Vulnerability-Lookup

CVE-2024-0057 (GCVE-0-2024-0057)

Vulnerability from cvelistv5 – Published: 2024-01-09 17:56 – Updated: 2025-06-03 14:30

Title

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

Summary

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

Severity

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

CWE

CWE-20 - Improper Input Validation

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisory

Impacted products

22 products

Vendor	Product	Version
Microsoft	.NET 8.0	Affected: 8.0 , < 8.0.1 (custom)
Microsoft	.NET 7.0	Affected: 7.0.0 , < 7.0.15 (custom)
Microsoft	.NET 6.0	Affected: 6.0.0 , < 6.0.26 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.2	Affected: 17.2.0 , < 17.2.23 (custom)
Microsoft	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)	Affected: 16.11.0 , < 16.11.34 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.4	Affected: 17.4.0 , < 17.4.15 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.6	Affected: 17.6.0 , < 17.6.11 (custom)
Microsoft	Microsoft Visual Studio 2022 version 17.8	Affected: 17.8.0 , < 17.8.4 (custom)
Microsoft	NuGet 5.11.0	Affected: 5.11.0 , < 5.11.6.0 (custom)
Microsoft	NuGet 17.4.0	Affected: 17.4.0 , < 17.4.3.0 (custom)
Microsoft	NUGET 17.6.0	Affected: 17.6.0 , < 17.6.2.0 (custom)
Microsoft	NuGet 17.8.0	Affected: 17.8.0 , < 17.8.1.0 (custom)
Microsoft	PowerShell 7.2	Affected: 7.2.0 , < 7.2.18 (custom)
Microsoft	PowerShell 7.3	Affected: 7.3.0 , < 7.3.11 (custom)
Microsoft	PowerShell 7.4	Affected: 7.4.0 , < 7.4.2 (custom)
Microsoft	Microsoft .NET Framework 4.8	Affected: 4.8.0 , < 4.8.04690.02 (custom)
Microsoft	Microsoft .NET Framework 3.5 AND 4.8	Affected: 4.8.0 , < 4.8.04690.02 (custom)
Microsoft	Microsoft .NET Framework 3.5 AND 4.7.2	Affected: 4.7.0 , < 4.7.04081.03 (custom)
Microsoft	Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2	Affected: 4.7.0 , < 4.7.04081.02 (custom)
Microsoft	Microsoft .NET Framework 3.5 AND 4.8.1	Affected: 4.8.1 , < 4.8.09214.01 (custom)
Microsoft	Microsoft .NET Framework 2.0 Service Pack 2	Affected: 2.0.0 , < 3.0.50727.8976 (custom)
Microsoft	Microsoft .NET Framework 3.0 Service Pack 2	Affected: 3.0.0 , < 3.0.50727.8976 (custom)

