-targeting-pack-2.1"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.101-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.101 and .NET Runtime 8.0.1.\n\nSecurity Fix(es):\n\n* dotnet: Information Disclosure: MD.SqlClient(MDS) \u0026 System.data.SQLClient (SDS) (CVE-2024-0056)\n* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)\n* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:0150",
  "modified": "2024-01-11T20:16:03Z",
  "published": "2024-01-10T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:0150"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0056"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0057"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21319"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255384"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255386"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2257566"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-0150.html"
    }
  ],
  "related": [
    "CVE-2024-0056",
    "CVE-2024-0057",
    "CVE-2024-21319"
  ],
  "summary": "Important: .NET 8.0 security update"
}

alsa-2024:0151

Vulnerability from osv_almalinux

Published

2024-01-10 00:00

Modified

2024-01-11 16:35

Summary

Important: .NET 7.0 security update

Details

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.115 and .NET Runtime 7.0.15.

Security Fix(es):

dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)
dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)
dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:0151	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-0056	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0057	REPORT
	https://access.redhat.com/security/cve/CVE-2024-21319	REPORT
	https://bugzilla.redhat.com/2255384	REPORT
	https://bugzilla.redhat.com/2255386	REPORT
	https://bugzilla.redhat.com/2257566	REPORT
	https://errata.almalinux.org/9/ALSA-2024-0151.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "aspnetcore-runtime-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "aspnetcore-targeting-pack-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-apphost-pack-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-hostfxr-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-runtime-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-sdk-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.115-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-sdk-7.0-source-built-artifacts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.115-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-targeting-pack-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-templates-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.115-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.115 and .NET Runtime 7.0.15.\n\nSecurity Fix(es):\n\n* dotnet: Information Disclosure: MD.SqlClient(MDS) \u0026 System.data.SQLClient (SDS) (CVE-2024-0056)\n* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)\n* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:0151",
  "modified": "2024-01-11T16:35:33Z",
  "published": "2024-01-10T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:0151"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0056"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0057"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21319"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255384"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255386"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2257566"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-0151.html"
    }
  ],
  "related": [
    "CVE-2024-0056",
    "CVE-2024-0057",
    "CVE-2024-21319"
  ],
  "summary": "Important: .NET 7.0 security update"
}

alsa-2024:0152

Vulnerability from osv_almalinux

Published

2024-01-10 00:00

Modified

2024-01-11 16:40

Summary

Important: .NET 8.0 security update

Details

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.101 and .NET Runtime 8.0.1.

Security Fix(es):

dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)
dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)
dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:0152	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-0056	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0057	REPORT
	https://access.redhat.com/security/cve/CVE-2024-21319	REPORT
	https://bugzilla.redhat.com/2255384	REPORT
	https://bugzilla.redhat.com/2255386	REPORT
	https://bugzilla.redhat.com/2257566	REPORT
	https://errata.almalinux.org/9/ALSA-2024-0152.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "aspnetcore-runtime-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "aspnetcore-targeting-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-apphost-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-host"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-hostfxr-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-runtime-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-sdk-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.101-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-sdk-8.0-source-built-artifacts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.101-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-targeting-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-templates-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.101-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "netstandard-targeting-pack-2.1"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.101-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.101 and .NET Runtime 8.0.1.\n\nSecurity Fix(es):\n\n* dotnet: Information Disclosure: MD.SqlClient(MDS) \u0026 System.data.SQLClient (SDS) (CVE-2024-0056)\n* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)\n* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:0152",
  "modified": "2024-01-11T16:40:36Z",
  "published": "2024-01-10T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:0152"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0056"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0057"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21319"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255384"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255386"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2257566"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-0152.html"
    }
  ],
  "related": [
    "CVE-2024-0056",
    "CVE-2024-0057",
    "CVE-2024-21319"
  ],
  "summary": "Important: .NET 8.0 security update"
}

alsa-2024:0156

Vulnerability from osv_almalinux

Published

2024-01-10 00:00

Modified

2024-01-11 22:19

Summary

Important: .NET 6.0 security update

Details

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.126 and .NET Runtime 6.0.26.

