Vulnerabilites related to Microsoft - .NET Core
cve-2020-1108
Vulnerability from cvelistv5
Published
2020-05-21 22:53
Modified
2024-08-04 06:25
Severity ?
EPSS score ?
Summary
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:01.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": ".NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "3.1"
},
{
"status": "affected",
"version": "2.1"
}
]
},
{
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Visual Studio 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "16.0"
}
]
},
{
"product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Visual Studio 2019 version 16.5",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": ".NET Core 5.0",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "PowerShell Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "6.2"
}
]
},
{
"product": "PowerShell 7.0",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows RT 8.1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1903"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.6",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 2.0",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 3.0",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}
]
},
{
"product": "Microsoft .NET Framework 4.5.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows RT 8.1"
},
{
"status": "affected",
"version": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka \u0027.NET Core \u0026 .NET Framework Denial of Service Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-21T22:53:10",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": ".NET Core",
"version": {
"version_data": [
{
"version_value": "3.1"
},
{
"version_value": "2.1"
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2019",
"version": {
"version_data": [
{
"version_value": "16.0"
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2019 version 16.5",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": ".NET Core 5.0",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "PowerShell Core",
"version": {
"version_data": [
{
"version_value": "6.2"
}
]
}
},
{
"product_name": "PowerShell 7.0",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": "1903"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6",
"version": {
"version_data": [
{
"version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 2.0",
"version": {
"version_data": [
{
"version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.0",
"version": {
"version_data": [
{
"version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5",
"version": {
"version_data": [
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5.1",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.5.2",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka \u0027.NET Core \u0026 .NET Framework Denial of Service Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1108",
"datePublished": "2020-05-21T22:53:10",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:25:01.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8292
Vulnerability from cvelistv5
Published
2018-10-10 13:00
Modified
2024-08-05 06:54
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:2902 | vendor-advisory, x_refsource_REDHAT | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/105548 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | PowerShell Core |
Version: 6.0 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:36.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2902",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292"
},
{
"name": "105548",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105548"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerShell Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
},
{
"product": ".NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "2.1"
}
]
}
],
"datePublic": "2018-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka \".NET Core Information Disclosure Vulnerability.\" This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "RHSA-2018:2902",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292"
},
{
"name": "105548",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105548"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerShell Core",
"version": {
"version_data": [
{
"version_value": "6.0"
}
]
}
},
{
"product_name": ".NET Core",
"version": {
"version_data": [
{
"version_value": "1.0"
},
{
"version_value": "1.1"
},
{
"version_value": "2.1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka \".NET Core Information Disclosure Vulnerability.\" This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2902",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2902"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292"
},
{
"name": "105548",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105548"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8292",
"datePublished": "2018-10-10T13:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T06:54:36.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8416
Vulnerability from cvelistv5
Published
2018-11-14 01:00
Modified
2024-08-05 06:54
Severity ?
EPSS score ?
Summary
A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/105798 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2018:3676 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securitytracker.com/id/1042128 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:36.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416"
},
{
"name": "105798",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105798"
},
{
"name": "RHSA-2018:3676",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3676"
},
{
"name": "1042128",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042128"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": ".NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2.1"
}
]
}
],
"datePublic": "2018-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka \".NET Core Tampering Vulnerability.\" This affects .NET Core 2.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Tampering",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416"
},
{
"name": "105798",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105798"
},
{
"name": "RHSA-2018:3676",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3676"
},
{
"name": "1042128",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042128"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": ".NET Core",
"version": {
"version_data": [
{
"version_value": "2.1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka \".NET Core Tampering Vulnerability.\" This affects .NET Core 2.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Tampering"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416"
},
{
"name": "105798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105798"
},
{
"name": "RHSA-2018:3676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3676"
},
{
"name": "1042128",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042128"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8416",
"datePublished": "2018-11-14T01:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T06:54:36.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8409
Vulnerability from cvelistv5
Published
2018-09-13 00:00
Modified
2024-08-05 06:54
Severity ?
EPSS score ?
Summary
A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105223 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | System.IO.Pipelines |
Version: System.IO.Pipelines |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:36.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105223",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105223"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System.IO.Pipelines",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "System.IO.Pipelines"
}
]
},
{
"product": ".NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2.1"
}
]
},
{
"product": "ASP.NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2.1"
}
]
}
],
"datePublic": "2018-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-13T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "105223",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105223"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System.IO.Pipelines",
"version": {
"version_data": [
{
"version_value": "System.IO.Pipelines"
}
]
}
},
{
"product_name": ".NET Core",
"version": {
"version_data": [
{
"version_value": "2.1"
}
]
}
},
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "2.1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105223",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105223"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8409",
"datePublished": "2018-09-13T00:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T06:54:36.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0657
Vulnerability from cvelistv5
Published
2019-03-06 00:00
Modified
2024-08-04 17:51
Severity ?
EPSS score ?
Summary
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:0349 | vendor-advisory, x_refsource_REDHAT | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/106890 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft .NET Framework 4.5.2 |
Version: Windows 7 for 32-bit Systems Service Pack 1 Version: Windows 7 for x64-based Systems Service Pack 1 Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version: Windows Server 2012 Version: Windows Server 2012 (Server Core installation) Version: Windows 8.1 for 32-bit systems Version: Windows 8.1 for x64-based systems Version: Windows Server 2012 R2 Version: Windows RT 8.1 Version: Windows Server 2012 R2 (Server Core installation) Version: Windows Server 2008 for 32-bit Systems Service Pack 2 Version: Windows Server 2008 for x64-based Systems Service Pack 2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:51:27.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2019:0349",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0349"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657"
},
{
"name": "106890",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106890"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft .NET Framework 4.5.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows RT 8.1"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 4.6",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": ".NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
},
{
"product": "Microsoft Visual Studio",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017"
}
]
},
{
"product": "Microsoft .NET Framework 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server, version 1803 (Server Core Installation)"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2019"
},
{
"status": "affected",
"version": "Windows Server 2019 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 4.6/4.6.1/4.6.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 10 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 for x64-based Systems"
}
]
},
{
"product": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows RT 8.1"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Server 2016"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2016 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1703 for x64-based Systems"
}
]
},
{
"product": "Microsoft .NET Framework 4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server, version 1709 (Server Core Installation)"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for ARM64-based Systems"
}
]
},
{
"product": "PowerShell Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
}
]
},
{
"product": "Microsoft Visual Studio 2017",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "version 15.9"
}
]
},
{
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 10 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2016"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1703 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server, version 1709 (Server Core Installation)"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server, version 1803 (Server Core Installation)"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2019"
},
{
"status": "affected",
"version": "Windows Server 2019 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for ARM64-based Systems"
}
]
},
{
"product": "Microsoft .NET Framework 3.0",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 2.0",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}
]
}
],
"datePublic": "2019-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in certain .Net Framework API\u0027s and Visual Studio in the way they parse URL\u0027s, aka \u0027.NET Framework and Visual Studio Spoofing Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-06T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "RHSA-2019:0349",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0349"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657"
},
{
"name": "106890",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106890"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft .NET Framework 4.5.2",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6",
"version": {
"version_data": [
{
"version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": ".NET Core",
"version": {
"version_data": [
{
"version_value": "1"
},
{
"version_value": "2.1"
},
{
"version_value": "2.2"
}
]
}
},
{
"product_name": "Microsoft Visual Studio",
"version": {
"version_data": [
{
"version_value": "2017"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows Server, version 1803 (Server Core Installation)"
},
{
"version_value": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value": "Windows Server 2019"
},
{
"version_value": "Windows Server 2019 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2",
"version": {
"version_data": [
{
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value": "Windows 10 for x64-based Systems"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows Server 2016"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows Server 2016 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.7/4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows Server, version 1709 (Server Core Installation)"
},
{
"version_value": "Windows 10 Version 1709 for ARM64-based Systems"
}
]
}
},
{
"product_name": "PowerShell Core",
"version": {
"version_data": [
{
"version_value": "6.1"
},
{
"version_value": "6.2"
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2017",
"version": {
"version_data": [
{
"version_value": "version 15.9"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5",
"version": {
"version_data": [
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value": "Windows Server 2016"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows Server, version 1709 (Server Core Installation)"
},
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows Server, version 1803 (Server Core Installation)"
},
{
"version_value": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value": "Windows Server 2019"
},
{
"version_value": "Windows Server 2019 (Server Core installation)"
},
{
"version_value": "Windows 10 Version 1709 for ARM64-based Systems"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.0",
"version": {
"version_data": [
{
"version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 2.0",
"version": {
"version_data": [
{
"version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5.1",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in certain .Net Framework API\u0027s and Visual Studio in the way they parse URL\u0027s, aka \u0027.NET Framework and Visual Studio Spoofing Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2019:0349",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0349"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657"
},
{
"name": "106890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106890"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0657",
"datePublished": "2019-03-06T00:00:00",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:51:27.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-0606
Vulnerability from cvelistv5
Published
2020-01-14 23:11
Modified
2024-08-04 06:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | .NET Core |
Version: 3.0 Version: 3.1 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:11:04.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": ".NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "3.1"
}
]
},
{
"product": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows RT 8.1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1903"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.6",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 3.0",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 4.5.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows RT 8.1"
},
{
"status": "affected",
"version": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027.NET Framework Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0605."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T23:11:22",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": ".NET Core",
"version": {
"version_data": [
{
"version_value": "3.0"
},
{
"version_value": "3.1"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": "1903"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6",
"version": {
"version_data": [
{
"version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.0",
"version": {
"version_data": [
{
"version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5",
"version": {
"version_data": [
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5.1",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.5.2",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027.NET Framework Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0605."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0606",
"datePublished": "2020-01-14T23:11:22",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:11:04.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0820
Vulnerability from cvelistv5
Published
2019-05-16 18:17
Modified
2024-08-04 17:58
Severity ?
EPSS score ?
Summary
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820 | x_refsource_MISC | |
| https://access.redhat.com/errata/RHSA-2019:1259 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft .NET Framework 4.5.2 |
Version: Windows 7 for 32-bit Systems Service Pack 1 Version: Windows 7 for x64-based Systems Service Pack 1 Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version: Windows Server 2012 Version: Windows Server 2012 (Server Core installation) Version: Windows 8.1 for 32-bit systems Version: Windows 8.1 for x64-based systems Version: Windows Server 2012 R2 Version: Windows RT 8.1 Version: Windows Server 2012 R2 (Server Core installation) Version: Windows Server 2008 for 32-bit Systems Service Pack 2 Version: Windows Server 2008 for x64-based Systems Service Pack 2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:59.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820"
},
{
"name": "RHSA-2019:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft .NET Framework 4.5.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows RT 8.1"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 4.6",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": ".NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
},
{
"product": "Microsoft .NET Framework 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server, version 1803 (Server Core Installation)"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2019"
},
{
"status": "affected",
"version": "Windows Server 2019 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows RT 8.1"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Server 2016"
},
{
"status": "affected",
"version": "Windows Server 2016 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 10 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2016"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2016 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1703 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server, version 1803 (Server Core Installation)"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2019"
},
{
"status": "affected",
"version": "Windows Server 2019 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for ARM64-based Systems"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 on Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.0",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 2.0",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka \u0027.NET Framework and .NET Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T12:06:04",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820"
},
{
"name": "RHSA-2019:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft .NET Framework 4.5.2",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6",
"version": {
"version_data": [
{
"version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": ".NET Core",
"version": {
"version_data": [
{
"version_value": "1"
},
{
"version_value": "1.1"
},
{
"version_value": "2.1"
},
{
"version_value": "2.2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows Server, version 1803 (Server Core Installation)"
},
{
"version_value": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "Windows Server 2019"
},
{
"version_value": "Windows Server 2019 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows Server 2016"
},
{
"version_value": "Windows Server 2016 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2019",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5",
"version": {
"version_data": [
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value": "Windows Server 2016"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows Server 2016 (Server Core installation)"
},
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows Server, version 1803 (Server Core Installation)"
},
{
"version_value": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value": "Windows Server 2019"
},
{
"version_value": "Windows Server 2019 (Server Core installation)"
},
{
"version_value": "Windows 10 Version 1709 for ARM64-based Systems"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 on Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.0",
"version": {
"version_data": [
{
"version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 2.0",
"version": {
"version_data": [
{
"version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5.1",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka \u0027.NET Framework and .NET Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820"
},
{
"name": "RHSA-2019:1259",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0820",
"datePublished": "2019-05-16T18:17:00",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:58:59.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0545
Vulnerability from cvelistv5
Published
2019-01-08 21:00
Modified
2024-08-04 17:51
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/106405 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2019:0040 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | .NET Core |
Version: 2.1 Version: 2.2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:51:26.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545"
},
{
"name": "106405",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106405"
},
{
"name": "RHSA-2019:0040",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": ".NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
},
{
"product": "Microsoft .NET Framework",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "3.5 on Windows 10 for 32-bit Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 for x64-based Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1703 for x64-based Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1709 for ARM64-based Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1803 for ARM64-based Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "3.5 on Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "3.5 on Windows Server 2012"
},
{
"status": "affected",
"version": "3.5 on Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "3.5 on Windows Server 2012 R2"
},
{
"status": "affected",
"version": "3.5 on Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "3.5 on Windows Server 2016"
},
{
"status": "affected",
"version": "3.5 on Windows Server 2016 (Server Core installation)"
},
{
"status": "affected",
"version": "3.5 on Windows Server 2019"
},
{
"status": "affected",
"version": "3.5 on Windows Server 2019 (Server Core installation)"
},
{
"status": "affected",
"version": "3.5 on Windows Server, version 1709 (Server Core Installation)"
},
{
"status": "affected",
"version": "3.5 on Windows Server, version 1803 (Server Core Installation)"
},
{
"status": "affected",
"version": "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "3.5.1 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "4.5.2 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "4.5.2 on Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "4.5.2 on Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "4.5.2 on Windows RT 8.1"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2012"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2012 R2"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016"
},
{
"status": "affected",
"version": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems"
},
{
"status": "affected",
"version": "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)"
},
{
"status": "affected",
"version": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "4.7.2 on Windows 10 Version 1803 for ARM64-based Systems"
},
{
"status": "affected",
"version": "4.7.2 on Windows 10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "4.7.2 on Windows 10 Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "4.7.2 on Windows 10 Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "4.7.2 on Windows Server 2019"
},
{
"status": "affected",
"version": "4.7.2 on Windows Server 2019 (Server Core installation)"
},
{
"status": "affected",
"version": "4.7.2 on Windows Server, version 1803 (Server Core Installation)"
},
{
"status": "affected",
"version": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems"
}
]
}
],
"datePublic": "2019-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka \".NET Framework Information Disclosure Vulnerability.\" This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545"
},
{
"name": "106405",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106405"
},
{
"name": "RHSA-2019:0040",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0040"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": ".NET Core",
"version": {
"version_data": [
{
"version_value": "2.1"
},
{
"version_value": "2.2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework",
"version": {
"version_data": [
{
"version_value": "2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"version_value": "2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"version_value": "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "3.5 on Windows 10 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1709 for ARM64-based Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 8.1 for 32-bit systems"
},
{
"version_value": "3.5 on Windows 8.1 for x64-based systems"
},
{
"version_value": "3.5 on Windows Server 2012"
},
{
"version_value": "3.5 on Windows Server 2012 (Server Core installation)"
},
{
"version_value": "3.5 on Windows Server 2012 R2"
},
{
"version_value": "3.5 on Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "3.5 on Windows Server 2016"
},
{
"version_value": "3.5 on Windows Server 2016 (Server Core installation)"
},
{
"version_value": "3.5 on Windows Server 2019"
},
{
"version_value": "3.5 on Windows Server 2019 (Server Core installation)"
},
{
"version_value": "3.5 on Windows Server, version 1709 (Server Core Installation)"
},
{
"version_value": "3.5 on Windows Server, version 1803 (Server Core Installation)"
},
{
"version_value": "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "3.5.1 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "4.5.2 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "4.5.2 on Windows 8.1 for 32-bit systems"
},
{
"version_value": "4.5.2 on Windows 8.1 for x64-based systems"
},
{
"version_value": "4.5.2 on Windows RT 8.1"
},
{
"version_value": "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "4.5.2 on Windows Server 2012"
},
{
"version_value": "4.5.2 on Windows Server 2012 (Server Core installation)"
},
{
"version_value": "4.5.2 on Windows Server 2012 R2"
},
{
"version_value": "4.5.2 on Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016"
},
{
"version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)"
},
{
"version_value": "4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems"
},
{
"version_value": "4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-based systems"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems"
},
{
"version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)"
},
{
"version_value": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "4.7.2 on Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "4.7.2 on Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "4.7.2 on Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value": "4.7.2 on Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value": "4.7.2 on Windows Server 2019"
},
{
"version_value": "4.7.2 on Windows Server 2019 (Server Core installation)"
},
{
"version_value": "4.7.2 on Windows Server, version 1803 (Server Core Installation)"
},
{
"version_value": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka \".NET Framework Information Disclosure Vulnerability.\" This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545"
},
{
"name": "106405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106405"
},
{
"name": "RHSA-2019:0040",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0040"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0545",
"datePublished": "2019-01-08T21:00:00",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:51:26.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-0605
Vulnerability from cvelistv5
Published
2020-01-14 23:11
Modified
2024-08-04 06:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | .NET Core |
Version: 3.0 Version: 3.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:11:04.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": ".NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "3.1"
}
]
},
{
"product": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows RT 8.1"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}
]
},
{
"product": "Microsoft .NET Framework 3.0",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 10 Version 1607 for 32-bit Systems"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.6",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1903"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.5.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows RT 8.1"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
}
]
},
{
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
}
]
},
{
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027.NET Framework Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0606."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T23:11:21",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": ".NET Core",
"version": {
"version_data": [
{
"version_value": "3.0"
},
{
"version_value": "3.1"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.0",
"version": {
"version_data": [
{
"version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6",
"version": {
"version_data": [
{
"version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": "1903"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.5.2",
"version": {
"version_data": [
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "Windows Server 2012 R2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5.1",
"version": {
"version_data": [
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5",
"version": {
"version_data": [
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows Server 2012 R2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027.NET Framework Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0606."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0605",
"datePublished": "2020-01-14T23:11:21",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:11:04.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1301
Vulnerability from cvelistv5
Published
2019-09-11 21:25
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1301 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:13:30.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1301"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": ".NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists when .NET Core improperly handles web requests, aka \u0027.NET Core Denial of Service Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-11T21:25:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1301"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-1301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": ".NET Core",
"version": {
"version_data": [
{
"version_value": "2.1"
},
{
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when .NET Core improperly handles web requests, aka \u0027.NET Core Denial of Service Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1301",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1301"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1301",
"datePublished": "2019-09-11T21:25:01",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:13:30.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0981
Vulnerability from cvelistv5
Published
2019-05-16 18:24
Modified
2024-08-04 18:06
Severity ?
EPSS score ?
Summary
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981 | x_refsource_MISC | |
| https://access.redhat.com/errata/RHSA-2019:1259 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft .NET Framework 4.5.2 |
Version: Windows 7 for 32-bit Systems Service Pack 1 Version: Windows 7 for x64-based Systems Service Pack 1 Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version: Windows Server 2012 Version: Windows Server 2012 (Server Core installation) Version: Windows 8.1 for 32-bit systems Version: Windows 8.1 for x64-based systems Version: Windows Server 2012 R2 Version: Windows RT 8.1 Version: Windows Server 2012 R2 (Server Core installation) Version: Windows Server 2008 for 32-bit Systems Service Pack 2 Version: Windows Server 2008 for x64-based Systems Service Pack 2 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:06:30.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981"
},
{
"name": "RHSA-2019:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft .NET Framework 4.5.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows RT 8.1"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 4.6",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 4.6.2 on Windows 10 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.6.2 on Windows 10 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": ".NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
},
{
"product": "Microsoft .NET Framework 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server, version 1803 (Server Core Installation)"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2019"
},
{
"status": "affected",
"version": "Windows Server 2019 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows RT 8.1"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Server 2016"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2016 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1703 for x64-based Systems"
}
]
},
{
"product": "Microsoft .NET Framework 4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for ARM64-based Systems"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 10 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2016"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2016 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1703 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server, version 1803 (Server Core Installation)"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2019"
},
{
"status": "affected",
"version": "Windows Server 2019 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for ARM64-based Systems"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 on Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.0",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 2.0",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka \u0027.Net Framework and .Net Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T12:06:04",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981"
},
{
"name": "RHSA-2019:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft .NET Framework 4.5.2",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6",
"version": {
"version_data": [
{
"version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6.2 on Windows 10 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6.2 on Windows 10 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": ".NET Core",
"version": {
"version_data": [
{
"version_value": "1"
},
{
"version_value": "1.1"
},
{
"version_value": "2.1"
},
{
"version_value": "2.2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows Server, version 1803 (Server Core Installation)"
},
{
"version_value": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value": "Windows Server 2019"
},
{
"version_value": "Windows Server 2019 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows Server 2016"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows Server 2016 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.7/4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for ARM64-based Systems"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2019",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5",
"version": {
"version_data": [
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value": "Windows Server 2016"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows Server 2016 (Server Core installation)"
},
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows Server, version 1803 (Server Core Installation)"
},
{
"version_value": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value": "Windows Server 2019"
},
{
"version_value": "Windows Server 2019 (Server Core installation)"
},
{
"version_value": "Windows 10 Version 1709 for ARM64-based Systems"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 on Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.0",
"version": {
"version_data": [
{
"version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 2.0",
"version": {
"version_data": [
{
"version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5.1",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka \u0027.Net Framework and .Net Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981"
},
{
"name": "RHSA-2019:1259",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0981",
"datePublished": "2019-05-16T18:24:57",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:06:30.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1147
Vulnerability from cvelistv5
Published
2020-07-14 22:54
Modified
2025-02-04 19:34
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html | x_refsource_MISC | |
| https://www.exploitalert.com/view-details.html?id=35992 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 Version: 2013 Service Pack 1 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:01.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploitalert.com/view-details.html?id=35992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-1147",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:25:47.186130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-1147"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:34:41.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
},
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
},
{
"status": "affected",
"version": "2010 Service Pack 2"
}
]
},
{
"product": "Microsoft Visual Studio 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "16.0"
}
]
},
{
"product": "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": ".NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "3.1"
}
]
},
{
"product": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows RT 8.1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1903"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.6",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 2.0",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 3.0",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}
]
},
{
"product": "Microsoft .NET Framework 4.5.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows RT 8.1"
},
{
"status": "affected",
"version": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 2004 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka \u0027.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-23T17:06:10.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploitalert.com/view-details.html?id=35992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
},
{
"version_value": "2013 Service Pack 1"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
},
{
"version_value": "2010 Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2019",
"version": {
"version_data": [
{
"version_value": "16.0"
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": ".NET Core",
"version": {
"version_data": [
{
"version_value": "2.1"
},
{
"version_value": "3.1"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": "1903"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6",
"version": {
"version_data": [
{
"version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 2.0",
"version": {
"version_data": [
{
"version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.0",
"version": {
"version_data": [
{
"version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5",
"version": {
"version_data": [
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5.1",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.5.2",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 2004 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka \u0027.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147"
},
{
"name": "http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html"
},
{
"name": "http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html"
},
{
"name": "https://www.exploitalert.com/view-details.html?id=35992",
"refsource": "MISC",
"url": "https://www.exploitalert.com/view-details.html?id=35992"
},
{
"name": "http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1147",
"datePublished": "2020-07-14T22:54:00.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2025-02-04T19:34:41.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0980
Vulnerability from cvelistv5
Published
2019-05-16 18:24
Modified
2024-08-04 18:06
Severity ?
EPSS score ?
Summary
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980 | x_refsource_MISC | |
| https://access.redhat.com/errata/RHSA-2019:1259 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft .NET Framework 4.5.2 |
Version: Windows 7 for 32-bit Systems Service Pack 1 Version: Windows 7 for x64-based Systems Service Pack 1 Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version: Windows Server 2012 Version: Windows Server 2012 (Server Core installation) Version: Windows 8.1 for 32-bit systems Version: Windows 8.1 for x64-based systems Version: Windows Server 2012 R2 Version: Windows RT 8.1 Version: Windows Server 2012 R2 (Server Core installation) Version: Windows Server 2008 for 32-bit Systems Service Pack 2 Version: Windows Server 2008 for x64-based Systems Service Pack 2 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:06:30.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980"
},
{
"name": "RHSA-2019:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft .NET Framework 4.5.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows RT 8.1"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 4.6",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 4.6.2 on Windows 10 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.6.2 on Windows 10 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": ".NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
},
{
"product": "Microsoft .NET Framework 4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server, version 1803 (Server Core Installation)"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2019"
},
{
"status": "affected",
"version": "Windows Server 2019 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows RT 8.1"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Server 2016"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2016 (Server Core installation)"
}
]
},
{
"product": "Microsoft .NET Framework 4.7/4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1703 for x64-based Systems"
}
]
},
{
"product": "Microsoft .NET Framework 4.7.1/4.7.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for ARM64-based Systems"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 4.8 on Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows Server 2012"
},
{
"status": "affected",
"version": "Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "Windows Server 2012 R2"
},
{
"status": "affected",
"version": "Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 10 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2016"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2016 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1703 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server, version 1803 (Server Core Installation)"
},
{
"status": "affected",
"version": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "Windows 10 Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "Windows Server 2019"
},
{
"status": "affected",
"version": "Windows Server 2019 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows 10 Version 1709 for ARM64-based Systems"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.5 on Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft .NET Framework 3.0",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 2.0",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
},
{
"product": "Microsoft .NET Framework 3.5.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka \u0027.Net Framework and .Net Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T12:06:04",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980"
},
{
"name": "RHSA-2019:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft .NET Framework 4.5.2",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6",
"version": {
"version_data": [
{
"version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6.2 on Windows 10 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6.2 on Windows 10 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": ".NET Core",
"version": {
"version_data": [
{
"version_value": "1"
},
{
"version_value": "1.1"
},
{
"version_value": "2.1"
},
{
"version_value": "2.2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows Server, version 1803 (Server Core Installation)"
},
{
"version_value": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value": "Windows Server 2019"
},
{
"version_value": "Windows Server 2019 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows Server 2016"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows Server 2016 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.7/4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.7.1/4.7.2",
"version": {
"version_data": [
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for ARM64-based Systems"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1809 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2019",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5",
"version": {
"version_data": [
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value": "Windows Server 2016"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows Server 2016 (Server Core installation)"
},
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows Server, version 1803 (Server Core Installation)"
},
{
"version_value": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value": "Windows Server 2019"
},
{
"version_value": "Windows Server 2019 (Server Core installation)"
},
{
"version_value": "Windows 10 Version 1709 for ARM64-based Systems"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5 on Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.0",
"version": {
"version_data": [
{
"version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 2.0",
"version": {
"version_data": [
{
"version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft .NET Framework 3.5.1",
"version": {
"version_data": [
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka \u0027.Net Framework and .Net Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980"
},
{
"name": "RHSA-2019:1259",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0980",
"datePublished": "2019-05-16T18:24:57",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:06:30.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8356
Vulnerability from cvelistv5
Published
2018-07-11 00:00
Modified
2024-08-05 06:54
Severity ?
EPSS score ?
Summary
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104664 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1041257 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft .NET Framework |
Version: 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Version: 3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2 Version: 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Version: 3.5 on Windows 10 for 32-bit Systems Version: 3.5 on Windows 10 for x64-based Systems Version: 3.5 on Windows 10 Version 1607 for 32-bit Systems Version: 3.5 on Windows 10 Version 1607 for x64-based Systems Version: 3.5 on Windows 10 Version 1703 for 32-bit Systems Version: 3.5 on Windows 10 Version 1703 for x64-based Systems Version: 3.5 on Windows 10 Version 1709 for 32-bit Systems Version: 3.5 on Windows 10 Version 1709 for x64-based Systems Version: 3.5 on Windows 10 Version 1803 for 32-bit Systems Version: 3.5 on Windows 10 Version 1803 for x64-based Systems Version: 3.5 on Windows 8.1 for 32-bit systems Version: 3.5 on Windows 8.1 for x64-based systems Version: 3.5 on Windows Server 2012 Version: 3.5 on Windows Server 2012 (Server Core installation) Version: 3.5 on Windows Server 2012 R2 Version: 3.5 on Windows Server 2012 R2 (Server Core installation) Version: 3.5 on Windows Server 2016 Version: 3.5 on Windows Server 2016 (Server Core installation) Version: 3.5 on Windows Server, version 1709 (Server Core Installation) Version: 3.5 on Windows Server, version 1803 (Server Core Installation) Version: 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 Version: 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 Version: 3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Version: 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version: 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Version: 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1 Version: 4.5.2 on Windows 7 for x64-based Systems Service Pack 1 Version: 4.5.2 on Windows 8.1 for 32-bit systems Version: 4.5.2 on Windows 8.1 for x64-based systems Version: 4.5.2 on Windows RT 8.1 Version: 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Version: 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Version: 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version: 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Version: 4.5.2 on Windows Server 2012 Version: 4.5.2 on Windows Server 2012 (Server Core installation) Version: 4.5.2 on Windows Server 2012 R2 Version: 4.5.2 on Windows Server 2012 R2 (Server Core installation) Version: 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2 Version: 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2 Version: 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems Version: 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems Version: 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 Version: 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) Version: 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems Version: 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1 Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1 Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Version: 4.7.2 on Windows 10 Version 1803 for 32-bit Systems Version: 4.7.2 on Windows 10 Version 1803 for x64-based Systems Version: 4.7.2 on Windows Server, version 1803 (Server Core Installation) |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:36.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356"
},
{
"name": "104664",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104664"
},
{
"name": "1041257",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041257"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft .NET Framework",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "3.5 on Windows 10 for 32-bit Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 for x64-based Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1703 for x64-based Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "3.5 on Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "3.5 on Windows Server 2012"
},
{
"status": "affected",
"version": "3.5 on Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "3.5 on Windows Server 2012 R2"
},
{
"status": "affected",
"version": "3.5 on Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "3.5 on Windows Server 2016"
},
{
"status": "affected",
"version": "3.5 on Windows Server 2016 (Server Core installation)"
},
{
"status": "affected",
"version": "3.5 on Windows Server, version 1709 (Server Core Installation)"
},
{
"status": "affected",
"version": "3.5 on Windows Server, version 1803 (Server Core Installation)"
},
{
"status": "affected",
"version": "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "3.5.1 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "4.5.2 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "4.5.2 on Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "4.5.2 on Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "4.5.2 on Windows RT 8.1"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2012"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2012 R2"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016"
},
{
"status": "affected",
"version": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "4.7.2 on Windows 10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "4.7.2 on Windows Server, version 1803 (Server Core Installation)"
}
]
},
{
"product": ".NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "2.0"
}
]
},
{
"product": "ASP.NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "2.0"
}
]
},
{
"product": ".NET Framework",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "4.7.2 Developer Pack"
}
]
}
],
"datePublic": "2018-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka \".NET Framework Security Feature Bypass Vulnerability.\" This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-11T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356"
},
{
"name": "104664",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104664"
},
{
"name": "1041257",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041257"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft .NET Framework",
"version": {
"version_data": [
{
"version_value": "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"version_value": "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "3.5 on Windows 10 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 8.1 for 32-bit systems"
},
{
"version_value": "3.5 on Windows 8.1 for x64-based systems"
},
{
"version_value": "3.5 on Windows Server 2012"
},
{
"version_value": "3.5 on Windows Server 2012 (Server Core installation)"
},
{
"version_value": "3.5 on Windows Server 2012 R2"
},
{
"version_value": "3.5 on Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "3.5 on Windows Server 2016"
},
{
"version_value": "3.5 on Windows Server 2016 (Server Core installation)"
},
{
"version_value": "3.5 on Windows Server, version 1709 (Server Core Installation)"
},
{
"version_value": "3.5 on Windows Server, version 1803 (Server Core Installation)"
},
{
"version_value": "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "3.5.1 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "4.5.2 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "4.5.2 on Windows 8.1 for 32-bit systems"
},
{
"version_value": "4.5.2 on Windows 8.1 for x64-based systems"
},
{
"version_value": "4.5.2 on Windows RT 8.1"
},
{
"version_value": "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "4.5.2 on Windows Server 2012"
},
{
"version_value": "4.5.2 on Windows Server 2012 (Server Core installation)"
},
{
"version_value": "4.5.2 on Windows Server 2012 R2"
},
{
"version_value": "4.5.2 on Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016"
},
{
"version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)"
},
{
"version_value": "4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems"
},
{
"version_value": "4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "4.7.2 on Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "4.7.2 on Windows Server, version 1803 (Server Core Installation)"
}
]
}
},
{
"product_name": ".NET Core",
"version": {
"version_data": [
{
"version_value": "1.0"
},
{
"version_value": "1.1"
},
{
"version_value": "2.0"
}
]
}
},
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "1.0"
},
{
"version_value": "1.1"
},
{
"version_value": "2.0"
}
]
}
},
{
"product_name": ".NET Framework",
"version": {
"version_data": [
{
"version_value": "4.7.2 Developer Pack"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka \".NET Framework Security Feature Bypass Vulnerability.\" This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356"
},
{
"name": "104664",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104664"
},
{
"name": "1041257",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041257"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8356",
"datePublished": "2018-07-11T00:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T06:54:36.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201810-1125
Vulnerability from variot
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0. An attacker can exploit this issue to obtain sensitive information. Successful exploits will lead to other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:2902-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2902 Issue date: 2018-10-09 CVE Names: CVE-2018-8292 =====================================================================
- Summary:
Updates for rh-dotnetcore11-dotnetcore, and rh-dotnetcore10-dotnetcore are now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
These versions correspond to the October 2018 security release by .NET Core upstream projects.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-8292 https://access.redhat.com/security/updates/classification/#moderate https://github.com/dotnet/announcements/issues/88
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW71EydzjgjWX9erEAQhK3Q/8DwPo83R6HBwUmO2gO56n0ci7BOOZ1HfH VYRSvXSPaBf8fbFSaZN5+OJhPBJfnCiEIgO8cSuMYf3zWebkIONZnkzB55BJqD0N Z7wS2R4bI6Mw33K9ET2WhoUF7JiZDU+Spu7T2TW9roAms7U7IJBXMi52N3pAS3yQ gzvB8Fuci3xsGqyIYMgt0SmqnlkqbZmR35Yq7e3yxMzAlY/lp7tfQ/ZxIHfxDKh3 NrT8nKj58i0WGlOKxlWsTDadHwrCe9YoZVn8FRJJdCDE+tjW6KNmXKOy08qPfp3n LuikowCnqyQh6CoKJ91q47zsq7j8hisj0z7CgMLxO2Y4Gk9hSni5ynlxlDUYWDrB f9mi4LlnBp1Dwjnv7IJee9SXR4M7fIuwbexhBv8OGzijwXvHZkfZ5aceTAqrBYIb INZNaHwGQIgwkHkanz3N6pPbrfXTvOfcIWmrctyYfI05RsW4FRXm1dh2tF7y1uK7 FgWNvDxAAZqYhk2SBYPtUfQNkNktkLZ0M76QEXcgCrYr5OTTCM92pxZjLPmbYx2Y +1Kl+cSvk3nschXLbuXjGtWiuBrJXtdDW8ytt2bC5lyxylo8mYSl7G5V0eDifMKs sdHtMLM5S+4xrAQ4avNEFgqz4h78s6mY4Dq9fXkZUbYXLFLbaIb/foGUnnWJ5/az 9K+HIBmUA6I= =+FXG -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-1125",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "powershell core",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "1.0"
}
],
"sources": [
{
"db": "BID",
"id": "105548"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010455"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-492"
},
{
"db": "NVD",
"id": "CVE-2018-8292"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:powershell_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010455"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft",
"sources": [
{
"db": "BID",
"id": "105548"
}
],
"trust": 0.3
},
"cve": "CVE-2018-8292",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-8292",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-8292",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-8292",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-8292",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-492",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-8292",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-8292"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010455"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-492"
},
{
"db": "NVD",
"id": "CVE-2018-8292"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka \".NET Core Information Disclosure Vulnerability.\" This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0. \nAn attacker can exploit this issue to obtain sensitive information. Successful exploits will lead to other attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID: RHSA-2018:2902-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:2902\nIssue date: 2018-10-09\nCVE Names: CVE-2018-8292 \n=====================================================================\n\n1. Summary:\n\nUpdates for rh-dotnetcore11-dotnetcore, and rh-dotnetcore10-dotnetcore are\nnow available for .NET Core on Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nThese versions correspond to the October 2018 security release by .NET Core\nupstream projects. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-8292\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://github.com/dotnet/announcements/issues/88\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW71EydzjgjWX9erEAQhK3Q/8DwPo83R6HBwUmO2gO56n0ci7BOOZ1HfH\nVYRSvXSPaBf8fbFSaZN5+OJhPBJfnCiEIgO8cSuMYf3zWebkIONZnkzB55BJqD0N\nZ7wS2R4bI6Mw33K9ET2WhoUF7JiZDU+Spu7T2TW9roAms7U7IJBXMi52N3pAS3yQ\ngzvB8Fuci3xsGqyIYMgt0SmqnlkqbZmR35Yq7e3yxMzAlY/lp7tfQ/ZxIHfxDKh3\nNrT8nKj58i0WGlOKxlWsTDadHwrCe9YoZVn8FRJJdCDE+tjW6KNmXKOy08qPfp3n\nLuikowCnqyQh6CoKJ91q47zsq7j8hisj0z7CgMLxO2Y4Gk9hSni5ynlxlDUYWDrB\nf9mi4LlnBp1Dwjnv7IJee9SXR4M7fIuwbexhBv8OGzijwXvHZkfZ5aceTAqrBYIb\nINZNaHwGQIgwkHkanz3N6pPbrfXTvOfcIWmrctyYfI05RsW4FRXm1dh2tF7y1uK7\nFgWNvDxAAZqYhk2SBYPtUfQNkNktkLZ0M76QEXcgCrYr5OTTCM92pxZjLPmbYx2Y\n+1Kl+cSvk3nschXLbuXjGtWiuBrJXtdDW8ytt2bC5lyxylo8mYSl7G5V0eDifMKs\nsdHtMLM5S+4xrAQ4avNEFgqz4h78s6mY4Dq9fXkZUbYXLFLbaIb/foGUnnWJ5/az\n9K+HIBmUA6I=\n=+FXG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8292"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010455"
},
{
"db": "BID",
"id": "105548"
},
{
"db": "VULMON",
"id": "CVE-2018-8292"
},
{
"db": "PACKETSTORM",
"id": "149745"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8292",
"trust": 2.9
},
{
"db": "BID",
"id": "105548",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010455",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-492",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-8292",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149745",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-8292"
},
{
"db": "BID",
"id": "105548"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010455"
},
{
"db": "PACKETSTORM",
"id": "149745"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-492"
},
{
"db": "NVD",
"id": "CVE-2018-8292"
}
]
},
"id": "VAR-201810-1125",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T22:12:18.450000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-8292 | .NET Core Information Disclosure Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8292"
},
{
"title": "CVE-2018-8292 | .NET Core \u306e\u60c5\u5831\u6f0f\u3048\u3044\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-8292"
},
{
"title": "Microsoft .NET Core and PowerShell Core Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85661"
},
{
"title": "Red Hat: Moderate: .NET Core on Red Hat Enterprise Linux security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182902 - Security Advisory"
},
{
"title": "Red Hat: CVE-2018-8292",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2018-8292"
},
{
"title": "TrivyDepsFalsePositive",
"trust": 0.1,
"url": "https://github.com/StasJS/TrivyDepsFalsePositive "
},
{
"title": "OssIndexClient",
"trust": 0.1,
"url": "https://github.com/SimonCropp/OssIndexClient "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-8292"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010455"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-492"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010455"
},
{
"db": "NVD",
"id": "CVE-2018-8292"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8292"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/errata/rhsa-2018:2902"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/105548"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8292"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8292"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20181010-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2018/at180041.html"
},
{
"trust": 0.4,
"url": "https://github.com/dotnet/announcements/issues/88"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://github.com/stasjs/trivydepsfalsepositive"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/simoncropp/ossindexclient"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/105548"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8292"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-8292"
},
{
"db": "BID",
"id": "105548"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010455"
},
{
"db": "PACKETSTORM",
"id": "149745"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-492"
},
{
"db": "NVD",
"id": "CVE-2018-8292"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2018-8292"
},
{
"db": "BID",
"id": "105548"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010455"
},
{
"db": "PACKETSTORM",
"id": "149745"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-492"
},
{
"db": "NVD",
"id": "CVE-2018-8292"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULMON",
"id": "CVE-2018-8292"
},
{
"date": "2018-10-09T00:00:00",
"db": "BID",
"id": "105548"
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010455"
},
{
"date": "2018-10-10T17:38:30",
"db": "PACKETSTORM",
"id": "149745"
},
{
"date": "2018-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-492"
},
{
"date": "2018-10-10T13:29:01.213000",
"db": "NVD",
"id": "CVE-2018-8292"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-06T00:00:00",
"db": "VULMON",
"id": "CVE-2018-8292"
},
{
"date": "2018-10-09T00:00:00",
"db": "BID",
"id": "105548"
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010455"
},
{
"date": "2018-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-492"
},
{
"date": "2024-11-21T04:13:33.930000",
"db": "NVD",
"id": "CVE-2018-8292"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-492"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft NET Core and PowerShell Core Vulnerability in which information is disclosed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010455"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-492"
}
],
"trust": 0.6
}
}
var-202102-0778
Vulnerability from variot
.NET Core and Visual Studio Denial of Service Vulnerability. plural Microsoft The product interferes with service operation (DoS) A vulnerability exists.Denial of service (DoS) It may be put into a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:0473-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0473 Issue date: 2021-02-10 CVE Names: CVE-2021-1721 ==================================================================== 1. Summary:
An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.103 and .NET Runtime 5.0.3.