Date Public

2024-01-09 08:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T17:41:15.867Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240208-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0057",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T18:42:11.295568Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-03T14:30:26.630Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 8.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.0.1",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 7.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.0.15",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.26",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.23",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.34",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.15",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.11",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.4",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "NuGet 5.11.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5.11.6.0",
              "status": "affected",
              "version": "5.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "NuGet 17.4.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.3.0",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "NUGET 17.6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.2.0",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "NuGet 17.8.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.1.0",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.2.18",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.3.11",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows Server 2016",
            "Windows Server 2016 (Server Core installation)",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.04690.02",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows Server 2019",
            "Windows Server 2019 (Server Core installation)",
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.04690.02",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows 10 Version 1809 for ARM64-based Systems",
            "Windows Server 2019",
            "Windows Server 2019 (Server Core installation)",
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows Server 2016 (Server Core installation)",
            "Windows Server 2016"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04081.03",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04081.02",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 11 Version 22H2 for ARM64-based Systems",
            "Windows 11 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 11 Version 23H2 for ARM64-based Systems",
            "Windows 11 Version 23H2 for x64-based Systems",
            "Windows Server 2022, 23H2 Edition (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.09214.01",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2"
          ],
          "product": "Microsoft .NET Framework 2.0 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.50727.8976",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2"
          ],
          "product": "Microsoft .NET Framework 3.0 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.50727.8976",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "8.0.1",
                  "versionStartIncluding": "8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0.15",
                  "versionStartIncluding": "7.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.26",
                  "versionStartIncluding": "6.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.2.23",
                  "versionStartIncluding": "17.2.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.11.34",
                  "versionStartIncluding": "16.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.4.15",
                  "versionStartIncluding": "17.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.6.11",
                  "versionStartIncluding": "17.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.8.4",
                  "versionStartIncluding": "17.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.11.6.0",
                  "versionStartIncluding": "5.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.4.3.0",
                  "versionStartIncluding": "17.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.6.2.0",
                  "versionStartIncluding": "17.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:nuget:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.8.1.0",
                  "versionStartIncluding": "17.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.2.18",
                  "versionStartIncluding": "7.2.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                  "versionEndExcluding": "7.3.11",
                  "versionStartIncluding": "7.3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                  "versionEndExcluding": "7.4.2",
                  "versionStartIncluding": "7.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.8.04690.02",
                  "versionStartIncluding": "4.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.8.04690.02",
                  "versionStartIncluding": "4.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.7.04081.03",
                  "versionStartIncluding": "4.7.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.7.04081.02",
                  "versionStartIncluding": "4.7.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.8.09214.01",
                  "versionStartIncluding": "4.8.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                  "versionEndExcluding": "3.0.50727.8976",
                  "versionStartIncluding": "2.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                  "versionEndExcluding": "3.0.50727.8976",
                  "versionStartIncluding": "3.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-01-09T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-03T01:46:55.904Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057"
        }
      ],
      "title": "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-0057",
    "datePublished": "2024-01-09T17:56:59.552Z",
    "dateReserved": "2023-11-22T17:43:37.319Z",
    "dateUpdated": "2025-06-03T14:30:26.630Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-0057",
      "date": "2026-05-27",
      "epss": "0.03635",