Security Fix(es):

dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)
dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)
dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:0156	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-0056	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0057	REPORT
	https://access.redhat.com/security/cve/CVE-2024-21319	REPORT
	https://bugzilla.redhat.com/2255384	REPORT
	https://bugzilla.redhat.com/2255386	REPORT
	https://bugzilla.redhat.com/2257566	REPORT
	https://errata.almalinux.org/9/ALSA-2024-0156.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "aspnetcore-runtime-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "aspnetcore-targeting-pack-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-apphost-pack-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-hostfxr-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-runtime-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-sdk-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.126-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-sdk-6.0-source-built-artifacts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.126-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-targeting-pack-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-templates-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.126-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.126 and .NET Runtime 6.0.26.\n\nSecurity Fix(es):\n\n* dotnet: Information Disclosure: MD.SqlClient(MDS) \u0026 System.data.SQLClient (SDS) (CVE-2024-0056)\n* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)\n* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:0156",
  "modified": "2024-01-11T22:19:35Z",
  "published": "2024-01-10T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:0156"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0056"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0057"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21319"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255384"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255386"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2257566"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-0156.html"
    }
  ],
  "related": [
    "CVE-2024-0056",
    "CVE-2024-0057",
    "CVE-2024-21319"
  ],
  "summary": "Important: .NET 6.0 security update"
}

alsa-2024:0157

Vulnerability from osv_almalinux

Published

2024-01-10 00:00

Modified

2024-01-11 19:02

Summary

Important: .NET 7.0 security update

Details

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.115 and .NET Runtime 7.0.15.

Security Fix(es):

dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)
dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)
dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:0157	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-0056	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0057	REPORT
	https://access.redhat.com/security/cve/CVE-2024-21319	REPORT
	https://bugzilla.redhat.com/2255384	REPORT
	https://bugzilla.redhat.com/2255386	REPORT
	https://bugzilla.redhat.com/2257566	REPORT
	https://errata.almalinux.org/8/ALSA-2024-0157.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aspnetcore-runtime-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aspnetcore-targeting-pack-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-apphost-pack-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-hostfxr-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-runtime-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-sdk-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.115-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-sdk-7.0-source-built-artifacts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.115-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-targeting-pack-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-templates-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.115-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.115 and .NET Runtime 7.0.15.\n\nSecurity Fix(es):\n\n* dotnet: Information Disclosure: MD.SqlClient(MDS) \u0026 System.data.SQLClient (SDS) (CVE-2024-0056)\n* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)\n* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:0157",
  "modified": "2024-01-11T19:02:02Z",
  "published": "2024-01-10T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:0157"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0056"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0057"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21319"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255384"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255386"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2257566"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-0157.html"
    }
  ],
  "related": [
    "CVE-2024-0056",
    "CVE-2024-0057",
    "CVE-2024-21319"
  ],
  "summary": "Important: .NET 7.0 security update"
}

alsa-2024:0158

Vulnerability from osv_almalinux

Published

2024-01-10 00:00

Modified

2024-01-11 18:37

Summary

Important: .NET 6.0 security update

Details

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.126 and .NET Runtime 6.0.26.

Security Fix(es):

dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)
dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)
dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:0158	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-0056	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0057	REPORT
	https://access.redhat.com/security/cve/CVE-2024-21319	REPORT
	https://bugzilla.redhat.com/2255384	REPORT
	https://bugzilla.redhat.com/2255386	REPORT
	https://bugzilla.redhat.com/2257566	REPORT
	https://errata.almalinux.org/8/ALSA-2024-0158.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aspnetcore-runtime-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aspnetcore-targeting-pack-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-apphost-pack-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-hostfxr-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-runtime-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-sdk-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.126-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-sdk-6.0-source-built-artifacts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.126-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-targeting-pack-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-templates-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.126-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.126 and .NET Runtime 6.0.26.\n\nSecurity Fix(es):\n\n* dotnet: Information Disclosure: MD.SqlClient(MDS) \u0026 System.data.SQLClient (SDS) (CVE-2024-0056)\n* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)\n* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:0158",
  "modified": "2024-01-11T18:37:05Z",
  "published": "2024-01-10T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:0158"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0056"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0057"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21319"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255384"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255386"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2257566"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-0158.html"
    }
  ],
  "related": [
    "CVE-2024-0056",
    "CVE-2024-0057",
    "CVE-2024-21319"
  ],
  "summary": "Important: .NET 6.0 security update"
}