Security Fix(es):
- dotnet: certificate chain building recursion Denial of Service (CVE-2021-1721)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1926918 - CVE-2021-1721 dotnet: certificate chain building recursion Denial of Service
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-1721 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYCQRkNzjgjWX9erEAQgNpQ//YOPnsrlO2lww9KzO1WQGieOjqQ1xLZxZ YEgR3XbSuOiS0y7an842VNVht52BEh+maxUN3cdZfHqkBmb3+Ax4Tdnh/oH2CuYT lNkzcQcU/XxNWgpYE6Whu7o5+b7hS8e4khpoH3snamtuL62G2ncH07/cQOeWLi4o EixaJXGxfkq7b3UoDqq8iTj/3NQNmOaD72O2Rp2/yYjLWKtBRKq4sK756wpC+iEj qs+/z6NRTpw7swp8zpB2SsKpBhaCleqeVez7TAaDQ+yvT5Hijosn87CdDAMgVHxa rzqPzKaEMO/DYvirp70sm0EWaaEkX6FbR2LJRzKH6AxBWbyboIBnGrE8W/EfrI/f 6qeQZ/+GKMqabT7z7x79RzExgg6GPwdvnI2koD3hgT28CEZpnZZ6fmYMlvD5pfNT yPL8jzGRs725jpk2EsjyrIpNRPXqXgiFhmEA/JD2dr6surGj0UCmvHqEzKgGdHDR K8jG/u93IZhP+ijnxrw0gOnrCHq5chwxxpPaD1LvSgCmULjzks21zLbcB4qOldLH ey6xIPrdQcyRtJBecfb9IAN9ygCZXfz0HdRB+0ChK31D+Bhp2ORbJXxPPWYNVbp9 97pAQ2MYpEYDKUUn5lQ43Qj1WlF2D9+dXquuWYjD+1FZYmSXFfUnIx6HY7asElhc +Hn3J/UvwRI\xefGS -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0778",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "visual studio 2017",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "15.9"
},
{
"model": "visual studio 2017",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "15.0"
},
{
"model": "visual studio 2019",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.8"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.1"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": ".net core",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1.11"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0"
},
{
"model": ".net",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0.2"
},
{
"model": ".net core",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1.24"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "microsoft visual studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "7.0"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "7.1"
},
{
"model": ".net core",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004038"
},
{
"db": "NVD",
"id": "CVE-2021-1721"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "161371"
},
{
"db": "PACKETSTORM",
"id": "161376"
},
{
"db": "PACKETSTORM",
"id": "161372"
},
{
"db": "PACKETSTORM",
"id": "161370"
},
{
"db": "PACKETSTORM",
"id": "161373"
},
{
"db": "PACKETSTORM",
"id": "161375"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-667"
}
],
"trust": 1.2
},
"cve": "CVE-2021-1721",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-1721",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2021-1721",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-1721",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-1721",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2021-1721",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-1721",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-667",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-1721",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-1721"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004038"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-667"
},
{
"db": "NVD",
"id": "CVE-2021-1721"
},
{
"db": "NVD",
"id": "CVE-2021-1721"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core and Visual Studio Denial of Service Vulnerability. plural Microsoft The product interferes with service operation (DoS) A vulnerability exists.Denial of service (DoS) It may be put into a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update\nAdvisory ID: RHSA-2021:0473-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0473\nIssue date: 2021-02-10\nCVE Names: CVE-2021-1721\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet50-dotnet is now available for .NET on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now\navailable. The updated versions are .NET SDK 5.0.103 and .NET Runtime\n5.0.3. \n\nSecurity Fix(es):\n\n* dotnet: certificate chain building recursion Denial of Service\n(CVE-2021-1721)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1926918 - CVE-2021-1721 dotnet: certificate chain building recursion Denial of Service\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-1721\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYCQRkNzjgjWX9erEAQgNpQ//YOPnsrlO2lww9KzO1WQGieOjqQ1xLZxZ\nYEgR3XbSuOiS0y7an842VNVht52BEh+maxUN3cdZfHqkBmb3+Ax4Tdnh/oH2CuYT\nlNkzcQcU/XxNWgpYE6Whu7o5+b7hS8e4khpoH3snamtuL62G2ncH07/cQOeWLi4o\nEixaJXGxfkq7b3UoDqq8iTj/3NQNmOaD72O2Rp2/yYjLWKtBRKq4sK756wpC+iEj\nqs+/z6NRTpw7swp8zpB2SsKpBhaCleqeVez7TAaDQ+yvT5Hijosn87CdDAMgVHxa\nrzqPzKaEMO/DYvirp70sm0EWaaEkX6FbR2LJRzKH6AxBWbyboIBnGrE8W/EfrI/f\n6qeQZ/+GKMqabT7z7x79RzExgg6GPwdvnI2koD3hgT28CEZpnZZ6fmYMlvD5pfNT\nyPL8jzGRs725jpk2EsjyrIpNRPXqXgiFhmEA/JD2dr6surGj0UCmvHqEzKgGdHDR\nK8jG/u93IZhP+ijnxrw0gOnrCHq5chwxxpPaD1LvSgCmULjzks21zLbcB4qOldLH\ney6xIPrdQcyRtJBecfb9IAN9ygCZXfz0HdRB+0ChK31D+Bhp2ORbJXxPPWYNVbp9\n97pAQ2MYpEYDKUUn5lQ43Qj1WlF2D9+dXquuWYjD+1FZYmSXFfUnIx6HY7asElhc\n+Hn3J/UvwRI\\xefGS\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1721"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004038"
},
{
"db": "VULMON",
"id": "CVE-2021-1721"
},
{
"db": "PACKETSTORM",
"id": "161371"
},
{
"db": "PACKETSTORM",
"id": "161376"
},
{
"db": "PACKETSTORM",
"id": "161372"
},
{
"db": "PACKETSTORM",
"id": "161370"
},
{
"db": "PACKETSTORM",
"id": "161373"
},
{
"db": "PACKETSTORM",
"id": "161375"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-1721",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004038",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161375",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.0496",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-667",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-1721",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161371",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161376",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161372",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161370",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161373",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-1721"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004038"
},
{
"db": "PACKETSTORM",
"id": "161371"
},
{
"db": "PACKETSTORM",
"id": "161376"
},
{
"db": "PACKETSTORM",
"id": "161372"
},
{
"db": "PACKETSTORM",
"id": "161370"
},
{
"db": "PACKETSTORM",
"id": "161373"
},
{
"db": "PACKETSTORM",
"id": "161375"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-667"
},
{
"db": "NVD",
"id": "CVE-2021-1721"
}
]
},
"id": "VAR-202102-0778",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T23:04:06.247000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": ".NET\u00a0Core\u00a0and\u00a0Visual\u00a0Studio\u00a0Denial\u00a0of\u00a0Service\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721"
},
{
"title": "Microsoft .NET Core and Microsoft Visual Studio Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141033"
},
{
"title": "Red Hat: Important: dotnet3.1 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210471 - Security Advisory"
},
{
"title": "Red Hat: Important: dotnet5.0 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210476 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210472 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210470 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210473 - Security Advisory"
},
{
"title": "Red Hat: Important: dotnet security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210474 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-202103-17] dotnet-sdk: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202103-17"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-1721 log"
},
{
"title": "Arch Linux Advisories: [ASA-202103-16] dotnet-runtime: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202103-16"
},
{
"title": null,
"trust": 0.1,
"url": "https://www.theregister.co.uk/2021/02/09/microsoft_patch_tuesday/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-1721"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004038"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-667"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004038"
},
{
"db": "NVD",
"id": "CVE-2021-1721"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1721"
},
{
"trust": 1.7,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-1721"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1721"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20210210-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2021/at210008.html"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161375/red-hat-security-advisory-2021-0474-01.html"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-1721"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0496"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-core-vulnerabilities-of-february-2021-34547"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2021:0471"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195571"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0473"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0476"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0472"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0470"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0474"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-1721"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004038"
},
{
"db": "PACKETSTORM",
"id": "161371"
},
{
"db": "PACKETSTORM",
"id": "161376"
},
{
"db": "PACKETSTORM",
"id": "161372"
},
{
"db": "PACKETSTORM",
"id": "161370"
},
{
"db": "PACKETSTORM",
"id": "161373"
},
{
"db": "PACKETSTORM",
"id": "161375"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-667"
},
{
"db": "NVD",
"id": "CVE-2021-1721"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-1721"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004038"
},
{
"db": "PACKETSTORM",
"id": "161371"
},
{
"db": "PACKETSTORM",
"id": "161376"
},
{
"db": "PACKETSTORM",
"id": "161372"
},
{
"db": "PACKETSTORM",
"id": "161370"
},
{
"db": "PACKETSTORM",
"id": "161373"
},
{
"db": "PACKETSTORM",
"id": "161375"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-667"
},
{
"db": "NVD",
"id": "CVE-2021-1721"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1721"
},
{
"date": "2021-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004038"
},
{
"date": "2021-02-11T15:15:26",
"db": "PACKETSTORM",
"id": "161371"
},
{
"date": "2021-02-11T15:18:57",
"db": "PACKETSTORM",
"id": "161376"
},
{
"date": "2021-02-11T15:15:37",
"db": "PACKETSTORM",
"id": "161372"
},
{
"date": "2021-02-11T15:15:09",
"db": "PACKETSTORM",
"id": "161370"
},
{
"date": "2021-02-11T15:15:47",
"db": "PACKETSTORM",
"id": "161373"
},
{
"date": "2021-02-11T15:18:50",
"db": "PACKETSTORM",
"id": "161375"
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-667"
},
{
"date": "2021-02-25T23:15:13.210000",
"db": "NVD",
"id": "CVE-2021-1721"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1721"
},
{
"date": "2021-11-12T05:18:00",
"db": "JVNDB",
"id": "JVNDB-2021-004038"
},
{
"date": "2021-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-667"
},
{
"date": "2024-11-21T05:44:58.307000",
"db": "NVD",
"id": "CVE-2021-1721"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-667"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Microsoft\u00a0 Service operation interruption in the product \u00a0(DoS)\u00a0 Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004038"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-667"
}
],
"trust": 0.6
}
}
var-202001-0124
Vulnerability from variot
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0124",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net core",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "3.5"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "3.5.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "4.5.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "4.6"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "4.6.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "4.6.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "4.7"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "4.7.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "4.7.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "4.8"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "3.0 sp2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001110"
},
{
"db": "NVD",
"id": "CVE-2020-0605"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:.net_framework",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001110"
}
]
},
"cve": "CVE-2020-0605",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-0605",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-0605",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-0605",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-0605",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-0605",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-474",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001110"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-474"
},
{
"db": "NVD",
"id": "CVE-2020-0605"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027.NET Framework Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0606",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-0605"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001110"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-0605",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001110",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202001-474",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001110"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-474"
},
{
"db": "NVD",
"id": "CVE-2020-0605"
}
]
},
"id": "VAR-202001-0124",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T22:58:27.329000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2020-0605 | .NET Framework Remote Code Execution Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605"
},
{
"title": "CVE-2020-0605 | .NET Framework \u306e\u30ea\u30e2\u30fc\u30c8\u3067\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2020-0605"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001110"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001110"
},
{
"db": "NVD",
"id": "CVE-2020-0605"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0605"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0605"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20200115-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2020/at200001.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-framework-vulnerabilities-of-january-31325"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-0605"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001110"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-474"
},
{
"db": "NVD",
"id": "CVE-2020-0605"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001110"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-474"
},
{
"db": "NVD",
"id": "CVE-2020-0605"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001110"
},
{
"date": "2020-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-474"
},
{
"date": "2020-01-14T23:15:30.427000",
"db": "NVD",
"id": "CVE-2020-0605"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001110"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-474"
},
{
"date": "2024-11-21T04:53:50.553000",
"db": "NVD",
"id": "CVE-2020-0605"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-474"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Framework and .NET Core Vulnerable to remote code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001110"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-474"
}
],
"trust": 0.6
}
}
var-202108-1026
Vulnerability from variot
.NET Core and Visual Studio Denial of Service Vulnerability. plural Microsoft The product interferes with service operation (DoS) A vulnerability exists.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: .NET Core 3.1 on RHEL 7 security and bugfix update Advisory ID: RHSA-2021:3143-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3143 Issue date: 2021-08-11 CVE Names: CVE-2021-26423 CVE-2021-34485 CVE-2021-34532 =====================================================================
- Summary:
An update for .NET Core 3.1 is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.118 and .NET Runtime 3.1.18.
Security Fix(es):
-
dotnet: ASP.NET Core WebSocket frame processing DoS (CVE-2021-26423)
-
dotnet: Dump file created world-readable (CVE-2021-34485)
-
dotnet: ASP.NET Core JWT token logging (CVE-2021-34532)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1990286 - CVE-2021-34485 dotnet: Dump file created world-readable 1990295 - CVE-2021-26423 dotnet: ASP.NET Core WebSocket frame processing DoS 1990300 - CVE-2021-34532 dotnet: ASP.NET Core JWT token logging
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet31-dotnet-3.1.118-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.118-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet31-dotnet-3.1.118-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.118-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet31-dotnet-3.1.118-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.118-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-26423 https://access.redhat.com/security/cve/CVE-2021-34485 https://access.redhat.com/security/cve/CVE-2021-34532 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYRQa8tzjgjWX9erEAQgZVg//eyD52RIjaXDx3Y8hIiT3Lol1bgP5prfh vgB+Y/IX75XF929mfsAP4QYJGQR9Q6OR511V7SewOqlGMO65S6yvlqVjvDCoesFc Am02/u2D3A8U7HiTYmAPqKNwzf7t8v2KbfZGMIAJQgYCEB4qjT2zvIt9B6TRAKo2 EdQa4XQsnmh4h3bMhkLrI3m8epxUD5Fk7RizA2F7pCwyL/EpiGzlD13nQWNB18gC Y8Csf5i+xPa66EakBo1fWb7u8oda1aoDcKSoDqinfd9t29yTNCAN4g2h1P/1TkDi nLpFRYf5fv7hoWUHmzg6Alp3eZw2GJVVvtMok2bba2TRYmw3MuXuxctaghupD8ph WDtluNCVniryl4SDkgFaSutcAwbyVlQo6M+ku5j1oy+nS26boGv0dIet9UHHkcAS /+tEiTw/atMuRLwkEQ90Y+CUQ9EkTW9X0haKTsvqbJ+/ZKiDdBYQlYxnrvzh5NEx L/a+QneLNviwEJsyFwozWePokB70J1sPPlU2TjtJI7X5hehvIg1U7rfIGSW7yAmB ji512gGjxX6p/k98O2+1DNJ9c8zf6CvHEt+A2KKaZHkJDV/J5aZeJzfmT3rSq+qu 6BQTTYOtPEI7m/u20I5zzeJ1MBE0gE31O+ng3trHf4HzN82T9AZKB0lthLiX4TKK 3V5TkyNr+k0= =JpAp -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1026",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "powershell core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.1.4"
},
{
"model": "visual studio 2019",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.10"
},
{
"model": "powershell core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.7"
},
{
"model": "visual studio 2017",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "15.9"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "powershell core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "powershell core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.1"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0"
},
{
"model": ".net",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0.8"
},
{
"model": "visual studio 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": ".net core",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1.17"
},
{
"model": ".net core",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1.28"
},
{
"model": "visual studio 2017",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "15.0"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "7.1"
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft visual studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "7.0"
},
{
"model": ".net core",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002313"
},
{
"db": "NVD",
"id": "CVE-2021-26423"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Peter St\u00f6ckli\u003c/a\u003e with Ergon Informatik",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-847"
}
],
"trust": 0.6
},
"cve": "CVE-2021-26423",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-26423",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-26423",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-26423",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-26423",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2021-26423",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-26423",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-847",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-26423",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-26423"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002313"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-847"
},
{
"db": "NVD",
"id": "CVE-2021-26423"
},
{
"db": "NVD",
"id": "CVE-2021-26423"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core and Visual Studio Denial of Service Vulnerability. plural Microsoft The product interferes with service operation (DoS) A vulnerability exists.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: .NET Core 3.1 on RHEL 7 security and bugfix update\nAdvisory ID: RHSA-2021:3143-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:3143\nIssue date: 2021-08-11\nCVE Names: CVE-2021-26423 CVE-2021-34485 CVE-2021-34532 \n=====================================================================\n\n1. Summary:\n\nAn update for .NET Core 3.1 is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address security vulnerabilities are now\navailable. The updated versions are .NET SDK 3.1.118 and .NET Runtime\n3.1.18. \n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core WebSocket frame processing DoS (CVE-2021-26423)\n\n* dotnet: Dump file created world-readable (CVE-2021-34485)\n\n* dotnet: ASP.NET Core JWT token logging (CVE-2021-34532)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1990286 - CVE-2021-34485 dotnet: Dump file created world-readable\n1990295 - CVE-2021-26423 dotnet: ASP.NET Core WebSocket frame processing DoS\n1990300 - CVE-2021-34532 dotnet: ASP.NET Core JWT token logging\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.118-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.118-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.118-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.118-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.118-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.118-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-26423\nhttps://access.redhat.com/security/cve/CVE-2021-34485\nhttps://access.redhat.com/security/cve/CVE-2021-34532\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYRQa8tzjgjWX9erEAQgZVg//eyD52RIjaXDx3Y8hIiT3Lol1bgP5prfh\nvgB+Y/IX75XF929mfsAP4QYJGQR9Q6OR511V7SewOqlGMO65S6yvlqVjvDCoesFc\nAm02/u2D3A8U7HiTYmAPqKNwzf7t8v2KbfZGMIAJQgYCEB4qjT2zvIt9B6TRAKo2\nEdQa4XQsnmh4h3bMhkLrI3m8epxUD5Fk7RizA2F7pCwyL/EpiGzlD13nQWNB18gC\nY8Csf5i+xPa66EakBo1fWb7u8oda1aoDcKSoDqinfd9t29yTNCAN4g2h1P/1TkDi\nnLpFRYf5fv7hoWUHmzg6Alp3eZw2GJVVvtMok2bba2TRYmw3MuXuxctaghupD8ph\nWDtluNCVniryl4SDkgFaSutcAwbyVlQo6M+ku5j1oy+nS26boGv0dIet9UHHkcAS\n/+tEiTw/atMuRLwkEQ90Y+CUQ9EkTW9X0haKTsvqbJ+/ZKiDdBYQlYxnrvzh5NEx\nL/a+QneLNviwEJsyFwozWePokB70J1sPPlU2TjtJI7X5hehvIg1U7rfIGSW7yAmB\nji512gGjxX6p/k98O2+1DNJ9c8zf6CvHEt+A2KKaZHkJDV/J5aZeJzfmT3rSq+qu\n6BQTTYOtPEI7m/u20I5zzeJ1MBE0gE31O+ng3trHf4HzN82T9AZKB0lthLiX4TKK\n3V5TkyNr+k0=\n=JpAp\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-26423"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002313"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-26423"
},
{
"db": "PACKETSTORM",
"id": "163808"
},
{
"db": "PACKETSTORM",
"id": "163807"
},
{
"db": "PACKETSTORM",
"id": "163802"
},
{
"db": "PACKETSTORM",
"id": "163799"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-26423",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002313",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163799",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2729",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2753",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021081011",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021081229",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-847",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-26423",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163808",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163807",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163802",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-26423"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002313"
},
{
"db": "PACKETSTORM",
"id": "163808"
},
{
"db": "PACKETSTORM",
"id": "163807"
},
{
"db": "PACKETSTORM",
"id": "163802"
},
{
"db": "PACKETSTORM",
"id": "163799"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-847"
},
{
"db": "NVD",
"id": "CVE-2021-26423"
}
]
},
"id": "VAR-202108-1026",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-08-14T12:33:20.658000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": ".NET\u00a0Core\u00a0and\u00a0Visual\u00a0Studio\u00a0Denial\u00a0of\u00a0Service\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26423"
},
{
"title": "Microsoft .NET Core and Microsoft Visual Studio Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159242"
},
{
"title": "Red Hat: CVE-2021-26423",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-26423"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-26423 log"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-26423"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002313"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-847"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002313"
},
{
"db": "NVD",
"id": "CVE-2021-26423"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-26423"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26423"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26423"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20210811-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2021/at210034.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-26423"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2729"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2753"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021081229"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-august-2021-36113"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163799/red-hat-security-advisory-2021-3142-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021081011"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-34532"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34532"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34485"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-34485"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3148"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3147"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3142"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-26423"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002313"
},
{
"db": "PACKETSTORM",
"id": "163808"
},
{
"db": "PACKETSTORM",
"id": "163807"
},
{
"db": "PACKETSTORM",
"id": "163802"
},
{
"db": "PACKETSTORM",
"id": "163799"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-847"
},
{
"db": "NVD",
"id": "CVE-2021-26423"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-26423"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002313"
},
{
"db": "PACKETSTORM",
"id": "163808"
},
{
"db": "PACKETSTORM",
"id": "163807"
},
{
"db": "PACKETSTORM",
"id": "163802"
},
{
"db": "PACKETSTORM",
"id": "163799"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-847"
},
{
"db": "NVD",
"id": "CVE-2021-26423"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-26423"
},
{
"date": "2021-08-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002313"
},
{
"date": "2021-08-12T15:49:33",
"db": "PACKETSTORM",
"id": "163808"
},
{
"date": "2021-08-12T15:49:21",
"db": "PACKETSTORM",
"id": "163807"
},
{
"date": "2021-08-12T15:45:22",
"db": "PACKETSTORM",
"id": "163802"
},
{
"date": "2021-08-12T15:43:32",
"db": "PACKETSTORM",
"id": "163799"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-847"
},
{
"date": "2021-08-12T18:15:08.537000",
"db": "NVD",
"id": "CVE-2021-26423"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-26423"
},
{
"date": "2021-08-26T03:18:00",
"db": "JVNDB",
"id": "JVNDB-2021-002313"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-847"
},
{
"date": "2023-12-28T20:15:44.377000",
"db": "NVD",
"id": "CVE-2021-26423"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-847"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Microsoft\u00a0 Service operation interruption in the product \u00a0(DoS)\u00a0 Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002313"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202203-0090
Vulnerability from variot
.NET and Visual Studio Remote Code Execution Vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: .NET 6.0 on RHEL 7 security and bugfix update Advisory ID: RHSA-2022:0832-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0832 Issue date: 2022-03-10 CVE Names: CVE-2022-24464 CVE-2022-24512 =====================================================================
- Summary:
An update for .NET 6.0 is now available for .NET on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 6.0.103 and .NET Runtime 6.0.3.
Security Fix(es):
-
dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
-
dotnet: double parser stack buffer overrun (CVE-2022-24512)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2061847 - CVE-2022-24464 dotnet: ASP.NET Denial of Service via FormPipeReader 2061854 - CVE-2022-24512 dotnet: double parser stack buffer overrun
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-24464 https://access.redhat.com/security/cve/CVE-2022-24512 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYipo+dzjgjWX9erEAQhWwA//Z+qgA25Pl9oc2SywwNY3Si0CPw7txaS5 99i3ldOuALPRwbMQ6mGjkpuuwY+ioLBeiBGUSGGXOACjcRMmGIH5dbsj1vTKJlO2 J3kCabYANlt0hHPQtdVL/+SkAG86bUlFiNxsQytd0Od/U782r1WT/JrvLocjuo9k xuqUXZTRR+0fYUoKmMaRRM/ipNHSKTwA5izPbO0a/6xsEB1ubE/vBJ2JDhqIeZ9P nQBn2GcufSMivwbCeEojjLFwmp9H/JQjqHmM0Fd3KLc6VvDMoLK4/Bssy5qQW+PM YkFPWXqjQYX8McWCwRK5ALR5MteyHVlhgjIaP4pStevuBRymysWW2x06atajsrQ3 i2g4AkSp5Kftr4Tr7UzczP4JKqnI+VssUeN4zbWFxoEslhjGCITTD00c9ZxN5bCn w8Awl0h6ezl50YhTTRj2oF2Rq5ff2CbOikZQLe6i3rR+kK8x138/Y876lh6cDzYD 2AJuf/StDjKMVYtR2h/evUymgAvr6tih3baH5egDLa8Bg9p6dm9zB9deYMN4OM7a oAHbqH43+gLirFFsmD97P86pil7YHJeDKPGt0WzhAAppMk10XCuNe7SipQvztwDU UQiOTQPTbiAhHt3/I8DpN7OuEPJP2EHjMWf8/dpouetIkiCIMFFPOX4CLQC35wI/ 5npIufme4D0= =V/tf -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, s390x, x86_64
3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0090",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "powershell",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.1.6"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0"
},
{
"model": "visual studio 2019",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.9.18"
},
{
"model": ".net",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "powershell",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "powershell",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.9"
},
{
"model": "powershell",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.1"
},
{
"model": "visual studio 2019",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.8.7"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.10.0"
},
{
"model": "visual studio 2019",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.11.11"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.7.0"
},
{
"model": "visual studio 2019",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.6.4"
},
{
"model": ".net",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "visual studio 2019",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.7.26"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.8.0"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.11.0"
},
{
"model": "powershell",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.2.2"
},
{
"model": "powershell",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.2"
},
{
"model": "visual studio 2019",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.10.4"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.9.0"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0.7"
},
{
"model": "powershell",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "7.1"
},
{
"model": ".net core",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "powershell",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "7.0"
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "powershell",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "7.2"
},
{
"model": "microsoft visual studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001463"
},
{
"db": "NVD",
"id": "CVE-2022-24512"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166260"
},
{
"db": "PACKETSTORM",
"id": "166271"
},
{
"db": "PACKETSTORM",
"id": "166270"
},
{
"db": "PACKETSTORM",
"id": "166269"
},
{
"db": "PACKETSTORM",
"id": "166267"
},
{
"db": "PACKETSTORM",
"id": "166266"
}
],
"trust": 0.6
},
"cve": "CVE-2022-24512",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-24512",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2022-24512",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-24512",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-24512",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2022-24512",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-24512",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-699",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001463"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-699"
},
{
"db": "NVD",
"id": "CVE-2022-24512"
},
{
"db": "NVD",
"id": "CVE-2022-24512"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET and Visual Studio Remote Code Execution Vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: .NET 6.0 on RHEL 7 security and bugfix update\nAdvisory ID: RHSA-2022:0832-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0832\nIssue date: 2022-03-10\nCVE Names: CVE-2022-24464 CVE-2022-24512 \n=====================================================================\n\n1. Summary:\n\nAn update for .NET 6.0 is now available for .NET on Red Hat Enterprise\nLinux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address security vulnerabilities are now\navailable. The updated versions are .NET SDK 6.0.103 and .NET Runtime\n6.0.3. \n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2061847 - CVE-2022-24464 dotnet: ASP.NET Denial of Service via FormPipeReader\n2061854 - CVE-2022-24512 dotnet: double parser stack buffer overrun\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-24464\nhttps://access.redhat.com/security/cve/CVE-2022-24512\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYipo+dzjgjWX9erEAQhWwA//Z+qgA25Pl9oc2SywwNY3Si0CPw7txaS5\n99i3ldOuALPRwbMQ6mGjkpuuwY+ioLBeiBGUSGGXOACjcRMmGIH5dbsj1vTKJlO2\nJ3kCabYANlt0hHPQtdVL/+SkAG86bUlFiNxsQytd0Od/U782r1WT/JrvLocjuo9k\nxuqUXZTRR+0fYUoKmMaRRM/ipNHSKTwA5izPbO0a/6xsEB1ubE/vBJ2JDhqIeZ9P\nnQBn2GcufSMivwbCeEojjLFwmp9H/JQjqHmM0Fd3KLc6VvDMoLK4/Bssy5qQW+PM\nYkFPWXqjQYX8McWCwRK5ALR5MteyHVlhgjIaP4pStevuBRymysWW2x06atajsrQ3\ni2g4AkSp5Kftr4Tr7UzczP4JKqnI+VssUeN4zbWFxoEslhjGCITTD00c9ZxN5bCn\nw8Awl0h6ezl50YhTTRj2oF2Rq5ff2CbOikZQLe6i3rR+kK8x138/Y876lh6cDzYD\n2AJuf/StDjKMVYtR2h/evUymgAvr6tih3baH5egDLa8Bg9p6dm9zB9deYMN4OM7a\noAHbqH43+gLirFFsmD97P86pil7YHJeDKPGt0WzhAAppMk10XCuNe7SipQvztwDU\nUQiOTQPTbiAhHt3/I8DpN7OuEPJP2EHjMWf8/dpouetIkiCIMFFPOX4CLQC35wI/\n5npIufme4D0=\n=V/tf\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, s390x, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24512"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001463"
},
{
"db": "PACKETSTORM",
"id": "166260"
},
{
"db": "PACKETSTORM",
"id": "166271"
},
{
"db": "PACKETSTORM",
"id": "166270"
},
{
"db": "PACKETSTORM",
"id": "166269"
},
{
"db": "PACKETSTORM",
"id": "166267"
},
{
"db": "PACKETSTORM",
"id": "166266"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24512",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001463",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166271",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022031027",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022030847",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1015",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-699",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166260",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166270",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166269",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166267",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166266",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001463"
},
{
"db": "PACKETSTORM",
"id": "166260"
},
{
"db": "PACKETSTORM",
"id": "166271"
},
{
"db": "PACKETSTORM",
"id": "166270"
},
{
"db": "PACKETSTORM",
"id": "166269"
},
{
"db": "PACKETSTORM",
"id": "166267"
},
{
"db": "PACKETSTORM",
"id": "166266"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-699"
},
{
"db": "NVD",
"id": "CVE-2022-24512"
}
]
},
"id": "VAR-202203-0090",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T21:02:40.239000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": ".NET\u00a0and\u00a0Visual\u00a0Studio\u00a0Remote\u00a0Code\u00a0Execution\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512"
},
{
"title": "Microsoft .NET Core and Microsoft Visual Studio Fixes for code injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=185196"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001463"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-699"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001463"
},
{
"db": "NVD",
"id": "CVE-2022-24512"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-24512"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24512"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24512"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20220309-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2022/at220007.html"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-24464"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24464"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/os2q4nprsarp7ghlkfliyhfopsydo6mk/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mqlm7abvcyjlf6jrpf3m3ebxw63gnc27/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mrgspxmzy4rm2l35fyhcxbfrolc23b2v/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4togtz2zwdh662znffszvl3m5ajxv6jf/"
},
{
"trust": 0.6,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2022-24512"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cijgcvklhvnlfbteyjgws43qg5dyjfbl/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zxeq3gqvela2t4hnzg7vpms2hdvxmjrg/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022030847"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1015"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-24512/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166271/red-hat-security-advisory-2022-0826-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-march-2022-37733"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-march-2022-37737"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031027"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0826"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0828"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0829"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0830"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001463"
},
{
"db": "PACKETSTORM",
"id": "166260"
},
{
"db": "PACKETSTORM",
"id": "166271"
},
{
"db": "PACKETSTORM",
"id": "166270"
},
{
"db": "PACKETSTORM",
"id": "166269"
},
{
"db": "PACKETSTORM",
"id": "166267"
},
{
"db": "PACKETSTORM",
"id": "166266"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-699"
},
{
"db": "NVD",
"id": "CVE-2022-24512"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001463"
},
{
"db": "PACKETSTORM",
"id": "166260"
},
{
"db": "PACKETSTORM",
"id": "166271"
},
{
"db": "PACKETSTORM",
"id": "166270"
},
{
"db": "PACKETSTORM",
"id": "166269"
},
{
"db": "PACKETSTORM",
"id": "166267"
},
{
"db": "PACKETSTORM",
"id": "166266"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-699"
},
{
"db": "NVD",
"id": "CVE-2022-24512"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001463"
},
{
"date": "2022-03-11T16:10:28",
"db": "PACKETSTORM",
"id": "166260"
},
{
"date": "2022-03-11T16:33:33",
"db": "PACKETSTORM",
"id": "166271"
},
{
"date": "2022-03-11T16:33:16",
"db": "PACKETSTORM",
"id": "166270"
},
{
"date": "2022-03-11T16:33:04",
"db": "PACKETSTORM",
"id": "166269"
},
{
"date": "2022-03-11T16:31:42",
"db": "PACKETSTORM",
"id": "166267"
},
{
"date": "2022-03-11T16:31:28",
"db": "PACKETSTORM",
"id": "166266"
},
{
"date": "2022-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-699"
},
{
"date": "2022-03-09T17:15:15.737000",
"db": "NVD",
"id": "CVE-2022-24512"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-17T01:58:00",
"db": "JVNDB",
"id": "JVNDB-2022-001463"
},
{
"date": "2023-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-699"
},
{
"date": "2024-11-21T06:50:34.683000",
"db": "NVD",
"id": "CVE-2022-24512"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-699"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Microsoft\u00a0 Remote Code Execution Vulnerability in Product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001463"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-699"
}
],
"trust": 0.6
}
}
var-202102-1446
Vulnerability from variot
.NET Core Remote Code Execution Vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:0789-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0789 Issue date: 2021-03-09 CVE Names: CVE-2021-26701 ==================================================================== 1. Summary:
An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The updated versions are .NET Core SDK 3.1.113 and .NET Core Runtime 3.1.13.
Security Fix(es):
- dotnet: System.Text.Encodings.Web Remote Code Execution (CVE-2021-26701)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet31-dotnet-3.1.113-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.113-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet31-dotnet-3.1.113-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.113-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet31-dotnet-3.1.113-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.113-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-26701 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYEfcQtzjgjWX9erEAQjYKQ/9GAgJR6yoeb0rRTrmE8PNW3uAsIBuK1EK uITzaizodY25oMJf0wW9qQGejZDZTRH5QdmRJdNOftA5fNDT0lx72SYE60rw89Ws no+T4n6s2KlnS5GJ/oQKdpZvtF2l2lWyh8oKjKqGO2Vf2lOTFB0+tqdIYpLddlf2 wQAO/RIdBjRE6buqlNA/3iaQRgubL0FMxLrrCMUiVSFcsl9Wh1stIwQCDGQVJzyW 73fA+qastsAy0uTK9F7r9Hp9/fzdWYy4epR2maImkozVQyGIttfOn96wMAEGYQcM B791utMTJQRMoXz1TUpkQ7T31NQH14nW5w1tTjVOwipXBsFqe5IspfUb6iMNihoI UXm/RtLh7z28aamZ7tPkcDW1+WktoD6mL1mToiNPZBLjC6QfSKZCPIS08J3Gyf71 M2BPqwvx8o1YWYJ6oRtEKvOs6QBmYqwsvDEBtMOuf1CqfvqJNsBckPxPibatc49T q3UGj+2OD7rBFuvv/47O/401Sj4yrpddBsWpNg2KDcRqiSwjafTTzCqiS4w38eR/ /0KvKk095cnBbDQ24bezTZrPk4bMUA6gQaObA51pw/VvBnZqxMTxcPgB+LqUzYtK o6/i+D0nxWAlCi31iCvr2pY1jFXHGZzn3v8qCk1Kn4Ii37ifJ55IAYbnI1kIuyQu cDYTfg/xJLITUF -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1446",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": ".net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1.28"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.1"
},
{
"model": ".net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1.15"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0"
},
{
"model": "visual studio 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": ".net",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0.4"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "visual studio 2019",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.9"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "7.0"
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft visual studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "7.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004040"
},
{
"db": "NVD",
"id": "CVE-2021-26701"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "161737"
},
{
"db": "PACKETSTORM",
"id": "161740"
},
{
"db": "PACKETSTORM",
"id": "161736"
},
{
"db": "PACKETSTORM",
"id": "161732"
},
{
"db": "PACKETSTORM",
"id": "161733"
},
{
"db": "PACKETSTORM",
"id": "161739"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-685"
}
],
"trust": 1.2
},
"cve": "CVE-2021-26701",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-26701",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-26701",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "secure@microsoft.com",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-26701",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-26701",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-26701",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2021-26701",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-26701",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-685",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-26701",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-26701"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004040"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-685"
},
{
"db": "NVD",
"id": "CVE-2021-26701"
},
{
"db": "NVD",
"id": "CVE-2021-26701"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core Remote Code Execution Vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update\nAdvisory ID: RHSA-2021:0789-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0789\nIssue date: 2021-03-09\nCVE Names: CVE-2021-26701\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. The updated versions are .NET Core SDK 3.1.113 and .NET Core\nRuntime 3.1.13. \n\nSecurity Fix(es):\n\n* dotnet: System.Text.Encodings.Web Remote Code Execution (CVE-2021-26701)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.113-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.113-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.113-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.113-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.113-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.113-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-26701\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYEfcQtzjgjWX9erEAQjYKQ/9GAgJR6yoeb0rRTrmE8PNW3uAsIBuK1EK\nuITzaizodY25oMJf0wW9qQGejZDZTRH5QdmRJdNOftA5fNDT0lx72SYE60rw89Ws\nno+T4n6s2KlnS5GJ/oQKdpZvtF2l2lWyh8oKjKqGO2Vf2lOTFB0+tqdIYpLddlf2\nwQAO/RIdBjRE6buqlNA/3iaQRgubL0FMxLrrCMUiVSFcsl9Wh1stIwQCDGQVJzyW\n73fA+qastsAy0uTK9F7r9Hp9/fzdWYy4epR2maImkozVQyGIttfOn96wMAEGYQcM\nB791utMTJQRMoXz1TUpkQ7T31NQH14nW5w1tTjVOwipXBsFqe5IspfUb6iMNihoI\nUXm/RtLh7z28aamZ7tPkcDW1+WktoD6mL1mToiNPZBLjC6QfSKZCPIS08J3Gyf71\nM2BPqwvx8o1YWYJ6oRtEKvOs6QBmYqwsvDEBtMOuf1CqfvqJNsBckPxPibatc49T\nq3UGj+2OD7rBFuvv/47O/401Sj4yrpddBsWpNg2KDcRqiSwjafTTzCqiS4w38eR/\n/0KvKk095cnBbDQ24bezTZrPk4bMUA6gQaObA51pw/VvBnZqxMTxcPgB+LqUzYtK\no6/i+D0nxWAlCi31iCvr2pY1jFXHGZzn3v8qCk1Kn4Ii37ifJ55IAYbnI1kIuyQu\ncDYTfg/xJLITUF\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-26701"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004040"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-26701"
},
{
"db": "PACKETSTORM",
"id": "161737"
},
{
"db": "PACKETSTORM",
"id": "161740"
},
{
"db": "PACKETSTORM",
"id": "161736"
},
{
"db": "PACKETSTORM",
"id": "161732"
},
{
"db": "PACKETSTORM",
"id": "161733"
},
{
"db": "PACKETSTORM",
"id": "161739"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-26701",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004040",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161732",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0835",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2737",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021081303",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-685",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-26701",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161737",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161740",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161736",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161733",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161739",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-26701"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004040"
},
{
"db": "PACKETSTORM",
"id": "161737"
},
{
"db": "PACKETSTORM",
"id": "161740"
},
{
"db": "PACKETSTORM",
"id": "161736"
},
{
"db": "PACKETSTORM",
"id": "161732"
},
{
"db": "PACKETSTORM",
"id": "161733"
},
{
"db": "PACKETSTORM",
"id": "161739"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-685"
},
{
"db": "NVD",
"id": "CVE-2021-26701"
}
]
},
"id": "VAR-202102-1446",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T19:57:31.891000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": ".NET\u00a0Core\u00a0Remote\u00a0Code\u00a0Execution\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26701"
},
{
"title": "Microsoft .NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=143005"
},
{
"title": "Red Hat: CVE-2021-26701",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-26701"
},
{
"title": "Arch Linux Advisories: [ASA-202103-23] dotnet-sdk-3.1: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202103-23"
},
{
"title": "Arch Linux Advisories: [ASA-202103-20] dotnet-runtime: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202103-20"
},
{
"title": "Arch Linux Advisories: [ASA-202103-21] dotnet-sdk: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202103-21"
},
{
"title": "Arch Linux Advisories: [ASA-202103-22] dotnet-runtime-3.1: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202103-22"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-26701 log"
},
{
"title": null,
"trust": 0.1,
"url": "https://www.theregister.co.uk/2021/02/09/microsoft_patch_tuesday/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-26701"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004040"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-685"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004040"
},
{
"db": "NVD",
"id": "CVE-2021-26701"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26701"
},
{
"trust": 1.7,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-26701"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wa5wqjvhul5c4xmjtly3c67r4wp35ef4/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tw3zsjttmzafkgw7njwtvvfzuyyu2sjz/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ubossx7u6bshv5ri74fcow4itj5rrjr5/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xpukfhigp5ynjrrfwkdj2xrs4wtfjnnk/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/s2azoukmcht2wbhr7mydtyxwobhzw5p5/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ylfatxasxw4ov2zbsrp4g55hjh73qpbp/"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20210210-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2021/at210008.html"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/s2azoukmcht2wbhr7mydtyxwobhzw5p5/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tw3zsjttmzafkgw7njwtvvfzuyyu2sjz/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ubossx7u6bshv5ri74fcow4itj5rrjr5/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wa5wqjvhul5c4xmjtly3c67r4wp35ef4/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xpukfhigp5ynjrrfwkdj2xrs4wtfjnnk/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ylfatxasxw4ov2zbsrp4g55hjh73qpbp/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-26701"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021081303"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161732/red-hat-security-advisory-2021-0790-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-core-vulnerabilities-of-february-2021-34547"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0835"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2737"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-26701"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0787"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0794"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0789"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0790"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0788"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0793"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-26701"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004040"
},
{
"db": "PACKETSTORM",
"id": "161737"
},
{
"db": "PACKETSTORM",
"id": "161740"
},
{
"db": "PACKETSTORM",
"id": "161736"
},
{
"db": "PACKETSTORM",
"id": "161732"
},
{
"db": "PACKETSTORM",
"id": "161733"
},
{
"db": "PACKETSTORM",
"id": "161739"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-685"
},
{
"db": "NVD",
"id": "CVE-2021-26701"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-26701"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004040"
},
{
"db": "PACKETSTORM",
"id": "161737"
},
{
"db": "PACKETSTORM",
"id": "161740"
},
{
"db": "PACKETSTORM",
"id": "161736"
},
{
"db": "PACKETSTORM",
"id": "161732"
},
{
"db": "PACKETSTORM",
"id": "161733"
},
{
"db": "PACKETSTORM",
"id": "161739"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-685"
},
{
"db": "NVD",
"id": "CVE-2021-26701"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-26701"
},
{
"date": "2021-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004040"
},
{
"date": "2021-03-10T15:41:10",
"db": "PACKETSTORM",
"id": "161737"
},
{
"date": "2021-03-10T15:44:12",
"db": "PACKETSTORM",
"id": "161740"
},
{
"date": "2021-03-10T15:41:02",
"db": "PACKETSTORM",
"id": "161736"
},
{
"date": "2021-03-10T15:35:42",
"db": "PACKETSTORM",
"id": "161732"
},
{
"date": "2021-03-10T15:35:49",
"db": "PACKETSTORM",
"id": "161733"
},
{
"date": "2021-03-10T15:43:20",
"db": "PACKETSTORM",
"id": "161739"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-685"
},
{
"date": "2021-02-25T23:15:16.913000",
"db": "NVD",
"id": "CVE-2021-26701"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-31T00:00:00",
"db": "VULMON",
"id": "CVE-2021-26701"
},
{
"date": "2021-11-12T05:18:00",
"db": "JVNDB",
"id": "JVNDB-2021-004040"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-685"
},
{
"date": "2024-11-21T05:56:41.853000",
"db": "NVD",
"id": "CVE-2021-26701"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-685"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Microsoft\u00a0 Remote Code Execution Vulnerability in Product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004040"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-685"
}
],
"trust": 1.2
}
}
var-202108-1006
Vulnerability from variot
.NET Core and Visual Studio Information Disclosure Vulnerability. plural Microsoft The product contains a vulnerability that exposes information.Information may be disclosed. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Low: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:3144-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3144 Issue date: 2021-08-11 CVE Names: CVE-2021-34485 =====================================================================
- Summary:
An update for .NET Core 2.1 is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The updated versions are .NET Core SDK 2.1.525 and .NET Core Runtime 2.1.29.
Security Fix(es):
- dotnet: Dump file created world-readable (CVE-2021-34485)
Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1990286 - CVE-2021-34485 dotnet: Dump file created world-readable
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-28.el7_9.src.rpm rh-dotnet21-dotnet-2.1.525-1.el7_9.src.rpm
x86_64: rh-dotnet21-2.1-28.el7_9.x86_64.rpm rh-dotnet21-dotnet-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-host-2.1.29-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.29-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-runtime-2.1-28.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-28.el7_9.src.rpm rh-dotnet21-dotnet-2.1.525-1.el7_9.src.rpm
x86_64: rh-dotnet21-2.1-28.el7_9.x86_64.rpm rh-dotnet21-dotnet-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-host-2.1.29-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.29-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-runtime-2.1-28.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-28.el7_9.src.rpm rh-dotnet21-dotnet-2.1.525-1.el7_9.src.rpm
x86_64: rh-dotnet21-2.1-28.el7_9.x86_64.rpm rh-dotnet21-dotnet-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-host-2.1.29-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.29-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-runtime-2.1-28.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-34485 https://access.redhat.com/security/updates/classification/#low
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYRQa6tzjgjWX9erEAQhpUw/+J+ct/h97dtZeh3ULDlxiCcNatnhVIYQJ RkxfZFN/DzwIFzGXTq3w0EX8W0NiPKGZPdOiIh+kaxo3VtQbtZ0shudEClKoMm22 YhcLZVMsH9e3nHgOK9SsHiy8wB1wC2Sme7S5rAHq7YK4oZKoUtoiPJ5gPlmi60xr Mph3mOtarGbG6TJ/HP+ZeYllSnswveqCnP/XFf2JZE0hVZCB6Euqsx0xnUQ8oRIf jHzEf72lZjgHDxQ5n7epKcrkgKFyezdqnSJP3pGXln8BTAdJAxIKIt7YDbTyJiyN BI8cXEbU4QhuY0Fk7/UnR9ZUzIfftUzFx6jrSz89P0bs5wfsgYg02tFpICs7ZOxC c6n9MVgAUjz2vcdN7g2ZnVUav+RLns8enpOHzrgiYXRvkCPFFo9XeOQiROGMIoSC MFhxAW9Z9R6qd60M8JJnyGGkaLIaFpcNviQXC5QyoiqFUUbhLpvg2KnB/qqLPcyS vSh131Odxu7/kNJOz+Cs7ahOBGJJLske8+qHpQeuB8MCRgvCqm+1a2AYV2noBTzi e1qm4Aj+TCLdYqVXSkogf5fKQhWWZqhZ17sSAlJmVxK8/zJWAeg7Gn4vDfTMvrM9 vhl0gTc4pABXI2CqqQ8ulnlFgbz6HO+3goDqqcMDAakQpGu4LiKZMuu+fvKOut61 yQT8DLJkIgU= =rDt/ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1006",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "powershell core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.1.4"
},
{
"model": "visual studio 2019",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.10"
},
{
"model": "powershell core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.7"
},
{
"model": "visual studio 2017",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "15.9"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "powershell core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "powershell core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.1"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0"
},
{
"model": ".net",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0.8"
},
{
"model": ".net core",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1.17"
},
{
"model": ".net core",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1.28"
},
{
"model": "visual studio 2017",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "15.0"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "7.1"
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft visual studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "7.0"
},
{
"model": ".net core",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002310"
},
{
"db": "NVD",
"id": "CVE-2021-34485"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163808"
},
{
"db": "PACKETSTORM",
"id": "163807"
},
{
"db": "PACKETSTORM",
"id": "163803"
},
{
"db": "PACKETSTORM",
"id": "163802"
},
{
"db": "PACKETSTORM",
"id": "163801"
},
{
"db": "PACKETSTORM",
"id": "163799"
}
],
"trust": 0.6
},
"cve": "CVE-2021-34485",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2021-34485",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-34485",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "secure@microsoft.com",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"id": "CVE-2021-34485",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-34485",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-34485",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2021-34485",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-34485",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-848",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-34485",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-34485"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002310"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-848"
},
{
"db": "NVD",
"id": "CVE-2021-34485"
},
{
"db": "NVD",
"id": "CVE-2021-34485"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core and Visual Studio Information Disclosure Vulnerability. plural Microsoft The product contains a vulnerability that exposes information.Information may be disclosed. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update\nAdvisory ID: RHSA-2021:3144-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:3144\nIssue date: 2021-08-11\nCVE Names: CVE-2021-34485 \n=====================================================================\n\n1. Summary:\n\nAn update for .NET Core 2.1 is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. The updated versions are .NET Core SDK 2.1.525 and .NET Core\nRuntime 2.1.29. \n\nSecurity Fix(es):\n\n* dotnet: Dump file created world-readable (CVE-2021-34485)\n\nDefault inclusions for applications built with .NET Core have been updated\nto reference the newest versions and their security fixes. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1990286 - CVE-2021-34485 dotnet: Dump file created world-readable\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-28.el7_9.src.rpm\nrh-dotnet21-dotnet-2.1.525-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-28.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.29-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.29-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-runtime-2.1-28.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-28.el7_9.src.rpm\nrh-dotnet21-dotnet-2.1.525-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-28.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.29-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.29-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-runtime-2.1-28.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-28.el7_9.src.rpm\nrh-dotnet21-dotnet-2.1.525-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-28.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.29-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.29-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-runtime-2.1-28.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-34485\nhttps://access.redhat.com/security/updates/classification/#low\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYRQa6tzjgjWX9erEAQhpUw/+J+ct/h97dtZeh3ULDlxiCcNatnhVIYQJ\nRkxfZFN/DzwIFzGXTq3w0EX8W0NiPKGZPdOiIh+kaxo3VtQbtZ0shudEClKoMm22\nYhcLZVMsH9e3nHgOK9SsHiy8wB1wC2Sme7S5rAHq7YK4oZKoUtoiPJ5gPlmi60xr\nMph3mOtarGbG6TJ/HP+ZeYllSnswveqCnP/XFf2JZE0hVZCB6Euqsx0xnUQ8oRIf\njHzEf72lZjgHDxQ5n7epKcrkgKFyezdqnSJP3pGXln8BTAdJAxIKIt7YDbTyJiyN\nBI8cXEbU4QhuY0Fk7/UnR9ZUzIfftUzFx6jrSz89P0bs5wfsgYg02tFpICs7ZOxC\nc6n9MVgAUjz2vcdN7g2ZnVUav+RLns8enpOHzrgiYXRvkCPFFo9XeOQiROGMIoSC\nMFhxAW9Z9R6qd60M8JJnyGGkaLIaFpcNviQXC5QyoiqFUUbhLpvg2KnB/qqLPcyS\nvSh131Odxu7/kNJOz+Cs7ahOBGJJLske8+qHpQeuB8MCRgvCqm+1a2AYV2noBTzi\ne1qm4Aj+TCLdYqVXSkogf5fKQhWWZqhZ17sSAlJmVxK8/zJWAeg7Gn4vDfTMvrM9\nvhl0gTc4pABXI2CqqQ8ulnlFgbz6HO+3goDqqcMDAakQpGu4LiKZMuu+fvKOut61\nyQT8DLJkIgU=\n=rDt/\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34485"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002310"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-34485"
},
{
"db": "PACKETSTORM",
"id": "163808"
},
{
"db": "PACKETSTORM",
"id": "163807"
},
{
"db": "PACKETSTORM",
"id": "163803"
},
{
"db": "PACKETSTORM",
"id": "163802"
},
{
"db": "PACKETSTORM",
"id": "163801"
},
{
"db": "PACKETSTORM",
"id": "163799"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-34485",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002310",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163799",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2729",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2723",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2753",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021081011",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021081229",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-848",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-34485",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163808",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163807",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163803",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163802",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163801",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-34485"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002310"
},
{
"db": "PACKETSTORM",
"id": "163808"
},
{
"db": "PACKETSTORM",
"id": "163807"
},
{
"db": "PACKETSTORM",
"id": "163803"
},
{
"db": "PACKETSTORM",
"id": "163802"
},
{
"db": "PACKETSTORM",
"id": "163801"
},
{
"db": "PACKETSTORM",
"id": "163799"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-848"
},
{
"db": "NVD",
"id": "CVE-2021-34485"
}
]
},
"id": "VAR-202108-1006",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-08-14T12:36:12.483000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": ".NET\u00a0Core\u00a0and\u00a0Visual\u00a0Studio\u00a0Information\u00a0Disclosure\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34485"
},
{
"title": "Microsoft .NET Core and Microsoft Visual Studio Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159243"
},
{
"title": "Red Hat: CVE-2021-34485",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-34485"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-34485 log"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-34485"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002310"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-848"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002310"
},
{
"db": "NVD",
"id": "CVE-2021-34485"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34485"
},
{
"trust": 1.7,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-34485"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/security/cve/cve-2021-34485"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20210811-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2021/at210034.html"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2729"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-34485"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2753"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021081229"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2723"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-august-2021-36113"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163799/red-hat-security-advisory-2021-3142-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021081011"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-26423"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-34532"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34532"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26423"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3148"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3147"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3144"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3142"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-34485"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002310"
},
{
"db": "PACKETSTORM",
"id": "163808"
},
{
"db": "PACKETSTORM",
"id": "163807"
},
{
"db": "PACKETSTORM",
"id": "163803"
},
{
"db": "PACKETSTORM",
"id": "163802"
},
{
"db": "PACKETSTORM",
"id": "163801"
},
{
"db": "PACKETSTORM",
"id": "163799"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-848"
},
{
"db": "NVD",
"id": "CVE-2021-34485"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-34485"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002310"
},
{
"db": "PACKETSTORM",
"id": "163808"
},
{
"db": "PACKETSTORM",
"id": "163807"
},
{
"db": "PACKETSTORM",
"id": "163803"
},
{
"db": "PACKETSTORM",
"id": "163802"
},
{
"db": "PACKETSTORM",
"id": "163801"
},
{
"db": "PACKETSTORM",
"id": "163799"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-848"
},
{
"db": "NVD",
"id": "CVE-2021-34485"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34485"
},
{
"date": "2021-08-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002310"
},
{
"date": "2021-08-12T15:49:33",
"db": "PACKETSTORM",
"id": "163808"
},
{
"date": "2021-08-12T15:49:21",
"db": "PACKETSTORM",
"id": "163807"
},
{
"date": "2021-08-12T15:45:49",
"db": "PACKETSTORM",
"id": "163803"
},
{
"date": "2021-08-12T15:45:22",
"db": "PACKETSTORM",
"id": "163802"
},
{
"date": "2021-08-12T15:45:07",
"db": "PACKETSTORM",
"id": "163801"
},
{
"date": "2021-08-12T15:43:32",
"db": "PACKETSTORM",
"id": "163799"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-848"
},
{
"date": "2021-08-12T18:15:09.157000",
"db": "NVD",
"id": "CVE-2021-34485"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34485"
},
{
"date": "2021-08-26T03:11:00",
"db": "JVNDB",
"id": "JVNDB-2021-002310"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-848"
},
{
"date": "2023-12-28T20:15:48.690000",
"db": "NVD",
"id": "CVE-2021-34485"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-848"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Microsoft\u00a0 Vulnerability to disclose information in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002310"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202205-0626
Vulnerability from variot
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29117. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET 6.0 on RHEL 7 security and bugfix update Advisory ID: RHSA-2022:2195-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2195 Issue date: 2022-05-11 CVE Names: CVE-2022-23267 CVE-2022-29117 CVE-2022-29145 ==================================================================== 1. Summary:
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 6.0.105 and .NET Core Runtime 6.0.5.