      "percentile": "0.87996"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.2\", \"versionEndExcluding\": \"7.2.18\", \"matchCriteriaId\": \"79FFDD43-C822-4C24-BEBE-D5DBC069E1E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.3\", \"versionEndExcluding\": \"7.3.11\", \"matchCriteriaId\": \"2295A08D-C53B-40F8-961E-B115471735A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powershell:7.4:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFAAFDC7-5AA2-43E6-BE0B-7E0C02FC39C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.2\", \"versionEndExcluding\": \"17.2.23\", \"matchCriteriaId\": \"05D999A1-AB25-4642-8D94-07AD00FEE820\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.4\", \"versionEndExcluding\": \"17.4.15\", \"matchCriteriaId\": \"AE1C61FB-CC6B-4D88-8B7F-FFE9D1238A6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.6\", \"versionEndExcluding\": \"17.6.11\", \"matchCriteriaId\": \"7CA9C0A3-7D62-40CE-8493-514CB313F72C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.8\", \"versionEndExcluding\": \"17.8.4\", \"matchCriteriaId\": \"DD49CC9F-3750-4EB3-A934-E45F0DE41238\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.8\", \"versionEndExcluding\": \"4.8.04690.02\", \"matchCriteriaId\": \"071AF08C-F921-45EC-A6AC-3BCE75D7FB22\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"5E491E46-1917-41FE-8F9A-BB0BDDEB42C3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"0A1BC97A-263E-4291-8AEF-02EE4E6031E9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\", \"matchCriteriaId\": \"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.8\", \"versionEndExcluding\": \"4.8.04690.01\", \"matchCriteriaId\": \"A4F2BA42-96F4-4DD6-ADFC-B5B8D45BCB78\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\", \"matchCriteriaId\": \"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"734112B3-1383-4BE3-8721-C0F84566B764\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36B0E40A-84EF-4099-A395-75D6B8CDA196\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\", \"matchCriteriaId\": \"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"934D4E46-12C1-41DC-A28C-A2C430E965E4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"306B7CE6-8239-4AED-9ED4-4C9F5B349F58\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"345FCD64-D37B-425B-B64C-8B1640B7E850\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*\", \"matchCriteriaId\": \"8FC46499-DB6E-48BF-9334-85EE27AFE7AF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"83A79DD6-E74E-419F-93F1-323B68502633\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"61959ACC-B608-4556-92AF-4D94B338907A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*\", \"matchCriteriaId\": \"A9D54EE6-30AF-411C-A285-A4DCB6C6EC06\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"C230D3BF-7FCE-405C-B62E-B9190C995C3C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"1FD62DCB-66D1-4CEA-828E-0BD302AC63CA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*\", \"matchCriteriaId\": \"F2D718BD-C4B7-48DB-BE78-B9CA22F27DD0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"0C3552E0-F793-4CDD-965D-457495475805\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*\", \"matchCriteriaId\": \"B2D24C54-F04F-4717-B614-FE67B3ED9DC0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"D5EC3F68-8F41-4F6B-B2E5-920322A4A321\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:arm64:*\", \"matchCriteriaId\": \"B0301BA0-81DB-4FC1-9BC3-EB48A56BC608\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"8E3C1327-F331-4448-A253-00EAC7428317\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB79EE26-FC32-417D-A49C-A1A63165A968\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"821614DD-37DD-44E2-A8A4-FE8D23A33C3C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75CCACE6-A0EE-4A6F-BD5A-7AA504B02717\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.8\", \"versionEndExcluding\": \"4.8.04690.02\", \"matchCriteriaId\": \"071AF08C-F921-45EC-A6AC-3BCE75D7FB22\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"306B7CE6-8239-4AED-9ED4-4C9F5B349F58\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"345FCD64-D37B-425B-B64C-8B1640B7E850\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*\", \"matchCriteriaId\": \"8FC46499-DB6E-48BF-9334-85EE27AFE7AF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"83A79DD6-E74E-419F-93F1-323B68502633\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"61959ACC-B608-4556-92AF-4D94B338907A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*\", \"matchCriteriaId\": \"A9D54EE6-30AF-411C-A285-A4DCB6C6EC06\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"C230D3BF-7FCE-405C-B62E-B9190C995C3C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"1FD62DCB-66D1-4CEA-828E-0BD302AC63CA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*\", \"matchCriteriaId\": \"F2D718BD-C4B7-48DB-BE78-B9CA22F27DD0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"0C3552E0-F793-4CDD-965D-457495475805\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*\", \"matchCriteriaId\": \"B2D24C54-F04F-4717-B614-FE67B3ED9DC0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"D5EC3F68-8F41-4F6B-B2E5-920322A4A321\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB79EE26-FC32-417D-A49C-A1A63165A968\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"821614DD-37DD-44E2-A8A4-FE8D23A33C3C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75CCACE6-A0EE-4A6F-BD5A-7AA504B02717\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"5E491E46-1917-41FE-8F9A-BB0BDDEB42C3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"0A1BC97A-263E-4291-8AEF-02EE4E6031E9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*\", \"matchCriteriaId\": \"73D24713-D897-408D-893B-77A61982597D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"306B7CE6-8239-4AED-9ED4-4C9F5B349F58\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"345FCD64-D37B-425B-B64C-8B1640B7E850\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB79EE26-FC32-417D-A49C-A1A63165A968\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"42A6DF09-B8E1-414D-97E7-453566055279\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"D400E856-2B2E-4CEA-8CA5-309FDF371CEA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*\", \"matchCriteriaId\": \"2127D10C-B6F3-4C1D-B9AA-5D78513CC996\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*\", \"matchCriteriaId\": \"AB425562-C0A0-452E-AABE-F70522F15E1A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndExcluding\": \"6.0.26\", \"matchCriteriaId\": \"498DF6C9-EC7C-4A4F-A188-B22E82FD6540\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndExcluding\": \"7.0.15\", \"matchCriteriaId\": \"3CE00AC7-D405-4567-8CB1-C3ED7E2925C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net:8.0.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BD92442-4815-4085-B66F-9A610097A41B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability\"}, {\"lang\": \"es\", \"value\": \"Vulnerabididad en NET, .NET Framework y Visual Studio Security Feature Bypass\"}]",
      "id": "CVE-2024-0057",
      "lastModified": "2024-11-21T08:45:49.400",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2024-01-09T18:15:46.980",