BDU:2024-00642

Vulnerability from fstec - Published: 09.01.2024

Title

Уязвимость библиотеки Microsoft Identity программной платформы Microsoft .NET, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость библиотеки Microsoft Identity программной платформы .net связана с некорректной очисткой или освобождением ресурсов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity


                    
                      AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Vendor

Microsoft Corp

Software Name

Microsoft Visual Studio 2022, .NET, Identity Model

Software Version

17.2 (Microsoft Visual Studio 2022), 7.0 (.NET), 6.0 (.NET), 17.4 (Microsoft Visual Studio 2022), 17.6 (Microsoft Visual Studio 2022), 8.0 (.NET), 5.0.0 for Nuget (Identity Model), 7.0.0 (Identity Model), 5.0.0 (Identity Model), 6.0.0 (Identity Model), 7.0.0 for Nuget (Identity Model), 6.0.0 for Nuget (Identity Model), 17.8 (Microsoft Visual Studio 2022)

Possible Mitigations

Использование рекомендаций: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319

Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319

CWE

CWE-404

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO1016, TO1017, TO1018",
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO1016 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 6.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 Windows Desktop Runtime 6.0.26) (KB5033733), TO1017 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 7.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 Windows Desktop Runtime 7.0.15) (KB5033734), TO1018 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 .NET 8.0 (\u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 Windows Desktop Runtime 8.0.1) (KB5033741)",
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "17.2 (Microsoft Visual Studio 2022), 7.0 (.NET), 6.0 (.NET), 17.4 (Microsoft Visual Studio 2022), 17.6 (Microsoft Visual Studio 2022), 8.0 (.NET), 5.0.0 for Nuget (Identity Model), 7.0.0 (Identity Model), 5.0.0 (Identity Model), 6.0.0 (Identity Model), 7.0.0 for Nuget (Identity Model), 6.0.0 for Nuget (Identity Model), 17.8 (Microsoft Visual Studio 2022)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "09.01.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.01.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.01.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-00642",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-21319",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft Visual Studio 2022, .NET, Identity Model",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Microsoft Identity \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Microsoft .NET, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u0430\u044f \u0437\u0430\u0447\u0438\u0441\u0442\u043a\u0430 \u0438\u043b\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 (CWE-404)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Microsoft Identity \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b .net \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0447\u0438\u0441\u0442\u043a\u043e\u0439 \u0438\u043b\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-404",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)"
}

bit-dotnet-2024-21319

Vulnerability from bitnami_vulndb

Published

2024-03-06 10:51

Modified

2025-05-20 10:02

Summary

Microsoft Identity Denial of service vulnerability

Details

Microsoft Identity Denial of service vulnerability

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "dotnet",
        "purl": "pkg:bitnami/dotnet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.0.26"
            },
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.15"
            },
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.0.1"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-21319"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
  },
  "details": "Microsoft Identity Denial of service vulnerability",
  "id": "BIT-dotnet-2024-21319",
  "modified": "2025-05-20T10:02:07.006Z",
  "published": "2024-03-06T10:51:16.762Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21319"
    }
  ],
  "schema_version": "1.5.0",
  "summary": "Microsoft Identity Denial of service vulnerability"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-21319 (GCVE-0-2024-21319)

Solution

Solution

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from bitnami_vulndb

Tags

Sightings

Nomenclature