Security Fix(es):
-
dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267)
-
dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117)
-
dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2083647 - CVE-2022-29117 dotnet: malicious content causes high CPU and memory usage 2083649 - CVE-2022-29145 dotnet: parsing HTML causes Denial of Service 2083650 - CVE-2022-23267 dotnet: excess memory allocation via HttpClient causes DoS
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-23267 https://access.redhat.com/security/cve/CVE-2022-29117 https://access.redhat.com/security/cve/CVE-2022-29145 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYnw2ZtzjgjWX9erEAQhfsA//XM/8Ih5T9J+ql5cd6IgYWbT1UOM8KE17 4abvuRvxBqSfJyACbCEbRNm+GZzqWF6SHYamS3lAfs5Gt/SmIcEtyWZTaEkiZtbi sIsJ2Hd802Sm8K1gcU0MFOMhT5zwI3ogteixbvzkN6y5NxHitkVTUZqOIjvpcNzn Mc0bfAgeIzODP6F5hfneYantgPhQC3j5eWDcRBOrvxD2cRDnQ6CzL37wUsdSd+TA f8b7Ck2lg9poj+v/4L/HVLZJi47HM3C3ouqJClTx3kL89ktEZkhavcLua4wX8aY5 n1MPCnMe9OrPwfzAzyCrZqKezAutuu3QfXaWy37RW4M4Tza1dfP/4eJ2fBH19JcB 3iUmFmQmR36WFLBMCrUzLNH8FsBXzp1MLiiKuRgV/MXa+M2ZwMeqTFQuAsAA8lTE 0Qeoyf7JmWP/iDcODWKU/+eApCsRKBnmB952x3UroOq0H57m1RPJKZRlwwqy1S2a Tc2xXDB/w6SaORozEXlGnyrzHBIM7FdHkNS4zdWSNH4GRkO3bbwsi2CPgzIkXvyZ j1Q4NEtntVC3FmkKHUoSw3XRmBNrBNAD3JRKWYXEmN1JAfXSAsrbOqlj9sCE/nTJ rDNXwYArh73UwTMfU2+JL/2XE1mgV+LWBtAMsoBGHAg31HdXQQOe1UoJEaKjX7p3 zq2nVL/qVmM=le1K -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, s390x, x86_64
3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0626",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.1.7"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0"
},
{
"model": ".net",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "visual studio 2019",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.11.14"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.10"
},
{
"model": "visual studio 2019",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.9.21"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0"
},
{
"model": ".net",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.1"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2019 16.9 (includes 16.0 - 16.8)"
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2019 16.11 (includes 16.0 - 16.10)"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001833"
},
{
"db": "NVD",
"id": "CVE-2022-29145"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "167135"
},
{
"db": "PACKETSTORM",
"id": "167382"
},
{
"db": "PACKETSTORM",
"id": "167128"
},
{
"db": "PACKETSTORM",
"id": "167143"
},
{
"db": "PACKETSTORM",
"id": "167125"
},
{
"db": "PACKETSTORM",
"id": "167141"
},
{
"db": "PACKETSTORM",
"id": "167130"
}
],
"trust": 0.7
},
"cve": "CVE-2022-29145",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-29145",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secure@microsoft.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-29145",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2022-001833",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-29145",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2022-29145",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-29145",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2770",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-29145",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-29145"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001833"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2770"
},
{
"db": "NVD",
"id": "CVE-2022-29145"
},
{
"db": "NVD",
"id": "CVE-2022-29145"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29117. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET 6.0 on RHEL 7 security and bugfix update\nAdvisory ID: RHSA-2022:2195-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:2195\nIssue date: 2022-05-11\nCVE Names: CVE-2022-23267 CVE-2022-29117 CVE-2022-29145\n====================================================================\n1. Summary:\n\nAn update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET Core that address a security vulnerability are now\navailable. The updated versions are .NET Core SDK 6.0.105 and .NET Core\nRuntime 6.0.5. \n\nSecurity Fix(es):\n\n* dotnet: excess memory allocation via HttpClient causes DoS\n(CVE-2022-23267)\n\n* dotnet: malicious content causes high CPU and memory usage\n(CVE-2022-29117)\n\n* dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2083647 - CVE-2022-29117 dotnet: malicious content causes high CPU and memory usage\n2083649 - CVE-2022-29145 dotnet: parsing HTML causes Denial of Service\n2083650 - CVE-2022-23267 dotnet: excess memory allocation via HttpClient causes DoS\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-23267\nhttps://access.redhat.com/security/cve/CVE-2022-29117\nhttps://access.redhat.com/security/cve/CVE-2022-29145\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYnw2ZtzjgjWX9erEAQhfsA//XM/8Ih5T9J+ql5cd6IgYWbT1UOM8KE17\n4abvuRvxBqSfJyACbCEbRNm+GZzqWF6SHYamS3lAfs5Gt/SmIcEtyWZTaEkiZtbi\nsIsJ2Hd802Sm8K1gcU0MFOMhT5zwI3ogteixbvzkN6y5NxHitkVTUZqOIjvpcNzn\nMc0bfAgeIzODP6F5hfneYantgPhQC3j5eWDcRBOrvxD2cRDnQ6CzL37wUsdSd+TA\nf8b7Ck2lg9poj+v/4L/HVLZJi47HM3C3ouqJClTx3kL89ktEZkhavcLua4wX8aY5\nn1MPCnMe9OrPwfzAzyCrZqKezAutuu3QfXaWy37RW4M4Tza1dfP/4eJ2fBH19JcB\n3iUmFmQmR36WFLBMCrUzLNH8FsBXzp1MLiiKuRgV/MXa+M2ZwMeqTFQuAsAA8lTE\n0Qeoyf7JmWP/iDcODWKU/+eApCsRKBnmB952x3UroOq0H57m1RPJKZRlwwqy1S2a\nTc2xXDB/w6SaORozEXlGnyrzHBIM7FdHkNS4zdWSNH4GRkO3bbwsi2CPgzIkXvyZ\nj1Q4NEtntVC3FmkKHUoSw3XRmBNrBNAD3JRKWYXEmN1JAfXSAsrbOqlj9sCE/nTJ\nrDNXwYArh73UwTMfU2+JL/2XE1mgV+LWBtAMsoBGHAg31HdXQQOe1UoJEaKjX7p3\nzq2nVL/qVmM=le1K\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, s390x, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-29145"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001833"
},
{
"db": "VULMON",
"id": "CVE-2022-29145"
},
{
"db": "PACKETSTORM",
"id": "167135"
},
{
"db": "PACKETSTORM",
"id": "167382"
},
{
"db": "PACKETSTORM",
"id": "167128"
},
{
"db": "PACKETSTORM",
"id": "167143"
},
{
"db": "PACKETSTORM",
"id": "167125"
},
{
"db": "PACKETSTORM",
"id": "167141"
},
{
"db": "PACKETSTORM",
"id": "167130"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-29145",
"trust": 4.0
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001833",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167382",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167143",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022051101",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051228",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072010",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2770",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-29145",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167128",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167125",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167141",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167130",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-29145"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001833"
},
{
"db": "PACKETSTORM",
"id": "167135"
},
{
"db": "PACKETSTORM",
"id": "167382"
},
{
"db": "PACKETSTORM",
"id": "167128"
},
{
"db": "PACKETSTORM",
"id": "167143"
},
{
"db": "PACKETSTORM",
"id": "167125"
},
{
"db": "PACKETSTORM",
"id": "167141"
},
{
"db": "PACKETSTORM",
"id": "167130"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2770"
},
{
"db": "NVD",
"id": "CVE-2022-29145"
}
]
},
"id": "VAR-202205-0626",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T19:46:03.216000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": ".NET\u00a0and\u00a0Visual\u00a0Studio\u00a0Denial\u00a0of\u00a0Service\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29145"
},
{
"title": "Microsoft Visual Studio and Microsoft .NET Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192014"
},
{
"title": "Red Hat: Important: .NET 6.0 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224588 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET 6.0 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222199 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET 5.0 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222200 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET 6.0 on RHEL 7 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222195 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET Core 3.1 on RHEL 7 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222194 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET 5.0 on RHEL 7 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222196 - Security Advisory"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-29145"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001833"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2770"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001833"
},
{
"db": "NVD",
"id": "CVE-2022-29145"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2022-29145"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29145"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/security/cve/cve-2022-29145"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gnxql7ezorgu4pzcpj5epq4p7iey3zzo/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/w5fpeq6btyrgts6iycdtzw6yf5hlq3by/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ibysbudjyq76hk4tulxviipckk2u6wdb/"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20220511-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2022/at220014.html"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ibysbudjyq76hk4tulxviipckk2u6wdb/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/w5fpeq6btyrgts6iycdtzw6yf5hlq3by/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gnxql7ezorgu4pzcpj5epq4p7iey3zzo/"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29117"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23267"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-23267"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-29117"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051228"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-may-2022-38299"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167143/red-hat-security-advisory-2022-2200-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-29145/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051101"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167382/red-hat-security-advisory-2022-4588-01.html"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-29145"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2022:4588"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2202"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2194"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-29145"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001833"
},
{
"db": "PACKETSTORM",
"id": "167135"
},
{
"db": "PACKETSTORM",
"id": "167382"
},
{
"db": "PACKETSTORM",
"id": "167128"
},
{
"db": "PACKETSTORM",
"id": "167143"
},
{
"db": "PACKETSTORM",
"id": "167125"
},
{
"db": "PACKETSTORM",
"id": "167141"
},
{
"db": "PACKETSTORM",
"id": "167130"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2770"
},
{
"db": "NVD",
"id": "CVE-2022-29145"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-29145"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001833"
},
{
"db": "PACKETSTORM",
"id": "167135"
},
{
"db": "PACKETSTORM",
"id": "167382"
},
{
"db": "PACKETSTORM",
"id": "167128"
},
{
"db": "PACKETSTORM",
"id": "167143"
},
{
"db": "PACKETSTORM",
"id": "167125"
},
{
"db": "PACKETSTORM",
"id": "167141"
},
{
"db": "PACKETSTORM",
"id": "167130"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2770"
},
{
"db": "NVD",
"id": "CVE-2022-29145"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29145"
},
{
"date": "2022-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001833"
},
{
"date": "2022-05-12T15:51:27",
"db": "PACKETSTORM",
"id": "167135"
},
{
"date": "2022-06-03T15:43:44",
"db": "PACKETSTORM",
"id": "167382"
},
{
"date": "2022-05-12T15:44:58",
"db": "PACKETSTORM",
"id": "167128"
},
{
"date": "2022-05-12T15:56:14",
"db": "PACKETSTORM",
"id": "167143"
},
{
"date": "2022-05-12T15:40:23",
"db": "PACKETSTORM",
"id": "167125"
},
{
"date": "2022-05-12T15:53:37",
"db": "PACKETSTORM",
"id": "167141"
},
{
"date": "2022-05-12T15:46:28",
"db": "PACKETSTORM",
"id": "167130"
},
{
"date": "2022-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2770"
},
{
"date": "2022-05-10T21:15:13.077000",
"db": "NVD",
"id": "CVE-2022-29145"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29145"
},
{
"date": "2022-05-25T06:50:00",
"db": "JVNDB",
"id": "JVNDB-2022-001833"
},
{
"date": "2022-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2770"
},
{
"date": "2024-11-21T06:58:34.720000",
"db": "NVD",
"id": "CVE-2022-29145"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2770"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET\u00a0 and \u00a0Microsoft\u00a0Visual\u00a0Studio\u00a0 Denial of service in Japan \u00a0(DoS)\u00a0 Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001833"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2770"
}
],
"trust": 0.6
}
}
var-202007-0327
Vulnerability from variot
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Critical: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2020:2937-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2937 Issue date: 2020-07-15 CVE Names: CVE-2020-1147 ==================================================================== 1. Summary:
An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address a security vulnerability are now available. The updated version is .NET Core Runtime 2.1.20 and SDK 2.1.516.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-19.el7.src.rpm rh-dotnet21-dotnet-2.1.516-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-19.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.20-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.20-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.516-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-19.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-19.el7.src.rpm rh-dotnet21-dotnet-2.1.516-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-19.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.20-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.20-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.516-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-19.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-19.el7.src.rpm rh-dotnet21-dotnet-2.1.516-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-19.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.20-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.20-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.516-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-19.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-1147 https://access.redhat.com/security/updates/classification/#critical
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXw7i7tzjgjWX9erEAQjJcg/6A8FSym0U4wUf51+u8oifaNgi971C1Hcj YHoKmX17Udi6u9wyACSO4MFUaWssoSRblOThz0Ne/zw0q7KUr9Z/cRvdsjsloIz7 VAikaDdBzLQ1gx1ledpCwgFieaHCwyZQ9i1yVEilNmfll7WcoICXMHJCdQerTt5F Ky1I0WICDnN3CUHw+uuwru8inh0K/x+ubTrL5ypVd5gfwgVuePEP6hvLbz3+6LfI EuP/yzx2dPijSOnn4nEKgimiYAmN0kXiFLv/wIrcciVJ3sASQtgeG08e1A35UjSm DVi78xaMGgXLvuKMtwJt4YfD40+wsdla64p+/2RkP8vhfuSpCj2QaKyUsIUplzZY 9XiTDX0TOA/9lH697uvUqrluwwwbSjJRCthMZYWrmP8bZt9YBlaT37FESxhFfZCA nzsFiHVLL+pAx+Gfd1c/lmQzhPgSIgukFOoLu+dthpYiU1z6mlQJQHQbXGit4rYp XYLVDgLZwqLNlkx9HCiuY/pC7oJU+DrWXXP7FIxuh7y79RQCj+tQhbnP0EPmJfnx LRcbfe1YfrjBcjH04K7Cyx7T0PilFt+S9o/Bh4Hq1/DRRagV5J5IKbfdMuaHnYwh 3P/fgWTLWxCv2rovsIcOKNd5XEvGGLGO/UDQ2RdvR8BSaB7iKYwFGbCV0+4pFBMO 27Eu9ftZTIw=ingT -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0327",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.7.1"
},
{
"model": "visual studio 2017",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "15.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.5.1"
},
{
"model": "sharepoint server",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2019"
},
{
"model": "sharepoint enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2016"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.7"
},
{
"model": "visual studio 2019",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.6"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.8"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.6.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.6.2"
},
{
"model": "visual studio 2017",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "15.9"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "sharepoint enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2013"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.7.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.6"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "sharepoint server",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2010"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.5.2"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.5"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "3.1"
},
{
"model": "microsoft .net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2.0 sp2"
},
{
"model": "microsoft .net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "3.0 sp2"
},
{
"model": "microsoft .net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "3.5"
},
{
"model": "microsoft .net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "3.5 and 4.6.2/4.7/4.7.1/4.7.2"
},
{
"model": "microsoft .net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "3.5 and 4.6/4.6.1/4.6.2"
},
{
"model": "microsoft .net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "3.5 and 4.7.1/4.7.2"
},
{
"model": "microsoft .net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "3.5 and 4.7.2"
},
{
"model": "microsoft .net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "3.5 and 4.8"
},
{
"model": "microsoft .net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "3.5.1"
},
{
"model": "microsoft .net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "4.5.2"
},
{
"model": "microsoft .net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "4.6"
},
{
"model": "microsoft .net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2"
},
{
"model": "microsoft .net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "4.8"
},
{
"model": "microsoft sharepoint enterprise server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2013 sp1"
},
{
"model": "microsoft sharepoint enterprise server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2016"
},
{
"model": "microsoft sharepoint server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2010 sp2"
},
{
"model": "microsoft sharepoint server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2019"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2017 version 15.9 (includes 15.0 - 15.8)"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2019 version 16.0"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2019 version 16.4 (includes 16.0 - 16.3)"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2019 version 16.6 (includes 16.0 - 16.5)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008157"
},
{
"db": "NVD",
"id": "CVE-2020-1147"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "158436"
},
{
"db": "PACKETSTORM",
"id": "158433"
},
{
"db": "PACKETSTORM",
"id": "158432"
},
{
"db": "PACKETSTORM",
"id": "158431"
},
{
"db": "PACKETSTORM",
"id": "158465"
},
{
"db": "PACKETSTORM",
"id": "158467"
}
],
"trust": 0.6
},
"cve": "CVE-2020-1147",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-1147",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-1147",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-1147",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-1147",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-1147",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-597",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-1147",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-1147"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008157"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-597"
},
{
"db": "NVD",
"id": "CVE-2020-1147"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka \u0027.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability\u0027. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Critical: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update\nAdvisory ID: RHSA-2020:2937-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:2937\nIssue date: 2020-07-15\nCVE Names: CVE-2020-1147\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address a security vulnerability are now\navailable. The updated version is .NET Core Runtime 2.1.20 and SDK 2.1.516. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-19.el7.src.rpm\nrh-dotnet21-dotnet-2.1.516-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-19.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.20-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.20-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-19.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-19.el7.src.rpm\nrh-dotnet21-dotnet-2.1.516-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-19.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.20-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.20-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-19.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-19.el7.src.rpm\nrh-dotnet21-dotnet-2.1.516-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-19.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.20-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.20-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-19.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1147\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXw7i7tzjgjWX9erEAQjJcg/6A8FSym0U4wUf51+u8oifaNgi971C1Hcj\nYHoKmX17Udi6u9wyACSO4MFUaWssoSRblOThz0Ne/zw0q7KUr9Z/cRvdsjsloIz7\nVAikaDdBzLQ1gx1ledpCwgFieaHCwyZQ9i1yVEilNmfll7WcoICXMHJCdQerTt5F\nKy1I0WICDnN3CUHw+uuwru8inh0K/x+ubTrL5ypVd5gfwgVuePEP6hvLbz3+6LfI\nEuP/yzx2dPijSOnn4nEKgimiYAmN0kXiFLv/wIrcciVJ3sASQtgeG08e1A35UjSm\nDVi78xaMGgXLvuKMtwJt4YfD40+wsdla64p+/2RkP8vhfuSpCj2QaKyUsIUplzZY\n9XiTDX0TOA/9lH697uvUqrluwwwbSjJRCthMZYWrmP8bZt9YBlaT37FESxhFfZCA\nnzsFiHVLL+pAx+Gfd1c/lmQzhPgSIgukFOoLu+dthpYiU1z6mlQJQHQbXGit4rYp\nXYLVDgLZwqLNlkx9HCiuY/pC7oJU+DrWXXP7FIxuh7y79RQCj+tQhbnP0EPmJfnx\nLRcbfe1YfrjBcjH04K7Cyx7T0PilFt+S9o/Bh4Hq1/DRRagV5J5IKbfdMuaHnYwh\n3P/fgWTLWxCv2rovsIcOKNd5XEvGGLGO/UDQ2RdvR8BSaB7iKYwFGbCV0+4pFBMO\n27Eu9ftZTIw=ingT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1147"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008157"
},
{
"db": "VULMON",
"id": "CVE-2020-1147"
},
{
"db": "PACKETSTORM",
"id": "158436"
},
{
"db": "PACKETSTORM",
"id": "158433"
},
{
"db": "PACKETSTORM",
"id": "158432"
},
{
"db": "PACKETSTORM",
"id": "158431"
},
{
"db": "PACKETSTORM",
"id": "158465"
},
{
"db": "PACKETSTORM",
"id": "158467"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-1147",
"trust": 3.1
},
{
"db": "EXPLOITALERT",
"id": "35992",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "158694",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "163644",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "158876",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008157",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158436",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158467",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2441",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2418",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2445",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "50151",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "48747",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2021070135",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2020080098",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-597",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-1147",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158433",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158432",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158431",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158465",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-1147"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008157"
},
{
"db": "PACKETSTORM",
"id": "158436"
},
{
"db": "PACKETSTORM",
"id": "158433"
},
{
"db": "PACKETSTORM",
"id": "158432"
},
{
"db": "PACKETSTORM",
"id": "158431"
},
{
"db": "PACKETSTORM",
"id": "158465"
},
{
"db": "PACKETSTORM",
"id": "158467"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-597"
},
{
"db": "NVD",
"id": "CVE-2020-1147"
}
]
},
"id": "VAR-202007-0327",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T22:44:29.294000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2020-1147\u00a0|\u00a0.NET\u00a0Framework,\u00a0SharePoint\u00a0Server,\u00a0and\u00a0Visual\u00a0Studio\u00a0Remote\u00a0Code\u00a0Execution\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1147"
},
{
"title": "Microsoft .NET Framework , SharePoint Server and Visual Studio Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124874"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2020/07/15/july_2020_patch_tuesday/"
},
{
"title": "Red Hat: Critical: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202937 - Security Advisory"
},
{
"title": "Red Hat: Critical: .NET Core security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202988 - Security Advisory"
},
{
"title": "Red Hat: Critical: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202939 - Security Advisory"
},
{
"title": "Red Hat: Critical: .NET Core security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202938 - Security Advisory"
},
{
"title": "Red Hat: Critical: .NET Core security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202989 - Security Advisory"
},
{
"title": "Red Hat: Critical: .NET Core 3.1 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202954 - Security Advisory"
},
{
"title": "cs2020_msels",
"trust": 0.1,
"url": "https://github.com/wshepherd0010/cs2020_msels "
},
{
"title": "template",
"trust": 0.1,
"url": "https://github.com/wshepherd0010/template "
},
{
"title": "EzpzSharepoint",
"trust": 0.1,
"url": "https://github.com/H0j3n/EzpzSharepoint "
},
{
"title": "ysoserial.net",
"trust": 0.1,
"url": "https://github.com/pwntester/ysoserial.net "
},
{
"title": "nuclei-templates",
"trust": 0.1,
"url": "https://github.com/projectdiscovery/nuclei-templates "
},
{
"title": "nuclei-templates",
"trust": 0.1,
"url": "https://github.com/storenth/nuclei-templates "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/merlinepedra25/nuclei-templates "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/merlinepedra/nuclei-templates "
},
{
"title": "kenzer-templates",
"trust": 0.1,
"url": "https://github.com/Elsfa7-110/kenzer-templates "
},
{
"title": "kenzer-templates",
"trust": 0.1,
"url": "https://github.com/ARPSyndicate/kenzer-templates "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/critical-sharepoint-flaw-dissected-rce-details-now-available/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-1147"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008157"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-597"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008157"
},
{
"db": "NVD",
"id": "CVE-2020-1147"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/158694/sharepoint-dataset-datatable-deserialization.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/158876/microsoft-sharepoint-server-2019-remote-code-execution.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/163644/microsoft-sharepoint-server-2019-remote-code-execution.html"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1147"
},
{
"trust": 1.7,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1147"
},
{
"trust": 1.7,
"url": "https://www.exploitalert.com/view-details.html?id=35992"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1147"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20200715-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2020/at200029.html"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2020-1147"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-july-2020-32824"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2441/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2445/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158467/red-hat-security-advisory-2020-2989-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/net-core-code-execution-via-xml-source-markup-32836"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2418/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158436/red-hat-security-advisory-2020-2954-01.html"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/50151"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2020080098"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2021070135"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/48747"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:2937"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/wshepherd0010/template"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2954"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2939"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2989"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-1147"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008157"
},
{
"db": "PACKETSTORM",
"id": "158436"
},
{
"db": "PACKETSTORM",
"id": "158433"
},
{
"db": "PACKETSTORM",
"id": "158432"
},
{
"db": "PACKETSTORM",
"id": "158431"
},
{
"db": "PACKETSTORM",
"id": "158465"
},
{
"db": "PACKETSTORM",
"id": "158467"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-597"
},
{
"db": "NVD",
"id": "CVE-2020-1147"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-1147"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008157"
},
{
"db": "PACKETSTORM",
"id": "158436"
},
{
"db": "PACKETSTORM",
"id": "158433"
},
{
"db": "PACKETSTORM",
"id": "158432"
},
{
"db": "PACKETSTORM",
"id": "158431"
},
{
"db": "PACKETSTORM",
"id": "158465"
},
{
"db": "PACKETSTORM",
"id": "158467"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-597"
},
{
"db": "NVD",
"id": "CVE-2020-1147"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2020-1147"
},
{
"date": "2020-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008157"
},
{
"date": "2020-07-15T22:47:00",
"db": "PACKETSTORM",
"id": "158436"
},
{
"date": "2020-07-15T14:38:40",
"db": "PACKETSTORM",
"id": "158433"
},
{
"date": "2020-07-15T14:38:32",
"db": "PACKETSTORM",
"id": "158432"
},
{
"date": "2020-07-15T14:38:24",
"db": "PACKETSTORM",
"id": "158431"
},
{
"date": "2020-07-17T19:35:18",
"db": "PACKETSTORM",
"id": "158465"
},
{
"date": "2020-07-17T19:36:00",
"db": "PACKETSTORM",
"id": "158467"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-597"
},
{
"date": "2020-07-14T23:15:12.057000",
"db": "NVD",
"id": "CVE-2020-1147"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2020-1147"
},
{
"date": "2020-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008157"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-597"
},
{
"date": "2024-11-21T05:09:50.860000",
"db": "NVD",
"id": "CVE-2020-1147"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-597"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Microsoft\u00a0 Remote Code Execution Vulnerability in Product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008157"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "158436"
},
{
"db": "PACKETSTORM",
"id": "158433"
},
{
"db": "PACKETSTORM",
"id": "158432"
},
{
"db": "PACKETSTORM",
"id": "158431"
},
{
"db": "PACKETSTORM",
"id": "158465"
},
{
"db": "PACKETSTORM",
"id": "158467"
}
],
"trust": 0.6
}
}
var-201811-0478
Vulnerability from variot
A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:3676-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3676 Issue date: 2018-11-27 CVE Names: CVE-2018-8416 ==================================================================== 1. Summary:
An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
Security Fix(es):
- .NET Core: Arbitrary file and directory creation (CVE-2018-8416)
For more information, please refer to the upstream docs in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm
x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm
x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm
x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-8416 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW/zJC9zjgjWX9erEAQi0Pw//WnLvaExr0r/rVkOTSxMDwGEqCu4K7nU6 8FnknCX3hpTmIqwIb5VIGOUwRneeg3DnGxg8vIBm8dwrAGqkgpfpGJLt1H7MNAMK p3idNKfoZgG3gVfiO55aaKkftoimA4rUx915ssPzLtBADWdqPfSG0jHkWJgynpDA gAU2FZOhmIJ2Z2+COCi7i1hf2CKDeRRu7mvFDkyKYb4yoVsGXPsm4dB1piw/2VCh ezp4sWeGq0r1dReejy+O2IU8bx/8LsaPqz2ZaARXjFHCEEg4y2CFxLzv2nsokQfy gmpcNtY7F2+ysHP9YL9xV7/pQF3FR1cHDP8lZ6usNIrgrPO/e7WAszsTEg6u3+9l t4gRjeE1SJHa7JkC6seEpZXsxCdR0/9GeOBm+b2RF9qgSEgQgtD/N/AKNQWt4Qo3 rRQN79cy4sRznmwzP0MBE57RAu7GzmmueLeJK7uAuQikfqxGPn5Q2yOah74I2WR9 lzbwqVLuUBHZZhHautHQA3i4bqz8CEfQRHTGmiagkHYWn2m2yNJsWnDMt5YpLzn2 GpTg+9TU0GmwqSquG/5r/rD9YLJwM2m8KV9Yt0PArzw1ey+z542i0Dwv4GlHpIR4 W9D33bMeOY1o4IhLmT+Qlm5ZbGEWleQ4U59YUaCvnZDzsfg0AcJSSpg42ws2+FkC uuianWdqhaI=i2VD -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0478",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6.1"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6.2"
}
],
"sources": [
{
"db": "BID",
"id": "105798"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013498"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-363"
},
{
"db": "NVD",
"id": "CVE-2018-8416"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:powershell_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013498"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Danny Grander of Snyk.",
"sources": [
{
"db": "BID",
"id": "105798"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-363"
}
],
"trust": 0.9
},
"cve": "CVE-2018-8416",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2018-8416",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2018-8416",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-8416",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-8416",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-363",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013498"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-363"
},
{
"db": "NVD",
"id": "CVE-2018-8416"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka \".NET Core Tampering Vulnerability.\" This affects .NET Core 2.1. \nSuccessfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID: RHSA-2018:3676-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3676\nIssue date: 2018-11-27\nCVE Names: CVE-2018-8416\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* .NET Core: Arbitrary file and directory creation (CVE-2018-8416)\n\nFor more information, please refer to the upstream docs in the References\nsection. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-dotnet-2.1.500-5.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-dotnet-2.1.500-5.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-dotnet-2.1.500-5.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-8416\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW/zJC9zjgjWX9erEAQi0Pw//WnLvaExr0r/rVkOTSxMDwGEqCu4K7nU6\n8FnknCX3hpTmIqwIb5VIGOUwRneeg3DnGxg8vIBm8dwrAGqkgpfpGJLt1H7MNAMK\np3idNKfoZgG3gVfiO55aaKkftoimA4rUx915ssPzLtBADWdqPfSG0jHkWJgynpDA\ngAU2FZOhmIJ2Z2+COCi7i1hf2CKDeRRu7mvFDkyKYb4yoVsGXPsm4dB1piw/2VCh\nezp4sWeGq0r1dReejy+O2IU8bx/8LsaPqz2ZaARXjFHCEEg4y2CFxLzv2nsokQfy\ngmpcNtY7F2+ysHP9YL9xV7/pQF3FR1cHDP8lZ6usNIrgrPO/e7WAszsTEg6u3+9l\nt4gRjeE1SJHa7JkC6seEpZXsxCdR0/9GeOBm+b2RF9qgSEgQgtD/N/AKNQWt4Qo3\nrRQN79cy4sRznmwzP0MBE57RAu7GzmmueLeJK7uAuQikfqxGPn5Q2yOah74I2WR9\nlzbwqVLuUBHZZhHautHQA3i4bqz8CEfQRHTGmiagkHYWn2m2yNJsWnDMt5YpLzn2\nGpTg+9TU0GmwqSquG/5r/rD9YLJwM2m8KV9Yt0PArzw1ey+z542i0Dwv4GlHpIR4\nW9D33bMeOY1o4IhLmT+Qlm5ZbGEWleQ4U59YUaCvnZDzsfg0AcJSSpg42ws2+FkC\nuuianWdqhaI=i2VD\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8416"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013498"
},
{
"db": "BID",
"id": "105798"
},
{
"db": "PACKETSTORM",
"id": "150479"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8416",
"trust": 2.8
},
{
"db": "BID",
"id": "105798",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1042128",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013498",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201811-363",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "150479",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "105798"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013498"
},
{
"db": "PACKETSTORM",
"id": "150479"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-363"
},
{
"db": "NVD",
"id": "CVE-2018-8416"
}
]
},
"id": "VAR-201811-0478",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T22:58:49.543000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-8416 | .NET Core Tampering Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8416"
},
{
"title": "CVE-2018-8416 | .NET Core \u306e\u6539\u3056\u3093\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-8416"
},
{
"title": "Microsoft .NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86772"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013498"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-363"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013498"
},
{
"db": "NVD",
"id": "CVE-2018-8416"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:3676"
},
{
"trust": 1.7,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8416"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1042128"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105798"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8416"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8416"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20181114-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2018/at180046.html"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8416"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
}
],
"sources": [
{
"db": "BID",
"id": "105798"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013498"
},
{
"db": "PACKETSTORM",
"id": "150479"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-363"
},
{
"db": "NVD",
"id": "CVE-2018-8416"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "105798"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013498"
},
{
"db": "PACKETSTORM",
"id": "150479"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-363"
},
{
"db": "NVD",
"id": "CVE-2018-8416"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-13T00:00:00",
"db": "BID",
"id": "105798"
},
{
"date": "2019-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013498"
},
{
"date": "2018-11-27T17:23:43",
"db": "PACKETSTORM",
"id": "150479"
},
{
"date": "2018-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-363"
},
{
"date": "2018-11-14T01:29:00.427000",
"db": "NVD",
"id": "CVE-2018-8416"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-13T00:00:00",
"db": "BID",
"id": "105798"
},
{
"date": "2019-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013498"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-363"
},
{
"date": "2024-11-21T04:13:47",
"db": "NVD",
"id": "CVE-2018-8416"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-363"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core Vulnerabilities to be tampered with",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013498"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "105798"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-363"
}
],
"trust": 0.9
}
}
var-201905-1185
Vulnerability from variot
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980. This vulnerability CVE-2019-0820 and CVE-2019-0980 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Both Microsoft .NET Core and Microsoft ASP.NET Core are products of Microsoft Corporation of the United States. .NET Core is a free open source development platform. The platform has features such as multi-language support and cross-platform. Microsoft ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability originates from improper design or implementation during code development of a network system or product. The following products and versions are affected: Microsoft .NET Framework version 4.7.2, version 4.7.1, version 4.6.2, version 4.6.1, version 3.5.1, version 4.8, version 4.7, version 4.6, version 4.5.2, Version 3.5, 3.0 SP2, 2.0 SP2; .NET Core 2.2, 2.1, 1.1, 1.0. An attacker can exploit this issue to cause a denial of service condition.
Bug Fix(es):
-
dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2019:1236-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1236 Issue date: 2019-05-15 CVE Names: CVE-2019-0820 CVE-2019-0980 CVE-2019-0981 ==================================================================== 1. Summary:
Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now available for .NET Core on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
Security Fix(es):
-
dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)
-
dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0980)
-
dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0981)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)
-
Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)
-
Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)
-
Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1654863 - Re-enable bash completion in rh-dotnet22-dotnet 1678932 - Error rebuilding rh-dotnet22-curl in CentOS 1703479 - Broken apphost caused by unset DOTNET_ROOT 1703508 - Update to .NET Core 1.1.13 1704454 - Update to .NET Core 1.0.16 1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107 1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507 1705259 - Make bash completion compatible with rh-dotnet22 packages 1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service 1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service 1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-0820 https://access.redhat.com/security/cve/CVE-2019-0980 https://access.redhat.com/security/cve/CVE-2019-0981 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB hMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3 3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH kCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ pTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa UcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN NqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg z+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB n7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP DPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD /I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm KCZo5tPFVoU=dJ6F -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1185",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net framework",
"scope": "eq",
"trust": 3.3,
"vendor": "microsoft",
"version": "3.5"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 3.3,
"vendor": "microsoft",
"version": "4.5.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 3.3,
"vendor": "microsoft",
"version": "4.6.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "3.5.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.6"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.6.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.7"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.7.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.7.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.8"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "2.2"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": ".net framework sp2",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": ".net framework sp2",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2.0 sp2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "3.0 sp2"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6.1"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6.2"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20377"
},
{
"db": "BID",
"id": "108207"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003825"
},
{
"db": "NVD",
"id": "CVE-2019-0981"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:.net_framework",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:powershell_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003825"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nemanja Mijailovic,Red Hat",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-395"
}
],
"trust": 0.6
},
"cve": "CVE-2019-0981",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-0981",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-20377",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-0981",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-0981",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-0981",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-20377",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-395",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-0981",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20377"
},
{
"db": "VULMON",
"id": "CVE-2019-0981"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003825"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-395"
},
{
"db": "NVD",
"id": "CVE-2019-0981"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka \u0027.Net Framework and .Net Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980. This vulnerability CVE-2019-0820 and CVE-2019-0980 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Both Microsoft .NET Core and Microsoft ASP.NET Core are products of Microsoft Corporation of the United States. .NET Core is a free open source development platform. The platform has features such as multi-language support and cross-platform. Microsoft ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability originates from improper design or implementation during code development of a network system or product. The following products and versions are affected: Microsoft .NET Framework version 4.7.2, version 4.7.1, version 4.6.2, version 4.6.1, version 3.5.1, version 4.8, version 4.7, version 4.6, version 4.5.2, Version 3.5, 3.0 SP2, 2.0 SP2; .NET Core 2.2, 2.1, 1.1, 1.0. \nAn attacker can exploit this issue to cause a denial of service condition. \n\nBug Fix(es):\n\n* dotnet: new SocketException((int)SocketError.InvalidArgument).Message is\nempty (BZ#1712471)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update\nAdvisory ID: RHSA-2019:1236-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:1236\nIssue date: 2019-05-15\nCVE Names: CVE-2019-0820 CVE-2019-0980 CVE-2019-0981\n====================================================================\n1. Summary:\n\nUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,\nrh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now\navailable for .NET Core on Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)\n\n* dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of\nService (CVE-2019-0980)\n\n* dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of\nService (CVE-2019-0981)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)\n\n* Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)\n\n* Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)\n\n* Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1654863 - Re-enable bash completion in rh-dotnet22-dotnet\n1678932 - Error rebuilding rh-dotnet22-curl in CentOS\n1703479 - Broken apphost caused by unset DOTNET_ROOT\n1703508 - Update to .NET Core 1.1.13\n1704454 - Update to .NET Core 1.0.16\n1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107\n1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507\n1705259 - Make bash completion compatible with rh-dotnet22 packages\n1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service\n1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service\n1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0820\nhttps://access.redhat.com/security/cve/CVE-2019-0980\nhttps://access.redhat.com/security/cve/CVE-2019-0981\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB\nhMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3\n3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH\nkCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ\npTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa\nUcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN\nNqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg\nz+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB\nn7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP\nDPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD\n/I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm\nKCZo5tPFVoU=dJ6F\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0981"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003825"
},
{
"db": "CNVD",
"id": "CNVD-2020-20377"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-395"
},
{
"db": "BID",
"id": "108207"
},
{
"db": "VULMON",
"id": "CVE-2019-0981"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152953"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-0981",
"trust": 3.6
},
{
"db": "BID",
"id": "108207",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003825",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "152999",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "152953",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-20377",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1839",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1740",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-395",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-0981",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20377"
},
{
"db": "VULMON",
"id": "CVE-2019-0981"
},
{
"db": "BID",
"id": "108207"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003825"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152953"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-395"
},
{
"db": "NVD",
"id": "CVE-2019-0981"
}
]
},
"id": "VAR-201905-1185",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20377"
}
],
"trust": 0.79172932
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20377"
}
]
},
"last_update_date": "2024-11-23T21:59:52.602000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2019-0981 | .Net Framework and .Net Core Denial of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981"
},
{
"title": "CVE-2019-0981 | .NET Framework \u3068 .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0981"
},
{
"title": "Patch for Microsoft .NET Core and Microsoft ASP.NET Core Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/211629"
},
{
"title": "Microsoft .NET Core and Microsoft ASP.NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92545"
},
{
"title": "Red Hat: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191236 - Security Advisory"
},
{
"title": "Red Hat: Important: dotnet security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191259 - Security Advisory"
},
{
"title": "sharpfuzz",
"trust": 0.1,
"url": "https://github.com/Metalnem/sharpfuzz "
},
{
"title": "Symantec Threat Intelligence Blog",
"trust": 0.1,
"url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-may-2019"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20377"
},
{
"db": "VULMON",
"id": "CVE-2019-0981"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003825"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-395"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-19",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003825"
},
{
"db": "NVD",
"id": "CVE-2019-0981"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0981"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:1259"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0981"
},
{
"trust": 0.9,
"url": "http://www.microsoft.com"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1236"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0981"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20190515-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2019/at190023.html"
},
{
"trust": 0.7,
"url": "https://www.securityfocus.com/bid/108207"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152999/red-hat-security-advisory-2019-1259-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/81042"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152953/red-hat-security-advisory-2019-1236-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1839/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-may-2019-29296"
},
{
"trust": 0.2,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0820"
},
{
"trust": 0.2,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0980"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0980"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0820"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0981"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0980"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0820"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/19.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/metalnem/sharpfuzz"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/108207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0757"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0757"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md"
},
{
"trust": 0.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0757"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20377"
},
{
"db": "VULMON",
"id": "CVE-2019-0981"
},
{
"db": "BID",
"id": "108207"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003825"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152953"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-395"
},
{
"db": "NVD",
"id": "CVE-2019-0981"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-20377"
},
{
"db": "VULMON",
"id": "CVE-2019-0981"
},
{
"db": "BID",
"id": "108207"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003825"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152953"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-395"
},
{
"db": "NVD",
"id": "CVE-2019-0981"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-20377"
},
{
"date": "2019-05-16T00:00:00",
"db": "VULMON",
"id": "CVE-2019-0981"
},
{
"date": "2019-05-14T00:00:00",
"db": "BID",
"id": "108207"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003825"
},
{
"date": "2019-05-22T14:39:27",
"db": "PACKETSTORM",
"id": "152999"
},
{
"date": "2019-05-16T23:05:23",
"db": "PACKETSTORM",
"id": "152953"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-395"
},
{
"date": "2019-05-16T19:29:05.020000",
"db": "NVD",
"id": "CVE-2019-0981"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-20377"
},
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2019-0981"
},
{
"date": "2019-05-14T00:00:00",
"db": "BID",
"id": "108207"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003825"
},
{
"date": "2019-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-395"
},
{
"date": "2024-11-21T04:17:36.803000",
"db": "NVD",
"id": "CVE-2019-0981"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-395"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft .NET Framework and .NET Core Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003825"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-395"
}
],
"trust": 0.6
}
}
var-202210-0635
Vulnerability from variot
NuGet Client Elevation of Privilege Vulnerability. plural Microsoft The product has NuGet A privilege escalation vulnerability exists due to a flaw in the client.You may be elevated. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: .NET Core 3.1 on RHEL 7 security and bugfix update Advisory ID: RHSA-2022:6914-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6914 Issue date: 2022-10-12 CVE Names: CVE-2022-41032 ==================================================================== 1. Summary:
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.424 and .NET Runtime 3.1.30 .