      "references": "[{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240208-0007/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-0057\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2024-01-09T18:15:46.980\",\"lastModified\":\"2024-11-21T08:45:49.400\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability\"},{\"lang\":\"es\",\"value\":\"Vulnerabididad en NET, .NET Framework y Visual Studio Security Feature Bypass\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2\",\"versionEndExcluding\":\"7.2.18\",\"matchCriteriaId\":\"79FFDD43-C822-4C24-BEBE-D5DBC069E1E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.3\",\"versionEndExcluding\":\"7.3.11\",\"matchCriteriaId\":\"2295A08D-C53B-40F8-961E-B115471735A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powershell:7.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFAAFDC7-5AA2-43E6-BE0B-7E0C02FC39C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.2\",\"versionEndExcluding\":\"17.2.23\",\"matchCriteriaId\":\"05D999A1-AB25-4642-8D94-07AD00FEE820\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.4\",\"versionEndExcluding\":\"17.4.15\",\"matchCriteriaId\":\"AE1C61FB-CC6B-4D88-8B7F-FFE9D1238A6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.6\",\"versionEndExcluding\":\"17.6.11\",\"matchCriteriaId\":\"7CA9C0A3-7D62-40CE-8493-514CB313F72C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.8\",\"versionEndExcluding\":\"17.8.4\",\"matchCriteriaId\":\"DD49CC9F-3750-4EB3-A934-E45F0DE41238\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.8\",\"versionEndExcluding\":\"4.8.04690.02\",\"matchCriteriaId\":\"071AF08C-F921-45EC-A6AC-3BCE75D7FB22\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"5E491E46-1917-41FE-8F9A-BB0BDDEB42C3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"0A1BC97A-263E-4291-8AEF-02EE4E6031E9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.8\",\"versionEndExcluding\":\"4.8.04690.01\",\"matchCriteriaId\":\"A4F2BA42-96F4-4DD6-ADFC-B5B8D45BCB78\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"734112B3-1383-4BE3-8721-C0F84566B764\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36B0E40A-84EF-4099-A395-75D6B8CDA196\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"934D4E46-12C1-41DC-A28C-A2C430E965E4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"306B7CE6-8239-4AED-9ED4-4C9F5B349F58\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"345FCD64-D37B-425B-B64C-8B1640B7E850\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*\",\"matchCriteriaId\":\"8FC46499-DB6E-48BF-9334-85EE27AFE7AF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"83A79DD6-E74E-419F-93F1-323B68502633\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"61959ACC-B608-4556-92AF-4D94B338907A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*\",\"matchCriteriaId\":\"A9D54EE6-30AF-411C-A285-A4DCB6C6EC06\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"C230D3BF-7FCE-405C-B62E-B9190C995C3C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"1FD62DCB-66D1-4CEA-828E-0BD302AC63CA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*\",\"matchCriteriaId\":\"F2D718BD-C4B7-48DB-BE78-B9CA22F27DD0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"0C3552E0-F793-4CDD-965D-457495475805\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*\",\"matchCriteriaId\":\"B2D24C54-F04F-4717-B614-FE67B3ED9DC0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"D5EC3F68-8F41-4F6B-B2E5-920322A4A321\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:arm64:*\",\"matchCriteriaId\":\"B0301BA0-81DB-4FC1-9BC3-EB48A56BC608\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"8E3C1327-F331-4448-A253-00EAC7428317\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB79EE26-FC32-417D-A49C-A1A63165A968\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"821614DD-37DD-44E2-A8A4-FE8D23A33C3C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75CCACE6-A0EE-4A6F-BD5A-7AA504B02717\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.8\",\"versionEndExcluding\":\"4.8.04690.02\",\"matchCriteriaId\":\"071AF08C-F921-45EC-A6AC-3BCE75D7FB22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"306B7CE6-8239-4AED-9ED4-4C9F5B349F58\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"345FCD64-D37B-425B-B64C-8B1640B7E850\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*\",\"matchCriteriaId\":\"8FC46499-DB6E-48BF-9334-85EE27AFE7AF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"83A79DD6-E74E-419F-93F1-323B68502633\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"61959ACC-B608-4556-92AF-4D94B338907A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*\",\"matchCriteriaId\":\"A9D54EE6-30AF-411C-A285-A4DCB6C6EC06\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"C230D3BF-7FCE-405C-B62E-B9190C995C3C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"1FD62DCB-66D1-4CEA-828E-0BD302AC63CA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*\",\"matchCriteriaId\":\"F2D718BD-C4B7-48DB-BE78-B9CA22F27DD0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"0C3552E0-F793-4CDD-965D-457495475805\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*\",\"matchCriteriaId\":\"B2D24C54-F04F-4717-B614-FE67B3ED9DC0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"D5EC3F68-8F41-4F6B-B2E5-920322A4A321\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB79EE26-FC32-417D-A49C-A1A63165A968\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"821614DD-37DD-44E2-A8A4-FE8D23A33C3C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75CCACE6-A0EE-4A6F-BD5A-7AA504B02717\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EF7A75E-EE27-4AA7-8D84-9D696728A4CE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"5E491E46-1917-41FE-8F9A-BB0BDDEB42C3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"0A1BC97A-263E-4291-8AEF-02EE4E6031E9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*\",\"matchCriteriaId\":\"73D24713-D897-408D-893B-77A61982597D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"306B7CE6-8239-4AED-9ED4-4C9F5B349F58\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"345FCD64-D37B-425B-B64C-8B1640B7E850\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB79EE26-FC32-417D-A49C-A1A63165A968\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"42A6DF09-B8E1-414D-97E7-453566055279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D400E856-2B2E-4CEA-8CA5-309FDF371CEA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*\",\"matchCriteriaId\":\"2127D10C-B6F3-4C1D-B9AA-5D78513CC996\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*\",\"matchCriteriaId\":\"AB425562-C0A0-452E-AABE-F70522F15E1A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.26\",\"matchCriteriaId\":\"498DF6C9-EC7C-4A4F-A188-B22E82FD6540\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.15\",\"matchCriteriaId\":\"3CE00AC7-D405-4567-8CB1-C3ED7E2925C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:8.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BD92442-4815-4085-B66F-9A610097A41B\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240208-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2024-AVI-0022