Security Fix(es):
- dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2132614 - CVE-2022-41032 dotnet: Nuget cache poisoning on Linux via world-writable cache directory
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet31-dotnet-3.1.424-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.424-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet31-dotnet-3.1.424-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.424-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet31-dotnet-3.1.424-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.424-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.424-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-41032 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBY01wLdzjgjWX9erEAQijOBAAk3qi59juLWrmQL5NwAFuU0YEdAxcs4N0 AllLrbzQqdQ1uD3il00D6elzQ3rPe0XdtbQ6QsPe5+xweF9lN0brki53z6EeWe8k 7+T8ymBM24WKaJYsqdlOyM3b0Xo6w9y5sc7tNr6GU/N8CpVb4s9v5H3dhyiJQL0F hceZzZp5ohRwccy435r9awjTxi1o1qs0Fm+oahEjOw43vWUJLEQq8bxm/Fjdxukc wowIu7DigVwHJuz04ps/h0ds9ScmBTxvSn2CsC/G3NYphWF6Z7vm9U9gHDQJUptM hFVVLnS+3EH23KJ/f3OTOPAghcGlbQNp1NDBgyyvEzWjDVcxtJ713ZfiDa6KN/Ge BDhNu0CEy5yIVTp+84BMuBbIZvtg83y2xpgitmjh+qT/GZ8gckKQcGzd0IRa6ByW sEPH6N1/eUsMeF6yhAlkE5Z4crCdNuhBsBWak1PTn4hTwOUyGjHMGavgYgopIQyi ymtG0J7R6uW0W0aBlqHP9B9PZ05fUwRI1BU6s84AEsWxouCxPQ+Ihd2191h400XP nDYyN1Amb7hPbYfQgMotaX9kFNlwm8k7wP77J0enuOIExb5sPn6Y9kMu9gvhMWhP UoNK5R8zb2xt3ONi8LErjThYePjna5/2E1q4ZnIGby0Ap36O1wGVZ/9SFywUhKQW 1U0w3pAxg/8=NP0+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 9) - aarch64, s390x, x86_64
- ========================================================================== Ubuntu Security Notice USN-5670-1 October 11, 2022
dotnet6 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
.NET 6 could be made to execute arbitrary code.
Software Description: - dotnet6: dotNET CLI tools and runtime
Details:
Edward Thomson discovered that .NET 6 incorrectly handled permissions for local NuGet cache. A local attacker could possibly use this issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.110-0ubuntu1~22.04.1 dotnet-host 6.0.110-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.110-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.110-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.110-0ubuntu1~22.04.1 dotnet6 6.0.110-0ubuntu1~22.04.1
In general, a standard system update will make all the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64
The following packages have been upgraded to a later upstream version: dotnet7.0 (7.0.100). (BZ#2134642)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0635",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.3.7"
},
{
"model": "visual studio 2019",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.9.26"
},
{
"model": ".net",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0.15"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.10.0"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.2.0"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.3.6"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.2.9"
},
{
"model": "visual studio 2019",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.11.20"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.3"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "visual studio 2022 for mac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "17.3"
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft visual studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002496"
},
{
"db": "NVD",
"id": "CVE-2022-41032"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168764"
},
{
"db": "PACKETSTORM",
"id": "168763"
},
{
"db": "PACKETSTORM",
"id": "168760"
},
{
"db": "PACKETSTORM",
"id": "168761"
},
{
"db": "PACKETSTORM",
"id": "168762"
},
{
"db": "PACKETSTORM",
"id": "169743"
},
{
"db": "PACKETSTORM",
"id": "169901"
}
],
"trust": 0.7
},
"cve": "CVE-2022-41032",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-41032",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-002496",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-41032",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2022-41032",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-002496",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-541",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002496"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-541"
},
{
"db": "NVD",
"id": "CVE-2022-41032"
},
{
"db": "NVD",
"id": "CVE-2022-41032"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NuGet Client Elevation of Privilege Vulnerability. plural Microsoft The product has NuGet A privilege escalation vulnerability exists due to a flaw in the client.You may be elevated. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: .NET Core 3.1 on RHEL 7 security and bugfix update\nAdvisory ID: RHSA-2022:6914-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6914\nIssue date: 2022-10-12\nCVE Names: CVE-2022-41032\n====================================================================\n1. Summary:\n\nAn update for .NET Core 3.1 is now available for Red Hat Enterprise Linux\n7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now\navailable. The updated versions are .NET SDK 3.1.424 and .NET Runtime\n3.1.30 . \n\nSecurity Fix(es):\n\n* dotnet: Nuget cache poisoning on Linux via world-writable cache directory\n(CVE-2022-41032)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2132614 - CVE-2022-41032 dotnet: Nuget cache poisoning on Linux via world-writable cache directory\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.424-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.424-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.424-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.424-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.424-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.424-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.424-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.424-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.424-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.424-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.424-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.424-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.424-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.424-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.424-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.424-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.424-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.424-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.424-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.30-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.424-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.424-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-41032\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY01wLdzjgjWX9erEAQijOBAAk3qi59juLWrmQL5NwAFuU0YEdAxcs4N0\nAllLrbzQqdQ1uD3il00D6elzQ3rPe0XdtbQ6QsPe5+xweF9lN0brki53z6EeWe8k\n7+T8ymBM24WKaJYsqdlOyM3b0Xo6w9y5sc7tNr6GU/N8CpVb4s9v5H3dhyiJQL0F\nhceZzZp5ohRwccy435r9awjTxi1o1qs0Fm+oahEjOw43vWUJLEQq8bxm/Fjdxukc\nwowIu7DigVwHJuz04ps/h0ds9ScmBTxvSn2CsC/G3NYphWF6Z7vm9U9gHDQJUptM\nhFVVLnS+3EH23KJ/f3OTOPAghcGlbQNp1NDBgyyvEzWjDVcxtJ713ZfiDa6KN/Ge\nBDhNu0CEy5yIVTp+84BMuBbIZvtg83y2xpgitmjh+qT/GZ8gckKQcGzd0IRa6ByW\nsEPH6N1/eUsMeF6yhAlkE5Z4crCdNuhBsBWak1PTn4hTwOUyGjHMGavgYgopIQyi\nymtG0J7R6uW0W0aBlqHP9B9PZ05fUwRI1BU6s84AEsWxouCxPQ+Ihd2191h400XP\nnDYyN1Amb7hPbYfQgMotaX9kFNlwm8k7wP77J0enuOIExb5sPn6Y9kMu9gvhMWhP\nUoNK5R8zb2xt3ONi8LErjThYePjna5/2E1q4ZnIGby0Ap36O1wGVZ/9SFywUhKQW\n1U0w3pAxg/8=NP0+\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 9) - aarch64, s390x, x86_64\n\n3. ==========================================================================\nUbuntu Security Notice USN-5670-1\nOctober 11, 2022\n\ndotnet6 vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n\nSummary:\n\n.NET 6 could be made to execute arbitrary code. \n\nSoftware Description:\n- dotnet6: dotNET CLI tools and runtime\n\nDetails:\n\nEdward Thomson discovered that .NET 6 incorrectly handled\npermissions for local NuGet cache. A local attacker could\npossibly use this issue to execute arbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n aspnetcore-runtime-6.0 6.0.110-0ubuntu1~22.04.1\n dotnet-host 6.0.110-0ubuntu1~22.04.1\n dotnet-hostfxr-6.0 6.0.110-0ubuntu1~22.04.1\n dotnet-runtime-6.0 6.0.110-0ubuntu1~22.04.1\n dotnet-sdk-6.0 6.0.110-0ubuntu1~22.04.1\n dotnet6 6.0.110-0ubuntu1~22.04.1\n\nIn general, a standard system update will make all the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. \n\nThe following packages have been upgraded to a later upstream version:\ndotnet7.0 (7.0.100). (BZ#2134642)",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41032"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002496"
},
{
"db": "PACKETSTORM",
"id": "168764"
},
{
"db": "PACKETSTORM",
"id": "168763"
},
{
"db": "PACKETSTORM",
"id": "168760"
},
{
"db": "PACKETSTORM",
"id": "168761"
},
{
"db": "PACKETSTORM",
"id": "168762"
},
{
"db": "PACKETSTORM",
"id": "168697"
},
{
"db": "PACKETSTORM",
"id": "169743"
},
{
"db": "PACKETSTORM",
"id": "169901"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-41032",
"trust": 4.0
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002496",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168764",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168697",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169743",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169901",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.5053",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5143",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202210-541",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168763",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168760",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168761",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168762",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002496"
},
{
"db": "PACKETSTORM",
"id": "168764"
},
{
"db": "PACKETSTORM",
"id": "168763"
},
{
"db": "PACKETSTORM",
"id": "168760"
},
{
"db": "PACKETSTORM",
"id": "168761"
},
{
"db": "PACKETSTORM",
"id": "168762"
},
{
"db": "PACKETSTORM",
"id": "168697"
},
{
"db": "PACKETSTORM",
"id": "169743"
},
{
"db": "PACKETSTORM",
"id": "169901"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-541"
},
{
"db": "NVD",
"id": "CVE-2022-41032"
}
]
},
"id": "VAR-202210-0635",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-08-14T15:37:21.003000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NuGet\u00a0Client\u00a0Elevation\u00a0of\u00a0Privilege\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41032"
},
{
"title": "NuGet Client Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=210607"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002496"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-541"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002496"
},
{
"db": "NVD",
"id": "CVE-2022-41032"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41032"
},
{
"trust": 1.6,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2022-41032"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/security/cve/cve-2022-41032"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fog35z5rl5w5rgllyln46ci4d2updswm/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hdpt2mjc3hd7hyzgasoox6mtdr4asbl5/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x7bmho5itrbzrevtekhqrgsfrpdmalv3/"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20221012-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2022/at220028.html"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hdpt2mjc3hd7hyzgasoox6mtdr4asbl5/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/fog35z5rl5w5rgllyln46ci4d2updswm/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x7bmho5itrbzrevtekhqrgsfrpdmalv3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5053"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168764/red-hat-security-advisory-2022-6915-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169743/red-hat-security-advisory-2022-7826-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169901/red-hat-security-advisory-2022-8434-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5143"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-41032/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-visual-studio-privilege-escalation-39522"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168697/ubuntu-security-notice-usn-5670-1.html"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-41032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6914"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6913"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6911"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6912"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dotnet6/6.0.110-0ubuntu1~22.04.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5670-1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7826"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8434"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002496"
},
{
"db": "PACKETSTORM",
"id": "168764"
},
{
"db": "PACKETSTORM",
"id": "168763"
},
{
"db": "PACKETSTORM",
"id": "168760"
},
{
"db": "PACKETSTORM",
"id": "168761"
},
{
"db": "PACKETSTORM",
"id": "168762"
},
{
"db": "PACKETSTORM",
"id": "168697"
},
{
"db": "PACKETSTORM",
"id": "169743"
},
{
"db": "PACKETSTORM",
"id": "169901"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-541"
},
{
"db": "NVD",
"id": "CVE-2022-41032"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002496"
},
{
"db": "PACKETSTORM",
"id": "168764"
},
{
"db": "PACKETSTORM",
"id": "168763"
},
{
"db": "PACKETSTORM",
"id": "168760"
},
{
"db": "PACKETSTORM",
"id": "168761"
},
{
"db": "PACKETSTORM",
"id": "168762"
},
{
"db": "PACKETSTORM",
"id": "168697"
},
{
"db": "PACKETSTORM",
"id": "169743"
},
{
"db": "PACKETSTORM",
"id": "169901"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-541"
},
{
"db": "NVD",
"id": "CVE-2022-41032"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002496"
},
{
"date": "2022-10-18T14:31:26",
"db": "PACKETSTORM",
"id": "168764"
},
{
"date": "2022-10-18T14:31:15",
"db": "PACKETSTORM",
"id": "168763"
},
{
"date": "2022-10-18T14:30:44",
"db": "PACKETSTORM",
"id": "168760"
},
{
"date": "2022-10-18T14:30:58",
"db": "PACKETSTORM",
"id": "168761"
},
{
"date": "2022-10-18T14:31:05",
"db": "PACKETSTORM",
"id": "168762"
},
{
"date": "2022-10-12T13:23:16",
"db": "PACKETSTORM",
"id": "168697"
},
{
"date": "2022-11-08T13:44:15",
"db": "PACKETSTORM",
"id": "169743"
},
{
"date": "2022-11-16T16:10:23",
"db": "PACKETSTORM",
"id": "169901"
},
{
"date": "2022-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-541"
},
{
"date": "2022-10-11T19:15:20.483000",
"db": "NVD",
"id": "CVE-2022-41032"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-17T03:16:00",
"db": "JVNDB",
"id": "JVNDB-2022-002496"
},
{
"date": "2022-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-541"
},
{
"date": "2023-12-20T20:15:17.783000",
"db": "NVD",
"id": "CVE-2022-41032"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "168697"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-541"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Microsoft\u00a0 Elevated privilege vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002496"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-541"
}
],
"trust": 0.6
}
}
var-201801-1128
Vulnerability from variot
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability.". An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1128",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.6.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.6.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "3.5.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.7"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.6"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.5.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "3.5"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "4.7.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.3,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2.0 sp2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "3.0 sp2"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20160"
},
{
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20120"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20120"
},
{
"model": "windows server r2 for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "windows server r2 for itanium-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "windows server r2 datacenter sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "windows server for x64-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "windows server for itanium-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "windows server for 32-bit systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "windows rt",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.1"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "windows for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "windows for 32-bit systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1015110"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1015110"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
},
{
"model": ".net framework sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "102380"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001239"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-404"
},
{
"db": "NVD",
"id": "CVE-2018-0786"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:.net_framework",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:powershell_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001239"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "102380"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0786",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-0786",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-0786",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0786",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-0786",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-404",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001239"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-404"
},
{
"db": "NVD",
"id": "CVE-2018-0786"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\". \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0786"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001239"
},
{
"db": "BID",
"id": "102380"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0786",
"trust": 2.7
},
{
"db": "BID",
"id": "102380",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1040152",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001239",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-404",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "102380"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001239"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-404"
},
{
"db": "NVD",
"id": "CVE-2018-0786"
}
]
},
"id": "VAR-201801-1128",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T21:39:52.687000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-0786 | .NET Security Feature Bypass Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786"
},
{
"title": "CVE-2018-0786 | .NET \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u306e\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-0786"
},
{
"title": "Microsoft .NET Framework and .NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77659"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001239"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-404"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.0
},
{
"problemtype": "CWE-254",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001239"
},
{
"db": "NVD",
"id": "CVE-2018-0786"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/102380"
},
{
"trust": 1.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0786"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1040152"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0786"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20180110-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2018/at180002.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0786"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/net/"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
}
],
"sources": [
{
"db": "BID",
"id": "102380"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001239"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-404"
},
{
"db": "NVD",
"id": "CVE-2018-0786"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "102380"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001239"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-404"
},
{
"db": "NVD",
"id": "CVE-2018-0786"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102380"
},
{
"date": "2018-02-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001239"
},
{
"date": "2018-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-404"
},
{
"date": "2018-01-10T01:29:00.320000",
"db": "NVD",
"id": "CVE-2018-0786"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102380"
},
{
"date": "2018-02-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001239"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-404"
},
{
"date": "2024-11-21T03:38:56.790000",
"db": "NVD",
"id": "CVE-2018-0786"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-404"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft .NET Framework and .NET Core Vulnerabilities that bypass security functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001239"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-404"
}
],
"trust": 0.6
}
}
var-202105-1253
Vulnerability from variot
.NET and Visual Studio Elevation of Privilege Vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A flaw was found in dotnet. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:1546-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1546 Issue date: 2021-05-12 CVE Names: CVE-2021-31204 ==================================================================== 1. Summary:
An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.203 and .NET Runtime 5.0.6.
Security Fix(es):
- dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)
In order for the update to be complete, self-contained applications deployed using previous versions need to be recompiled and redeployed.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1956815 - CVE-2021-31204 dotnet: .NET Core single-file application privilege escalation
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-31204 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYJuTg9zjgjWX9erEAQi24A/+IQHDppohTDfSg+JLDlRUTIQgwofJr5sa nNxTqZqvbp+qS4q1c/C2rBtRMGwkwn3Nb1+4ea3rUcl9M2vw4ijRK1CVGiBdFUyV k+Mfj3bdBgMovspyNF/Y2vV0419hLGFRZQUIK59naa86wJWvjLpUf5fX88J65R/P O19JYiJKQKudF8LY4KDYU3uRbPJ+Fpi7mv/BLHzxFdoRclHyDhLgtiNg7fn1yDOS pZUV8fi/R4LB65hVqgrJIIJp+nut1RLrb41hPWFS+n3tG48k132D5bIQ4M5qk1nL VpiKAAKLlDtUrlsDsQHmX2Rwa+fKVK1Am1lxI5hhlGa025uzB/WvlWlxvULk+fa2 LFkEdoDfvMKEIvEhnYnpDy5w1VJqW3QcshmOWmCzqpYZVxWpsDS067uh2+b2uaHd y/Na92kAJ2x3Zl6NfXkcGYLzXKJDWH43ngjQmW2tcoGRdh8S287QCEmMA72lDd+M NWsK7q+UsX7O5INSsWja+dp1VKlbfw+Fzc8OS5ozCHZyl0ubUf2meCMwqJlsOTtg Wpj77OODn658HyJ31ItdFLOY4ftKm/SfFku11HIrmuUS8UTvuWz/Skwd1gQ2nYgv vJQSGsESo1M4SqcvPmj//ljMk3RAzxFjh2is0/3KmSe8mqFfLiuG2Wy+KpFvlGPD ryjzBqi6068=tgxd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-1253",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.5.0"
},
{
"model": "visual studio 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "8.9"
},
{
"model": "visual studio 2019",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.4.22"
},
{
"model": ".net core",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1.14"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0"
},
{
"model": "visual studio 2019",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.9.5"
},
{
"model": "visual studio 2019",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.7.15"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.8.0"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": ".net",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0.5"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "microsoft visual studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": ".net core",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001514"
},
{
"db": "NVD",
"id": "CVE-2021-31204"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162702"
},
{
"db": "PACKETSTORM",
"id": "162706"
},
{
"db": "PACKETSTORM",
"id": "162553"
},
{
"db": "PACKETSTORM",
"id": "162552"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-624"
}
],
"trust": 1.0
},
"cve": "CVE-2021-31204",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2021-31204",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-31204",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "secure@microsoft.com",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"id": "CVE-2021-31204",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-31204",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-31204",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2021-31204",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-31204",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-624",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-31204",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001514"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-624"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-31204"
},
{
"db": "NVD",
"id": "CVE-2021-31204"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET and Visual Studio Elevation of Privilege Vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A flaw was found in dotnet. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update\nAdvisory ID: RHSA-2021:1546-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1546\nIssue date: 2021-05-12\nCVE Names: CVE-2021-31204\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet50-dotnet is now available for .NET on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now\navailable. The updated versions are .NET SDK 5.0.203 and .NET Runtime\n5.0.6. \n\nSecurity Fix(es):\n\n* dotnet: .NET Core single-file application privilege escalation\n(CVE-2021-31204)\n\nIn order for the update to be complete, self-contained applications\ndeployed using previous versions need to be recompiled and redeployed. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1956815 - CVE-2021-31204 dotnet: .NET Core single-file application privilege escalation\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-31204\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYJuTg9zjgjWX9erEAQi24A/+IQHDppohTDfSg+JLDlRUTIQgwofJr5sa\nnNxTqZqvbp+qS4q1c/C2rBtRMGwkwn3Nb1+4ea3rUcl9M2vw4ijRK1CVGiBdFUyV\nk+Mfj3bdBgMovspyNF/Y2vV0419hLGFRZQUIK59naa86wJWvjLpUf5fX88J65R/P\nO19JYiJKQKudF8LY4KDYU3uRbPJ+Fpi7mv/BLHzxFdoRclHyDhLgtiNg7fn1yDOS\npZUV8fi/R4LB65hVqgrJIIJp+nut1RLrb41hPWFS+n3tG48k132D5bIQ4M5qk1nL\nVpiKAAKLlDtUrlsDsQHmX2Rwa+fKVK1Am1lxI5hhlGa025uzB/WvlWlxvULk+fa2\nLFkEdoDfvMKEIvEhnYnpDy5w1VJqW3QcshmOWmCzqpYZVxWpsDS067uh2+b2uaHd\ny/Na92kAJ2x3Zl6NfXkcGYLzXKJDWH43ngjQmW2tcoGRdh8S287QCEmMA72lDd+M\nNWsK7q+UsX7O5INSsWja+dp1VKlbfw+Fzc8OS5ozCHZyl0ubUf2meCMwqJlsOTtg\nWpj77OODn658HyJ31ItdFLOY4ftKm/SfFku11HIrmuUS8UTvuWz/Skwd1gQ2nYgv\nvJQSGsESo1M4SqcvPmj//ljMk3RAzxFjh2is0/3KmSe8mqFfLiuG2Wy+KpFvlGPD\nryjzBqi6068=tgxd\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001514"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-31204"
},
{
"db": "PACKETSTORM",
"id": "162702"
},
{
"db": "PACKETSTORM",
"id": "162706"
},
{
"db": "PACKETSTORM",
"id": "162553"
},
{
"db": "PACKETSTORM",
"id": "162552"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-31204",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001514",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162702",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162552",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021052223",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051320",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051141",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052517",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1630",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1760",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-624",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-31204",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162706",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162553",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001514"
},
{
"db": "PACKETSTORM",
"id": "162702"
},
{
"db": "PACKETSTORM",
"id": "162706"
},
{
"db": "PACKETSTORM",
"id": "162553"
},
{
"db": "PACKETSTORM",
"id": "162552"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-624"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-31204"
}
]
},
"id": "VAR-202105-1253",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-08-14T12:18:35.425000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": ".NET\u00a0and\u00a0Visual\u00a0Studio\u00a0Elevation\u00a0of\u00a0Privilege\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4F3VM3RMPE7PNNLLI3BPCSAXITQZCFCA/"
},
{
"title": "Microsoft Visual Studio Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151246"
},
{
"title": "Red Hat: CVE-2021-31204",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-31204"
},
{
"title": "Arch Linux Advisories: [ASA-202105-22] dotnet-runtime-3.1: privilege escalation",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202105-22"
},
{
"title": "Arch Linux Advisories: [ASA-202105-20] dotnet-sdk: privilege escalation",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202105-20"
},
{
"title": "Arch Linux Advisories: [ASA-202105-21] dotnet-runtime: privilege escalation",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202105-21"
},
{
"title": "Arch Linux Advisories: [ASA-202105-23] dotnet-sdk-3.1: privilege escalation",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202105-23"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-31204 log"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/wormable-windows-bug-dos-rce/166057/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001514"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-624"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Improper authority management (CWE-269) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001514"
},
{
"db": "NVD",
"id": "CVE-2021-31204"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-31204"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31204"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31204"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4f3vm3rmpe7pnnlli3bpcsaxitqzcfca/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6m7kl3kthjvqnra3cwfutesqjarqehsz/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fvmwzpf4fr6jpfsnaidiudulhzjbvcw6/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lfxjpquyuitjmv75yn3xige3kkn5gocu/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/uv4itb3sudgr23g7xaluvkfjmzerfukf/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zwf25z3cz6lycohz7fpsfaq426jubuz4/"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20210512-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2021/at210024.html"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/fvmwzpf4fr6jpfsnaidiudulhzjbvcw6/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/uv4itb3sudgr23g7xaluvkfjmzerfukf/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4f3vm3rmpe7pnnlli3bpcsaxitqzcfca/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6m7kl3kthjvqnra3cwfutesqjarqehsz/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lfxjpquyuitjmv75yn3xige3kkn5gocu/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zwf25z3cz6lycohz7fpsfaq426jubuz4/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-may-2021-35383"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051320"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162702/red-hat-security-advisory-2021-2037-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162552/red-hat-security-advisory-2021-1546-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052223"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1630"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1760"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052517"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051141"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-31204"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/269.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/wormable-windows-bug-dos-rce/166057/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2037"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2036"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1546"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001514"
},
{
"db": "PACKETSTORM",
"id": "162702"
},
{
"db": "PACKETSTORM",
"id": "162706"
},
{
"db": "PACKETSTORM",
"id": "162553"
},
{
"db": "PACKETSTORM",
"id": "162552"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-624"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-31204"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001514"
},
{
"db": "PACKETSTORM",
"id": "162702"
},
{
"db": "PACKETSTORM",
"id": "162706"
},
{
"db": "PACKETSTORM",
"id": "162553"
},
{
"db": "PACKETSTORM",
"id": "162552"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-624"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-31204"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-31204"
},
{
"date": "2021-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001514"
},
{
"date": "2021-05-19T14:23:23",
"db": "PACKETSTORM",
"id": "162702"
},
{
"date": "2021-05-19T14:23:53",
"db": "PACKETSTORM",
"id": "162706"
},
{
"date": "2021-05-12T13:53:06",
"db": "PACKETSTORM",
"id": "162553"
},
{
"date": "2021-05-12T13:52:59",
"db": "PACKETSTORM",
"id": "162552"
},
{
"date": "2021-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-624"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-11T19:15:10.327000",
"db": "NVD",
"id": "CVE-2021-31204"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-31204"
},
{
"date": "2021-05-26T09:07:00",
"db": "JVNDB",
"id": "JVNDB-2021-001514"
},
{
"date": "2022-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-624"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2023-12-29T00:15:49.127000",
"db": "NVD",
"id": "CVE-2021-31204"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-624"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET\u00a0 and \u00a0Microsoft\u00a0Visual\u00a0Studio\u00a0 Vulnerability to elevate privileges in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001514"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-624"
}
],
"trust": 0.6
}
}
var-202009-1442
Vulnerability from variot
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. Brotli A classic buffer overflow vulnerability exists in the library.Information is tampered with and denial of service (DoS) It may be put into a state.
For the stable distribution (buster), this problem has been fixed in version 1.0.7-2+deb10u1.
We recommend that you upgrade your brotli packages.
For the detailed security status of brotli please refer to its security tracker page at: https://security-tracker.debian.org/tracker/brotli
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/GuhkACgkQEMKTtsN8 TjZ68A/9ED9ToGA8pwsL99uHc4FA6EBIKzPDIz4I649PTvrKi8wpfa6RqrcfhcCE xfOx4+PiYaUqOnAy02O0cbkvzQvcGIVlrIxJ0v4/QFAbiuX5Gy/q9b3ZkHsIRybK +PywHjHEKBqwR9vetV1xYM8s4Smh6iwH+UjHxt9E0/KEHWQF17N094yubtrIJrDf irZDMFnXYCeWRrAZH5rwB6Be6X0nQri3WF9vcdBK61vktSv+iTVklCNbIKrQr1p8 SHPIlUBIp/LjeHaSq+ZNYzSwg1LVtGKqwlvWaRbiBY3Uf5VYyXVKRL7m8WDR7ozu GnfIpBnfttx2sptBAAq8OFx9hmzFEGVSfNy5sXbhb9HoUjX2URUUzN+1z71Da6Tz XrMgJlJ9YQrDAV0dpakztVdSbWV9Ub3bS3Jth3L42dsJGA7qyfs3KmsnkNJj5x3L dHQl6VZRxvUpsHE9zyKAN/rnPyvcrloZ04qxWtJKcvR113mFTlehKDTNjWzCnSic Knzzl/ArWjyNFQ+1kNwXbMSSIOvgBHYSwQI8rqjvaR33jk+P1Mt41VRzdwmT6t5c 4c85j18OrBdAfu1E7Fqy3MAeZq7dRR0prQzVAvxzUXgu/4G8nCvRbW6MDt2scnR0 BYT1fKy//PWHKdNzOMdjbE6Ab6rX0DbaNfHgpjsD2r0VYSv7W/E= =mzSF -----END PGP SIGNATURE----- . 8) - aarch64, ppc64le, s390x, x86_64
- Description:
Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression. Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.2.4 General Availability release images, which fix several bugs and security issues. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/
Security fixes:
-
redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
-
console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092)
-
console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918)
Bug fixes:
-
RHACM 2.2.4 images (BZ# 1957254)
-
Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832)
-
ACM Operator should support using the default route TLS (BZ# 1955270)
-
The scrolling bar for search filter does not work properly (BZ# 1956852)
-
Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)
-
The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181)
-
Unable to make SSH connection to a Bitbucket server (BZ# 1966513)
-
Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message
- Description:
Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers.
Bug Fix(es):
-
WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)
-
LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917)
-
Telemetry info not completely available to identify windows nodes (BZ#1955319)
-
WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412)
-
kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263)
-
Solution:
For Windows Machine Config Operator upgrades, see the following documentation:
https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html
- Bugs fixed (https://bugzilla.redhat.com/):
1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: .NET Core 3.1 on RHEL 7 security and bugfix update Advisory ID: RHSA-2022:0829-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0829 Issue date: 2022-03-10 CVE Names: CVE-2020-8927 CVE-2022-24464 CVE-2022-24512 =====================================================================
- Summary:
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.
Security Fix(es):
-
dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
-
dotnet: double parser stack buffer overrun (CVE-2022-24512)
-
brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1879225 - CVE-2020-8927 brotli: buffer overflow when input chunk is larger than 2GiB 2061847 - CVE-2022-24464 dotnet: ASP.NET Denial of Service via FormPipeReader 2061854 - CVE-2022-24512 dotnet: double parser stack buffer overrun
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet31-dotnet-3.1.417-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.417-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet31-dotnet-3.1.417-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.417-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet31-dotnet-3.1.417-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.417-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.417-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2022-24464 https://access.redhat.com/security/cve/CVE-2022-24512 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYippStzjgjWX9erEAQhIVQ/+KaWuTu5qx9aBrzo+gGMJbE0ldm+qAon9 x641a4Usu0ZC3y+DWhRCkM2hCHbxKIXg8WhLJ/GN2/VfAQwVRIt/YwOVarRkGuFF xb3YQ5LpA2iQcZ/QcwSobe3MeoJrTiXhq1hENEnkspELV08/q5EOKrvnvKVM7t96 pwK88Ry7lq5iYF9y0tHd38IunXAGVUQaNq2GJ54xFhvVmaNNDa4R8wvRJ0e/IhS0 VyIrtjktZCYyAKPmf/OqcPsVI6WueYSPU/W9jRU7z69JOBvqN1i1ZUnfIgaMPMVg VliTB5Z4fFJ1t1DTCH98iPHgUdxy5FBrbIEx0EIZSVDHs/WO3PXmI+x9H1kihSTV 9hmSZ5aX2bngR9oGqMemsFoa0kZGiGzHNJ+WRP6CPK1lJA+cSMnwTv0LBLrElAS0 m+OhpVoXOl1pS8yB9MdJpjNuv+hkIxiwdR056glF2/CdJUimDsIV+R5349/j51u1 iqPu7hsaoOGOl8U1qIfINtw9GNnImDw6EGpyxIdn8I4C3Z66TYYkfL0VKSODUxfm r/Ngyhhgud6Q5cyps4KH/TzKPwTEOyzpx4a8ehVbvRtN8HkdevZlDoFNBCT41uKJ Lpk32YK2TBvsNYYMvxoTYAVXW95jPFcexVT1ElYfnKbXmiMYMXhFKavpq5NaUOrD vbL/opMlrgQ= =vceG -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .
Security Fix(es):
- golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
- golang: net: lookup functions may return invalid host names (CVE-2021-33195)
- golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
- golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
- golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)
- golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
- golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)
It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. This has been fixed (CVE-2021-3703). Solution:
See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.6/html/serverless/index See the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.7/html/serverless/index See the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.8/html/serverless/index
- Bugs fixed (https://bugzilla.redhat.com/):
1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1983651 - Release of OpenShift Serverless Serving 1.17.0 1983654 - Release of OpenShift Serverless Eventing 1.17.0 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-1442",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "visual studio 2019",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.11"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "powershell",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "powershell",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.2.2"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0"
},
{
"model": "visual studio 2022",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.1"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "powershell",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.1"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "powershell",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.9"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "powershell",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.1.6"
},
{
"model": "brotli",
"scope": "lt",
"trust": 1.0,
"vendor": "google",
"version": "1.0.8"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "20.04"
},
{
"model": "visual studio 2022",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0.7"
},
{
"model": ".net",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0.14"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": ".net core",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1.22"
},
{
"model": "powershell",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "brotli",
"scope": "eq",
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "brotli",
"scope": "lt",
"trust": 0.8,
"vendor": "google",
"version": "1.0.8 less than"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011334"
},
{
"db": "NVD",
"id": "CVE-2020-8927"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162688"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163496"
},
{
"db": "PACKETSTORM",
"id": "166269"
},
{
"db": "PACKETSTORM",
"id": "166267"
},
{
"db": "PACKETSTORM",
"id": "164192"
}
],
"trust": 0.7
},
"cve": "CVE-2020-8927",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-8927",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8927",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve-coordination@google.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8927",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-8927",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8927",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve-coordination@google.com",
"id": "CVE-2020-8927",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-8927",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULMON",
"id": "CVE-2020-8927",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8927"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011334"
},
{
"db": "NVD",
"id": "CVE-2020-8927"
},
{
"db": "NVD",
"id": "CVE-2020-8927"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits. Brotli A classic buffer overflow vulnerability exists in the library.Information is tampered with and denial of service (DoS) It may be put into a state. \n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.0.7-2+deb10u1. \n\nWe recommend that you upgrade your brotli packages. \n\nFor the detailed security status of brotli please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/brotli\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/GuhkACgkQEMKTtsN8\nTjZ68A/9ED9ToGA8pwsL99uHc4FA6EBIKzPDIz4I649PTvrKi8wpfa6RqrcfhcCE\nxfOx4+PiYaUqOnAy02O0cbkvzQvcGIVlrIxJ0v4/QFAbiuX5Gy/q9b3ZkHsIRybK\n+PywHjHEKBqwR9vetV1xYM8s4Smh6iwH+UjHxt9E0/KEHWQF17N094yubtrIJrDf\nirZDMFnXYCeWRrAZH5rwB6Be6X0nQri3WF9vcdBK61vktSv+iTVklCNbIKrQr1p8\nSHPIlUBIp/LjeHaSq+ZNYzSwg1LVtGKqwlvWaRbiBY3Uf5VYyXVKRL7m8WDR7ozu\nGnfIpBnfttx2sptBAAq8OFx9hmzFEGVSfNy5sXbhb9HoUjX2URUUzN+1z71Da6Tz\nXrMgJlJ9YQrDAV0dpakztVdSbWV9Ub3bS3Jth3L42dsJGA7qyfs3KmsnkNJj5x3L\ndHQl6VZRxvUpsHE9zyKAN/rnPyvcrloZ04qxWtJKcvR113mFTlehKDTNjWzCnSic\nKnzzl/ArWjyNFQ+1kNwXbMSSIOvgBHYSwQI8rqjvaR33jk+P1Mt41VRzdwmT6t5c\n4c85j18OrBdAfu1E7Fqy3MAeZq7dRR0prQzVAvxzUXgu/4G8nCvRbW6MDt2scnR0\nBYT1fKy//PWHKdNzOMdjbE6Ab6rX0DbaNfHgpjsD2r0VYSv7W/E=\n=mzSF\n-----END PGP SIGNATURE-----\n. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nBrotli is a generic-purpose lossless compression algorithm that compresses\ndata using a combination of a modern variant of the LZ77 algorithm, Huffman\ncoding and 2nd order context modeling, with a compression ratio comparable\nto the best currently available general-purpose compression methods. It is\nsimilar in speed with deflate but offers more dense compression. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 General\nAvailability\nrelease images, which fix several bugs and security issues. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability\nengineers face as they work across a range of public and private cloud\nenvironments. \nClusters and applications are all visible and managed from a single\nconsole\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor\nthis release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* redisgraph-tls: redis: integer overflow when configurable limit for\nmaximum supported bulk input size is too big on 32-bit platforms\n(CVE-2021-21309)\n\n* console-header-container: nodejs-netmask: improper input validation of\noctal input data (CVE-2021-28092)\n\n* console-container: nodejs-is-svg: ReDoS via malicious string\n(CVE-2021-28918)\n\nBug fixes: \n\n* RHACM 2.2.4 images (BZ# 1957254)\n\n* Enabling observability for OpenShift Container Storage with RHACM 2.2 on\nOCP 4.7 (BZ#1950832)\n\n* ACM Operator should support using the default route TLS (BZ# 1955270)\n\n* The scrolling bar for search filter does not work properly (BZ# 1956852)\n\n* Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)\n\n* The proxy setup in install-config.yaml is not worked when IPI installing\nwith RHACM (BZ# 1960181)\n\n* Unable to make SSH connection to a Bitbucket server (BZ# 1966513)\n\n* Observability Thanos store shard crashing - cannot unmarshall DNS message\n(BZ# 1967890)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7\n1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory\n1954506 - [DDF] Table does not contain data about 20 clusters. Now it\u0027s difficult to estimate CPU usage with larger clusters\n1954535 - Reinstall Submariner - No endpoints found on one cluster\n1955270 - ACM Operator should support using the default route TLS\n1956852 - The scrolling bar for search filter does not work properly\n1957254 - RHACM 2.2.4 images\n1959426 - Limits on Length of MultiClusterObservability Resource Name\n1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. \n1963128 - [DDF] Please rename this to \"Amazon Elastic Kubernetes Service\"\n1966513 - Unable to make SSH connection to a Bitbucket server\n1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. \n1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message\n\n5. Description:\n\nWindows Container Support for Red Hat OpenShift allows you to deploy\nWindows container workloads running on Windows Server containers. \n\nBug Fix(es):\n\n* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)\n\n* LoadBalancer Service type with invalid external loadbalancer IP breaks\nthe datapath (BZ#1952917)\n\n* Telemetry info not completely available to identify windows nodes\n(BZ#1955319)\n\n* WMCO incorrectly shows node as ready after a failed configuration\n(BZ#1956412)\n\n* kube-proxy service terminated unexpectedly after recreated LB service\n(BZ#1963263)\n\n3. Solution:\n\nFor Windows Machine Config Operator upgrades, see the following\ndocumentation:\n\nhttps://docs.openshift.com/container-platform/4.7/windows_containers/window\ns-node-upgrades.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1945248 - WMCO patch pub-key-hash annotation to Linux node\n1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don\u0027t create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM\n1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath\n1955319 - Telemetry info not completely available to identify windows nodes\n1956412 - WMCO incorrectly shows node as ready after a failed configuration\n1963263 - kube-proxy service terminated unexpectedly after recreated LB service\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: .NET Core 3.1 on RHEL 7 security and bugfix update\nAdvisory ID: RHSA-2022:0829-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0829\nIssue date: 2022-03-10\nCVE Names: CVE-2020-8927 CVE-2022-24464 CVE-2022-24512 \n=====================================================================\n\n1. Summary:\n\nAn update for .NET Core 3.1 is now available for Red Hat Enterprise Linux\n7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address security vulnerabilities are now\navailable. The updated versions are .NET SDK 3.1.417 and .NET Runtime\n3.1.23. \n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB\n(CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1879225 - CVE-2020-8927 brotli: buffer overflow when input chunk is larger than 2GiB\n2061847 - CVE-2022-24464 dotnet: ASP.NET Denial of Service via FormPipeReader\n2061854 - CVE-2022-24512 dotnet: double parser stack buffer overrun\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.417-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.417-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.417-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.417-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.417-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.23-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.417-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.417-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2022-24464\nhttps://access.redhat.com/security/cve/CVE-2022-24512\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYippStzjgjWX9erEAQhIVQ/+KaWuTu5qx9aBrzo+gGMJbE0ldm+qAon9\nx641a4Usu0ZC3y+DWhRCkM2hCHbxKIXg8WhLJ/GN2/VfAQwVRIt/YwOVarRkGuFF\nxb3YQ5LpA2iQcZ/QcwSobe3MeoJrTiXhq1hENEnkspELV08/q5EOKrvnvKVM7t96\npwK88Ry7lq5iYF9y0tHd38IunXAGVUQaNq2GJ54xFhvVmaNNDa4R8wvRJ0e/IhS0\nVyIrtjktZCYyAKPmf/OqcPsVI6WueYSPU/W9jRU7z69JOBvqN1i1ZUnfIgaMPMVg\nVliTB5Z4fFJ1t1DTCH98iPHgUdxy5FBrbIEx0EIZSVDHs/WO3PXmI+x9H1kihSTV\n9hmSZ5aX2bngR9oGqMemsFoa0kZGiGzHNJ+WRP6CPK1lJA+cSMnwTv0LBLrElAS0\nm+OhpVoXOl1pS8yB9MdJpjNuv+hkIxiwdR056glF2/CdJUimDsIV+R5349/j51u1\niqPu7hsaoOGOl8U1qIfINtw9GNnImDw6EGpyxIdn8I4C3Z66TYYkfL0VKSODUxfm\nr/Ngyhhgud6Q5cyps4KH/TzKPwTEOyzpx4a8ehVbvRtN8HkdevZlDoFNBCT41uKJ\nLpk32YK2TBvsNYYMvxoTYAVXW95jPFcexVT1ElYfnKbXmiMYMXhFKavpq5NaUOrD\nvbL/opMlrgQ=\n=vceG\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nSecurity Fix(es):\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to\npanic\n(CVE-2021-34558)\n* golang: net: lookup functions may return invalid host names\n(CVE-2021-33195)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if\nfirst one is empty (CVE-2021-33197)\n* golang: match/big.Rat: may cause a panic or an unrecoverable fatal error\nif passed inputs with very large exponents (CVE-2021-33198)\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a\ncustom TokenReader (CVE-2021-27918)\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a\nvery large header (CVE-2021-31525)\n* golang: archive/zip: malformed archive may cause panic or memory\nexhaustion (CVE-2021-33196)\n\nIt was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196\nhave been incorrectly mentioned as fixed in RHSA for Serverless client kn\n1.16.0. This has been fixed (CVE-2021-3703). Solution:\n\nSee the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/\n4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/\n4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/\n4.8/html/serverless/index\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1983651 - Release of OpenShift Serverless Serving 1.17.0\n1983654 - Release of OpenShift Serverless Eventing 1.17.0\n1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names\n1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty\n1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents\n1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8927"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011334"
},
{
"db": "VULMON",
"id": "CVE-2020-8927"
},
{
"db": "PACKETSTORM",
"id": "168947"
},
{
"db": "PACKETSTORM",
"id": "162688"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163496"
},
{
"db": "PACKETSTORM",
"id": "166269"
},
{
"db": "PACKETSTORM",
"id": "166267"
},
{
"db": "PACKETSTORM",
"id": "164192"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8927",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011334",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2020-8927",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168947",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162688",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163188",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163257",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163496",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166269",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166267",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164192",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8927"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011334"
},
{
"db": "PACKETSTORM",
"id": "168947"
},
{
"db": "PACKETSTORM",
"id": "162688"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163496"
},
{
"db": "PACKETSTORM",
"id": "166269"
},
{
"db": "PACKETSTORM",
"id": "166267"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "NVD",
"id": "CVE-2020-8927"
}
]
},
"id": "VAR-202009-1442",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-29T22:30:24.749000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "v1.0.9",
"trust": 0.8,
"url": "https://github.com/google/brotli/releases/tag/v1.0.9"
},
{
"title": "Debian Security Advisories: DSA-4801-1 brotli -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=7570b9060b84ef3d6e40a2c027a64477"
},
{
"title": "Red Hat: Important: .NET Core 3.1 on RHEL 7 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220829 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET Core 3.1 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220827 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET 5.0 on RHEL 7 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220828 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET 5.0 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220830 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-202009-13] brotli: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202009-13"
},
{
"title": "Arch Linux Advisories: [ASA-202009-12] lib32-brotli: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202009-12"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-8927 log"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220056 - Security Advisory"
},
{
"title": "CloudGuard-ShiftLeft-CICD-AWS",
"trust": 0.1,
"url": "https://github.com/jaydenaung/CloudGuard-ShiftLeft-CICD-AWS "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8927"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011334"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-130",
"trust": 1.0
},
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011334"
},
{
"db": "NVD",
"id": "CVE-2020-8927"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
},
{
"trust": 1.2,
"url": "https://www.debian.org/security/2020/dsa-4801"
},
{
"trust": 1.1,
"url": "https://github.com/google/brotli/releases/tag/v1.0.9"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/4568-1/"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4togtz2zwdh662znffszvl3m5ajxv6jf/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/w23cuadgmvmqqnfkhphxvp7rpzjznn6i/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/j4e265wkwkymk2ryysixbegztdy5iqe6/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356joytww4bwsz42seflv7nyhl3s3aeh/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zxeq3gqvela2t4hnzg7vpms2hdvxmjrg/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/mqlm7abvcyjlf6jrpf3m3ebxw63gnc27/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ww62ozey2ghjl4jcoljrbsretxdhmwrk/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/m4vcdojgl6bk3hb4xrd2wetbpyx2itf6/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/mmbkacmlsrx7jjskbtr35uoep2wfr6qp/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-3842"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13776"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-24977"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27918"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31525"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27918"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33196"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33196"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24464"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24464"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mmbkacmlsrx7jjskbtr35uoep2wfr6qp/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ww62ozey2ghjl4jcoljrbsretxdhmwrk/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/m4vcdojgl6bk3hb4xrd2wetbpyx2itf6/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/j4e265wkwkymk2ryysixbegztdy5iqe6/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/w23cuadgmvmqqnfkhphxvp7rpzjznn6i/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356joytww4bwsz42seflv7nyhl3s3aeh/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zxeq3gqvela2t4hnzg7vpms2hdvxmjrg/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mqlm7abvcyjlf6jrpf3m3ebxw63gnc27/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4togtz2zwdh662znffszvl3m5ajxv6jf/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/brotli"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1702"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21639"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28092"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25037"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10878"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25035"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25038"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21309"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3501"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25042"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25036"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27170"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25215"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25692"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2433"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25039"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2461"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25736"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2130"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/windows_containers/window"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25736"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0828"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0829"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3520"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33198"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33198"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3556"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3421"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3703"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3541"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8927"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011334"
},
{
"db": "PACKETSTORM",
"id": "168947"
},
{
"db": "PACKETSTORM",
"id": "162688"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163496"
},
{
"db": "PACKETSTORM",
"id": "166269"
},
{
"db": "PACKETSTORM",
"id": "166267"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "NVD",
"id": "CVE-2020-8927"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-8927"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011334"
},
{
"db": "PACKETSTORM",
"id": "168947"
},
{
"db": "PACKETSTORM",
"id": "162688"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163496"
},
{
"db": "PACKETSTORM",
"id": "166269"
},
{
"db": "PACKETSTORM",
"id": "166267"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "NVD",
"id": "CVE-2020-8927"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-15T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8927"
},
{
"date": "2021-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011334"
},
{
"date": "2020-12-28T20:12:00",
"db": "PACKETSTORM",
"id": "168947"
},
{
"date": "2021-05-19T14:17:57",
"db": "PACKETSTORM",
"id": "162688"
},
{
"date": "2021-06-17T17:53:22",
"db": "PACKETSTORM",
"id": "163188"
},
{
"date": "2021-06-23T15:44:15",
"db": "PACKETSTORM",
"id": "163257"
},
{
"date": "2021-07-14T15:02:07",
"db": "PACKETSTORM",
"id": "163496"
},
{
"date": "2022-03-11T16:33:04",
"db": "PACKETSTORM",
"id": "166269"
},
{
"date": "2022-03-11T16:31:42",
"db": "PACKETSTORM",
"id": "166267"
},
{
"date": "2021-09-17T16:04:56",
"db": "PACKETSTORM",
"id": "164192"
},
{
"date": "2020-09-15T10:15:12.887000",
"db": "NVD",
"id": "CVE-2020-8927"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8927"
},
{
"date": "2021-03-29T06:34:00",
"db": "JVNDB",
"id": "JVNDB-2020-011334"
},
{
"date": "2024-11-21T05:39:41.370000",
"db": "NVD",
"id": "CVE-2020-8927"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brotli\u00a0 Classic buffer overflow vulnerability in library",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011334"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "168947"
},
{
"db": "PACKETSTORM",
"id": "162688"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "166269"
},
{
"db": "PACKETSTORM",
"id": "166267"
}
],
"trust": 0.5
}
}
var-201909-0497
Vulnerability from variot
A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2019:2732-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2732 Issue date: 2019-09-11 CVE Names: CVE-2019-1301 ==================================================================== 1. Summary:
An update for rh-dotnet21-dotnet and rh-dotnet22-dotnet is now available for .NET Core on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
Security Fix(es):
- dotnet: System.Net.Sockets.dll Socket.ConnectAsync Denial of Service (CVE-2019-1301)
Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1750793 - CVE-2019-1301 dotnet: System.Net.Sockets.dll Socket.ConnectAsync Denial of Service
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-12.el7.src.rpm rh-dotnet21-dotnet-2.1.509-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-12.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.13-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.13-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.509-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-12.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet22-2.2-9.el7.src.rpm rh-dotnet22-dotnet-2.2.109-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-9.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.109-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-9.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-12.el7.src.rpm rh-dotnet21-dotnet-2.1.509-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-12.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.13-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.13-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.509-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-12.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet22-2.2-9.el7.src.rpm rh-dotnet22-dotnet-2.2.109-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-9.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.109-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-9.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-12.el7.src.rpm rh-dotnet21-dotnet-2.1.509-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-12.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.13-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.13-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.509-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-12.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet22-2.2-9.el7.src.rpm rh-dotnet22-dotnet-2.2.109-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-9.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.109-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-9.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-1301 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXXjwE9zjgjWX9erEAQh4+g/+IzAqdtB4ZLUCETa7mQF2dBTDwmedG4TN fcU7Cd0UpbfHs0fTImFN14ZGt+/d4JLSJ0f4yCoXHBVABRkhb/c3XQrfJvundSqP WJdzZ7ITstBE2bxUyLglAgg7dkea0fFsub0WwoYrPCad+ggZznyVoSX0c44W6SR7 U9JVRV6pose3ceECtmFkgBQPcsUJKhYebeNe/xNEBPaSIJsbt/nu63WcnVoQRv9z HJCesQs6DW85QHd9+muvPq27keOvxe3v7ltusVPlvjw/vxVTkHwTDKLl2sWKXbkv k9E8Wiy7MucyRJo/Suc+xW+5mKsMEOQeSiBN/6WAGRnb5fVrUYjo9qtpq/INM8bP 3obkR5svSAPE46DLpnjuNVtiq8m9hrnDTwrxqeURDVC3GLFmskGAp3dWyXIefsuK pVSjgRGiqvJa1C8XZSvbihd5yLCp/0j8yvD8o4beEZyCnfql7T+fkXUE1vNgnNQL RWup6jVPyOK0nMUcob0wImClrmZ2qV/YwrTMvXObQwrQvLx2PblVAk4fX0Ts1Jtv poV6RYyTK5EOS4VgShYkVdGx+drlNNYyNnk3t0mm/Adr5p2H93ZN9wrttTB3qw+C WbtKSOCLJTM4mg3BE9YlyiJnqlXsATIdjfWtctqS8KK7x1HmJKT0hTW+S7IuuXSV RMiic1TBPqQ=HlAt -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0497",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net core",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "2.2"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "6.1"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "6.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009187"
},
{
"db": "NVD",
"id": "CVE-2019-1301"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:powershell_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009187"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat,Paul Ryman of VMware Sydney Engineering Team",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-469"
}
],
"trust": 0.6
},
"cve": "CVE-2019-1301",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-1301",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1301",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-1301",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1301",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-1301",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-469",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009187"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-469"
},
{
"db": "NVD",
"id": "CVE-2019-1301"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists when .NET Core improperly handles web requests, aka \u0027.NET Core Denial of Service Vulnerability\u0027. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update\nAdvisory ID: RHSA-2019:2732-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2732\nIssue date: 2019-09-11\nCVE Names: CVE-2019-1301\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet21-dotnet and rh-dotnet22-dotnet is now available\nfor .NET Core on Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* dotnet: System.Net.Sockets.dll Socket.ConnectAsync Denial of Service\n(CVE-2019-1301)\n\nDefault inclusions for applications built with .NET Core have been updated\nto reference the newest versions and their security fixes. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1750793 - CVE-2019-1301 dotnet: System.Net.Sockets.dll Socket.ConnectAsync Denial of Service\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-12.el7.src.rpm\nrh-dotnet21-dotnet-2.1.509-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-12.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.13-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.13-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-12.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-9.el7.src.rpm\nrh-dotnet22-dotnet-2.2.109-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-9.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.7-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.7-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.7-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-9.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-12.el7.src.rpm\nrh-dotnet21-dotnet-2.1.509-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-12.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.13-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.13-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-12.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-9.el7.src.rpm\nrh-dotnet22-dotnet-2.2.109-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-9.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.7-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.7-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.7-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-9.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-12.el7.src.rpm\nrh-dotnet21-dotnet-2.1.509-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-12.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.13-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.13-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-12.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-9.el7.src.rpm\nrh-dotnet22-dotnet-2.2.109-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-9.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.7-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.7-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.7-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-9.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-1301\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXXjwE9zjgjWX9erEAQh4+g/+IzAqdtB4ZLUCETa7mQF2dBTDwmedG4TN\nfcU7Cd0UpbfHs0fTImFN14ZGt+/d4JLSJ0f4yCoXHBVABRkhb/c3XQrfJvundSqP\nWJdzZ7ITstBE2bxUyLglAgg7dkea0fFsub0WwoYrPCad+ggZznyVoSX0c44W6SR7\nU9JVRV6pose3ceECtmFkgBQPcsUJKhYebeNe/xNEBPaSIJsbt/nu63WcnVoQRv9z\nHJCesQs6DW85QHd9+muvPq27keOvxe3v7ltusVPlvjw/vxVTkHwTDKLl2sWKXbkv\nk9E8Wiy7MucyRJo/Suc+xW+5mKsMEOQeSiBN/6WAGRnb5fVrUYjo9qtpq/INM8bP\n3obkR5svSAPE46DLpnjuNVtiq8m9hrnDTwrxqeURDVC3GLFmskGAp3dWyXIefsuK\npVSjgRGiqvJa1C8XZSvbihd5yLCp/0j8yvD8o4beEZyCnfql7T+fkXUE1vNgnNQL\nRWup6jVPyOK0nMUcob0wImClrmZ2qV/YwrTMvXObQwrQvLx2PblVAk4fX0Ts1Jtv\npoV6RYyTK5EOS4VgShYkVdGx+drlNNYyNnk3t0mm/Adr5p2H93ZN9wrttTB3qw+C\nWbtKSOCLJTM4mg3BE9YlyiJnqlXsATIdjfWtctqS8KK7x1HmJKT0hTW+S7IuuXSV\nRMiic1TBPqQ=HlAt\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1301"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009187"
},
{
"db": "PACKETSTORM",
"id": "154454"
},
{
"db": "PACKETSTORM",
"id": "154453"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1301",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009187",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "154454",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3462",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201909-469",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "154453",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009187"
},
{
"db": "PACKETSTORM",
"id": "154454"
},
{
"db": "PACKETSTORM",
"id": "154453"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-469"
},
{
"db": "NVD",
"id": "CVE-2019-1301"
}
]
},
"id": "VAR-201909-0497",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T21:36:53.954000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2019-1301 | .NET Core Denial of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1301"
},
{
"title": "CVE-2019-1301 | .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-1301"
},
{
"title": "Microsoft .NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98058"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009187"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-469"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009187"
},
{
"db": "NVD",
"id": "CVE-2019-1301"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1301"
},
{
"trust": 1.6,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1301"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1301"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20190911-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2019/at190036.html"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-1301"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/154454/red-hat-security-advisory-2019-2732-01.html"
},
{
"trust": 0.6,
"url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-1301"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-core-vulnerabilities-of-september-2019-30306"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3462/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2732"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2731"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009187"
},
{
"db": "PACKETSTORM",
"id": "154454"
},
{
"db": "PACKETSTORM",
"id": "154453"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-469"
},
{
"db": "NVD",
"id": "CVE-2019-1301"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009187"
},
{
"db": "PACKETSTORM",
"id": "154454"
},
{
"db": "PACKETSTORM",
"id": "154453"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-469"
},
{
"db": "NVD",
"id": "CVE-2019-1301"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009187"
},
{
"date": "2019-09-11T14:02:08",
"db": "PACKETSTORM",
"id": "154454"
},
{
"date": "2019-09-11T14:02:01",
"db": "PACKETSTORM",
"id": "154453"
},
{
"date": "2019-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-469"
},
{
"date": "2019-09-11T22:15:19.023000",
"db": "NVD",
"id": "CVE-2019-1301"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009187"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-469"
},
{
"date": "2024-11-21T04:36:26.003000",
"db": "NVD",
"id": "CVE-2019-1301"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-469"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core and PowerShell Core Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009187"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-469"
}
],
"trust": 0.6
}
}
var-201809-1040
Vulnerability from variot
A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1. The vendor System.IO.Pipelines As a "denial of service".Service operation interruption (DoS) There is a possibility of being put into a state. Microsoft .NET Core is a free and open source development platform. The platform has features such as multi-language support and cross-platform. ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. System.IO.Pipelines is a library for performing high-performance IO in .NET. A remote attacker can use this vulnerability to cause a denial of service by submitting a specially crafted request to the application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-1040",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net core",
"scope": "eq",
"trust": 2.3,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 2.3,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "system.io.pipelines",
"scope": null,
"trust": 1.4,
"vendor": "microsoft",
"version": null
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": ".net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1.4"
},
{
"model": "system.io.pipelines",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.5.0"
},
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1.4"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "system.io.pipelines",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "system.io.pipelines",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00352"
},
{
"db": "BID",
"id": "105223"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009516"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-539"
},
{
"db": "NVD",
"id": "CVE-2018-8409"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:asp.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:system.io.pipelines",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009516"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft",
"sources": [
{
"db": "BID",
"id": "105223"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-539"
}
],
"trust": 0.9
},
"cve": "CVE-2018-8409",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-8409",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-00352",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-8409",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-8409",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-8409",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-8409",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-00352",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-539",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00352"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009516"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-539"
},
{
"db": "NVD",
"id": "CVE-2018-8409"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1. The vendor System.IO.Pipelines As a \"denial of service\".Service operation interruption (DoS) There is a possibility of being put into a state. Microsoft .NET Core is a free and open source development platform. The platform has features such as multi-language support and cross-platform. ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. System.IO.Pipelines is a library for performing high-performance IO in .NET. A remote attacker can use this vulnerability to cause a denial of service by submitting a specially crafted request to the application",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8409"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009516"
},
{
"db": "CNVD",
"id": "CNVD-2019-00352"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-539"
},
{
"db": "BID",
"id": "105223"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8409",
"trust": 3.3
},
{
"db": "BID",
"id": "105223",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009516",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-00352",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201809-539",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00352"
},
{
"db": "BID",
"id": "105223"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009516"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-539"
},
{
"db": "NVD",
"id": "CVE-2018-8409"
}
]
},
"id": "VAR-201809-1040",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00352"
}
],
"trust": 0.99586466
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00352"
}
]
},
"last_update_date": "2024-11-23T22:06:36.540000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-8409 | System.IO.Pipelines Denial of Service",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8409"
},
{
"title": "CVE-2018-8409 | System.IO.Pipelines \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-8409"
},
{
"title": "Patch for Microsoft .NET Core, ASP.NET Core, and System.IO.Pipelines Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/148781"
},
{
"title": "Microsoft .NET Core , ASP.NET Core and System.IO.Pipelines Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84810"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00352"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009516"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-539"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009516"
},
{
"db": "NVD",
"id": "CVE-2018-8409"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/105223"
},
{
"trust": 1.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8409"
},
{
"trust": 1.4,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8409"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20180912-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2018/at180038.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8409"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00352"
},
{
"db": "BID",
"id": "105223"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009516"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-539"
},
{
"db": "NVD",
"id": "CVE-2018-8409"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-00352"
},
{
"db": "BID",
"id": "105223"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009516"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-539"
},
{
"db": "NVD",
"id": "CVE-2018-8409"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-00352"
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105223"
},
{
"date": "2018-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009516"
},
{
"date": "2018-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-539"
},
{
"date": "2018-09-13T00:29:02.037000",
"db": "NVD",
"id": "CVE-2018-8409"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-00352"
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105223"
},
{
"date": "2018-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009516"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-539"
},
{
"date": "2024-11-21T04:13:46.097000",
"db": "NVD",
"id": "CVE-2018-8409"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-539"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Microsoft Service disruption in products (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009516"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-539"
}
],
"trust": 0.6
}
}
var-201901-1456
Vulnerability from variot
An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2. plural Microsoft There is a vulnerability in the product that exposes information. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2019:0040-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0040 Issue date: 2019-01-09 CVE Names: CVE-2019-0545 CVE-2019-0548 CVE-2019-0564 =====================================================================
- Summary:
Updates for rh-dotnet21-dotnet and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 2.1.5 and 2.2.1.
Security Fix(es):
-
.NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure (CVE-2019-0545)
-
.NET Core: ANCM WebSocket DOS (CVE-2019-0548)
-
.NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) (CVE-2019-0564)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
For more information, please refer to the upstream docs in the References section.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1660632 - CVE-2019-0545 .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure 1660634 - CVE-2019-0564 .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) 1660636 - CVE-2019-0548 .NET Core: ANCM WebSocket DOS
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm
x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm
x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm
x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-0545 https://access.redhat.com/security/cve/CVE-2019-0548 https://access.redhat.com/security/cve/CVE-2019-0564 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXDW2sdzjgjWX9erEAQjnURAAoOOF+CAyd0GdKX4LT2eZ/ctDcYggUZkX 1uMSJxXYU64TTYyAmkWUad9GPHMl+7QPjLZGbsLoUv37jSHwfg6VLiPRPy/jGMEq DN1ECN44X2nbUvCO+aKSNSpkRx7oBgQeR3gcPDMS1bzzJgOzhldL8rHH4GnmsoLI DgBXda8QlnFQVXEK+64H9B5hmlD8PERkne9mmqH1M3tkYZeBdnsud7Zb+UTNmMDR ZCVdGr4UIjFZZWpQf5FhjLw4Y2Wv4+e0UBiRFj3GqiS4YYNy+0VxsuTYW3YvNO2R tgZ/UyXljxfgEoQrwg58sI1icuY9CDuyUbLXjEhmlh9E8lDHZ4C3OyK+M7D/KN43 +Hf3E1qgMyg+RDlIFsDsMNDvH7Y6oHv5OIeELIEG9A+oDeQwpoUE6FlQhwMBKZgV kLnwYXahwcbcpJWB2Fwp2htwACGwlWzisanA0+Qqnb0zsgL/UI/ZuHmcmXXW68U3 L7JuUVE61WCdZYPyANW/kkxIuqw875FVM39dInDlUOwcPyGbkiH7qsauiyLLadlR +GpenM0LLRftSh3FILuQyH+6EORUrduB8445BGtdVKOUChiSOc09qcFozzxKki5P Atkajiv2GssKgIFDg7NBMMPETWRjun6SIsxnZ+CcaxLdOjw1isYRzSxMHdNyU7bc eGIiHj6xieM= =m5dC -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-1456",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.7.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.7.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.6.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "3.5.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.7"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.6"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.5.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "3.5"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "2.2"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "4.6.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2.0 sp2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "3.0 sp2"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6.1"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6.2"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.3"
}
],
"sources": [
{
"db": "BID",
"id": "106405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001008"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-175"
},
{
"db": "NVD",
"id": "CVE-2019-0545"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:.net_framework",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:powershell_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001008"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft",
"sources": [
{
"db": "BID",
"id": "106405"
}
],
"trust": 0.3
},
"cve": "CVE-2019-0545",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-0545",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-0545",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-0545",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-0545",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-175",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-0545",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0545"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001008"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-175"
},
{
"db": "NVD",
"id": "CVE-2019-0545"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka \".NET Framework Information Disclosure Vulnerability.\" This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2. plural Microsoft There is a vulnerability in the product that exposes information. \nSuccessful exploits will allow attackers to obtain sensitive information that may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID: RHSA-2019:0040-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:0040\nIssue date: 2019-01-09\nCVE Names: CVE-2019-0545 CVE-2019-0548 CVE-2019-0564 \n=====================================================================\n\n1. Summary:\n\nUpdates for rh-dotnet21-dotnet and rh-dotnet22-dotnet are now available for\n.NET Core on Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core 2.1.5 and 2.2.1. \n\nSecurity Fix(es):\n\n* .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final\nresponse leads to info disclosure (CVE-2019-0545)\n\n* .NET Core: ANCM WebSocket DOS (CVE-2019-0548)\n\n* .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and\nASP.NET) (CVE-2019-0564)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nFor more information, please refer to the upstream docs in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1660632 - CVE-2019-0545 .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure\n1660634 - CVE-2019-0564 .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET)\n1660636 - CVE-2019-0548 .NET Core: ANCM WebSocket DOS\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0545\nhttps://access.redhat.com/security/cve/CVE-2019-0548\nhttps://access.redhat.com/security/cve/CVE-2019-0564\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXDW2sdzjgjWX9erEAQjnURAAoOOF+CAyd0GdKX4LT2eZ/ctDcYggUZkX\n1uMSJxXYU64TTYyAmkWUad9GPHMl+7QPjLZGbsLoUv37jSHwfg6VLiPRPy/jGMEq\nDN1ECN44X2nbUvCO+aKSNSpkRx7oBgQeR3gcPDMS1bzzJgOzhldL8rHH4GnmsoLI\nDgBXda8QlnFQVXEK+64H9B5hmlD8PERkne9mmqH1M3tkYZeBdnsud7Zb+UTNmMDR\nZCVdGr4UIjFZZWpQf5FhjLw4Y2Wv4+e0UBiRFj3GqiS4YYNy+0VxsuTYW3YvNO2R\ntgZ/UyXljxfgEoQrwg58sI1icuY9CDuyUbLXjEhmlh9E8lDHZ4C3OyK+M7D/KN43\n+Hf3E1qgMyg+RDlIFsDsMNDvH7Y6oHv5OIeELIEG9A+oDeQwpoUE6FlQhwMBKZgV\nkLnwYXahwcbcpJWB2Fwp2htwACGwlWzisanA0+Qqnb0zsgL/UI/ZuHmcmXXW68U3\nL7JuUVE61WCdZYPyANW/kkxIuqw875FVM39dInDlUOwcPyGbkiH7qsauiyLLadlR\n+GpenM0LLRftSh3FILuQyH+6EORUrduB8445BGtdVKOUChiSOc09qcFozzxKki5P\nAtkajiv2GssKgIFDg7NBMMPETWRjun6SIsxnZ+CcaxLdOjw1isYRzSxMHdNyU7bc\neGIiHj6xieM=\n=m5dC\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0545"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001008"
},
{
"db": "BID",
"id": "106405"
},
{
"db": "VULMON",
"id": "CVE-2019-0545"
},
{
"db": "PACKETSTORM",
"id": "151061"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-0545",
"trust": 2.9
},
{
"db": "BID",
"id": "106405",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001008",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-175",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-0545",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151061",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0545"
},
{
"db": "BID",
"id": "106405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001008"
},
{
"db": "PACKETSTORM",
"id": "151061"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-175"
},
{
"db": "NVD",
"id": "CVE-2019-0545"
}
]
},
"id": "VAR-201901-1456",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T22:00:08.612000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2019-0545 | .NET Framework Information Disclosure Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0545"
},
{
"title": "CVE-2019-0545 | .NET Framework \u306e\u60c5\u5831\u6f0f\u3048\u3044\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0545"
},
{
"title": "Microsoft .NET Framework and .NET Core Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88362"
},
{
"title": "Red Hat: Moderate: .NET Core on Red Hat Enterprise Linux security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20190040 - Security Advisory"
},
{
"title": "Red Hat: CVE-2019-0545",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2019-0545"
},
{
"title": "Description\nContent\nInstall\nUsage\nAutomation\nExamples",
"trust": 0.1,
"url": "https://github.com/eeenvik1/scripts_for_YouTrack "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0545"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001008"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-175"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001008"
},
{
"db": "NVD",
"id": "CVE-2019-0545"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/106405"
},
{
"trust": 2.0,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0545"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:0040"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0545"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0545"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20190109-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2019/at190002.html"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0564"
},
{
"trust": 0.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0548"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0545"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0548"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0548"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0564"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0564"
}
],
"sources": [
{
"db": "BID",
"id": "106405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001008"
},
{
"db": "PACKETSTORM",
"id": "151061"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-175"
},
{
"db": "NVD",
"id": "CVE-2019-0545"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-0545"
},
{
"db": "BID",
"id": "106405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001008"
},
{
"db": "PACKETSTORM",
"id": "151061"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-175"
},
{
"db": "NVD",
"id": "CVE-2019-0545"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-08T00:00:00",
"db": "VULMON",
"id": "CVE-2019-0545"
},
{
"date": "2019-01-08T00:00:00",
"db": "BID",
"id": "106405"
},
{
"date": "2019-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001008"
},
{
"date": "2019-01-09T15:05:39",
"db": "PACKETSTORM",
"id": "151061"
},
{
"date": "2019-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-175"
},
{
"date": "2019-01-08T21:29:00.580000",
"db": "NVD",
"id": "CVE-2019-0545"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-23T00:00:00",
"db": "VULMON",
"id": "CVE-2019-0545"
},
{
"date": "2019-01-08T00:00:00",
"db": "BID",
"id": "106405"
},
{
"date": "2019-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001008"
},
{
"date": "2022-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-175"
},
{
"date": "2024-11-21T04:16:49.683000",
"db": "NVD",
"id": "CVE-2019-0545"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-175"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Microsoft Information disclosure vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001008"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-175"
}
],
"trust": 0.6
}
}
var-201903-1467
Vulnerability from variot
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'. plural Microsoft The product includes URL There is a vulnerability related to input validation due to incomplete analysis method. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update for February 2019 Advisory ID: RHSA-2019:0349-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0349 Issue date: 2019-02-14 CVE Names: CVE-2019-0657 ==================================================================== 1. Summary:
Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.14, 1.1.11, 2.1.8, and 2.2.2.
Security Fix(es):
- .dotnet: Domain-spoofing attack in System.Uri (CVE-2019-0657)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
For more information, please refer to the upstream doc in the References section.
- Solution:
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1673891 - CVE-2019-0657 dotnet: Domain-spoofing attack in System.Uri
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-7.el7.src.rpm rh-dotnet21-dotnet-2.1.504-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-7.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet22-2.2-3.el7.src.rpm rh-dotnet22-dotnet-2.2.104-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-3.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-3.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-7.el7.src.rpm rh-dotnet21-dotnet-2.1.504-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-7.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet22-2.2-3.el7.src.rpm rh-dotnet22-dotnet-2.2.104-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-3.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-3.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-7.el7.src.rpm rh-dotnet21-dotnet-2.1.504-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-7.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet22-2.2-3.el7.src.rpm rh-dotnet22-dotnet-2.2.104-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-3.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-3.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-0657 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXGTxZNzjgjWX9erEAQg28RAAkXyiq8u2m6G6BJN/7LqO31WHqXGmf+Em SeGsTnrnV9YpjFqPXby3WFz3AHGrTITrOy+JA2WyYTezgc3F4aZu28jHCgsuRJmU AvEg8XitYunmg9sxzr0SUmf8bleFUpawLNh+HiHC/fVUSrHA953yH6QjPDj3KT3+ 27SmMMmUvdqpZOxYrHN9iPfYiqONIKEkHq6vGkplqePPOkWja7v7r7UYm8I493zN cFLWzVI6N17qsLIqe2OduMtZ0tBcdOdKwjxi4BVbVwNmhV1qiXfBotP7RdRjvVgu SJw2LObFjPmfHBZX7c8Q+S4oWSLTO+YnqEzjRopXy8adaxxxFDvYCb5FJ5YGvFNK eI4SDGilbT73PXISefvmxjPM3Vu2T7yvvgGwg9Yl64DPgsLLFBxm2kEpXE7h3ZkH JiTBjT3eOPhuK43X5+X9VnM/9C7Add1xb9HMz1iWvJQidKKJ44FDGFhWoHXZMa2Z oca6jNXGpzqUtpMgsnC4ZM7WISyNtnVdBBE31xwEPl1ssi+Mrsq8lFWiFt1GUnQQ /DCPVS8L1aTsIb1q6SUTzqRkEMi2jADvP+tWohxMw/M2NNFKIEbfEgld2xO5X79F +edr0KVq8fgRgN9GP6rs+xNtS30uO6fLNLzXiT/7kgyvmadyuyzpye8mjDDlzJYX 1Uwk7uAgds0=IIGV -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1467",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "powershell core",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "6.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.7.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.7.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.6.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.6.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "3.5.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.7"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.6"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.5.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "3.5"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "2.2"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.3,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "6.2"
},
{
"model": "visual studio 2017",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "15.9"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "visual studio 2017",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": ".net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2.0 sp2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "3.0 sp2"
},
{
"model": "visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2017"
},
{
"model": "visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2017 version 15.9"
},
{
"model": "visual studio",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "201715.9"
},
{
"model": "visual studio",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20170"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.1"
}
],
"sources": [
{
"db": "BID",
"id": "106890"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002326"
},
{
"db": "NVD",
"id": "CVE-2019-0657"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:.net_framework",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:visual_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:powershell_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002326"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jonathan Birch of Microsoft Corporation,Red Hat",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-374"
}
],
"trust": 0.6
},
"cve": "CVE-2019-0657",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-0657",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2019-0657",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-0657",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-0657",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-374",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002326"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-374"
},
{
"db": "NVD",
"id": "CVE-2019-0657"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability exists in certain .Net Framework API\u0027s and Visual Studio in the way they parse URL\u0027s, aka \u0027.NET Framework and Visual Studio Spoofing Vulnerability\u0027. plural Microsoft The product includes URL There is a vulnerability related to input validation due to incomplete analysis method. \nAn attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update for February 2019\nAdvisory ID: RHSA-2019:0349-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:0349\nIssue date: 2019-02-14\nCVE Names: CVE-2019-0657\n====================================================================\n1. Summary:\n\nUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,\nrh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for\n.NET Core on Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core 1.0.14, 1.1.11, 2.1.8, and\n2.2.2. \n\nSecurity Fix(es):\n\n* .dotnet: Domain-spoofing attack in System.Uri (CVE-2019-0657)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nFor more information, please refer to the upstream doc in the References\nsection. \n\n4. Solution:\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1673891 - CVE-2019-0657 dotnet: Domain-spoofing attack in System.Uri\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-7.el7.src.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-7.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-3.el7.src.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-3.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-3.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-7.el7.src.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-7.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-3.el7.src.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-3.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-3.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-7.el7.src.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-7.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-3.el7.src.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-3.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-3.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0657\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXGTxZNzjgjWX9erEAQg28RAAkXyiq8u2m6G6BJN/7LqO31WHqXGmf+Em\nSeGsTnrnV9YpjFqPXby3WFz3AHGrTITrOy+JA2WyYTezgc3F4aZu28jHCgsuRJmU\nAvEg8XitYunmg9sxzr0SUmf8bleFUpawLNh+HiHC/fVUSrHA953yH6QjPDj3KT3+\n27SmMMmUvdqpZOxYrHN9iPfYiqONIKEkHq6vGkplqePPOkWja7v7r7UYm8I493zN\ncFLWzVI6N17qsLIqe2OduMtZ0tBcdOdKwjxi4BVbVwNmhV1qiXfBotP7RdRjvVgu\nSJw2LObFjPmfHBZX7c8Q+S4oWSLTO+YnqEzjRopXy8adaxxxFDvYCb5FJ5YGvFNK\neI4SDGilbT73PXISefvmxjPM3Vu2T7yvvgGwg9Yl64DPgsLLFBxm2kEpXE7h3ZkH\nJiTBjT3eOPhuK43X5+X9VnM/9C7Add1xb9HMz1iWvJQidKKJ44FDGFhWoHXZMa2Z\noca6jNXGpzqUtpMgsnC4ZM7WISyNtnVdBBE31xwEPl1ssi+Mrsq8lFWiFt1GUnQQ\n/DCPVS8L1aTsIb1q6SUTzqRkEMi2jADvP+tWohxMw/M2NNFKIEbfEgld2xO5X79F\n+edr0KVq8fgRgN9GP6rs+xNtS30uO6fLNLzXiT/7kgyvmadyuyzpye8mjDDlzJYX\n1Uwk7uAgds0=IIGV\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0657"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002326"
},
{
"db": "BID",
"id": "106890"
},
{
"db": "PACKETSTORM",
"id": "151684"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-0657",
"trust": 2.8
},
{
"db": "BID",
"id": "106890",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002326",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "151684",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.0476",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201902-374",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "106890"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002326"
},
{
"db": "PACKETSTORM",
"id": "151684"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-374"
},
{
"db": "NVD",
"id": "CVE-2019-0657"
}
]
},
"id": "VAR-201903-1467",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T23:01:51.783000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2019-0657 | .NET Framework and Visual Studio Spoofing Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657"
},
{
"title": "CVE-2019-0657 | .NET Framework \u3068 Visual Studio \u306e\u306a\u308a\u3059\u307e\u3057\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2019-0657"
},
{
"title": "Microsoft .NET Framework and Visual Studio Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89188"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002326"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-374"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002326"
},
{
"db": "NVD",
"id": "CVE-2019-0657"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0657"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/106890"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0657"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:0349"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0657"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20190213-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2019/at190006.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-february-2019-28512"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-february-2019-28485"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75638"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/151684/red-hat-security-advisory-2019-0349-01.html"
},
{
"trust": 0.3,
"url": "https://github.com/powershell/announcements/issues/14"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0657"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
}
],
"sources": [
{
"db": "BID",
"id": "106890"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002326"
},
{
"db": "PACKETSTORM",
"id": "151684"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-374"
},
{
"db": "NVD",
"id": "CVE-2019-0657"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "106890"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002326"
},
{
"db": "PACKETSTORM",
"id": "151684"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-374"
},
{
"db": "NVD",
"id": "CVE-2019-0657"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "106890"
},
{
"date": "2019-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002326"
},
{
"date": "2019-02-14T14:59:07",
"db": "PACKETSTORM",
"id": "151684"
},
{
"date": "2019-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-374"
},
{
"date": "2019-03-05T23:29:02.037000",
"db": "NVD",
"id": "CVE-2019-0657"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-21T05:00:00",
"db": "BID",
"id": "106890"
},
{
"date": "2019-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002326"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-374"
},
{
"date": "2024-11-21T04:17:03.300000",
"db": "NVD",
"id": "CVE-2019-0657"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-374"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Microsoft Vulnerability related to input validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002326"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-374"
}
],
"trust": 0.6
}
}
var-202001-0125
Vulnerability from variot
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0125",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net core",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "3.5"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "3.5.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "4.5.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "4.6"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "4.6.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "4.6.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "4.7"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "4.7.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "4.7.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "4.8"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "3.0 sp2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001106"
},
{
"db": "NVD",
"id": "CVE-2020-0606"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:.net_framework",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001106"
}
]
},
"cve": "CVE-2020-0606",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-0606",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-0606",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-0606",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-0606",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-0606",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-469",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-0606",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-0606"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001106"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-469"
},
{
"db": "NVD",
"id": "CVE-2020-0606"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027.NET Framework Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0605",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-0606"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001106"
},
{
"db": "VULMON",
"id": "CVE-2020-0606"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-0606",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001106",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202001-469",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-0606",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-0606"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001106"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-469"
},
{
"db": "NVD",
"id": "CVE-2020-0606"
}
]
},
"id": "VAR-202001-0125",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T22:44:45.669000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2020-0606 | .NET Framework Remote Code Execution Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606"
},
{
"title": "CVE-2020-0606 | .NET Framework \u306e\u30ea\u30e2\u30fc\u30c8\u3067\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2020-0606"
},
{
"title": "Microsoft .NET Repair measures for software security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108467"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2020/01/14/patch_tuesday_january_2020/"
},
{
"title": "ZYXEl-CTF-WriteUp",
"trust": 0.1,
"url": "https://github.com/HeiTang/ZYXEl-CTF-WriteUp "
},
{
"title": "Symantec Threat Intelligence Blog",
"trust": 0.1,
"url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-january-2020"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-0606"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001106"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-469"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001106"
},
{
"db": "NVD",
"id": "CVE-2020-0606"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0606"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0606"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0606"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20200115-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2020/at200001.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-framework-vulnerabilities-of-january-31325"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-0606"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111384"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-0606"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001106"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-469"
},
{
"db": "NVD",
"id": "CVE-2020-0606"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-0606"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001106"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-469"
},
{
"db": "NVD",
"id": "CVE-2020-0606"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-14T00:00:00",
"db": "VULMON",
"id": "CVE-2020-0606"
},
{
"date": "2020-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001106"
},
{
"date": "2020-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-469"
},
{
"date": "2020-01-14T23:15:30.487000",
"db": "NVD",
"id": "CVE-2020-0606"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-17T00:00:00",
"db": "VULMON",
"id": "CVE-2020-0606"
},
{
"date": "2020-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001106"
},
{
"date": "2021-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-469"
},
{
"date": "2024-11-21T04:53:50.720000",
"db": "NVD",
"id": "CVE-2020-0606"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-469"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Framework and .NET Core Vulnerable to remote code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001106"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-469"
}
],
"trust": 0.6
}
}
var-202005-0234
Vulnerability from variot
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET Core on Red Hat Enterprise Linux 7 security update Advisory ID: RHSA-2020:2476-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2476 Issue date: 2020-06-10 CVE Names: CVE-2020-1108 ==================================================================== 1. Summary:
An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The updated version is .NET Core Runtime 2.1.19 and SDK 2.1.515.
Security Fix(es):
- dotnet: Denial of service via untrusted input (CVE-2020-1108)
This is an additional update to comprehensively address CVE-2020-1108.
Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1827643 - CVE-2020-1108 dotnet: Denial of service via untrusted input
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-18.el7.src.rpm rh-dotnet21-dotnet-2.1.515-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-18.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.19-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.19-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.515-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-18.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-18.el7.src.rpm rh-dotnet21-dotnet-2.1.515-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-18.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.19-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.19-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.515-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-18.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-18.el7.src.rpm rh-dotnet21-dotnet-2.1.515-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-18.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.19-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.19-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.515-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-18.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-1108 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXuCqrtzjgjWX9erEAQgIPg/7Ba2cdZAbQ4uL6AsEoi4kN888lESbUKUM F3VebsFFw9mpaGJ+dp4O6Ihc9kKZdP6uFWq3VE5I5WPD2BcoZF/OoVfCY1FHmFy6 fWSZ0ii+Axg8Mqj4uqxlhlFujkxdeQSpfsY38rtPscLGBROEzPAZnUMH/RDXg9TD 3TdXT4SNVMQPloanzVRDPXEx4OLqgKn9ITpXLah/Jq6zsM37ZDbnM8vQ3o2nH11d 77N+M+RuGsamPfsbu8sEpgvdXkMtorUjO57PDWeWvxNiRYL/5at5TdcTePjWe5YK XANwzPRFtaEU87TFeTVbNrG3MdRl/Uk6FVbuJtNzFIxwi8+qIf1hnUpV0MZxZ1Rg o77fulouuHCSwV/j7/BN9I8Q7EJj/zm52PldVkbsR0JEr4kZMmlVxS9/VL/LroKS qFSAm8yykqI+g7b2EgBQCekIfuurbp1EPeyJ6WcVSb6kcH0xZrXE/t1u/qKIqICe Ozf/bnjDQ0ACpJTE8pAhs5NhrVXvLuz6qhu8kUHTkW6dRxqRCFhAOhnezsfeWG1K nfQOeNfny0SbIJlwh4nsWE3Zv2f/H8KYilfulHvA2SuIGg7mgE0wyPwDXCltyzEW JIlM5YyJrQOHLdjfFi8XRqcU1mFII/F9QoV6KqAoZfJ2LgjXLm9au8MNLWRkN7M1 XE8bQvAYQCc=mOEK -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0234",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "visual studio 2017",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "15.9"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.7.1"
},
{
"model": "visual studio 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.5"
},
{
"model": "powershell",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.5.1"
},
{
"model": "visual studio 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.7"
},
{
"model": ".net core",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1.4"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.8"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.6.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.6.2"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "visual studio 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.4"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.7.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.6"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.5.2"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": ".net",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.5"
},
{
"model": ".net core",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1.18"
},
{
"model": ".net core",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": ".net framework",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006114"
},
{
"db": "NVD",
"id": "CVE-2020-1108"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:.net_framework",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006114"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "158007"
},
{
"db": "PACKETSTORM",
"id": "158019"
},
{
"db": "PACKETSTORM",
"id": "158020"
},
{
"db": "PACKETSTORM",
"id": "157702"
},
{
"db": "PACKETSTORM",
"id": "157794"
},
{
"db": "PACKETSTORM",
"id": "157788"
},
{
"db": "PACKETSTORM",
"id": "158021"
},
{
"db": "PACKETSTORM",
"id": "157704"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-570"
}
],
"trust": 1.4
},
"cve": "CVE-2020-1108",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-1108",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006114",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-1108",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006114",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-1108",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006114",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-570",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006114"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-570"
},
{
"db": "NVD",
"id": "CVE-2020-1108"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka \u0027.NET Core \u0026 .NET Framework Denial of Service Vulnerability\u0027. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET Core on Red Hat Enterprise Linux 7 security update\nAdvisory ID: RHSA-2020:2476-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:2476\nIssue date: 2020-06-10\nCVE Names: CVE-2020-1108\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. The updated version is .NET Core Runtime 2.1.19 and SDK 2.1.515. \n\nSecurity Fix(es):\n\n* dotnet: Denial of service via untrusted input (CVE-2020-1108)\n\nThis is an additional update to comprehensively address CVE-2020-1108. \n\nDefault inclusions for applications built with .NET Core have been updated\nto reference the newest versions and their security fixes. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1827643 - CVE-2020-1108 dotnet: Denial of service via untrusted input\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-18.el7.src.rpm\nrh-dotnet21-dotnet-2.1.515-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-18.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.19-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.19-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-18.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-18.el7.src.rpm\nrh-dotnet21-dotnet-2.1.515-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-18.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.19-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.19-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-18.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-18.el7.src.rpm\nrh-dotnet21-dotnet-2.1.515-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-18.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.19-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.19-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-18.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1108\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXuCqrtzjgjWX9erEAQgIPg/7Ba2cdZAbQ4uL6AsEoi4kN888lESbUKUM\nF3VebsFFw9mpaGJ+dp4O6Ihc9kKZdP6uFWq3VE5I5WPD2BcoZF/OoVfCY1FHmFy6\nfWSZ0ii+Axg8Mqj4uqxlhlFujkxdeQSpfsY38rtPscLGBROEzPAZnUMH/RDXg9TD\n3TdXT4SNVMQPloanzVRDPXEx4OLqgKn9ITpXLah/Jq6zsM37ZDbnM8vQ3o2nH11d\n77N+M+RuGsamPfsbu8sEpgvdXkMtorUjO57PDWeWvxNiRYL/5at5TdcTePjWe5YK\nXANwzPRFtaEU87TFeTVbNrG3MdRl/Uk6FVbuJtNzFIxwi8+qIf1hnUpV0MZxZ1Rg\no77fulouuHCSwV/j7/BN9I8Q7EJj/zm52PldVkbsR0JEr4kZMmlVxS9/VL/LroKS\nqFSAm8yykqI+g7b2EgBQCekIfuurbp1EPeyJ6WcVSb6kcH0xZrXE/t1u/qKIqICe\nOzf/bnjDQ0ACpJTE8pAhs5NhrVXvLuz6qhu8kUHTkW6dRxqRCFhAOhnezsfeWG1K\nnfQOeNfny0SbIJlwh4nsWE3Zv2f/H8KYilfulHvA2SuIGg7mgE0wyPwDXCltyzEW\nJIlM5YyJrQOHLdjfFi8XRqcU1mFII/F9QoV6KqAoZfJ2LgjXLm9au8MNLWRkN7M1\nXE8bQvAYQCc=mOEK\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1108"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006114"
},
{
"db": "VULMON",
"id": "CVE-2020-1108"
},
{
"db": "PACKETSTORM",
"id": "158007"
},
{
"db": "PACKETSTORM",
"id": "158019"
},
{
"db": "PACKETSTORM",
"id": "158020"
},
{
"db": "PACKETSTORM",
"id": "157702"
},
{
"db": "PACKETSTORM",
"id": "157794"
},
{
"db": "PACKETSTORM",
"id": "157788"
},
{
"db": "PACKETSTORM",
"id": "158021"
},
{
"db": "PACKETSTORM",
"id": "157704"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-1108",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006114",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "157794",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158021",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157704",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2021",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2010",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1814",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1691",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2061",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "46713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-570",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-1108",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158007",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158019",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158020",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157702",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157788",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-1108"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006114"
},
{
"db": "PACKETSTORM",
"id": "158007"
},
{
"db": "PACKETSTORM",
"id": "158019"
},
{
"db": "PACKETSTORM",
"id": "158020"
},
{
"db": "PACKETSTORM",
"id": "157702"
},
{
"db": "PACKETSTORM",
"id": "157794"
},
{
"db": "PACKETSTORM",
"id": "157788"
},
{
"db": "PACKETSTORM",
"id": "158021"
},
{
"db": "PACKETSTORM",
"id": "157704"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-570"
},
{
"db": "NVD",
"id": "CVE-2020-1108"
}
]
},
"id": "VAR-202005-0234",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-24T23:05:00.224000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2020-1108 | .NET Core \u0026 .NET Framework Denial of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108"
},
{
"title": "CVE-2020-1108 | .NET Core \u304a\u3088\u3073 .NET Framework \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2020-1108"
},
{
"title": "Microsoft .NET Core and .NET Framework Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118696"
},
{
"title": "Red Hat: Important: .NET Core on Red Hat Enterprise Linux security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202146 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET Core security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202143 - Security Advisory"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-1108"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006114"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-570"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1108"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1108"
},
{
"trust": 1.6,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1108"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1108"
},
{
"trust": 0.8,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-1108"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2061/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1691/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46713"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157794/red-hat-security-advisory-2020-2250-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158021/red-hat-security-advisory-2020-2475-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1814/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2010/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2021/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-may-2020-32249"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157704/red-hat-security-advisory-2020-2146-01.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:2146"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1161"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1161"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181094"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2476"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2471"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2250"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2249"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2475"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-1108"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006114"
},
{
"db": "PACKETSTORM",
"id": "158007"
},
{
"db": "PACKETSTORM",
"id": "158019"
},
{
"db": "PACKETSTORM",
"id": "158020"
},
{
"db": "PACKETSTORM",
"id": "157702"
},
{
"db": "PACKETSTORM",
"id": "157794"
},
{
"db": "PACKETSTORM",
"id": "157788"
},
{
"db": "PACKETSTORM",
"id": "158021"
},
{
"db": "PACKETSTORM",
"id": "157704"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-570"
},
{
"db": "NVD",
"id": "CVE-2020-1108"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-1108"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006114"
},
{
"db": "PACKETSTORM",
"id": "158007"
},
{
"db": "PACKETSTORM",
"id": "158019"
},
{
"db": "PACKETSTORM",
"id": "158020"
},
{
"db": "PACKETSTORM",
"id": "157702"
},
{
"db": "PACKETSTORM",
"id": "157794"
},
{
"db": "PACKETSTORM",
"id": "157788"
},
{
"db": "PACKETSTORM",
"id": "158021"
},
{
"db": "PACKETSTORM",
"id": "157704"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-570"
},
{
"db": "NVD",
"id": "CVE-2020-1108"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-1108"
},
{
"date": "2020-06-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006114"
},
{
"date": "2020-06-10T15:06:32",
"db": "PACKETSTORM",
"id": "158007"
},
{
"date": "2020-06-10T15:11:03",
"db": "PACKETSTORM",
"id": "158019"
},
{
"date": "2020-06-10T15:11:11",
"db": "PACKETSTORM",
"id": "158020"
},
{
"date": "2020-05-14T20:53:30",
"db": "PACKETSTORM",
"id": "157702"
},
{
"date": "2020-05-21T16:41:39",
"db": "PACKETSTORM",
"id": "157794"
},
{
"date": "2020-05-21T16:34:50",
"db": "PACKETSTORM",
"id": "157788"
},
{
"date": "2020-06-10T15:11:23",
"db": "PACKETSTORM",
"id": "158021"
},
{
"date": "2020-05-14T20:53:58",
"db": "PACKETSTORM",
"id": "157704"
},
{
"date": "2020-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-570"
},
{
"date": "2020-05-21T23:15:14.867000",
"db": "NVD",
"id": "CVE-2020-1108"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-1108"
},
{
"date": "2020-06-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006114"
},
{
"date": "2020-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-570"
},
{
"date": "2024-11-21T05:09:45.787000",
"db": "NVD",
"id": "CVE-2020-1108"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-570"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core and .NET Framework Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006114"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-570"
}
],
"trust": 0.6
}
}
var-201905-0991
Vulnerability from variot
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981. This vulnerability CVE-2019-0980 and CVE-2019-0981 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial of service condition.