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer un contournement de la fonctionnalité de sécurité et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft .NET Framework 4.8
Microsoft	N/A	Microsoft .NET Framework 3.0 Service Pack 2
Microsoft	N/A	.NET 8.0
Microsoft	N/A	Microsoft .NET Framework 3.5
Microsoft	N/A	Microsoft .NET Framework 3.5 et 4.8.1
Microsoft	N/A	Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft	N/A	Microsoft .NET Framework 3.5 et 4.8
Microsoft	N/A	Microsoft .NET Framework 3.5 et 4.7.2
Microsoft	N/A	.NET 7.0
Microsoft	N/A	Microsoft .NET Framework 2.0 Service Pack 2
Microsoft	N/A	.NET 6.0

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 09 janvier 2024	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-21312 du 09 janvier 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-0056 du 09 janvier 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-20672 du 09 janvier 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-21319 du 09 janvier 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-0057 du 09 janvier 2024	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft .NET Framework 4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 3.0 Service Pack 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": ".NET 8.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 3.5 et 4.8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 3.5 et 4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 3.5 et 4.7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": ".NET 7.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft .NET Framework 2.0 Service Pack 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": ".NET 6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0057"
    },
    {
      "name": "CVE-2024-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0056"
    },
    {
      "name": "CVE-2024-21319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21319"
    },
    {
      "name": "CVE-2024-21312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21312"
    },
    {
      "name": "CVE-2024-20672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20672"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21312 du 09 janvier 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21312"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-0056 du 09 janvier 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20672 du 09 janvier 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20672"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21319 du 09 janvier 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-0057 du 09 janvier 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057"
    }
  ],
  "reference": "CERTFR-2024-AVI-0022",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9 et un d\u00e9ni\nde service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 janvier 2024",
      "url": "https://msrc.microsoft.com/update-guide/"
    }
  ]
}

CERTFR-2024-AVI-0024

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer un contournement de la fonctionnalité de sécurité, une exécution de code arbitraire à distance, un déni de service et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.8
Microsoft	N/A	Microsoft.Data.SqlClient 2.1
Microsoft	N/A	Microsoft.Data.SqlClient 5.1
Microsoft	N/A	Microsoft SharePoint Enterprise Server 2016
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.2
Microsoft	N/A	System.Data.SqlClient
Microsoft	N/A	CBL Mariner 1.0 ARM
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 à 16.10)
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.6
Microsoft	N/A	Microsoft Identity Model v6.0.0
Microsoft	N/A	Microsoft Identity Model v5.0.0
Microsoft	N/A	Microsoft SQL Server 2022 pour systèmes x64 (GDR)
Microsoft	N/A	Microsoft Identity Model v7.0.0 pour Nuget
Microsoft	N/A	Microsoft.Data.SqlClient 3.1
Microsoft	N/A	CBL Mariner 2.0 x64
Microsoft	N/A	CBL Mariner 2.0 ARM
Microsoft	N/A	Microsoft Identity Model v5.0.0 pour Nuget
Microsoft	N/A	Microsoft Visual Studio 2015 Update 3
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.4
Microsoft	N/A	Microsoft SharePoint Server Subscription Edition
Microsoft	N/A	Microsoft.Data.SqlClient 4.0
Microsoft	N/A	Microsoft Printer Metadata Troubleshooter Tool
Microsoft	N/A	Microsoft SQL Server 2022 pour systèmes x64 (CU 10)
Microsoft	N/A	Microsoft Identity Model v7.0.0
Microsoft	N/A	Microsoft Identity Model v6.0.0 pour Nuget
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 à 15.8)
Microsoft	N/A	Microsoft SharePoint Server 2019
Microsoft	N/A	CBL Mariner 1.0 x64

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 09 janvier 2024	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-20656 du 09 janvier 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-21325 du 09 janvier 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-0056 du 09 janvier 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-21319 du 09 janvier 2024	-	other
Bulletin de sécurité Microsoft CVE-2022-35737 du 09 janvier 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-21318 du 09 janvier 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-0057 du 09 janvier 2024	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Visual Studio 2022 version 17.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft.Data.SqlClient 2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft.Data.SqlClient 5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "System.Data.SqlClient",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "CBL Mariner 1.0 ARM",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 \u00e0 16.10)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Identity Model v6.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Identity Model v5.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Identity Model v7.0.0 pour Nuget",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft.Data.SqlClient 3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "CBL Mariner 2.0 x64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "CBL Mariner 2.0 ARM",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Identity Model v5.0.0 pour Nuget",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2015 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server Subscription Edition",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft.Data.SqlClient 4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Printer Metadata Troubleshooter Tool",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 10)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Identity Model v7.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Identity Model v6.0.0 pour Nuget",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 \u00e0 15.8)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2019",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "CBL Mariner 1.0 x64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0057"
    },
    {
      "name": "CVE-2024-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0056"
    },
    {
      "name": "CVE-2024-21319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21319"
    },
    {
      "name": "CVE-2022-35737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
    },
    {
      "name": "CVE-2024-21325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21325"
    },
    {
      "name": "CVE-2024-20656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20656"
    },
    {
      "name": "CVE-2024-21318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21318"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20656 du 09 janvier 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21325 du 09 janvier 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21325"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-0056 du 09 janvier 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21319 du 09 janvier 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-35737 du 09 janvier 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35737"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21318 du 09 janvier 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21318"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-0057 du 09 janvier 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057"
    }
  ],
  "reference": "CERTFR-2024-AVI-0024",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la fonctionnalit\u00e9 de\ns\u00e9curit\u00e9, une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 janvier 2024",
      "url": "https://msrc.microsoft.com/update-guide/"
    }
  ]
}