Bug Fix(es):
-
dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2019:1236-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1236 Issue date: 2019-05-15 CVE Names: CVE-2019-0820 CVE-2019-0980 CVE-2019-0981 ==================================================================== 1. Summary:
Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now available for .NET Core on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.16, 1.1.13, 2.1.11, and 2.2.5.
Security Fix(es):
-
dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)
-
dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0980)
-
dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0981)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)
-
Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)
-
Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)
-
Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1654863 - Re-enable bash completion in rh-dotnet22-dotnet 1678932 - Error rebuilding rh-dotnet22-curl in CentOS 1703479 - Broken apphost caused by unset DOTNET_ROOT 1703508 - Update to .NET Core 1.1.13 1704454 - Update to .NET Core 1.0.16 1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107 1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507 1705259 - Make bash completion compatible with rh-dotnet22 packages 1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service 1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service 1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-0820 https://access.redhat.com/security/cve/CVE-2019-0980 https://access.redhat.com/security/cve/CVE-2019-0981 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB hMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3 3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH kCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ pTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa UcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN NqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg z+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB n7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP DPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD /I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm KCZo5tPFVoU=dJ6F -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0991",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.7.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.7.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.6.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.6.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "3.5.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.8"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.7"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.6"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.5.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "3.5"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "2.2"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.3,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.6"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.1"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.6"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.6"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2.0 sp2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "3.0 sp2"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6.1"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6.2"
}
],
"sources": [
{
"db": "BID",
"id": "108245"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003848"
},
{
"db": "NVD",
"id": "CVE-2019-0820"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:.net_framework",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:powershell_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003848"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat,Microsoft",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-419"
}
],
"trust": 0.6
},
"cve": "CVE-2019-0820",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-0820",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-0820",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-0820",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-0820",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-0820",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-419",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-0820",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003848"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-419"
},
{
"db": "NVD",
"id": "CVE-2019-0820"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka \u0027.NET Framework and .NET Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981. This vulnerability CVE-2019-0980 and CVE-2019-0981 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial of service condition. \n\nBug Fix(es):\n\n* dotnet: new SocketException((int)SocketError.InvalidArgument).Message is\nempty (BZ#1712471)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update\nAdvisory ID: RHSA-2019:1236-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:1236\nIssue date: 2019-05-15\nCVE Names: CVE-2019-0820 CVE-2019-0980 CVE-2019-0981\n====================================================================\n1. Summary:\n\nUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,\nrh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now\navailable for .NET Core on Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core 1.0.16, 1.1.13, 2.1.11, and\n2.2.5. \n\nSecurity Fix(es):\n\n* dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)\n\n* dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of\nService (CVE-2019-0980)\n\n* dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of\nService (CVE-2019-0981)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)\n\n* Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)\n\n* Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)\n\n* Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1654863 - Re-enable bash completion in rh-dotnet22-dotnet\n1678932 - Error rebuilding rh-dotnet22-curl in CentOS\n1703479 - Broken apphost caused by unset DOTNET_ROOT\n1703508 - Update to .NET Core 1.1.13\n1704454 - Update to .NET Core 1.0.16\n1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107\n1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507\n1705259 - Make bash completion compatible with rh-dotnet22 packages\n1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service\n1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service\n1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0820\nhttps://access.redhat.com/security/cve/CVE-2019-0980\nhttps://access.redhat.com/security/cve/CVE-2019-0981\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB\nhMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3\n3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH\nkCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ\npTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa\nUcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN\nNqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg\nz+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB\nn7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP\nDPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD\n/I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm\nKCZo5tPFVoU=dJ6F\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003848"
},
{
"db": "BID",
"id": "108245"
},
{
"db": "VULMON",
"id": "CVE-2019-0820"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152953"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-0820",
"trust": 3.0
},
{
"db": "BID",
"id": "108245",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003848",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "152999",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "152953",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1839",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1740",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-419",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-0820",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0820"
},
{
"db": "BID",
"id": "108245"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003848"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152953"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-419"
},
{
"db": "NVD",
"id": "CVE-2019-0820"
}
]
},
"id": "VAR-201905-0991",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T21:59:52.513000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2019-0820 | .NET Framework and .NET Core Denial of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820"
},
{
"title": "CVE-2019-0820 | .NET Framework \u3068 .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0820"
},
{
"title": "Microsoft .NET Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92588"
},
{
"title": "Red Hat: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191236 - Security Advisory"
},
{
"title": "Red Hat: Important: dotnet security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191259 - Security Advisory"
},
{
"title": "snowflake-connector-net",
"trust": 0.1,
"url": "https://github.com/snowflakedb/snowflake-connector-net "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/TortugaResearch/Tortuga.Data.Snowflake "
},
{
"title": "Symantec Threat Intelligence Blog",
"trust": 0.1,
"url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-may-2019"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0820"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003848"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-419"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003848"
},
{
"db": "NVD",
"id": "CVE-2019-0820"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:1259"
},
{
"trust": 2.2,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0820"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0820"
},
{
"trust": 0.9,
"url": "http://www.microsoft.com"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0820"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20190515-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2019/at190023.html"
},
{
"trust": 0.7,
"url": "https://www.securityfocus.com/bid/108245"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/errata/rhsa-2019:1236"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152999/red-hat-security-advisory-2019-1259-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/81042"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152953/red-hat-security-advisory-2019-1236-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1839/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-may-2019-29296"
},
{
"trust": 0.2,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0980"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0981"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0980"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0981"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0980"
},
{
"trust": 0.2,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0981"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0820"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://github.com/snowflakedb/snowflake-connector-net"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/108245"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0757"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0757"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md"
},
{
"trust": 0.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0757"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0820"
},
{
"db": "BID",
"id": "108245"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003848"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152953"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-419"
},
{
"db": "NVD",
"id": "CVE-2019-0820"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-0820"
},
{
"db": "BID",
"id": "108245"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003848"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152953"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-419"
},
{
"db": "NVD",
"id": "CVE-2019-0820"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-16T00:00:00",
"db": "VULMON",
"id": "CVE-2019-0820"
},
{
"date": "2019-05-14T00:00:00",
"db": "BID",
"id": "108245"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003848"
},
{
"date": "2019-05-22T14:39:27",
"db": "PACKETSTORM",
"id": "152999"
},
{
"date": "2019-05-16T23:05:23",
"db": "PACKETSTORM",
"id": "152953"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-419"
},
{
"date": "2019-05-16T19:29:00.880000",
"db": "NVD",
"id": "CVE-2019-0820"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-02T00:00:00",
"db": "VULMON",
"id": "CVE-2019-0820"
},
{
"date": "2019-05-14T00:00:00",
"db": "BID",
"id": "108245"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003848"
},
{
"date": "2021-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-419"
},
{
"date": "2024-11-21T04:17:20.210000",
"db": "NVD",
"id": "CVE-2019-0820"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-419"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Framework and .NET Core Vulnerable to denial of service operation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003848"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-419"
}
],
"trust": 0.6
}
}
var-202203-0039
Vulnerability from variot
.NET and Visual Studio Denial of Service Vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: .NET 6.0 on RHEL 7 security and bugfix update Advisory ID: RHSA-2022:0832-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0832 Issue date: 2022-03-10 CVE Names: CVE-2022-24464 CVE-2022-24512 =====================================================================
- Summary:
An update for .NET 6.0 is now available for .NET on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 6.0.103 and .NET Runtime 6.0.3.
Security Fix(es):
-
dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
-
dotnet: double parser stack buffer overrun (CVE-2022-24512)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2061847 - CVE-2022-24464 dotnet: ASP.NET Denial of Service via FormPipeReader 2061854 - CVE-2022-24512 dotnet: double parser stack buffer overrun
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-24464 https://access.redhat.com/security/cve/CVE-2022-24512 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYipo+dzjgjWX9erEAQhWwA//Z+qgA25Pl9oc2SywwNY3Si0CPw7txaS5 99i3ldOuALPRwbMQ6mGjkpuuwY+ioLBeiBGUSGGXOACjcRMmGIH5dbsj1vTKJlO2 J3kCabYANlt0hHPQtdVL/+SkAG86bUlFiNxsQytd0Od/U782r1WT/JrvLocjuo9k xuqUXZTRR+0fYUoKmMaRRM/ipNHSKTwA5izPbO0a/6xsEB1ubE/vBJ2JDhqIeZ9P nQBn2GcufSMivwbCeEojjLFwmp9H/JQjqHmM0Fd3KLc6VvDMoLK4/Bssy5qQW+PM YkFPWXqjQYX8McWCwRK5ALR5MteyHVlhgjIaP4pStevuBRymysWW2x06atajsrQ3 i2g4AkSp5Kftr4Tr7UzczP4JKqnI+VssUeN4zbWFxoEslhjGCITTD00c9ZxN5bCn w8Awl0h6ezl50YhTTRj2oF2Rq5ff2CbOikZQLe6i3rR+kK8x138/Y876lh6cDzYD 2AJuf/StDjKMVYtR2h/evUymgAvr6tih3baH5egDLa8Bg9p6dm9zB9deYMN4OM7a oAHbqH43+gLirFFsmD97P86pil7YHJeDKPGt0WzhAAppMk10XCuNe7SipQvztwDU UQiOTQPTbiAhHt3/I8DpN7OuEPJP2EHjMWf8/dpouetIkiCIMFFPOX4CLQC35wI/ 5npIufme4D0= =V/tf -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, s390x, x86_64
3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0"
},
{
"model": "visual studio 2019",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.9.18"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "visual studio 2019",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.8.7"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.10.0"
},
{
"model": "visual studio 2019",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.11.11"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0"
},
{
"model": ".net core",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1.22"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.7.0"
},
{
"model": "visual studio 2019",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.6.4"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "visual studio 2019",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.7.26"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.8.0"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.11.0"
},
{
"model": ".net",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0.14"
},
{
"model": "visual studio 2019",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.10.4"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": ".net",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.2"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.9.0"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0.7"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2019 16.9 (includes 16.0 - 16.8)"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2019 16.11 (includes 16.0 - 16.10)"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2019 16.7 (includes 16.0 - 16.6)"
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001413"
},
{
"db": "NVD",
"id": "CVE-2022-24464"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166260"
},
{
"db": "PACKETSTORM",
"id": "166271"
},
{
"db": "PACKETSTORM",
"id": "166270"
},
{
"db": "PACKETSTORM",
"id": "166269"
},
{
"db": "PACKETSTORM",
"id": "166267"
},
{
"db": "PACKETSTORM",
"id": "166266"
}
],
"trust": 0.6
},
"cve": "CVE-2022-24464",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-24464",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secure@microsoft.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-24464",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2022-001413",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-24464",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2022-24464",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-24464",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-701",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001413"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-701"
},
{
"db": "NVD",
"id": "CVE-2022-24464"
},
{
"db": "NVD",
"id": "CVE-2022-24464"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET and Visual Studio Denial of Service Vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: .NET 6.0 on RHEL 7 security and bugfix update\nAdvisory ID: RHSA-2022:0832-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0832\nIssue date: 2022-03-10\nCVE Names: CVE-2022-24464 CVE-2022-24512 \n=====================================================================\n\n1. Summary:\n\nAn update for .NET 6.0 is now available for .NET on Red Hat Enterprise\nLinux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address security vulnerabilities are now\navailable. The updated versions are .NET SDK 6.0.103 and .NET Runtime\n6.0.3. \n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2061847 - CVE-2022-24464 dotnet: ASP.NET Denial of Service via FormPipeReader\n2061854 - CVE-2022-24512 dotnet: double parser stack buffer overrun\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-24464\nhttps://access.redhat.com/security/cve/CVE-2022-24512\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYipo+dzjgjWX9erEAQhWwA//Z+qgA25Pl9oc2SywwNY3Si0CPw7txaS5\n99i3ldOuALPRwbMQ6mGjkpuuwY+ioLBeiBGUSGGXOACjcRMmGIH5dbsj1vTKJlO2\nJ3kCabYANlt0hHPQtdVL/+SkAG86bUlFiNxsQytd0Od/U782r1WT/JrvLocjuo9k\nxuqUXZTRR+0fYUoKmMaRRM/ipNHSKTwA5izPbO0a/6xsEB1ubE/vBJ2JDhqIeZ9P\nnQBn2GcufSMivwbCeEojjLFwmp9H/JQjqHmM0Fd3KLc6VvDMoLK4/Bssy5qQW+PM\nYkFPWXqjQYX8McWCwRK5ALR5MteyHVlhgjIaP4pStevuBRymysWW2x06atajsrQ3\ni2g4AkSp5Kftr4Tr7UzczP4JKqnI+VssUeN4zbWFxoEslhjGCITTD00c9ZxN5bCn\nw8Awl0h6ezl50YhTTRj2oF2Rq5ff2CbOikZQLe6i3rR+kK8x138/Y876lh6cDzYD\n2AJuf/StDjKMVYtR2h/evUymgAvr6tih3baH5egDLa8Bg9p6dm9zB9deYMN4OM7a\noAHbqH43+gLirFFsmD97P86pil7YHJeDKPGt0WzhAAppMk10XCuNe7SipQvztwDU\nUQiOTQPTbiAhHt3/I8DpN7OuEPJP2EHjMWf8/dpouetIkiCIMFFPOX4CLQC35wI/\n5npIufme4D0=\n=V/tf\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, s390x, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24464"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001413"
},
{
"db": "PACKETSTORM",
"id": "166260"
},
{
"db": "PACKETSTORM",
"id": "166271"
},
{
"db": "PACKETSTORM",
"id": "166270"
},
{
"db": "PACKETSTORM",
"id": "166269"
},
{
"db": "PACKETSTORM",
"id": "166267"
},
{
"db": "PACKETSTORM",
"id": "166266"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24464",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001413",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166271",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022031027",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022030847",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1015",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-701",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166260",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166270",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166269",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166267",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166266",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001413"
},
{
"db": "PACKETSTORM",
"id": "166260"
},
{
"db": "PACKETSTORM",
"id": "166271"
},
{
"db": "PACKETSTORM",
"id": "166270"
},
{
"db": "PACKETSTORM",
"id": "166269"
},
{
"db": "PACKETSTORM",
"id": "166267"
},
{
"db": "PACKETSTORM",
"id": "166266"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-701"
},
{
"db": "NVD",
"id": "CVE-2022-24464"
}
]
},
"id": "VAR-202203-0039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T20:48:24.533000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": ".NET\u00a0and\u00a0Visual\u00a0Studio\u00a0Denial\u00a0of\u00a0Service\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464"
},
{
"title": "Microsoft .NET Core and Microsoft Visual Studio Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=185198"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001413"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-701"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001413"
},
{
"db": "NVD",
"id": "CVE-2022-24464"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-24464"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24464"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24464"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20220309-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2022/at220007.html"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-24512"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24512"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/os2q4nprsarp7ghlkfliyhfopsydo6mk/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mqlm7abvcyjlf6jrpf3m3ebxw63gnc27/"
},
{
"trust": 0.6,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2022-24464"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mrgspxmzy4rm2l35fyhcxbfrolc23b2v/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4togtz2zwdh662znffszvl3m5ajxv6jf/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cijgcvklhvnlfbteyjgws43qg5dyjfbl/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zxeq3gqvela2t4hnzg7vpms2hdvxmjrg/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022030847"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1015"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-24464/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166271/red-hat-security-advisory-2022-0826-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-march-2022-37733"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-march-2022-37737"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031027"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0826"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0828"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0829"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0830"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001413"
},
{
"db": "PACKETSTORM",
"id": "166260"
},
{
"db": "PACKETSTORM",
"id": "166271"
},
{
"db": "PACKETSTORM",
"id": "166270"
},
{
"db": "PACKETSTORM",
"id": "166269"
},
{
"db": "PACKETSTORM",
"id": "166267"
},
{
"db": "PACKETSTORM",
"id": "166266"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-701"
},
{
"db": "NVD",
"id": "CVE-2022-24464"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001413"
},
{
"db": "PACKETSTORM",
"id": "166260"
},
{
"db": "PACKETSTORM",
"id": "166271"
},
{
"db": "PACKETSTORM",
"id": "166270"
},
{
"db": "PACKETSTORM",
"id": "166269"
},
{
"db": "PACKETSTORM",
"id": "166267"
},
{
"db": "PACKETSTORM",
"id": "166266"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-701"
},
{
"db": "NVD",
"id": "CVE-2022-24464"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001413"
},
{
"date": "2022-03-11T16:10:28",
"db": "PACKETSTORM",
"id": "166260"
},
{
"date": "2022-03-11T16:33:33",
"db": "PACKETSTORM",
"id": "166271"
},
{
"date": "2022-03-11T16:33:16",
"db": "PACKETSTORM",
"id": "166270"
},
{
"date": "2022-03-11T16:33:04",
"db": "PACKETSTORM",
"id": "166269"
},
{
"date": "2022-03-11T16:31:42",
"db": "PACKETSTORM",
"id": "166267"
},
{
"date": "2022-03-11T16:31:28",
"db": "PACKETSTORM",
"id": "166266"
},
{
"date": "2022-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-701"
},
{
"date": "2022-03-09T17:15:14.277000",
"db": "NVD",
"id": "CVE-2022-24464"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-16T08:17:00",
"db": "JVNDB",
"id": "JVNDB-2022-001413"
},
{
"date": "2023-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-701"
},
{
"date": "2024-11-21T06:50:28.410000",
"db": "NVD",
"id": "CVE-2022-24464"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-701"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET\u00a0 and \u00a0Microsoft\u00a0Visual\u00a0Studio\u00a0 Denial of service in Japan \u00a0(DoS)\u00a0 Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001413"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-701"
}
],
"trust": 0.6
}
}
var-201905-1230
Vulnerability from variot
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981. This vulnerability CVE-2019-0820 and CVE-2019-0981 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial of service condition.
Bug Fix(es):
-
dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2019:1236-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1236 Issue date: 2019-05-15 CVE Names: CVE-2019-0820 CVE-2019-0980 CVE-2019-0981 ==================================================================== 1. Summary:
Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now available for .NET Core on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
Security Fix(es):
-
dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)
-
dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0980)
-
dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0981)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)
-
Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)
-
Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)
-
Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1654863 - Re-enable bash completion in rh-dotnet22-dotnet 1678932 - Error rebuilding rh-dotnet22-curl in CentOS 1703479 - Broken apphost caused by unset DOTNET_ROOT 1703508 - Update to .NET Core 1.1.13 1704454 - Update to .NET Core 1.0.16 1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107 1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507 1705259 - Make bash completion compatible with rh-dotnet22 packages 1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service 1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service 1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-0820 https://access.redhat.com/security/cve/CVE-2019-0980 https://access.redhat.com/security/cve/CVE-2019-0981 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB hMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3 3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH kCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ pTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa UcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN NqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg z+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB n7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP DPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD /I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm KCZo5tPFVoU=dJ6F -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1230",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.7.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.7.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.6.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.6.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "3.5.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.8"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.7"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.6"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.5.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "3.5"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "2.2"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2.0 sp2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "3.0 sp2"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6.1"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6.2"
},
{
"model": ".net framework sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": ".net framework sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.0"
}
],
"sources": [
{
"db": "BID",
"id": "108232"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003824"
},
{
"db": "NVD",
"id": "CVE-2019-0980"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:.net_framework",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:powershell_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003824"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nemanja Mijailovic,Red Hat",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-367"
}
],
"trust": 0.6
},
"cve": "CVE-2019-0980",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-0980",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-0980",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-0980",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-0980",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-367",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-0980",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0980"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003824"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-367"
},
{
"db": "NVD",
"id": "CVE-2019-0980"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka \u0027.Net Framework and .Net Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981. This vulnerability CVE-2019-0820 and CVE-2019-0981 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial of service condition. \n\nBug Fix(es):\n\n* dotnet: new SocketException((int)SocketError.InvalidArgument).Message is\nempty (BZ#1712471)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update\nAdvisory ID: RHSA-2019:1236-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:1236\nIssue date: 2019-05-15\nCVE Names: CVE-2019-0820 CVE-2019-0980 CVE-2019-0981\n====================================================================\n1. Summary:\n\nUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,\nrh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now\navailable for .NET Core on Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)\n\n* dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of\nService (CVE-2019-0980)\n\n* dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of\nService (CVE-2019-0981)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)\n\n* Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)\n\n* Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)\n\n* Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1654863 - Re-enable bash completion in rh-dotnet22-dotnet\n1678932 - Error rebuilding rh-dotnet22-curl in CentOS\n1703479 - Broken apphost caused by unset DOTNET_ROOT\n1703508 - Update to .NET Core 1.1.13\n1704454 - Update to .NET Core 1.0.16\n1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107\n1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507\n1705259 - Make bash completion compatible with rh-dotnet22 packages\n1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service\n1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service\n1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0820\nhttps://access.redhat.com/security/cve/CVE-2019-0980\nhttps://access.redhat.com/security/cve/CVE-2019-0981\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB\nhMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3\n3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH\nkCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ\npTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa\nUcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN\nNqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg\nz+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB\nn7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP\nDPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD\n/I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm\nKCZo5tPFVoU=dJ6F\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0980"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003824"
},
{
"db": "BID",
"id": "108232"
},
{
"db": "VULMON",
"id": "CVE-2019-0980"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152953"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-0980",
"trust": 3.0
},
{
"db": "BID",
"id": "108232",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003824",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "152999",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "152953",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1839",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1740",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-367",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-0980",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0980"
},
{
"db": "BID",
"id": "108232"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003824"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152953"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-367"
},
{
"db": "NVD",
"id": "CVE-2019-0980"
}
]
},
"id": "VAR-201905-1230",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T21:59:52.650000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2019-0980 | .Net Framework and .Net Core Denial of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980"
},
{
"title": "CVE-2019-0980 | .NET Framework \u3068 .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0980"
},
{
"title": "Microsoft .NET Framework and .NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92518"
},
{
"title": "Red Hat: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191236 - Security Advisory"
},
{
"title": "Red Hat: Important: dotnet security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191259 - Security Advisory"
},
{
"title": "sharpfuzz",
"trust": 0.1,
"url": "https://github.com/Metalnem/sharpfuzz "
},
{
"title": "Symantec Threat Intelligence Blog",
"trust": 0.1,
"url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-may-2019"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0980"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003824"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-367"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-19",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003824"
},
{
"db": "NVD",
"id": "CVE-2019-0980"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:1259"
},
{
"trust": 2.2,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0980"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0980"
},
{
"trust": 0.9,
"url": "http://www.microsoft.com"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1236"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0980"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20190515-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2019/at190023.html"
},
{
"trust": 0.7,
"url": "https://www.securityfocus.com/bid/108232"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152999/red-hat-security-advisory-2019-1259-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/81042"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152953/red-hat-security-advisory-2019-1236-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1839/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-may-2019-29296"
},
{
"trust": 0.2,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0820"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0981"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0980"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0820"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0981"
},
{
"trust": 0.2,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0981"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0820"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/19.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/metalnem/sharpfuzz"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/108232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0757"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0757"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md"
},
{
"trust": 0.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0757"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0980"
},
{
"db": "BID",
"id": "108232"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003824"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152953"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-367"
},
{
"db": "NVD",
"id": "CVE-2019-0980"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-0980"
},
{
"db": "BID",
"id": "108232"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003824"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152953"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-367"
},
{
"db": "NVD",
"id": "CVE-2019-0980"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-16T00:00:00",
"db": "VULMON",
"id": "CVE-2019-0980"
},
{
"date": "2019-05-14T00:00:00",
"db": "BID",
"id": "108232"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003824"
},
{
"date": "2019-05-22T14:39:27",
"db": "PACKETSTORM",
"id": "152999"
},
{
"date": "2019-05-16T23:05:23",
"db": "PACKETSTORM",
"id": "152953"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-367"
},
{
"date": "2019-05-16T19:29:04.957000",
"db": "NVD",
"id": "CVE-2019-0980"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2019-0980"
},
{
"date": "2019-05-14T00:00:00",
"db": "BID",
"id": "108232"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003824"
},
{
"date": "2019-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-367"
},
{
"date": "2024-11-21T04:17:36.607000",
"db": "NVD",
"id": "CVE-2019-0980"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-367"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft .NET Framework and .NET Core Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003824"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-367"
}
],
"trust": 0.6
}
}
var-202205-0624
Vulnerability from variot
.NET and Visual Studio Denial of Service Vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET 6.0 on RHEL 7 security and bugfix update Advisory ID: RHSA-2022:2195-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2195 Issue date: 2022-05-11 CVE Names: CVE-2022-23267 CVE-2022-29117 CVE-2022-29145 ==================================================================== 1. Summary:
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 6.0.105 and .NET Core Runtime 6.0.5.
Security Fix(es):
-
dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267)
-
dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117)
-
dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2083647 - CVE-2022-29117 dotnet: malicious content causes high CPU and memory usage 2083649 - CVE-2022-29145 dotnet: parsing HTML causes Denial of Service 2083650 - CVE-2022-23267 dotnet: excess memory allocation via HttpClient causes DoS
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-23267 https://access.redhat.com/security/cve/CVE-2022-29117 https://access.redhat.com/security/cve/CVE-2022-29145 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYnw2ZtzjgjWX9erEAQhfsA//XM/8Ih5T9J+ql5cd6IgYWbT1UOM8KE17 4abvuRvxBqSfJyACbCEbRNm+GZzqWF6SHYamS3lAfs5Gt/SmIcEtyWZTaEkiZtbi sIsJ2Hd802Sm8K1gcU0MFOMhT5zwI3ogteixbvzkN6y5NxHitkVTUZqOIjvpcNzn Mc0bfAgeIzODP6F5hfneYantgPhQC3j5eWDcRBOrvxD2cRDnQ6CzL37wUsdSd+TA f8b7Ck2lg9poj+v/4L/HVLZJi47HM3C3ouqJClTx3kL89ktEZkhavcLua4wX8aY5 n1MPCnMe9OrPwfzAzyCrZqKezAutuu3QfXaWy37RW4M4Tza1dfP/4eJ2fBH19JcB 3iUmFmQmR36WFLBMCrUzLNH8FsBXzp1MLiiKuRgV/MXa+M2ZwMeqTFQuAsAA8lTE 0Qeoyf7JmWP/iDcODWKU/+eApCsRKBnmB952x3UroOq0H57m1RPJKZRlwwqy1S2a Tc2xXDB/w6SaORozEXlGnyrzHBIM7FdHkNS4zdWSNH4GRkO3bbwsi2CPgzIkXvyZ j1Q4NEtntVC3FmkKHUoSw3XRmBNrBNAD3JRKWYXEmN1JAfXSAsrbOqlj9sCE/nTJ rDNXwYArh73UwTMfU2+JL/2XE1mgV+LWBtAMsoBGHAg31HdXQQOe1UoJEaKjX7p3 zq2nVL/qVmM=le1K -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, s390x, x86_64
3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0624",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "visual studio 2022",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.1"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0"
},
{
"model": ".net",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "visual studio 2022",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0"
},
{
"model": "visual studio 2019",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.11.14"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.10"
},
{
"model": "powershell",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "powershell",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.2.4"
},
{
"model": "powershell",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.2"
},
{
"model": "powershell",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.11"
},
{
"model": "visual studio 2019",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.9.21"
},
{
"model": ".net",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "powershell",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "7.0"
},
{
"model": ".net core",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft visual studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "powershell",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "7.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001863"
},
{
"db": "NVD",
"id": "CVE-2022-23267"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "167135"
},
{
"db": "PACKETSTORM",
"id": "167382"
},
{
"db": "PACKETSTORM",
"id": "167128"
},
{
"db": "PACKETSTORM",
"id": "167143"
},
{
"db": "PACKETSTORM",
"id": "167125"
},
{
"db": "PACKETSTORM",
"id": "167141"
},
{
"db": "PACKETSTORM",
"id": "167130"
}
],
"trust": 0.7
},
"cve": "CVE-2022-23267",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-23267",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secure@microsoft.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-23267",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2022-001863",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-23267",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2022-23267",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-23267",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2800",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-23267",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-23267"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001863"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2800"
},
{
"db": "NVD",
"id": "CVE-2022-23267"
},
{
"db": "NVD",
"id": "CVE-2022-23267"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET and Visual Studio Denial of Service Vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET 6.0 on RHEL 7 security and bugfix update\nAdvisory ID: RHSA-2022:2195-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:2195\nIssue date: 2022-05-11\nCVE Names: CVE-2022-23267 CVE-2022-29117 CVE-2022-29145\n====================================================================\n1. Summary:\n\nAn update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET Core that address a security vulnerability are now\navailable. The updated versions are .NET Core SDK 6.0.105 and .NET Core\nRuntime 6.0.5. \n\nSecurity Fix(es):\n\n* dotnet: excess memory allocation via HttpClient causes DoS\n(CVE-2022-23267)\n\n* dotnet: malicious content causes high CPU and memory usage\n(CVE-2022-29117)\n\n* dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2083647 - CVE-2022-29117 dotnet: malicious content causes high CPU and memory usage\n2083649 - CVE-2022-29145 dotnet: parsing HTML causes Denial of Service\n2083650 - CVE-2022-23267 dotnet: excess memory allocation via HttpClient causes DoS\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-23267\nhttps://access.redhat.com/security/cve/CVE-2022-29117\nhttps://access.redhat.com/security/cve/CVE-2022-29145\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYnw2ZtzjgjWX9erEAQhfsA//XM/8Ih5T9J+ql5cd6IgYWbT1UOM8KE17\n4abvuRvxBqSfJyACbCEbRNm+GZzqWF6SHYamS3lAfs5Gt/SmIcEtyWZTaEkiZtbi\nsIsJ2Hd802Sm8K1gcU0MFOMhT5zwI3ogteixbvzkN6y5NxHitkVTUZqOIjvpcNzn\nMc0bfAgeIzODP6F5hfneYantgPhQC3j5eWDcRBOrvxD2cRDnQ6CzL37wUsdSd+TA\nf8b7Ck2lg9poj+v/4L/HVLZJi47HM3C3ouqJClTx3kL89ktEZkhavcLua4wX8aY5\nn1MPCnMe9OrPwfzAzyCrZqKezAutuu3QfXaWy37RW4M4Tza1dfP/4eJ2fBH19JcB\n3iUmFmQmR36WFLBMCrUzLNH8FsBXzp1MLiiKuRgV/MXa+M2ZwMeqTFQuAsAA8lTE\n0Qeoyf7JmWP/iDcODWKU/+eApCsRKBnmB952x3UroOq0H57m1RPJKZRlwwqy1S2a\nTc2xXDB/w6SaORozEXlGnyrzHBIM7FdHkNS4zdWSNH4GRkO3bbwsi2CPgzIkXvyZ\nj1Q4NEtntVC3FmkKHUoSw3XRmBNrBNAD3JRKWYXEmN1JAfXSAsrbOqlj9sCE/nTJ\nrDNXwYArh73UwTMfU2+JL/2XE1mgV+LWBtAMsoBGHAg31HdXQQOe1UoJEaKjX7p3\nzq2nVL/qVmM=le1K\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, s390x, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23267"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001863"
},
{
"db": "VULMON",
"id": "CVE-2022-23267"
},
{
"db": "PACKETSTORM",
"id": "167135"
},
{
"db": "PACKETSTORM",
"id": "167382"
},
{
"db": "PACKETSTORM",
"id": "167128"
},
{
"db": "PACKETSTORM",
"id": "167143"
},
{
"db": "PACKETSTORM",
"id": "167125"
},
{
"db": "PACKETSTORM",
"id": "167141"
},
{
"db": "PACKETSTORM",
"id": "167130"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-23267",
"trust": 4.0
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001863",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167382",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167143",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022051101",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051228",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072010",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2800",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-23267",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167128",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167125",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167141",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167130",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-23267"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001863"
},
{
"db": "PACKETSTORM",
"id": "167135"
},
{
"db": "PACKETSTORM",
"id": "167382"
},
{
"db": "PACKETSTORM",
"id": "167128"
},
{
"db": "PACKETSTORM",
"id": "167143"
},
{
"db": "PACKETSTORM",
"id": "167125"
},
{
"db": "PACKETSTORM",
"id": "167141"
},
{
"db": "PACKETSTORM",
"id": "167130"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2800"
},
{
"db": "NVD",
"id": "CVE-2022-23267"
}
]
},
"id": "VAR-202205-0624",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T19:35:46.073000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": ".NET\u00a0and\u00a0Visual\u00a0Studio\u00a0Denial\u00a0of\u00a0Service\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267"
},
{
"title": "Multiple Microsoft Product resource management error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193428"
},
{
"title": "Red Hat: Important: .NET 6.0 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222199 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET 5.0 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222200 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET 5.0 on RHEL 7 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222196 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET 6.0 on RHEL 7 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222195 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET Core 3.1 on RHEL 7 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222194 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET 6.0 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224588 - Security Advisory"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-23267"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001863"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2800"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001863"
},
{
"db": "NVD",
"id": "CVE-2022-23267"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2022-23267"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23267"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/security/cve/cve-2022-23267"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ibysbudjyq76hk4tulxviipckk2u6wdb/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gnxql7ezorgu4pzcpj5epq4p7iey3zzo/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/w5fpeq6btyrgts6iycdtzw6yf5hlq3by/"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20220511-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2022/at220014.html"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29117"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29145"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-29117"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-29145"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ibysbudjyq76hk4tulxviipckk2u6wdb/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/w5fpeq6btyrgts6iycdtzw6yf5hlq3by/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gnxql7ezorgu4pzcpj5epq4p7iey3zzo/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051228"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-may-2022-38299"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167143/red-hat-security-advisory-2022-2200-01.html"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-23267"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051101"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167382/red-hat-security-advisory-2022-4588-01.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-23267/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2022:2199"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2202"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4588"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2194"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-23267"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001863"
},
{
"db": "PACKETSTORM",
"id": "167135"
},
{
"db": "PACKETSTORM",
"id": "167382"
},
{
"db": "PACKETSTORM",
"id": "167128"
},
{
"db": "PACKETSTORM",
"id": "167143"
},
{
"db": "PACKETSTORM",
"id": "167125"
},
{
"db": "PACKETSTORM",
"id": "167141"
},
{
"db": "PACKETSTORM",
"id": "167130"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2800"
},
{
"db": "NVD",
"id": "CVE-2022-23267"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-23267"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001863"
},
{
"db": "PACKETSTORM",
"id": "167135"
},
{
"db": "PACKETSTORM",
"id": "167382"
},
{
"db": "PACKETSTORM",
"id": "167128"
},
{
"db": "PACKETSTORM",
"id": "167143"
},
{
"db": "PACKETSTORM",
"id": "167125"
},
{
"db": "PACKETSTORM",
"id": "167141"
},
{
"db": "PACKETSTORM",
"id": "167130"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2800"
},
{
"db": "NVD",
"id": "CVE-2022-23267"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23267"
},
{
"date": "2022-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001863"
},
{
"date": "2022-05-12T15:51:27",
"db": "PACKETSTORM",
"id": "167135"
},
{
"date": "2022-06-03T15:43:44",
"db": "PACKETSTORM",
"id": "167382"
},
{
"date": "2022-05-12T15:44:58",
"db": "PACKETSTORM",
"id": "167128"
},
{
"date": "2022-05-12T15:56:14",
"db": "PACKETSTORM",
"id": "167143"
},
{
"date": "2022-05-12T15:40:23",
"db": "PACKETSTORM",
"id": "167125"
},
{
"date": "2022-05-12T15:53:37",
"db": "PACKETSTORM",
"id": "167141"
},
{
"date": "2022-05-12T15:46:28",
"db": "PACKETSTORM",
"id": "167130"
},
{
"date": "2022-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2800"
},
{
"date": "2022-05-10T21:15:09.853000",
"db": "NVD",
"id": "CVE-2022-23267"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-20T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23267"
},
{
"date": "2022-05-25T08:34:00",
"db": "JVNDB",
"id": "JVNDB-2022-001863"
},
{
"date": "2022-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2800"
},
{
"date": "2024-11-21T06:48:17.387000",
"db": "NVD",
"id": "CVE-2022-23267"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2800"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Microsoft\u00a0 Service operation interruption in the product \u00a0(DoS)\u00a0 Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001863"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2800"
}
],
"trust": 0.6
}
}
var-202208-0807
Vulnerability from variot
.NET Spoofing Vulnerability. 9) - aarch64, s390x, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: .NET Core 3.1 security, bug fix, and enhancement update Advisory ID: RHSA-2022:6037-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6037 Issue date: 2022-08-10 CVE Names: CVE-2022-34716 ==================================================================== 1. Summary:
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.
Security Fix(es):
- dotnet: External Entity Injection during XML signature verification (CVE-2022-34716)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2115183 - CVE-2022-34716 dotnet: External Entity Injection during XML signature verification
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet31-dotnet-3.1.422-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.422-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.422-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.422-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.422-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.422-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.422-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet31-dotnet-3.1.422-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.422-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.422-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.422-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.422-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.422-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.422-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet31-dotnet-3.1.422-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.422-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.422-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.422-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.422-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.28-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.422-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.422-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-34716 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYvOfQ9zjgjWX9erEAQgz/BAApIpyQHcvY4oKILJFLse9IV0BiE2IdfKd tz8I4vsvlDtzn9+XcaVXPplZJioG+kXvLQYCWyP3pZT0jMEa7tg+HHaw+DiQPkP5 EapqguieJRDZ+fk45OvFLiXECSEGlPBOeyMb67CjtDHIFiqT9PypfOXQbLtiPVGA 8XAHZgnjnlg/2TsQgQJCjEOKE8pYduTo0+XJVXDpwleQ6KpZT2RcxWdV8MdL7Qy2 689jzxUU5pdepUlB6VHO9pw37BDsvpKhrOjB1DBLQzFOHVQNoRRjn4tPXWs1oCs6 ChEO9w9/sZVSRhoLYapbnIs1lDKE9OKxjFFPXvcRIDyCVm3gEE/HlIDtFiHuXKMK oVK87SBGqM1ZlDvhZcT10JTlZ7TESmjJuiuNqYKT4SHEA54zgHdGMlG+ouEuogRW LaFiwE5A7nh3hofjkmpRQVa6VP13lfZ36/m7ODlWpFqWlhGtvgGwV+CiuPvMX5vw KX56kAIJhuhLniiP2eDko7cs0Y4gdcmGGJjmTTD08qEDnAcV5CgSns9skixKZN6s 3LaVKBkeELyo6kxp6ckGuIE7Qgbw+zxdX3OZSRIT0Eh3Pkyg7fjdCHm7/kLXZJEg I5UbZ5DGm64jrwldInXGto3I0z5Dh4j3rVqQRKYy7F1qEfvUz9sITXpjhj5P1AS9 SfnD49PWESw=gIlP -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .
The following packages have been upgraded to a later upstream version: rh-dotnet60-dotnet (6.0.108)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-0807",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "powershell",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.2"
},
{
"model": ".net",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.8"
},
{
"model": "powershell",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "powershell",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.2.6"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": ".net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1.28"
},
{
"model": "powershell",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.12"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "powershell",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "7.2"
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "powershell",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "7.0"
},
{
"model": ".net core",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002230"
},
{
"db": "NVD",
"id": "CVE-2022-34716"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Felix Wilhelm of Google Project Zero",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2486"
}
],
"trust": 0.6
},
"cve": "CVE-2022-34716",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "secure@microsoft.com",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-34716",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-002230",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "secure@microsoft.com",
"id": "CVE-2022-34716",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2022-002230",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2486",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002230"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2486"
},
{
"db": "NVD",
"id": "CVE-2022-34716"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Spoofing Vulnerability. 9) - aarch64, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: .NET Core 3.1 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2022:6037-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6037\nIssue date: 2022-08-10\nCVE Names: CVE-2022-34716\n====================================================================\n1. Summary:\n\nAn update for .NET Core 3.1 is now available for Red Hat Enterprise Linux\n7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now\navailable. The updated versions are .NET SDK 3.1.422 and .NET Runtime\n3.1.28. \n\nSecurity Fix(es):\n\n* dotnet: External Entity Injection during XML signature verification\n(CVE-2022-34716)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2115183 - CVE-2022-34716 dotnet: External Entity Injection during XML signature verification\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.422-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.422-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.422-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.422-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.422-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.422-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.422-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.422-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.422-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.422-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.422-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.422-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.422-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.422-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.422-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.422-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.422-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.422-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.422-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.28-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.422-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.422-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-34716\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYvOfQ9zjgjWX9erEAQgz/BAApIpyQHcvY4oKILJFLse9IV0BiE2IdfKd\ntz8I4vsvlDtzn9+XcaVXPplZJioG+kXvLQYCWyP3pZT0jMEa7tg+HHaw+DiQPkP5\nEapqguieJRDZ+fk45OvFLiXECSEGlPBOeyMb67CjtDHIFiqT9PypfOXQbLtiPVGA\n8XAHZgnjnlg/2TsQgQJCjEOKE8pYduTo0+XJVXDpwleQ6KpZT2RcxWdV8MdL7Qy2\n689jzxUU5pdepUlB6VHO9pw37BDsvpKhrOjB1DBLQzFOHVQNoRRjn4tPXWs1oCs6\nChEO9w9/sZVSRhoLYapbnIs1lDKE9OKxjFFPXvcRIDyCVm3gEE/HlIDtFiHuXKMK\noVK87SBGqM1ZlDvhZcT10JTlZ7TESmjJuiuNqYKT4SHEA54zgHdGMlG+ouEuogRW\nLaFiwE5A7nh3hofjkmpRQVa6VP13lfZ36/m7ODlWpFqWlhGtvgGwV+CiuPvMX5vw\nKX56kAIJhuhLniiP2eDko7cs0Y4gdcmGGJjmTTD08qEDnAcV5CgSns9skixKZN6s\n3LaVKBkeELyo6kxp6ckGuIE7Qgbw+zxdX3OZSRIT0Eh3Pkyg7fjdCHm7/kLXZJEg\nI5UbZ5DGm64jrwldInXGto3I0z5Dh4j3rVqQRKYy7F1qEfvUz9sITXpjhj5P1AS9\nSfnD49PWESw=gIlP\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe following packages have been upgraded to a later upstream version:\nrh-dotnet60-dotnet (6.0.108)",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34716"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002230"
},
{
"db": "PACKETSTORM",
"id": "168083"
},
{
"db": "PACKETSTORM",
"id": "168052"
},
{
"db": "PACKETSTORM",
"id": "168037"
},
{
"db": "PACKETSTORM",
"id": "168039"
},
{
"db": "PACKETSTORM",
"id": "168084"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34716",
"trust": 3.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002230",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168052",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168039",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168084",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.3987",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4056",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168332",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2486",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168083",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168037",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002230"
},
{
"db": "PACKETSTORM",
"id": "168083"
},
{
"db": "PACKETSTORM",
"id": "168052"
},
{
"db": "PACKETSTORM",
"id": "168037"
},
{
"db": "PACKETSTORM",
"id": "168039"
},
{
"db": "PACKETSTORM",
"id": "168084"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2486"
},
{
"db": "NVD",
"id": "CVE-2022-34716"
}
]
},
"id": "VAR-202208-0807",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-08-14T13:42:29.646000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": ".NET\u00a0Spoofing\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34716"
},
{
"title": "Microsoft .NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=239712"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002230"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2486"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002230"
},
{
"db": "NVD",
"id": "CVE-2022-34716"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-34716"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34716"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2022-34716"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20220810-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2022/at220021.html"
},
{
"trust": 0.6,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2022-34716"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168332/.net-xml-signature-verification-external-entity-injection.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3987"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168052/red-hat-security-advisory-2022-6043-01.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34716/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168039/red-hat-security-advisory-2022-6038-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4056"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-spoofing-39025"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168084/red-hat-security-advisory-2022-6057-01.html"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6058"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6043"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6037"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6038"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6057"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002230"
},
{
"db": "PACKETSTORM",
"id": "168083"
},
{
"db": "PACKETSTORM",
"id": "168052"
},
{
"db": "PACKETSTORM",
"id": "168037"
},
{
"db": "PACKETSTORM",
"id": "168039"
},
{
"db": "PACKETSTORM",
"id": "168084"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2486"
},
{
"db": "NVD",
"id": "CVE-2022-34716"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002230"
},
{
"db": "PACKETSTORM",
"id": "168083"
},
{
"db": "PACKETSTORM",
"id": "168052"
},
{
"db": "PACKETSTORM",
"id": "168037"
},
{
"db": "PACKETSTORM",
"id": "168039"
},
{
"db": "PACKETSTORM",
"id": "168084"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2486"
},
{
"db": "NVD",
"id": "CVE-2022-34716"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002230"
},
{
"date": "2022-08-15T16:04:11",
"db": "PACKETSTORM",
"id": "168083"
},
{
"date": "2022-08-11T15:40:22",
"db": "PACKETSTORM",
"id": "168052"
},
{
"date": "2022-08-10T15:55:10",
"db": "PACKETSTORM",
"id": "168037"
},
{
"date": "2022-08-10T15:55:29",
"db": "PACKETSTORM",
"id": "168039"
},
{
"date": "2022-08-15T16:04:23",
"db": "PACKETSTORM",
"id": "168084"
},
{
"date": "2022-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2486"
},
{
"date": "2022-08-09T20:15:11.660000",
"db": "NVD",
"id": "CVE-2022-34716"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-18T01:35:00",
"db": "JVNDB",
"id": "JVNDB-2022-002230"
},
{
"date": "2023-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2486"
},
{
"date": "2023-05-31T19:15:16.030000",
"db": "NVD",
"id": "CVE-2022-34716"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2486"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET\u00a0 and \u00a0PowerShell\u00a0 Spoofed vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002230"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2486"
}
],
"trust": 0.6
}
}
var-201904-0811
Vulnerability from variot
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'. Microsoft NuGet is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
Bug Fix(es):
-
dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019 Advisory ID: RHSA-2019:0544-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0544 Issue date: 2019-03-13 CVE Names: CVE-2019-0757 ==================================================================== 1. Summary:
Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements the .NET standard APIs and several additional APIs, and it includes a CLR implementation.
New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.15, 1.1.12, 2.1.9, and 2.2.3. (CVE-2019-0757)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
For more information, please refer to the upstream doc in the References section.
- Solution:
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1685475 - CVE-2019-0757 dotnet: NuGet Tampering Vulnerability 1685718 - Update to .NET Core Runtime 2.2.3 and SDK 2.2.105 1685720 - Update to .NET Core Runtime 2.1.9 and SDK 2.1.505
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-0757 https://access.redhat.com/security/updates/classification/#important https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXIkN2NzjgjWX9erEAQifeg//caOX+S+Ysy634WnQ2WKfvAyI2DdmDwtN jsAXT/zd2ckQrk3Idz09zDrrX3bjCbGSALUEF8DNM9X0xs8LiFJj9fl7pQ8eDDuz csbAv7Th64q9m42KlL4+7s4HBzRRDpfp90JMr9zYWHqoDsYbHi/03wUJbM81txYt Ybu1oufw3DNzDoPiZ30x1HvNUa4ZHPrB2eV6gVc4kbTZDG08oDvBHCnS9IXbMPRC sfkGHU6E+kWS6bs2aHMbSNiw2MkKPgRbMXv10o8FRLbXVJ9swiEgBz0rmuirlxkM Zubf4mWUGnLIksPzTYrRrGpCbWduD5dR0Ar+DiLaSRmJQ7rzBTFdoBFWwaN+HoGu tGwrCe2Ve+Aj8WP3EBxHSmhEG9UT2KxmUSA++lqiw3wZBVHBZD9YX1aP0c8j7tCg ijhAzzfo1rbCRJkKdACAbxjih4jjHRzt6x3W/qmu3n+gIKXHGelGoKouyvbKb+8A eqQXoB/W/Dkcz/XHfcII7bDNxZLbT7HVV1fdFAQqGrMcwknVC5ld+N0dnE6tn45r LfDyuyO8Sd+7jDilvdEdWYyI6pbRuRNmcZ+gqu/xPyx5cFXYxQehdv1uIAo5vQP1 35JSu//LGlnoYeYhBoYrtW/forYD77yLKHnlP6/ugcN1JKS+CRAipuDW8nr34ySR FvFvp8/nSm4=KwTi -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0811",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.9.4"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.8.2"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.7.2"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.6.3"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.5.2"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.4.2"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.3.1"
},
{
"model": ".net core sdk",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "2.1.500"
},
{
"model": ".net core sdk",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "framework",
"scope": "eq",
"trust": 1.8,
"vendor": "mono",
"version": "5.18.0.223"
},
{
"model": "framework",
"scope": "eq",
"trust": 1.8,
"vendor": "mono",
"version": "5.20.0"
},
{
"model": ".net core sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "2.2.100"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.1"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "visual studio 2017",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2017 for mac"
},
{
"model": "mono",
"scope": "eq",
"trust": 0.3,
"vendor": "mono",
"version": "5.20"
},
{
"model": "mono",
"scope": "eq",
"trust": 0.3,
"vendor": "mono",
"version": "5.18.0.223"
},
{
"model": "visual studio for mac",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": ".net core sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.1.505"
},
{
"model": ".net core sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.1.13"
},
{
"model": ".net core",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.1.9"
},
{
"model": ".net core",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.1.12"
},
{
"model": ".net core",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.0.15"
}
],
"sources": [
{
"db": "BID",
"id": "107285"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mono:mono_framework",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:.net_core_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:visual_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:nuget",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat,The vendor reported this issue.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
],
"trust": 0.6
},
"cve": "CVE-2019-0757",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-0757",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-0757",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-0757",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-0757",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-0757",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-445",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-0757",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027. Microsoft NuGet is prone to a security bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. \n\nBug Fix(es):\n\n* dotnet: new SocketException((int)SocketError.InvalidArgument).Message is\nempty (BZ#1712471)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019\nAdvisory ID: RHSA-2019:0544-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:0544\nIssue date: 2019-03-13\nCVE Names: CVE-2019-0757\n====================================================================\n1. Summary:\n\nUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,\nrh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core\non Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements the .NET standard\nAPIs and several additional APIs, and it includes a CLR implementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core 1.0.15, 1.1.12, 2.1.9, and\n2.2.3. (CVE-2019-0757)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nFor more information, please refer to the upstream doc in the References\nsection. \n\n4. Solution:\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1685475 - CVE-2019-0757 dotnet: NuGet Tampering Vulnerability\n1685718 - Update to .NET Core Runtime 2.2.3 and SDK 2.2.105\n1685720 - Update to .NET Core Runtime 2.1.9 and SDK 2.1.505\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-8.el7.src.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-8.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-8.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-4.el7.src.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-4.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-4.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-8.el7.src.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-8.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-8.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-4.el7.src.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-4.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-4.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-8.el7.src.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-8.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-8.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-4.el7.src.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-4.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-4.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0757\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXIkN2NzjgjWX9erEAQifeg//caOX+S+Ysy634WnQ2WKfvAyI2DdmDwtN\njsAXT/zd2ckQrk3Idz09zDrrX3bjCbGSALUEF8DNM9X0xs8LiFJj9fl7pQ8eDDuz\ncsbAv7Th64q9m42KlL4+7s4HBzRRDpfp90JMr9zYWHqoDsYbHi/03wUJbM81txYt\nYbu1oufw3DNzDoPiZ30x1HvNUa4ZHPrB2eV6gVc4kbTZDG08oDvBHCnS9IXbMPRC\nsfkGHU6E+kWS6bs2aHMbSNiw2MkKPgRbMXv10o8FRLbXVJ9swiEgBz0rmuirlxkM\nZubf4mWUGnLIksPzTYrRrGpCbWduD5dR0Ar+DiLaSRmJQ7rzBTFdoBFWwaN+HoGu\ntGwrCe2Ve+Aj8WP3EBxHSmhEG9UT2KxmUSA++lqiw3wZBVHBZD9YX1aP0c8j7tCg\nijhAzzfo1rbCRJkKdACAbxjih4jjHRzt6x3W/qmu3n+gIKXHGelGoKouyvbKb+8A\neqQXoB/W/Dkcz/XHfcII7bDNxZLbT7HVV1fdFAQqGrMcwknVC5ld+N0dnE6tn45r\nLfDyuyO8Sd+7jDilvdEdWYyI6pbRuRNmcZ+gqu/xPyx5cFXYxQehdv1uIAo5vQP1\n35JSu//LGlnoYeYhBoYrtW/forYD77yLKHnlP6/ugcN1JKS+CRAipuDW8nr34ySR\nFvFvp8/nSm4=KwTi\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0757"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "BID",
"id": "107285"
},
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152073"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-0757",
"trust": 3.0
},
{
"db": "BID",
"id": "107285",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "152999",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "42934",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0808",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1839",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-0757",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152073",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "BID",
"id": "107285"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152073"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"id": "VAR-201904-0811",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T21:59:52.561000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.mono-project.com/"
},
{
"title": "CVE-2019-0757 | NuGet Package Manager Tampering Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
},
{
"title": "CVE-2019-0757 | NuGet Package Manager \u306e\u6539\u3056\u3093\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0757"
},
{
"title": "Microsoft NuGet Package Manager Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90061"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2019/03/12/march_patch_tuesday_dhcp/"
},
{
"title": "Red Hat: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20190544 - Security Advisory"
},
{
"title": "Red Hat: Important: dotnet security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191259 - Security Advisory"
},
{
"title": "Symantec Threat Intelligence Blog",
"trust": 0.1,
"url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-march-2019"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/microsoft-patches-two-win32k-bugs-under-active-attack/142742/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:1259"
},
{
"trust": 2.2,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0757"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0757"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/107285"
},
{
"trust": 0.9,
"url": "http://www.microsoft.com"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1685475"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/errata/rhsa-2019:0544"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0757"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20190313-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2019/at190012.html"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-0757"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152999/red-hat-security-advisory-2019-1259-01.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/42934"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1839/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77050"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-0757 "
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/microsoft-patches-two-win32k-bugs-under-active-attack/142742/"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/107285"
},
{
"trust": 0.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0820"
},
{
"trust": 0.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0980"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0981"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0981"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0980"
},
{
"trust": 0.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0981"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0820"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "BID",
"id": "107285"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152073"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "BID",
"id": "107285"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152073"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"date": "2019-03-12T00:00:00",
"db": "BID",
"id": "107285"
},
{
"date": "2019-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"date": "2019-05-22T14:39:27",
"db": "PACKETSTORM",
"id": "152999"
},
{
"date": "2019-03-13T14:27:10",
"db": "PACKETSTORM",
"id": "152073"
},
{
"date": "2019-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-445"
},
{
"date": "2019-04-09T02:29:00.600000",
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"date": "2019-03-13T09:00:00",
"db": "BID",
"id": "107285"
},
{
"date": "2019-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-445"
},
{
"date": "2024-11-21T04:17:13.843000",
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Microsoft Product Linux and Mac For NuGet Package Manager Vulnerabilities to be tampered with",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
],
"trust": 0.6
}
}
var-201711-0194
Vulnerability from variot
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability". ASP.NET Core 1.0, 1.1 and 2.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Low: .NET Core security update Advisory ID: RHSA-2017:3248-01 Product: dotNET on RHEL Advisory URL: https://access.redhat.com/errata/RHSA-2017:3248 Issue date: 2017-11-20 CVE Names: CVE-2017-8585 CVE-2017-11770 =====================================================================
- Summary:
A security update for .NET Core on RHEL is now available.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7) - x86_64 dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
New versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.0.8, 1.1.5 and 2.0.3. (CVE-2017-11770)
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1512982 - CVE-2017-8585 dotNet: DDoS via invalid culture 1512992 - CVE-2017-11770 dotNET: DDos via bad certificate
- Package List:
dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-8585 https://access.redhat.com/security/cve/CVE-2017-11770 https://access.redhat.com/security/updates/classification/#low
https://github.com/dotnet/announcements/issues/34 https://github.com/dotnet/announcements/issues/44
https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.3.md https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.5.md https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.8.md
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFaEsB8XlSAg2UNWIIRAmOjAJ9wjYtfCUbtPpsnb6lS24iFpnlohwCfW3q7 qK6A1l+OTjiiqdhM/cGc8ZU= =DZ68 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0194",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aspnetcore",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "aspnetcore",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "aspnetcore",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.0"
}
],
"sources": [
{
"db": "BID",
"id": "101710"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
},
{
"db": "NVD",
"id": "CVE-2017-11770"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bachraty Gergely",
"sources": [
{
"db": "BID",
"id": "101710"
}
],
"trust": 0.3
},
"cve": "CVE-2017-11770",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-11770",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-11770",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-11770",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-11770",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-585",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
},
{
"db": "NVD",
"id": "CVE-2017-11770"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\". \nASP.NET Core 1.0, 1.1 and 2.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: .NET Core security update\nAdvisory ID: RHSA-2017:3248-01\nProduct: dotNET on RHEL\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:3248\nIssue date: 2017-11-20\nCVE Names: CVE-2017-8585 CVE-2017-11770 \n=====================================================================\n\n1. Summary:\n\nA security update for .NET Core on RHEL is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\ndotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\ndotNET on RHEL for Red Hat Enterprise Linux Server (v. 7) - x86_64\ndotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNew versions of .NET Core that address several security vulnerabilities are\nnow available. The updated versions are .NET Core 1.0.8, 1.1.5 and 2.0.3. (CVE-2017-11770)\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1512982 - CVE-2017-8585 dotNet: DDoS via invalid culture\n1512992 - CVE-2017-11770 dotNET: DDos via bad certificate\n\n6. Package List:\n\ndotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.3-4.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.3-4.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.3-4.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-8585\nhttps://access.redhat.com/security/cve/CVE-2017-11770\nhttps://access.redhat.com/security/updates/classification/#low\n\nhttps://github.com/dotnet/announcements/issues/34\nhttps://github.com/dotnet/announcements/issues/44\n\nhttps://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.3.md\nhttps://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.5.md\nhttps://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.8.md\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFaEsB8XlSAg2UNWIIRAmOjAJ9wjYtfCUbtPpsnb6lS24iFpnlohwCfW3q7\nqK6A1l+OTjiiqdhM/cGc8ZU=\n=DZ68\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11770"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "BID",
"id": "101710"
},
{
"db": "PACKETSTORM",
"id": "145048"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11770",
"trust": 2.8
},
{
"db": "BID",
"id": "101710",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1039787",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010105",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "145048",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "101710"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "PACKETSTORM",
"id": "145048"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
},
{
"db": "NVD",
"id": "CVE-2017-11770"
}
]
},
"id": "VAR-201711-0194",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T22:34:27.732000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2017-11770 | .NET CORE Denial Of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770"
},
{
"title": "CVE-2017-11770 | .NET CORE Denial Of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2017-11770"
},
{
"title": "Microsoft .NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76424"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "NVD",
"id": "CVE-2017-11770"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11770"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:3248"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/101710"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1039787"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11770"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11770"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20171115-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2017/at170044.html"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/announcements/issues/44"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.3.md"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/announcements/issues/34"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.8.md"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.5.md"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8585"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-8585"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-11770"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
}
],
"sources": [
{
"db": "BID",
"id": "101710"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "PACKETSTORM",
"id": "145048"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
},
{
"db": "NVD",
"id": "CVE-2017-11770"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "101710"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "PACKETSTORM",
"id": "145048"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
},
{
"db": "NVD",
"id": "CVE-2017-11770"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-14T00:00:00",
"db": "BID",
"id": "101710"
},
{
"date": "2017-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"date": "2017-11-20T22:22:00",
"db": "PACKETSTORM",
"id": "145048"
},
{
"date": "2017-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-585"
},
{
"date": "2017-11-15T03:29:00.247000",
"db": "NVD",
"id": "CVE-2017-11770"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T22:37:00",
"db": "BID",
"id": "101710"
},
{
"date": "2017-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"date": "2019-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-585"
},
{
"date": "2024-11-21T03:08:28.373000",
"db": "NVD",
"id": "CVE-2017-11770"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
}
],
"trust": 0.6
}
}
var-202102-1065
Vulnerability from variot
.NET Core Remote Code Execution Vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1065",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mono",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.12.0.122"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": ".net core",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1.11"
},
{
"model": "visual studio 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": ".net",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0.2"
},
{
"model": ".net core",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1.24"
},
{
"model": "mono",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.12.0"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": ".net core",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft visual studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "mono",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "6.12.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004039"
},
{
"db": "NVD",
"id": "CVE-2021-24112"
}
]
},
"cve": "CVE-2021-24112",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-24112",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-24112",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "secure@microsoft.com",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-24112",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-24112",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-24112",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2021-24112",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-24112",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-681",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-24112",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-24112"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004039"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-681"
},
{
"db": "NVD",
"id": "CVE-2021-24112"
},
{
"db": "NVD",
"id": "CVE-2021-24112"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core Remote Code Execution Vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-24112"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004039"
},
{
"db": "VULMON",
"id": "CVE-2021-24112"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-24112",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004039",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.2737",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-681",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-24112",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-24112"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004039"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-681"
},
{
"db": "NVD",
"id": "CVE-2021-24112"
}
]
},
"id": "VAR-202102-1065",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T19:59:16.685000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": ".NET\u00a0Core\u00a0Remote\u00a0Code\u00a0Execution\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24112"
},
{
"title": "Microsoft .NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=143004"
},
{
"title": "Red Hat: CVE-2021-24112",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-24112"
},
{
"title": "Arch Linux Advisories: [ASA-202103-17] dotnet-sdk: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202103-17"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-24112 log"
},
{
"title": "Arch Linux Advisories: [ASA-202103-16] dotnet-runtime: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202103-16"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-24112"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004039"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-681"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004039"
},
{
"db": "NVD",
"id": "CVE-2021-24112"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-24112"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-24112"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20210210-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2021/at210008.html"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-24112"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-core-vulnerabilities-of-february-2021-34547"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2737"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-24112"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196351"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-24112"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004039"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-681"
},
{
"db": "NVD",
"id": "CVE-2021-24112"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-24112"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004039"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-681"
},
{
"db": "NVD",
"id": "CVE-2021-24112"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-24112"
},
{
"date": "2021-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004039"
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-681"
},
{
"date": "2021-02-25T23:15:16.570000",
"db": "NVD",
"id": "CVE-2021-24112"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-24112"
},
{
"date": "2021-11-12T05:18:00",
"db": "JVNDB",
"id": "JVNDB-2021-004039"
},
{
"date": "2021-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-681"
},
{
"date": "2024-11-21T05:52:22.857000",
"db": "NVD",
"id": "CVE-2021-24112"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-681"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Microsoft\u00a0 Remote Code Execution Vulnerability in Product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004039"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-681"
}
],
"trust": 0.6
}
}
var-202209-0872
Vulnerability from variot
.NET Core and Visual Studio Denial of Service Vulnerability. 9) - aarch64, s390x, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: .NET 6.0 on RHEL 7 security and bugfix update Advisory ID: RHSA-2022:6520-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6520 Issue date: 2022-09-14 CVE Names: CVE-2022-38013 ==================================================================== 1. Summary:
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.109 and .NET Runtime 6.0.9.
Security Fix(es):
- dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion. (CVE-2022-38013)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2125124 - CVE-2022-38013 dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet60-dotnet-6.0.109-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.109-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.109-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.109-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.109-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.109-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.109-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet60-dotnet-6.0.109-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.109-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.109-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.109-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.109-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.109-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.109-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet60-dotnet-6.0.109-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.109-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.109-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.109-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.109-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.9-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.109-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.109-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-38013 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYyInv9zjgjWX9erEAQhEug/+MGAj1xrvbqq9vXQuWFCnKNGFZox0XF9f mZBPH4fdktB0JGhvSc6zEZ9HzhwGGXWOsC6unQwlAxJwG5tHQ+ocyeUmDR5DwSNy scx7DFZQj0tHCo8q+XF7noyu5fvdOzUBeQsqUUrQQb9PsuwPtNIdtTV7Rmm0YRox xzLdtGqmmj7/Jvlry7hc9dFVJ9gnQXGHP2gWsJLWNLB+Xp1hD9iAdHyY48O/9z/H Zh05iBlxLCPeQcs0XJ9UuaIs9TVyGlCnQqVh2fdbMsDokFlwf4BppyV3fFDlYILl W7Iru5k8sSgskYxfhvedYJLYVON9/CWnpHE4RmusQqGvLM1aLX6oK5oNTWfcQ1jt rb055kapyXbGF5b4LcokE+CMY3BMC7ynxxYO9TBFrn+Ko7qP67NUVRUZReRZ0Ue5 axzUnHAZz6POpgpqwK98DF/janKj4wcnHUoCbJjgIo+JxZkgjay4umt+DAFetkfF Gm9LAxGclHlwTMfJa5nmSbuYfRrddLJ8+ENvctoNTC2g7DDUUinIOimaHu6xGFQH sTBB5+7lLFeq55EHxiT0JAnT5dIgYiexwtujxZSa4tvYal3ubQQBJ31Lp7b6BtD2 +crq7IgSjQlKhxVCv6AIBVdZriB4VBz9a/7lcGe8KPaZvWt/AEA9kPDZXUOUV0gU kfEWkmIv1MQ=RwCJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-5609-1 September 13, 2022
dotnet6 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
.NET 6 could be made to crash if it parsed a specially crafted file.
Software Description: - dotnet6: dotNET CLI tools and runtime
Details:
Graham Esau discovered that .NET 6 incorrectly parsed certain payloads during model binding. An attacker could possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.109-0ubuntu1~22.04.1 dotnet-host 6.0.109-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.109-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.109-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.109-0ubuntu1~22.04.1 dotnet6 6.0.109-0ubuntu1~22.04.1
In general, a standard system update will make all the necessary changes. A restart may be required after the update if any affected files are being used
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-0872",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "visual studio 2022",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0"
},
{
"model": ".net",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "visual studio 2022",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.2"
},
{
"model": "visual studio 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.11"
},
{
"model": "visual studio 2022",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.3"
},
{
"model": "visual studio 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.9"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": ".net core",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft visual studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "visual studio 2022 for mac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "17.3"
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002370"
},
{
"db": "NVD",
"id": "CVE-2022-38013"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Graham Esau with Vonage\u003c/a\u003e",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-835"
}
],
"trust": 0.6
},
"cve": "CVE-2022-38013",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secure@microsoft.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-38013",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2022-002370",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "secure@microsoft.com",
"id": "CVE-2022-38013",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-002370",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-835",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002370"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-835"
},
{
"db": "NVD",
"id": "CVE-2022-38013"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core and Visual Studio Denial of Service Vulnerability. 9) - aarch64, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: .NET 6.0 on RHEL 7 security and bugfix update\nAdvisory ID: RHSA-2022:6520-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6520\nIssue date: 2022-09-14\nCVE Names: CVE-2022-38013\n====================================================================\n1. Summary:\n\nAn update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now\navailable. The updated versions are .NET SDK 6.0.109 and .NET Runtime\n6.0.9. \n\nSecurity Fix(es):\n\n* dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow\nvia ModelStateDictionary recursion. (CVE-2022-38013)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2125124 - CVE-2022-38013 dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion. \n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.109-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.109-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.109-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.109-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.109-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.109-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.109-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.109-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.109-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.109-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.109-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.109-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.109-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.109-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.109-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.109-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.109-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.109-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.109-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.9-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.109-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.109-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-38013\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYyInv9zjgjWX9erEAQhEug/+MGAj1xrvbqq9vXQuWFCnKNGFZox0XF9f\nmZBPH4fdktB0JGhvSc6zEZ9HzhwGGXWOsC6unQwlAxJwG5tHQ+ocyeUmDR5DwSNy\nscx7DFZQj0tHCo8q+XF7noyu5fvdOzUBeQsqUUrQQb9PsuwPtNIdtTV7Rmm0YRox\nxzLdtGqmmj7/Jvlry7hc9dFVJ9gnQXGHP2gWsJLWNLB+Xp1hD9iAdHyY48O/9z/H\nZh05iBlxLCPeQcs0XJ9UuaIs9TVyGlCnQqVh2fdbMsDokFlwf4BppyV3fFDlYILl\nW7Iru5k8sSgskYxfhvedYJLYVON9/CWnpHE4RmusQqGvLM1aLX6oK5oNTWfcQ1jt\nrb055kapyXbGF5b4LcokE+CMY3BMC7ynxxYO9TBFrn+Ko7qP67NUVRUZReRZ0Ue5\naxzUnHAZz6POpgpqwK98DF/janKj4wcnHUoCbJjgIo+JxZkgjay4umt+DAFetkfF\nGm9LAxGclHlwTMfJa5nmSbuYfRrddLJ8+ENvctoNTC2g7DDUUinIOimaHu6xGFQH\nsTBB5+7lLFeq55EHxiT0JAnT5dIgYiexwtujxZSa4tvYal3ubQQBJ31Lp7b6BtD2\n+crq7IgSjQlKhxVCv6AIBVdZriB4VBz9a/7lcGe8KPaZvWt/AEA9kPDZXUOUV0gU\nkfEWkmIv1MQ=RwCJ\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-5609-1\nSeptember 13, 2022\n\ndotnet6 vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n\nSummary:\n\n.NET 6 could be made to crash if it parsed a specially crafted file. \n\nSoftware Description:\n- dotnet6: dotNET CLI tools and runtime\n\nDetails:\n\nGraham Esau discovered that .NET 6 incorrectly parsed certain payloads\nduring model binding. An attacker could possibly use this issue to\ncause a denial of service. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n aspnetcore-runtime-6.0 6.0.109-0ubuntu1~22.04.1\n dotnet-host 6.0.109-0ubuntu1~22.04.1\n dotnet-hostfxr-6.0 6.0.109-0ubuntu1~22.04.1\n dotnet-runtime-6.0 6.0.109-0ubuntu1~22.04.1\n dotnet-sdk-6.0 6.0.109-0ubuntu1~22.04.1\n dotnet6 6.0.109-0ubuntu1~22.04.1\n\nIn general, a standard system update will make all the necessary \nchanges. A restart may be required after the update if any affected \nfiles are being used",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38013"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002370"
},
{
"db": "PACKETSTORM",
"id": "168388"
},
{
"db": "PACKETSTORM",
"id": "168385"
},
{
"db": "PACKETSTORM",
"id": "168389"
},
{
"db": "PACKETSTORM",
"id": "168390"
},
{
"db": "PACKETSTORM",
"id": "168373"
},
{
"db": "PACKETSTORM",
"id": "168396"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38013",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002370",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168390",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168373",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168396",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.4603",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4596",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202209-835",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168388",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168385",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168389",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002370"
},
{
"db": "PACKETSTORM",
"id": "168388"
},
{
"db": "PACKETSTORM",
"id": "168385"
},
{
"db": "PACKETSTORM",
"id": "168389"
},
{
"db": "PACKETSTORM",
"id": "168390"
},
{
"db": "PACKETSTORM",
"id": "168373"
},
{
"db": "PACKETSTORM",
"id": "168396"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-835"
},
{
"db": "NVD",
"id": "CVE-2022-38013"
}
]
},
"id": "VAR-202209-0872",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-08-14T15:37:26.576000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": ".NET\u00a0Core\u00a0and\u00a0Visual\u00a0Studio\u00a0Denial\u00a0of\u00a0Service\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-38013"
},
{
"title": "Microsoft .NET Core and Microsoft Visual Studio Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=207344"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002370"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-835"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002370"
},
{
"db": "NVD",
"id": "CVE-2022-38013"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2022-38013"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38013"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38013"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2cul3z7meed7rfqzvgql2mtksffzkaay/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7hcv4tqgotofho5etrkgfkagyv2yauve/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ja6f4cdkli3malv6uk3p2dr5agcltt7y/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/k4k5yl7usokir3o2dukbzmypwxypdkxg/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wl334ckoha6bqqsyjw365hiwj4ioe45m/"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20220914-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2022/at220024.html"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/k4k5yl7usokir3o2dukbzmypwxypdkxg/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2cul3z7meed7rfqzvgql2mtksffzkaay/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7hcv4tqgotofho5etrkgfkagyv2yauve/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wl334ckoha6bqqsyjw365hiwj4ioe45m/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ja6f4cdkli3malv6uk3p2dr5agcltt7y/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4603"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-visual-studio-denial-of-service-39266"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38013/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168390/red-hat-security-advisory-2022-6522-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4596"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168373/ubuntu-security-notice-usn-5609-1.html"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-38013"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168396/red-hat-security-advisory-2022-6539-01.html"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6520"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6522"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dotnet6/6.0.109-0ubuntu1~22.04.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5609-1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6539"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002370"
},
{
"db": "PACKETSTORM",
"id": "168388"
},
{
"db": "PACKETSTORM",
"id": "168385"
},
{
"db": "PACKETSTORM",
"id": "168389"
},
{
"db": "PACKETSTORM",
"id": "168390"
},
{
"db": "PACKETSTORM",
"id": "168373"
},
{
"db": "PACKETSTORM",
"id": "168396"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-835"
},
{
"db": "NVD",
"id": "CVE-2022-38013"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002370"
},
{
"db": "PACKETSTORM",
"id": "168388"
},
{
"db": "PACKETSTORM",
"id": "168385"
},
{
"db": "PACKETSTORM",
"id": "168389"
},
{
"db": "PACKETSTORM",
"id": "168390"
},
{
"db": "PACKETSTORM",
"id": "168373"
},
{
"db": "PACKETSTORM",
"id": "168396"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-835"
},
{
"db": "NVD",
"id": "CVE-2022-38013"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002370"
},
{
"date": "2022-09-15T14:19:18",
"db": "PACKETSTORM",
"id": "168388"
},
{
"date": "2022-09-15T14:17:56",
"db": "PACKETSTORM",
"id": "168385"
},
{
"date": "2022-09-15T14:19:41",
"db": "PACKETSTORM",
"id": "168389"
},
{
"date": "2022-09-15T14:19:51",
"db": "PACKETSTORM",
"id": "168390"
},
{
"date": "2022-09-14T15:07:11",
"db": "PACKETSTORM",
"id": "168373"
},
{
"date": "2022-09-15T14:21:28",
"db": "PACKETSTORM",
"id": "168396"
},
{
"date": "2022-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-835"
},
{
"date": "2022-09-13T19:15:12.867000",
"db": "NVD",
"id": "CVE-2022-38013"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-21T09:04:00",
"db": "JVNDB",
"id": "JVNDB-2022-002370"
},
{
"date": "2022-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-835"
},
{
"date": "2023-12-20T20:15:14.580000",
"db": "NVD",
"id": "CVE-2022-38013"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-835"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET\u00a0Core\u00a0 and \u00a0Visual\u00a0Studio\u00a0 Service operation interruption in \u00a0(DoS)\u00a0 Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002370"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-835"
}
],
"trust": 0.6
}
}
var-201801-1150
Vulnerability from variot
Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. This vulnerability CVE-2018-0765 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial of service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Title: Microsoft Security Update Releases Issued: January 25, 2018
Summary
The following CVEs have undergone a major revision increment:
- CVE-2018-0764
Revision Information:
- https://portal.msrc.microsoft.com/en-us/security-guidance/ advisory/CVE-2018-0764
- Version: 3.0
- Reason for Revision: Revised the Affected Products table to include PowerShell Core 6.0.0 because it is affected by CVE-2018-0764. See https://github.com/PowerShell/Announcements /issues/2 for more information.
- Originally posted: January 9, 2018
- Updated: January 25, 2018
-
Aggregate CVE Severity Rating: Important
-
CVE-2018-0786
Revision Information:
- https://portal.msrc.microsoft.com/en-us/security-guidance/ advisory/CVE-2018-0786
- Version: 3.0
- Reason for Revision: Revised the Affected Products table to include PowerShell Core 6.0.0 because it is affected by CVE-2018-0786. See https://github.com/PowerShell/Announcements /issues/3 for more information.
- Originally posted: January 9, 2018
- Updated: January 25, 2018
- Aggregate CVE Severity Rating: Important
Other Information
Recognize and avoid fraudulent email to Microsoft customers:
If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.
The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://technet.microsoft.com/security/dn753714.
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
Microsoft respects your privacy. Please read our online Privacy Statement at http://go.microsoft.com/fwlink/?LinkId=81184.
If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033.
These settings will not affect any newsletters youave requested or any mandatory service communications that are considered part of certain Microsoft services.
For legal Information, see: http://www.microsoft.com/info/legalinfo/default.mspx. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:0379-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0379 Issue date: 2018-03-01 CVE Names: CVE-2018-0764 =====================================================================
- Summary:
An update for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and rh-dotnetcore11-dotnetcore is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
-
It implements a subset of the .NET framework APIs and includes a CLR implementation.
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet20-dotnet-2.0.5-1.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet20-dotnet-2.0.5-1.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet20-dotnet-2.0.5-1.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-0764 https://access.redhat.com/security/updates/classification/#moderate https://github.com/dotnet/announcements/issues/52
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFal5nzXlSAg2UNWIIRAldoAKCOs8K/QXdtegDgV9D0EbgK5f8dpgCfdT/D hhk5BDNc5IZlJ+doPAaUxt4= =Pz4Z -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1150",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net core",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.6.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.6.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "3.5.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.7"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.6"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.5.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "3.5"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "4.7.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2.0 sp2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "3.0 sp2"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20120"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20120"
},
{
"model": "windows server r2 for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "windows server for itanium-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "windows server for 32-bit systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2016"
},
{
"model": "windows rt",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.1"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "windows for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "windows for 32-bit systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1015110"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1015110"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
},
{
"model": ".net framework sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": ".net framework sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.0"
}
],
"sources": [
{
"db": "BID",
"id": "102387"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001243"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-407"
},
{
"db": "NVD",
"id": "CVE-2018-0764"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:.net_framework",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:powershell_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001243"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft",
"sources": [
{
"db": "BID",
"id": "102387"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0764",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-0764",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-0764",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0764",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-0764",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-407",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001243"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-407"
},
{
"db": "NVD",
"id": "CVE-2018-0764"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765. This vulnerability CVE-2018-0765 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial of service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n********************************************************************\nTitle: Microsoft Security Update Releases\nIssued: January 25, 2018\n********************************************************************\n\nSummary\n======= \n\nThe following CVEs have undergone a major revision increment:\n\n* CVE-2018-0764\n \nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance/\n advisory/CVE-2018-0764\n - Version: 3.0\n - Reason for Revision: Revised the Affected Products table to \n include PowerShell Core 6.0.0 because it is affected by \n CVE-2018-0764. See https://github.com/PowerShell/Announcements\n /issues/2 for more information. \n - Originally posted: January 9, 2018 \n - Updated: January 25, 2018\n - Aggregate CVE Severity Rating: Important\n\n* CVE-2018-0786\n\nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance/\n advisory/CVE-2018-0786\n - Version: 3.0\n - Reason for Revision: Revised the Affected Products table to\n include PowerShell Core 6.0.0 because it is affected by \n CVE-2018-0786. See https://github.com/PowerShell/Announcements\n /issues/3 for more information. \n - Originally posted: January 9, 2018 \n - Updated: January 25, 2018\n - Aggregate CVE Severity Rating: Important\n\n\nOther Information\n=================\n\nRecognize and avoid fraudulent email to Microsoft customers:\n=============================================================\nIf you receive an email message that claims to be distributing \na Microsoft security update, it is a hoax that may contain \nmalware or pointers to malicious websites. Microsoft does \nnot distribute security updates via email. \n\nThe Microsoft Security Response Center (MSRC) uses PGP to digitally \nsign all security notifications. However, PGP is not required for \nreading security notifications, reading security bulletins, or \ninstalling security updates. You can obtain the MSRC public PGP key\nat \u003chttps://technet.microsoft.com/security/dn753714\u003e. \n\n********************************************************************\nTHE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS\nPROVIDED \"AS IS\" WITHOUT WARRANTY OF ANY KIND. MICROSOFT\nDISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING\nTHE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\nPURPOSE. \nIN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE\nLIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,\nINCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL\nDAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN\nADVISED OF THE POSSIBILITY OF SUCH DAMAGES. \nSOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY\nFOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING\nLIMITATION MAY NOT APPLY. \n********************************************************************\n\nMicrosoft respects your privacy. Please read our online Privacy\nStatement at \u003chttp://go.microsoft.com/fwlink/?LinkId=81184\u003e. \n\nIf you would prefer not to receive future technical security\nnotification alerts by email from Microsoft and its family of\ncompanies please visit the following website to unsubscribe:\n\u003chttps://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar\nd.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e\u0026%3blcid=1033\u003e. \n\nThese settings will not affect any newsletters youave requested or\nany mandatory service communications that are considered part of\ncertain Microsoft services. \n\nFor legal Information, see:\n\u003chttp://www.microsoft.com/info/legalinfo/default.mspx\u003e. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID: RHSA-2018:0379-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:0379\nIssue date: 2018-03-01\nCVE Names: CVE-2018-0764 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and\nrh-dotnetcore11-dotnetcore is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and includes a CLR implementation. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-0764\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://github.com/dotnet/announcements/issues/52\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFal5nzXlSAg2UNWIIRAldoAKCOs8K/QXdtegDgV9D0EbgK5f8dpgCfdT/D\nhhk5BDNc5IZlJ+doPAaUxt4=\n=Pz4Z\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0764"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001243"
},
{
"db": "BID",
"id": "102387"
},
{
"db": "PACKETSTORM",
"id": "146116"
},
{
"db": "PACKETSTORM",
"id": "146617"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0764",
"trust": 2.9
},
{
"db": "BID",
"id": "102387",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1040152",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001243",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-407",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "146116",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146617",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "102387"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001243"
},
{
"db": "PACKETSTORM",
"id": "146116"
},
{
"db": "PACKETSTORM",
"id": "146617"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-407"
},
{
"db": "NVD",
"id": "CVE-2018-0764"
}
]
},
"id": "VAR-201801-1150",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T21:39:52.717000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-0764 | .NET and .NET Core Denial Of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764"
},
{
"title": "CVE-2018-0764 | .NET \u304a\u3088\u3073 .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-0764"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001243"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-19",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001243"
},
{
"db": "NVD",
"id": "CVE-2018-0764"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/102387"
},
{
"trust": 1.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0764"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:0379"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1040152"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0764"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0764"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20180110-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2018/at180002.html"
},
{
"trust": 0.3,
"url": "https://github.com/powershell/announcements/issues/2"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/net/"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/info/legalinfo/default.mspx\u003e."
},
{
"trust": 0.1,
"url": "http://go.microsoft.com/fwlink/?linkid=81184\u003e."
},
{
"trust": 0.1,
"url": "https://github.com/powershell/announcements"
},
{
"trust": 0.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/"
},
{
"trust": 0.1,
"url": "https://technet.microsoft.com/security/dn753714\u003e."
},
{
"trust": 0.1,
"url": "https://profile.microsoft.com/regsysprofilecenter/subscriptionwizar"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/announcements/issues/52"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-0764"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
}
],
"sources": [
{
"db": "BID",
"id": "102387"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001243"
},
{
"db": "PACKETSTORM",
"id": "146116"
},
{
"db": "PACKETSTORM",
"id": "146617"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-407"
},
{
"db": "NVD",
"id": "CVE-2018-0764"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "102387"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001243"
},
{
"db": "PACKETSTORM",
"id": "146116"
},
{
"db": "PACKETSTORM",
"id": "146617"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-407"
},
{
"db": "NVD",
"id": "CVE-2018-0764"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102387"
},
{
"date": "2018-02-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001243"
},
{
"date": "2018-01-26T13:13:13",
"db": "PACKETSTORM",
"id": "146116"
},
{
"date": "2018-03-01T23:24:00",
"db": "PACKETSTORM",
"id": "146617"
},
{
"date": "2018-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-407"
},
{
"date": "2018-01-10T01:29:00.197000",
"db": "NVD",
"id": "CVE-2018-0764"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-29T08:00:00",
"db": "BID",
"id": "102387"
},
{
"date": "2018-02-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001243"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-407"
},
{
"date": "2024-11-21T03:38:54.277000",
"db": "NVD",
"id": "CVE-2018-0764"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-407"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft .NET Framework and .NET Core Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001243"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-407"
}
],
"trust": 0.6
}
}
var-202106-1709
Vulnerability from variot
ASP.NET Core Denial of Service Vulnerability. .NET and Microsoft Visual Studio Has ASP.NET Service operation is interrupted due to a defect in (DoS) A vulnerability exists.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET Core 3.1 on RHEL 7 security and bugfix update Advisory ID: RHSA-2021:2350-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2350 Issue date: 2021-06-08 CVE Names: CVE-2021-31957 ==================================================================== 1. Summary:
An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.116 and .NET Runtime 3.1.16.
Security Fix(es):
- dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet31-dotnet-3.1.116-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.116-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet31-dotnet-3.1.116-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.116-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet31-dotnet-3.1.116-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.116-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-31957 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYMAbx9zjgjWX9erEAQg0iA//ZMTDOkp9jyDMxC6VRisGHkU6yxWPFIEs 5xelU+7Pusp7mmYsFM9+c8dn7sWiRuuX7S9q+DhOTemcSmjfE8TCg2PIwDwJ4v4i AsPzx+x93ug0Jy6VWSJo/992tsdv+m809rQnqMItQy4BB7YrYaqsCtrsGxZHOP90 1LOyaiRSm7pg2OjUzvTg+k5WX4XCOvzRELiB2ErGpryR6CgU6zbCURf4fnczj2/d rNtbxXmsDSbmTUC0qt+7uKJHzoxKXUYAHDF+wyiJXSAe2eV29nINbPa9R8vx0koE BF2xcgVYd9MNPal3tsZ15jm6+hvk0tVMM+gPhAWQQczXl0aFMaWBSAmXPPJ/ZFXE +mdMXNKzuxaxK+9JsBcLS7gsTSOBfzq1Sm7oQRKGmQIPqSMdQZucs3C86sASXLGD ixQs99clPBeCFwUjvwIuHPkWQFHsxsM0LQJlGb6PHQJbVmRSc2PDgdu2BVjHJWSl c7VxLpXHwd7uiS/zw5KTpbcXpxzCAFwD2g9mZXvgRwv8xB/yMI1uim/mbdotTs5j C+Z8s0E1ggb6X9PkgFGMMwKIfZee3TiqbQevNjvZwqi3XbVEM4W2bDLLo0+I4Ly2 /1qPQc3r4ximd5loy9q3O/4kdkluuFsmznTg68Z0V1PCbhZ+JGpDi3ivdHV86LKa Y+qTXDnEhw8=kKm2 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1709",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "visual studio 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0"
},
{
"model": "visual studio 2019",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.10"
},
{
"model": ".net core",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1.15"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": ".net",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0.6"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft visual studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001972"
},
{
"db": "NVD",
"id": "CVE-2021-31957"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163033"
},
{
"db": "PACKETSTORM",
"id": "163035"
},
{
"db": "PACKETSTORM",
"id": "163039"
},
{
"db": "PACKETSTORM",
"id": "163041"
}
],
"trust": 0.4
},
"cve": "CVE-2021-31957",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-31957",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-31957",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "secure@microsoft.com",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2021-31957",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-31957",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-31957",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2021-31957",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-31957",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-495",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001972"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-495"
},
{
"db": "NVD",
"id": "CVE-2021-31957"
},
{
"db": "NVD",
"id": "CVE-2021-31957"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core Denial of Service Vulnerability. .NET and Microsoft Visual Studio Has ASP.NET Service operation is interrupted due to a defect in (DoS) A vulnerability exists.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET Core 3.1 on RHEL 7 security and bugfix update\nAdvisory ID: RHSA-2021:2350-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2350\nIssue date: 2021-06-08\nCVE Names: CVE-2021-31957\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now\navailable. The updated versions are .NET SDK 3.1.116 and .NET Runtime\n3.1.16. \n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.116-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.116-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.116-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.116-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.116-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.116-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-31957\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYMAbx9zjgjWX9erEAQg0iA//ZMTDOkp9jyDMxC6VRisGHkU6yxWPFIEs\n5xelU+7Pusp7mmYsFM9+c8dn7sWiRuuX7S9q+DhOTemcSmjfE8TCg2PIwDwJ4v4i\nAsPzx+x93ug0Jy6VWSJo/992tsdv+m809rQnqMItQy4BB7YrYaqsCtrsGxZHOP90\n1LOyaiRSm7pg2OjUzvTg+k5WX4XCOvzRELiB2ErGpryR6CgU6zbCURf4fnczj2/d\nrNtbxXmsDSbmTUC0qt+7uKJHzoxKXUYAHDF+wyiJXSAe2eV29nINbPa9R8vx0koE\nBF2xcgVYd9MNPal3tsZ15jm6+hvk0tVMM+gPhAWQQczXl0aFMaWBSAmXPPJ/ZFXE\n+mdMXNKzuxaxK+9JsBcLS7gsTSOBfzq1Sm7oQRKGmQIPqSMdQZucs3C86sASXLGD\nixQs99clPBeCFwUjvwIuHPkWQFHsxsM0LQJlGb6PHQJbVmRSc2PDgdu2BVjHJWSl\nc7VxLpXHwd7uiS/zw5KTpbcXpxzCAFwD2g9mZXvgRwv8xB/yMI1uim/mbdotTs5j\nC+Z8s0E1ggb6X9PkgFGMMwKIfZee3TiqbQevNjvZwqi3XbVEM4W2bDLLo0+I4Ly2\n/1qPQc3r4ximd5loy9q3O/4kdkluuFsmznTg68Z0V1PCbhZ+JGpDi3ivdHV86LKa\nY+qTXDnEhw8=kKm2\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31957"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001972"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "PACKETSTORM",
"id": "163033"
},
{
"db": "PACKETSTORM",
"id": "163035"
},
{
"db": "PACKETSTORM",
"id": "163039"
},
{
"db": "PACKETSTORM",
"id": "163041"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-31957",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001972",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163033",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021061519",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060808",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060930",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2038",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-495",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163035",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163039",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163041",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001972"
},
{
"db": "PACKETSTORM",
"id": "163033"
},
{
"db": "PACKETSTORM",
"id": "163035"
},
{
"db": "PACKETSTORM",
"id": "163039"
},
{
"db": "PACKETSTORM",
"id": "163041"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-495"
},
{
"db": "NVD",
"id": "CVE-2021-31957"
}
]
},
"id": "VAR-202106-1709",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-08-14T12:28:35.463000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ASP.NET\u00a0Denial\u00a0of\u00a0Service\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG/"
},
{
"title": "Visual Studio Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155429"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001972"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-495"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001972"
},
{
"db": "NVD",
"id": "CVE-2021-31957"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-31957"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31957"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2021-31957"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4prvvlxxqef4sejobv3vrjhgx7yhy2cg/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cvcdyip4a6ddrt7g6p3zw6pknk2dnwj2/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pmhwhrrydhkm6biinw5v7ocsw4sdwb4w/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vmao4ng2oq4pcxuqwmnscmywlijjy6uy/"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20210609-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2021/at210027.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cvcdyip4a6ddrt7g6p3zw6pknk2dnwj2/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pmhwhrrydhkm6biinw5v7ocsw4sdwb4w/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vmao4ng2oq4pcxuqwmnscmywlijjy6uy/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4prvvlxxqef4sejobv3vrjhgx7yhy2cg/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163033/red-hat-security-advisory-2021-2352-01.html"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-31957"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2038"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060930"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-june-2021-35661"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021061519"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060808"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2352"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2353"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2350"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2351"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001972"
},
{
"db": "PACKETSTORM",
"id": "163033"
},
{
"db": "PACKETSTORM",
"id": "163035"
},
{
"db": "PACKETSTORM",
"id": "163039"
},
{
"db": "PACKETSTORM",
"id": "163041"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-495"
},
{
"db": "NVD",
"id": "CVE-2021-31957"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001972"
},
{
"db": "PACKETSTORM",
"id": "163033"
},
{
"db": "PACKETSTORM",
"id": "163035"
},
{
"db": "PACKETSTORM",
"id": "163039"
},
{
"db": "PACKETSTORM",
"id": "163041"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-495"
},
{
"db": "NVD",
"id": "CVE-2021-31957"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001972"
},
{
"date": "2021-06-09T13:27:08",
"db": "PACKETSTORM",
"id": "163033"
},
{
"date": "2021-06-09T13:27:47",
"db": "PACKETSTORM",
"id": "163035"
},
{
"date": "2021-06-09T13:40:11",
"db": "PACKETSTORM",
"id": "163039"
},
{
"date": "2021-06-09T13:40:25",
"db": "PACKETSTORM",
"id": "163041"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-495"
},
{
"date": "2021-06-08T23:15:08.870000",
"db": "NVD",
"id": "CVE-2021-31957"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-06T07:22:00",
"db": "JVNDB",
"id": "JVNDB-2021-001972"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-495"
},
{
"date": "2024-05-29T15:15:43.553000",
"db": "NVD",
"id": "CVE-2021-31957"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-495"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET\u00a0 and \u00a0Microsoft\u00a0Visual\u00a0Studio\u00a0 Denial of service in Japan \u00a0(DoS)\u00a0 Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001972"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-201807-1618
Vulnerability from variot
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Title: Microsoft Security Update Releases Issued: July 19, 2018
Summary
The following CVEs have undergone a major revision increment:
- CVE-2018-8202
- CVE-2018-8260
- CVE-2018-8284
- CVE-2018-8356
Revision Information:
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: To address a known issue in the security updates released on July 10, Microsoft is releasing Cumulative Update packages for all supported editions of Windows 10. These packages are available via Microsoft Update catalog, WSUS, or by manually searching Windows Update. Customers who are experiencing issues after installing the July Windows security updates should install the replacement packages as applicable. Please refer to the Affected Products table for the replacement package KB numbers. Customers who have successfully installed the security updates and who are not experiencing any issues do not need to take any action.
- Originally posted: July 10, 2018
- Updated: July 19, 2018
- Aggregate CVE Severity Rating: Important
- Version: 2.0
The following CVEs have undergone a major revision increment:
- CVE-2018-0949
- CVE-2018-8242
- CVE-2018-8287
- CVE-2018-8288
- CVE-2018-8291
- CVE-2018-8296
Revision Information:
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: To address a known issue in the security updates released on July 10, Microsoft is releasing Cumulative Update packages for Windows 10, and Standalone and Preview Rollup packages for all other supported editions of Windows. These packages are available via Microsoft Update catalog, WSUS, or by manually searching Windows Update. Customers who are experiencing issues after installing the July Windows security updates should install the replacement packages as applicable. Note that the IE Cumulative updates are not affected. Please refer to the Affected Products table for the replacement package KB numbers. Customers who have successfully installed the security updates and who are not experiencing any issues do not need to take any action.
- Originally posted: July 10, 2018
- Updated: July 19, 2018
- Aggregate CVE Severity Rating: Important
- Version: 2.0
The following CVEs have undergone a major revision increment:
- CVE-2018-8125 * CVE-2018-8279 * CVE-2018-8301
- CVE-2018-8206 * CVE-2018-8280 * CVE-2018-8304
- CVE-2018-8222 * CVE-2018-8282 * CVE-2018-8307
- CVE-2018-8262 * CVE-2018-8286 * CVE-2018-8308
- CVE-2018-8274 * CVE-2018-8289 * CVE-2018-8309
- CVE-2018-8275 * CVE-2018-8290 * CVE-2018-8313
- CVE-2018-8276 * CVE-2018-8294 * CVE-2018-8314
- CVE-2018-8278 * CVE-2018-8297 * CVE-2018-8324 * CVE-2018-8325
Revision Information:
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: To address a known issue in the security updates released on July 10, Microsoft is releasing Cumulative Update packages for Windows 10, and Standalone and Preview Rollup packages for all other supported editions of Windows. These packages are available via Microsoft Update catalog, WSUS, or by manually searching Windows Update. Customers who are experiencing issues after installing the July Windows security updates should install the replacement packages as applicable. Please refer to the Affected Products table for the replacement package KB numbers. Customers who have successfully installed the security updates and who are not experiencing any issues do not need to take any action.
- Originally posted: July 10, 2018
- Updated: July 19, 2018
- Aggregate CVE Severity Rating: Critical
- Version: 2.0
The following CVE has undergone a major revision increment:
- CVE-2018-8356
Revision Information:
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: Revised the Affected Products table to include PowerShell Core 6.0 and PowerShell Core 6.1 because these products are affected by CVE-2018-9356. See https://github.com/PowerShell/Announcements/issues/6 for more information.
- Originally posted: July 10, 2018
- Updated: July 19, 2018
- Aggregate CVE Severity Rating: Important
- Version: 3.0
Other Information
Recognize and avoid fraudulent email to Microsoft customers:
If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.
The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://technet.microsoft.com/security/dn753714.
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
Microsoft respects your privacy. Please read our online Privacy Statement at http://go.microsoft.com/fwlink/?LinkId=81184.
If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033.
These settings will not affect any newsletters youave requested or any mandatory service communications that are considered part of certain Microsoft services.
For legal Information, see: http://www.microsoft.com/info/legalinfo/default.mspx.
This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEELe29pj1Ogz+2MnKbEEiO2re18ugFAltRJ4QACgkQEEiO2re1 8uhBGRAAqV/EWkEhrEVrYfOPJe0fzDxFKVu8PespooUpb+/xYFKj0RvyGPBwWkK0 7lGixsk0HDH/VGRevfEPWBUMEDyPp7yudESs7K/Almv0X5Tq9EXa8xsoLOfWmUsF +8OjbFDlsgmJDnsOvrELRAul7bjJDvte3q0jB8QsDIhaMWDOkvKuFfB6M8KwLEJg BeKY/Mudn4BbDxxpMBq72kDCNy6WQar9igbZMS0xu2sDSuTLzqC7qfUg9jseqwhx 5uKJWSKrgCcJ73erJnZRvb1LAglhxD1NGoFdQP36EiIkccOB6kIYv33hpDNd6jf1 S0N8nJVYiUQVqg4ITBtQch5ws6fxXfTIUh7m+oQ4pxvLBbw5QLScub0/AV6ucSaD 9Ace1QwDaOJP+D8aA/+mdmTwr9SvLspNDOm9HkNu10ktRRDyu8PMPf3XGoCAQ1n9 XGtin526zCPy68yFG4BqzN2XSQfft97pwwgcG0KYRV3kB7tbswrtJWOOFbVXvLUl Yd9yvpMql7qfH6p+6f8hS+LG41EEDTqCVEaMT8HTSjld+W36AP2WqlWuSXG9YRBf yhulJ6nF3lbiG1h4pZkY5vrGjvFcfbN4YhSA+FepEolJAnWOtZBg9lswNSuIse3G lvBVHDiKdzpX3ey1qri1czIaC/r46OKW6YuAr4nzhoJKwdfpS34= =b7n1 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1618",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net framework",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "3.5"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "3.5.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "4.5.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "4.6"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "4.6.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "4.6.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "4.7"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "4.7.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "4.7.2"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": ".net framework developer pack",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "4.7.2"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "6.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "3.0 sp2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007178"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-831"
},
{
"db": "NVD",
"id": "CVE-2018-8356"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:.net_framework_developer_pack",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:asp.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:.net_framework",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:powershell_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007178"
}
]
},
"cve": "CVE-2018-8356",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-8356",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2018-8356",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-8356",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-8356",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-831",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007178"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-831"
},
{
"db": "NVD",
"id": "CVE-2018-8356"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka \".NET Framework Security Feature Bypass Vulnerability.\" This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n********************************************************************\nTitle: Microsoft Security Update Releases\nIssued: July 19, 2018\n********************************************************************\n\nSummary\n=======\n\nThe following CVEs have undergone a major revision increment:\n\n* CVE-2018-8202\n* CVE-2018-8260\n* CVE-2018-8284\n* CVE-2018-8356\n \nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance\n - Reason for Revision: To address a known issue in the security\n updates released on July 10, Microsoft is releasing Cumulative\n Update packages for all supported editions of Windows 10. These\n packages are available via Microsoft Update catalog, WSUS, or by\n manually searching Windows Update. Customers who are experiencing\n issues after installing the July Windows security updates should\n install the replacement packages as applicable. Please refer to the Affected Products table for the\n replacement package KB numbers. Customers who have successfully\n installed the security updates and who are not experiencing any\n issues do not need to take any action. \n - Originally posted: July 10, 2018\n - Updated: July 19, 2018\n - Aggregate CVE Severity Rating: Important\n - Version: 2.0\n\nThe following CVEs have undergone a major revision increment:\n\n* CVE-2018-0949\n* CVE-2018-8242\n* CVE-2018-8287\n* CVE-2018-8288\n* CVE-2018-8291\n* CVE-2018-8296\n\nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance\n - Reason for Revision: To address a known issue in the security\n updates released on July 10, Microsoft is releasing Cumulative\n Update packages for Windows 10, and Standalone and Preview Rollup\n packages for all other supported editions of Windows. These packages\n are available via Microsoft Update catalog, WSUS, or by manually\n searching Windows Update. Customers who are experiencing issues\n after installing the July Windows security updates should install\n the replacement packages as applicable. Note that the IE Cumulative\n updates are not affected. Please refer to the Affected Products\n table for the replacement package KB numbers. Customers who have\n successfully installed the security updates and who are not\n experiencing any issues do not need to take any action. \n - Originally posted: July 10, 2018\n - Updated: July 19, 2018\n - Aggregate CVE Severity Rating: Important\n - Version: 2.0\n\nThe following CVEs have undergone a major revision increment:\n\n* CVE-2018-8125\t* CVE-2018-8279\t* CVE-2018-8301\n* CVE-2018-8206\t* CVE-2018-8280\t* CVE-2018-8304\n* CVE-2018-8222\t* CVE-2018-8282\t* CVE-2018-8307\n* CVE-2018-8262\t* CVE-2018-8286\t* CVE-2018-8308\n* CVE-2018-8274\t* CVE-2018-8289\t* CVE-2018-8309\n* CVE-2018-8275\t* CVE-2018-8290\t* CVE-2018-8313\n* CVE-2018-8276\t* CVE-2018-8294\t* CVE-2018-8314\n* CVE-2018-8278\t* CVE-2018-8297\t* CVE-2018-8324\n\t\t\t\t* CVE-2018-8325\n\nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance\n - Reason for Revision: To address a known issue in the security\n updates released on July 10, Microsoft is releasing Cumulative\n Update packages for Windows 10, and Standalone and Preview Rollup\n packages for all other supported editions of Windows. These\n packages are available via Microsoft Update catalog, WSUS, or by\n manually searching Windows Update. Customers who are experiencing\n issues after installing the July Windows security updates should\n install the replacement packages as applicable. Please refer to the\n Affected Products table for the replacement package KB numbers. \n Customers who have successfully installed the security updates and\n who are not experiencing any issues do not need to take any action. \n - Originally posted: July 10, 2018\n - Updated: July 19, 2018\n - Aggregate CVE Severity Rating: Critical\n - Version: 2.0\n\n The following CVE has undergone a major revision increment:\n\n* CVE-2018-8356\n\nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance\n - Reason for Revision: Revised the Affected Products table to\n include PowerShell Core 6.0 and PowerShell Core 6.1 because\n these products are affected by CVE-2018-9356. See \n https://github.com/PowerShell/Announcements/issues/6 for \n more information. \n - Originally posted: July 10, 2018\n - Updated: July 19, 2018\n - Aggregate CVE Severity Rating: Important\n - Version: 3.0\n\nOther Information\n=================\n\nRecognize and avoid fraudulent email to Microsoft customers:\n=============================================================\nIf you receive an email message that claims to be distributing \na Microsoft security update, it is a hoax that may contain \nmalware or pointers to malicious websites. Microsoft does \nnot distribute security updates via email. \n\nThe Microsoft Security Response Center (MSRC) uses PGP to digitally \nsign all security notifications. However, PGP is not required for \nreading security notifications, reading security bulletins, or \ninstalling security updates. You can obtain the MSRC public PGP key\nat \u003chttps://technet.microsoft.com/security/dn753714\u003e. \n\n********************************************************************\nTHE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS\nPROVIDED \"AS IS\" WITHOUT WARRANTY OF ANY KIND. MICROSOFT\nDISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING\nTHE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\nPURPOSE. \nIN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE\nLIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,\nINCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL\nDAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN\nADVISED OF THE POSSIBILITY OF SUCH DAMAGES. \nSOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY\nFOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING\nLIMITATION MAY NOT APPLY. \n********************************************************************\n\nMicrosoft respects your privacy. Please read our online Privacy\nStatement at \u003chttp://go.microsoft.com/fwlink/?LinkId=81184\u003e. \n\nIf you would prefer not to receive future technical security\nnotification alerts by email from Microsoft and its family of\ncompanies please visit the following website to unsubscribe:\n\u003chttps://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar\nd.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e\u0026%3blcid=1033\u003e. \n\nThese settings will not affect any newsletters youave requested or\nany mandatory service communications that are considered part of\ncertain Microsoft services. \n\nFor legal Information, see:\n\u003chttp://www.microsoft.com/info/legalinfo/default.mspx\u003e. \n\nThis newsletter was sent by:\nMicrosoft Corporation\n1 Microsoft Way\nRedmond, Washington, USA\n98052\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEELe29pj1Ogz+2MnKbEEiO2re18ugFAltRJ4QACgkQEEiO2re1\n8uhBGRAAqV/EWkEhrEVrYfOPJe0fzDxFKVu8PespooUpb+/xYFKj0RvyGPBwWkK0\n7lGixsk0HDH/VGRevfEPWBUMEDyPp7yudESs7K/Almv0X5Tq9EXa8xsoLOfWmUsF\n+8OjbFDlsgmJDnsOvrELRAul7bjJDvte3q0jB8QsDIhaMWDOkvKuFfB6M8KwLEJg\nBeKY/Mudn4BbDxxpMBq72kDCNy6WQar9igbZMS0xu2sDSuTLzqC7qfUg9jseqwhx\n5uKJWSKrgCcJ73erJnZRvb1LAglhxD1NGoFdQP36EiIkccOB6kIYv33hpDNd6jf1\nS0N8nJVYiUQVqg4ITBtQch5ws6fxXfTIUh7m+oQ4pxvLBbw5QLScub0/AV6ucSaD\n9Ace1QwDaOJP+D8aA/+mdmTwr9SvLspNDOm9HkNu10ktRRDyu8PMPf3XGoCAQ1n9\nXGtin526zCPy68yFG4BqzN2XSQfft97pwwgcG0KYRV3kB7tbswrtJWOOFbVXvLUl\nYd9yvpMql7qfH6p+6f8hS+LG41EEDTqCVEaMT8HTSjld+W36AP2WqlWuSXG9YRBf\nyhulJ6nF3lbiG1h4pZkY5vrGjvFcfbN4YhSA+FepEolJAnWOtZBg9lswNSuIse3G\nlvBVHDiKdzpX3ey1qri1czIaC/r46OKW6YuAr4nzhoJKwdfpS34=\n=b7n1\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8356"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007178"
},
{
"db": "BID",
"id": 104664
},
{
"db": "PACKETSTORM",
"id": "148630"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8356",
"trust": 2.5
},
{
"db": "BID",
"id": "104664",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1041257",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007178",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-831",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "148630",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": 104664
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007178"
},
{
"db": "PACKETSTORM",
"id": "148630"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-831"
},
{
"db": "NVD",
"id": "CVE-2018-8356"
}
]
},
"id": "VAR-201807-1618",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T21:52:57.468000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-8356 | .NET Framework Security Feature Bypass Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356"
},
{
"title": "CVE-2018-8356 | .NET Framework \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u306e\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-8356"
},
{
"title": "Microsoft .NET Framework Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81895"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007178"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-831"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007178"
},
{
"db": "NVD",
"id": "CVE-2018-8356"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8356"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1041257"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/104664"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8356"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8356"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20180711-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2018/at180028.html"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/info/legalinfo/default.mspx\u003e."
},
{
"trust": 0.1,
"url": "http://go.microsoft.com/fwlink/?linkid=81184\u003e."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8260"
},
{
"trust": 0.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8202"
},
{
"trust": 0.1,
"url": "https://github.com/powershell/announcements/issues/6"
},
{
"trust": 0.1,
"url": "https://technet.microsoft.com/security/dn753714\u003e."
},
{
"trust": 0.1,
"url": "https://profile.microsoft.com/regsysprofilecenter/subscriptionwizar"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8284"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007178"
},
{
"db": "PACKETSTORM",
"id": "148630"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-831"
},
{
"db": "NVD",
"id": "CVE-2018-8356"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": 104664
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007178"
},
{
"db": "PACKETSTORM",
"id": "148630"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-831"
},
{
"db": "NVD",
"id": "CVE-2018-8356"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007178"
},
{
"date": "2018-07-20T08:22:22",
"db": "PACKETSTORM",
"id": "148630"
},
{
"date": "2018-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-831"
},
{
"date": "2018-07-11T00:29:02.587000",
"db": "NVD",
"id": "CVE-2018-8356"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007178"
},
{
"date": "2022-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-831"
},
{
"date": "2024-11-21T04:13:40.677000",
"db": "NVD",
"id": "CVE-2018-8356"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-831"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Microsoft Vulnerabilities that bypass security functions in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007178"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-831"
}
],
"trust": 0.6
}
}
var-201803-1708
Vulnerability from variot
.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability". Microsoft .NET is prone to a denial-of-service vulnerability. Successful exploits will attackers to cause performance to degrade resulting in a denial of service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Low: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:0522-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0522 Issue date: 2018-03-14 CVE Names: CVE-2018-0875 =====================================================================
- Summary:
Updates for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and rh-dotnetcore11-dotnetcore are now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and includes a CLR implementation.
These correspond to the March 2018 security release by .NET Core upstream projects.
Security Fix(es):
- .NET Core: Hash Collision Denial of Service (CVE-2018-0875)
Red Hat would like to thank Ben Adams (Illyriad Games) for reporting this issue.
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet20-dotnet-2.0.6-1.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet20-dotnet-2.0.6-1.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet20-dotnet-2.0.6-1.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-0875 https://access.redhat.com/security/updates/classification/#low
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFaqUTsXlSAg2UNWIIRAuzUAKCDhqW/mE1ZwG1Bv9JVc2oVTo7cngCfUnVc slFh/sAwzwax82xICfw1G1M= =37s1 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1708",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 1.4,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 1.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2.0"
}
],
"sources": [
{
"db": "BID",
"id": "103225"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002560"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-522"
},
{
"db": "NVD",
"id": "CVE-2018-0875"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:powershell_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002560"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ben Adams of Illyriad Games",
"sources": [
{
"db": "BID",
"id": "103225"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0875",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-0875",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-0875",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0875",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-0875",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-522",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002560"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-522"
},
{
"db": "NVD",
"id": "CVE-2018-0875"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka \".NET Core Denial of Service Vulnerability\". Microsoft .NET is prone to a denial-of-service vulnerability. \nSuccessful exploits will attackers to cause performance to degrade resulting in a denial of service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID: RHSA-2018:0522-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:0522\nIssue date: 2018-03-14\nCVE Names: CVE-2018-0875 \n=====================================================================\n\n1. Summary:\n\nUpdates for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and\nrh-dotnetcore11-dotnetcore are now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and includes a CLR implementation. \n\nThese correspond to the March 2018 security release by .NET Core upstream\nprojects. \n\nSecurity Fix(es):\n\n* .NET Core: Hash Collision Denial of Service (CVE-2018-0875)\n\nRed Hat would like to thank Ben Adams (Illyriad Games) for reporting this\nissue. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-0875\nhttps://access.redhat.com/security/updates/classification/#low\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFaqUTsXlSAg2UNWIIRAuzUAKCDhqW/mE1ZwG1Bv9JVc2oVTo7cngCfUnVc\nslFh/sAwzwax82xICfw1G1M=\n=37s1\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0875"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002560"
},
{
"db": "BID",
"id": "103225"
},
{
"db": "PACKETSTORM",
"id": "146768"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0875",
"trust": 2.8
},
{
"db": "BID",
"id": "103225",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1040505",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002560",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-522",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "146768",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "103225"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002560"
},
{
"db": "PACKETSTORM",
"id": "146768"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-522"
},
{
"db": "NVD",
"id": "CVE-2018-0875"
}
]
},
"id": "VAR-201803-1708",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T22:41:53.763000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-0875 | .NET Core Denial of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0875"
},
{
"title": "CVE-2018-0875 | .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-0875"
},
{
"title": "Microsoft .NET Core and PowerShell Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79171"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002560"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-522"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002560"
},
{
"db": "NVD",
"id": "CVE-2018-0875"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0875"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:0522"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1040505"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/103225"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0875"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0875"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20180314-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2018/at180011.html"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/net/"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-0875"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
}
],
"sources": [
{
"db": "BID",
"id": "103225"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002560"
},
{
"db": "PACKETSTORM",
"id": "146768"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-522"
},
{
"db": "NVD",
"id": "CVE-2018-0875"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "103225"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002560"
},
{
"db": "PACKETSTORM",
"id": "146768"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-522"
},
{
"db": "NVD",
"id": "CVE-2018-0875"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103225"
},
{
"date": "2018-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002560"
},
{
"date": "2018-03-15T15:52:13",
"db": "PACKETSTORM",
"id": "146768"
},
{
"date": "2018-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-522"
},
{
"date": "2018-03-14T17:29:00.980000",
"db": "NVD",
"id": "CVE-2018-0875"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103225"
},
{
"date": "2018-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002560"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-522"
},
{
"date": "2024-11-21T03:39:08.307000",
"db": "NVD",
"id": "CVE-2018-0875"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-522"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core and PowerShell Core Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002560"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-522"
}
],
"trust": 0.6
}
}
var-201805-0649
Vulnerability from variot
A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2. Successful exploits will attackers to cause a denial of service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0649",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.7.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.7.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.6.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.6.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.7"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "4.6"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "3.5.1"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.5.2"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "3.5"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 1.3,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": ".net framework",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2.0 sp2"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.0"
}
],
"sources": [
{
"db": "BID",
"id": "104060"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004255"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-309"
},
{
"db": "NVD",
"id": "CVE-2018-0765"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:.net_framework",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004255"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft",
"sources": [
{
"db": "BID",
"id": "104060"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0765",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-0765",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-0765",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0765",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-0765",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-309",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004255"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-309"
},
{
"db": "NVD",
"id": "CVE-2018-0765"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka \".NET and .NET Core Denial of Service Vulnerability.\" This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2. \nSuccessful exploits will attackers to cause a denial of service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0765"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004255"
},
{
"db": "BID",
"id": "104060"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0765",
"trust": 2.7
},
{
"db": "BID",
"id": "104060",
"trust": 1.3
},
{
"db": "SECTRACK",
"id": "1040851",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004255",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "39696",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201805-309",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "104060"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004255"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-309"
},
{
"db": "NVD",
"id": "CVE-2018-0765"
}
]
},
"id": "VAR-201805-0649",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T21:38:57.431000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-0765 | .NET and .NET Core Denial of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0765"
},
{
"title": "CVE-2018-0765 | .NET \u304a\u3088\u3073 .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2018-0765"
},
{
"title": "Microsoft .NET Framework and .NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79987"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004255"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-309"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004255"
},
{
"db": "NVD",
"id": "CVE-2018-0765"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0765"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/104060"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1040851"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0765"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20180509-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2018/at180021.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0765"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/39696"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
}
],
"sources": [
{
"db": "BID",
"id": "104060"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004255"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-309"
},
{
"db": "NVD",
"id": "CVE-2018-0765"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "104060"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004255"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-309"
},
{
"db": "NVD",
"id": "CVE-2018-0765"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-08T00:00:00",
"db": "BID",
"id": "104060"
},
{
"date": "2018-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004255"
},
{
"date": "2018-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-309"
},
{
"date": "2018-05-09T19:29:00.323000",
"db": "NVD",
"id": "CVE-2018-0765"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-08T00:00:00",
"db": "BID",
"id": "104060"
},
{
"date": "2018-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004255"
},
{
"date": "2018-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-309"
},
{
"date": "2024-11-21T03:38:54.410000",
"db": "NVD",
"id": "CVE-2018-0765"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-309"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft .NET Framework and .NET Core Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004255"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-309"
}
],
"trust": 0.6
}
}
var-202205-0625
Vulnerability from variot
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET 6.0 on RHEL 7 security and bugfix update Advisory ID: RHSA-2022:2195-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2195 Issue date: 2022-05-11 CVE Names: CVE-2022-23267 CVE-2022-29117 CVE-2022-29145 ==================================================================== 1. Summary:
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 6.0.105 and .NET Core Runtime 6.0.5.
Security Fix(es):
-
dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267)
-
dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117)
-
dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2083647 - CVE-2022-29117 dotnet: malicious content causes high CPU and memory usage 2083649 - CVE-2022-29145 dotnet: parsing HTML causes Denial of Service 2083650 - CVE-2022-23267 dotnet: excess memory allocation via HttpClient causes DoS
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-23267 https://access.redhat.com/security/cve/CVE-2022-29117 https://access.redhat.com/security/cve/CVE-2022-29145 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYnw2ZtzjgjWX9erEAQhfsA//XM/8Ih5T9J+ql5cd6IgYWbT1UOM8KE17 4abvuRvxBqSfJyACbCEbRNm+GZzqWF6SHYamS3lAfs5Gt/SmIcEtyWZTaEkiZtbi sIsJ2Hd802Sm8K1gcU0MFOMhT5zwI3ogteixbvzkN6y5NxHitkVTUZqOIjvpcNzn Mc0bfAgeIzODP6F5hfneYantgPhQC3j5eWDcRBOrvxD2cRDnQ6CzL37wUsdSd+TA f8b7Ck2lg9poj+v/4L/HVLZJi47HM3C3ouqJClTx3kL89ktEZkhavcLua4wX8aY5 n1MPCnMe9OrPwfzAzyCrZqKezAutuu3QfXaWy37RW4M4Tza1dfP/4eJ2fBH19JcB 3iUmFmQmR36WFLBMCrUzLNH8FsBXzp1MLiiKuRgV/MXa+M2ZwMeqTFQuAsAA8lTE 0Qeoyf7JmWP/iDcODWKU/+eApCsRKBnmB952x3UroOq0H57m1RPJKZRlwwqy1S2a Tc2xXDB/w6SaORozEXlGnyrzHBIM7FdHkNS4zdWSNH4GRkO3bbwsi2CPgzIkXvyZ j1Q4NEtntVC3FmkKHUoSw3XRmBNrBNAD3JRKWYXEmN1JAfXSAsrbOqlj9sCE/nTJ rDNXwYArh73UwTMfU2+JL/2XE1mgV+LWBtAMsoBGHAg31HdXQQOe1UoJEaKjX7p3 zq2nVL/qVmM=le1K -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, s390x, x86_64
3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0625",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "visual studio 2022",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.1"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0"
},
{
"model": ".net",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "visual studio 2019",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0.11"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "visual studio 2022",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": ".net",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.0"
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.1"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2019 16.11 (includes 16.0 - 16.10)"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2019 16.9 (includes 16.0 - 16.8)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001866"
},
{
"db": "NVD",
"id": "CVE-2022-29117"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "167135"
},
{
"db": "PACKETSTORM",
"id": "167382"
},
{
"db": "PACKETSTORM",
"id": "167128"
},
{
"db": "PACKETSTORM",
"id": "167143"
},
{
"db": "PACKETSTORM",
"id": "167125"
},
{
"db": "PACKETSTORM",
"id": "167141"
},
{
"db": "PACKETSTORM",
"id": "167130"
}
],
"trust": 0.7
},
"cve": "CVE-2022-29117",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-29117",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secure@microsoft.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-29117",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2022-001866",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-29117",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2022-29117",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-29117",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2773",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-29117",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-29117"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001866"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2773"
},
{
"db": "NVD",
"id": "CVE-2022-29117"
},
{
"db": "NVD",
"id": "CVE-2022-29117"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET 6.0 on RHEL 7 security and bugfix update\nAdvisory ID: RHSA-2022:2195-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:2195\nIssue date: 2022-05-11\nCVE Names: CVE-2022-23267 CVE-2022-29117 CVE-2022-29145\n====================================================================\n1. Summary:\n\nAn update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET Core that address a security vulnerability are now\navailable. The updated versions are .NET Core SDK 6.0.105 and .NET Core\nRuntime 6.0.5. \n\nSecurity Fix(es):\n\n* dotnet: excess memory allocation via HttpClient causes DoS\n(CVE-2022-23267)\n\n* dotnet: malicious content causes high CPU and memory usage\n(CVE-2022-29117)\n\n* dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2083647 - CVE-2022-29117 dotnet: malicious content causes high CPU and memory usage\n2083649 - CVE-2022-29145 dotnet: parsing HTML causes Denial of Service\n2083650 - CVE-2022-23267 dotnet: excess memory allocation via HttpClient causes DoS\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-23267\nhttps://access.redhat.com/security/cve/CVE-2022-29117\nhttps://access.redhat.com/security/cve/CVE-2022-29145\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYnw2ZtzjgjWX9erEAQhfsA//XM/8Ih5T9J+ql5cd6IgYWbT1UOM8KE17\n4abvuRvxBqSfJyACbCEbRNm+GZzqWF6SHYamS3lAfs5Gt/SmIcEtyWZTaEkiZtbi\nsIsJ2Hd802Sm8K1gcU0MFOMhT5zwI3ogteixbvzkN6y5NxHitkVTUZqOIjvpcNzn\nMc0bfAgeIzODP6F5hfneYantgPhQC3j5eWDcRBOrvxD2cRDnQ6CzL37wUsdSd+TA\nf8b7Ck2lg9poj+v/4L/HVLZJi47HM3C3ouqJClTx3kL89ktEZkhavcLua4wX8aY5\nn1MPCnMe9OrPwfzAzyCrZqKezAutuu3QfXaWy37RW4M4Tza1dfP/4eJ2fBH19JcB\n3iUmFmQmR36WFLBMCrUzLNH8FsBXzp1MLiiKuRgV/MXa+M2ZwMeqTFQuAsAA8lTE\n0Qeoyf7JmWP/iDcODWKU/+eApCsRKBnmB952x3UroOq0H57m1RPJKZRlwwqy1S2a\nTc2xXDB/w6SaORozEXlGnyrzHBIM7FdHkNS4zdWSNH4GRkO3bbwsi2CPgzIkXvyZ\nj1Q4NEtntVC3FmkKHUoSw3XRmBNrBNAD3JRKWYXEmN1JAfXSAsrbOqlj9sCE/nTJ\nrDNXwYArh73UwTMfU2+JL/2XE1mgV+LWBtAMsoBGHAg31HdXQQOe1UoJEaKjX7p3\nzq2nVL/qVmM=le1K\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, s390x, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-29117"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001866"
},
{
"db": "VULMON",
"id": "CVE-2022-29117"
},
{
"db": "PACKETSTORM",
"id": "167135"
},
{
"db": "PACKETSTORM",
"id": "167382"
},
{
"db": "PACKETSTORM",
"id": "167128"
},
{
"db": "PACKETSTORM",
"id": "167143"
},
{
"db": "PACKETSTORM",
"id": "167125"
},
{
"db": "PACKETSTORM",
"id": "167141"
},
{
"db": "PACKETSTORM",
"id": "167130"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-29117",
"trust": 4.0
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001866",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167382",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167143",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022051101",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051228",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072010",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2773",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-29117",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167128",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167125",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167141",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167130",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-29117"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001866"
},
{
"db": "PACKETSTORM",
"id": "167135"
},
{
"db": "PACKETSTORM",
"id": "167382"
},
{
"db": "PACKETSTORM",
"id": "167128"
},
{
"db": "PACKETSTORM",
"id": "167143"
},
{
"db": "PACKETSTORM",
"id": "167125"
},
{
"db": "PACKETSTORM",
"id": "167141"
},
{
"db": "PACKETSTORM",
"id": "167130"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2773"
},
{
"db": "NVD",
"id": "CVE-2022-29117"
}
]
},
"id": "VAR-202205-0625",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T21:10:30.426000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": ".NET\u00a0and\u00a0Visual\u00a0Studio\u00a0Denial\u00a0of\u00a0Service\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117"
},
{
"title": "Microsoft .NET and Microsoft Visual Studio Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193780"
},
{
"title": "Red Hat: Important: .NET 6.0 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224588 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET 6.0 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222199 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET 5.0 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222200 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET 6.0 on RHEL 7 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222195 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET Core 3.1 on RHEL 7 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222194 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET 5.0 on RHEL 7 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222196 - Security Advisory"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-29117"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001866"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2773"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001866"
},
{
"db": "NVD",
"id": "CVE-2022-29117"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2022-29117"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29117"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/security/cve/cve-2022-29117"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gnxql7ezorgu4pzcpj5epq4p7iey3zzo/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/w5fpeq6btyrgts6iycdtzw6yf5hlq3by/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ibysbudjyq76hk4tulxviipckk2u6wdb/"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20220511-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2022/at220014.html"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ibysbudjyq76hk4tulxviipckk2u6wdb/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/w5fpeq6btyrgts6iycdtzw6yf5hlq3by/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gnxql7ezorgu4pzcpj5epq4p7iey3zzo/"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23267"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-23267"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29145"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-29145"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051228"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-may-2022-38299"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-29117/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167143/red-hat-security-advisory-2022-2200-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051101"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167382/red-hat-security-advisory-2022-4588-01.html"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-29117"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2022:4588"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2202"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2194"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-29117"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001866"
},
{
"db": "PACKETSTORM",
"id": "167135"
},
{
"db": "PACKETSTORM",
"id": "167382"
},
{
"db": "PACKETSTORM",
"id": "167128"
},
{
"db": "PACKETSTORM",
"id": "167143"
},
{
"db": "PACKETSTORM",
"id": "167125"
},
{
"db": "PACKETSTORM",
"id": "167141"
},
{
"db": "PACKETSTORM",
"id": "167130"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2773"
},
{
"db": "NVD",
"id": "CVE-2022-29117"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-29117"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001866"
},
{
"db": "PACKETSTORM",
"id": "167135"
},
{
"db": "PACKETSTORM",
"id": "167382"
},
{
"db": "PACKETSTORM",
"id": "167128"
},
{
"db": "PACKETSTORM",
"id": "167143"
},
{
"db": "PACKETSTORM",
"id": "167125"
},
{
"db": "PACKETSTORM",
"id": "167141"
},
{
"db": "PACKETSTORM",
"id": "167130"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2773"
},
{
"db": "NVD",
"id": "CVE-2022-29117"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29117"
},
{
"date": "2022-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001866"
},
{
"date": "2022-05-12T15:51:27",
"db": "PACKETSTORM",
"id": "167135"
},
{
"date": "2022-06-03T15:43:44",
"db": "PACKETSTORM",
"id": "167382"
},
{
"date": "2022-05-12T15:44:58",
"db": "PACKETSTORM",
"id": "167128"
},
{
"date": "2022-05-12T15:56:14",
"db": "PACKETSTORM",
"id": "167143"
},
{
"date": "2022-05-12T15:40:23",
"db": "PACKETSTORM",
"id": "167125"
},
{
"date": "2022-05-12T15:53:37",
"db": "PACKETSTORM",
"id": "167141"
},
{
"date": "2022-05-12T15:46:28",
"db": "PACKETSTORM",
"id": "167130"
},
{
"date": "2022-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2773"
},
{
"date": "2022-05-10T21:15:11.877000",
"db": "NVD",
"id": "CVE-2022-29117"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-23T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29117"
},
{
"date": "2022-05-25T08:40:00",
"db": "JVNDB",
"id": "JVNDB-2022-001866"
},
{
"date": "2022-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2773"
},
{
"date": "2024-11-21T06:58:31.047000",
"db": "NVD",
"id": "CVE-2022-29117"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2773"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET\u00a0 and \u00a0Microsoft\u00a0Visual\u00a0Studio\u00a0 Denial of service in Japan \u00a0(DoS)\u00a0 Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001866"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2773"
}
],
"trust": 0.6
}
}
var-202206-1329
Vulnerability from variot
.NET and Visual Studio Information Disclosure Vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: .NET 6.0 on RHEL 7 security and bugfix update Advisory ID: RHSA-2022:5047-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5047 Issue date: 2022-06-15 CVE Names: CVE-2022-30184 =====================================================================
- Summary:
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.106 and .NET Runtime 6.0.6.
Security Fix(es):
- dotnet: NuGet Credential leak due to loss of control of third party symbol server domain (CVE-2022-30184)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2096963 - CVE-2022-30184 dotnet: NuGet Credential leak due to loss of control of third party symbol server domain
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet60-dotnet-6.0.106-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.106-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.106-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.106-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.106-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.106-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.106-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet60-dotnet-6.0.106-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.106-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.106-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.106-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.106-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.106-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.106-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet60-dotnet-6.0.106-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.106-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.106-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.106-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.106-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.6-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.106-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.106-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-30184 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYqnJfdzjgjWX9erEAQixSg/9Hoq+s14tWTzx0rMrWvUraAES1Q29xYk1 LyGo9/aIBmJhfz2etjEEZ6RIeV2ErqUI4NWSSYruwu0qVxZpJURkQHy5t1xS1YSu IL/p1yS89JP7KMWEKeWO4d/btr60m8ug7M2NhbkfOcWhsNrC+mvwkgHtlxmAFEYS SaYVs+gLru9MyYV789WKFDRAV7olWx3ox6xP83t/XQZrZGiTw9HbS5iQKw68K2aG 57ntXel/HBywNLJsT5s+GpGtPTgsaIdTK6nZsp9QfcFCXNsIsVTil8Zh5RKf4z4I X9iFzpBsy8CSG7M3UM0kd45s5vLVKSn96/eDD0DEJG32mm3tJp6zFn4IO4XydqRI GqW58ZfmV81UAFbijvZixh187avuizXDvdZ5WP3u3e5UmqK0XzIaQfBwn+7GYbl2 MPnXLTiqxelK0+2LoiTyfQaHCrwU2JRQu145ueFz+cTktxhJDRvOgkWOACO8+QgG 22gKZHS6oa7i/uBelZMRqimWA7/L8H7hSXixJprWcLJuQV5A5r4A+FBgmcyriGfz bxWj0OOdDMG1JufoK1+xrMmYidzH5XRIrdVN27KD8qgCNKYd3NDwArbymgN+YePe +3KVg9tD1QdwO5fqS9WqWGBVSBDx+YEpBcrSW6IGqtfL4lljSH3diI57Ak/dSfKN hlK/+EEZzSw= =Grls -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, s390x, x86_64
3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1329",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.2"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0"
},
{
"model": "visual studio 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "visual studio 2019",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.11.6"
},
{
"model": "visual studio 2019",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.9.22"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.2.5"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0.4"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.10"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0.11"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0"
},
{
"model": ".net",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "nuget",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.2.1"
},
{
"model": "visual studio 2019 for mac",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "nuget.exe",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft visual studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "visual studio 2022 for mac",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "17.0"
},
{
"model": ".net core",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001987"
},
{
"db": "NVD",
"id": "CVE-2022-30184"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "167502"
},
{
"db": "PACKETSTORM",
"id": "167519"
},
{
"db": "PACKETSTORM",
"id": "167505"
},
{
"db": "PACKETSTORM",
"id": "167496"
},
{
"db": "PACKETSTORM",
"id": "167497"
}
],
"trust": 0.5
},
"cve": "CVE-2022-30184",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-30184",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "secure@microsoft.com",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-30184",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-001987",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-30184",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2022-30184",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-30184",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-1317",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-30184",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-30184"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001987"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1317"
},
{
"db": "NVD",
"id": "CVE-2022-30184"
},
{
"db": "NVD",
"id": "CVE-2022-30184"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET and Visual Studio Information Disclosure Vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: .NET 6.0 on RHEL 7 security and bugfix update\nAdvisory ID: RHSA-2022:5047-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:5047\nIssue date: 2022-06-15\nCVE Names: CVE-2022-30184 \n=====================================================================\n\n1. Summary:\n\nAn update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now\navailable. The updated versions are .NET SDK 6.0.106 and .NET Runtime\n6.0.6. \n\nSecurity Fix(es):\n\n* dotnet: NuGet Credential leak due to loss of control of third party\nsymbol server domain (CVE-2022-30184)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2096963 - CVE-2022-30184 dotnet: NuGet Credential leak due to loss of control of third party symbol server domain\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.106-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.106-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.106-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.106-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.106-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.106-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.106-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.106-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.106-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.106-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.106-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.106-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.106-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.106-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.106-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.106-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.106-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.106-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.106-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.6-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.106-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.106-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-30184\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYqnJfdzjgjWX9erEAQixSg/9Hoq+s14tWTzx0rMrWvUraAES1Q29xYk1\nLyGo9/aIBmJhfz2etjEEZ6RIeV2ErqUI4NWSSYruwu0qVxZpJURkQHy5t1xS1YSu\nIL/p1yS89JP7KMWEKeWO4d/btr60m8ug7M2NhbkfOcWhsNrC+mvwkgHtlxmAFEYS\nSaYVs+gLru9MyYV789WKFDRAV7olWx3ox6xP83t/XQZrZGiTw9HbS5iQKw68K2aG\n57ntXel/HBywNLJsT5s+GpGtPTgsaIdTK6nZsp9QfcFCXNsIsVTil8Zh5RKf4z4I\nX9iFzpBsy8CSG7M3UM0kd45s5vLVKSn96/eDD0DEJG32mm3tJp6zFn4IO4XydqRI\nGqW58ZfmV81UAFbijvZixh187avuizXDvdZ5WP3u3e5UmqK0XzIaQfBwn+7GYbl2\nMPnXLTiqxelK0+2LoiTyfQaHCrwU2JRQu145ueFz+cTktxhJDRvOgkWOACO8+QgG\n22gKZHS6oa7i/uBelZMRqimWA7/L8H7hSXixJprWcLJuQV5A5r4A+FBgmcyriGfz\nbxWj0OOdDMG1JufoK1+xrMmYidzH5XRIrdVN27KD8qgCNKYd3NDwArbymgN+YePe\n+3KVg9tD1QdwO5fqS9WqWGBVSBDx+YEpBcrSW6IGqtfL4lljSH3diI57Ak/dSfKN\nhlK/+EEZzSw=\n=Grls\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, s390x, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-30184"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001987"
},
{
"db": "VULMON",
"id": "CVE-2022-30184"
},
{
"db": "PACKETSTORM",
"id": "167502"
},
{
"db": "PACKETSTORM",
"id": "167519"
},
{
"db": "PACKETSTORM",
"id": "167505"
},
{
"db": "PACKETSTORM",
"id": "167496"
},
{
"db": "PACKETSTORM",
"id": "167497"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-30184",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001987",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167519",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167496",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022072010",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1317",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-23-320-12",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-30184",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167502",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167505",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167497",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-30184"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001987"
},
{
"db": "PACKETSTORM",
"id": "167502"
},
{
"db": "PACKETSTORM",
"id": "167519"
},
{
"db": "PACKETSTORM",
"id": "167505"
},
{
"db": "PACKETSTORM",
"id": "167496"
},
{
"db": "PACKETSTORM",
"id": "167497"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1317"
},
{
"db": "NVD",
"id": "CVE-2022-30184"
}
]
},
"id": "VAR-202206-1329",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T20:45:52.028000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": ".NET\u00a0and\u00a0Visual\u00a0Studio\u00a0Information\u00a0Disclosure\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30184"
},
{
"title": "Microsoft .NET Core and Microsoft Visual Studio Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198109"
},
{
"title": "Red Hat: Moderate: .NET 6.0 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225046 - Security Advisory"
},
{
"title": "Red Hat: Moderate: .NET Core 3.1 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225061 - Security Advisory"
},
{
"title": "Red Hat: Moderate: .NET Core 3.1 on RHEL 7 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225062 - Security Advisory"
},
{
"title": "Red Hat: Moderate: .NET 6.0 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225050 - Security Advisory"
},
{
"title": "Red Hat: Moderate: .NET 6.0 on RHEL 7 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225047 - Security Advisory"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-30184 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-30184"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001987"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1317"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001987"
},
{
"db": "NVD",
"id": "CVE-2022-30184"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30184"
},
{
"trust": 1.7,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2022-30184"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xwnh4ac3lfvx35mdrx5obzdgd2amh66k/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/dmp34g53ea2dbtblfoaqcdzrrene2ea2/"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30184"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20220615-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2022/at220016.html"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/dmp34g53ea2dbtblfoaqcdzrrene2ea2/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xwnh4ac3lfvx35mdrx5obzdgd2amh66k/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167519/red-hat-security-advisory-2022-5050-01.html"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-30184"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-30184/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167496/red-hat-security-advisory-2022-5047-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-information-disclosure-38587"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2022:5046"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-30184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-12"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5061"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5062"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5047"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-30184"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001987"
},
{
"db": "PACKETSTORM",
"id": "167502"
},
{
"db": "PACKETSTORM",
"id": "167519"
},
{
"db": "PACKETSTORM",
"id": "167505"
},
{
"db": "PACKETSTORM",
"id": "167496"
},
{
"db": "PACKETSTORM",
"id": "167497"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1317"
},
{
"db": "NVD",
"id": "CVE-2022-30184"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-30184"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001987"
},
{
"db": "PACKETSTORM",
"id": "167502"
},
{
"db": "PACKETSTORM",
"id": "167519"
},
{
"db": "PACKETSTORM",
"id": "167505"
},
{
"db": "PACKETSTORM",
"id": "167496"
},
{
"db": "PACKETSTORM",
"id": "167497"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1317"
},
{
"db": "NVD",
"id": "CVE-2022-30184"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-15T00:00:00",
"db": "VULMON",
"id": "CVE-2022-30184"
},
{
"date": "2022-06-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001987"
},
{
"date": "2022-06-20T00:29:48",
"db": "PACKETSTORM",
"id": "167502"
},
{
"date": "2022-06-20T00:57:46",
"db": "PACKETSTORM",
"id": "167519"
},
{
"date": "2022-06-20T00:35:41",
"db": "PACKETSTORM",
"id": "167505"
},
{
"date": "2022-06-20T00:21:50",
"db": "PACKETSTORM",
"id": "167496"
},
{
"date": "2022-06-20T00:22:04",
"db": "PACKETSTORM",
"id": "167497"
},
{
"date": "2022-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1317"
},
{
"date": "2022-06-15T22:15:15.370000",
"db": "NVD",
"id": "CVE-2022-30184"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-30184"
},
{
"date": "2022-06-30T06:36:00",
"db": "JVNDB",
"id": "JVNDB-2022-001987"
},
{
"date": "2022-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1317"
},
{
"date": "2024-11-21T07:02:19.700000",
"db": "NVD",
"id": "CVE-2022-30184"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1317"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Microsoft\u00a0 A vulnerability in which information is disclosed in a product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001987"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1317"
}
],
"trust": 0.6
}
}