CERTFR-2024-AVI-0156

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Tenable. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	Identity Exposure	Tenable Identity Exposure versions antérieures à 3.59.4

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable TNS-2024-03 du 21 février 2024	None	vendor-advisory
Bulletin de sécurité Tenable TNS-2024-04 du 21 février 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tenable Identity Exposure versions ant\u00e9rieures \u00e0 3.59.4",
      "product": {
        "name": "Identity Exposure",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-23327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23327"
    },
    {
      "name": "CVE-2024-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0057"
    },
    {
      "name": "CVE-2023-35944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35944"
    },
    {
      "name": "CVE-2023-31124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31124"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2023-32067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-35941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35941"
    },
    {
      "name": "CVE-2023-31147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31147"
    },
    {
      "name": "CVE-2023-27535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
    },
    {
      "name": "CVE-2023-35945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35945"
    },
    {
      "name": "CVE-2024-1683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1683"
    },
    {
      "name": "CVE-2023-30624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30624"
    },
    {
      "name": "CVE-2023-35943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35943"
    },
    {
      "name": "CVE-2023-27536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
    },
    {
      "name": "CVE-2023-27477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27477"
    },
    {
      "name": "CVE-2023-26489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26489"
    },
    {
      "name": "CVE-2023-25194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25194"
    },
    {
      "name": "CVE-2023-35942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35942"
    },
    {
      "name": "CVE-2024-23322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23322"
    },
    {
      "name": "CVE-2023-27538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
    },
    {
      "name": "CVE-2024-23325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23325"
    },
    {
      "name": "CVE-2024-20672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20672"
    },
    {
      "name": "CVE-2024-23324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23324"
    },
    {
      "name": "CVE-2023-31130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
    },
    {
      "name": "CVE-2024-23323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23323"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0156",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-02-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Tenable\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0 distance et\nun d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Tenable",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2024-03 du 21 f\u00e9vrier 2024",
      "url": "https://www.tenable.com/security/tns-2024-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2024-04 du 21 f\u00e9vrier 2024",
      "url": "https://www.tenable.com/security/tns-2024-04"
    }
  ]
}

CERTFR-2024-AVI-0564

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Tenable. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Tenable	Security Center	Security Center toutes versions sans le correctif de sécurité SC-202407
	Tenable	Identity Exposure	Identity Exposure versions antérieures à 3.59.4

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable tns-2024-12	2024-07-10	vendor-advisory
Bulletin de sécurité Tenable tns-2024-04	2024-07-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Security Center toutes versions sans le correctif de s\u00e9curit\u00e9 SC-202407",
      "product": {
        "name": "Security Center",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    },
    {
      "description": "Identity Exposure versions ant\u00e9rieures \u00e0 3.59.4",
      "product": {
        "name": "Identity Exposure",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0057"
    },
    {
      "name": "CVE-2024-5458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5458"
    },
    {
      "name": "CVE-2024-5585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5585"
    },
    {
      "name": "CVE-2024-3232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3232"
    },
    {
      "name": "CVE-2024-20672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20672"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0564",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-07-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Tenable. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Tenable",
  "vendor_advisories": [
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2024-12",
      "url": "https://www.tenable.com/security/tns-2024-12"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2024-04",
      "url": "https://www.tenable.com/security/tns-2024-04"
    }
  ]
}

alsa-2024:0150

Vulnerability from osv_almalinux

Published

2024-01-10 00:00

Modified

2024-01-11 20:16

Summary

Important: .NET 8.0 security update

Details

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.101 and .NET Runtime 8.0.1.

Security Fix(es):

dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)
dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)
dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:0150	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-0056	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0057	REPORT
	https://access.redhat.com/security/cve/CVE-2024-21319	REPORT
	https://bugzilla.redhat.com/2255384	REPORT
	https://bugzilla.redhat.com/2255386	REPORT
	https://bugzilla.redhat.com/2257566	REPORT
	https://errata.almalinux.org/8/ALSA-2024-0150.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aspnetcore-runtime-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aspnetcore-targeting-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.101-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-apphost-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-host"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-hostfxr-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-runtime-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-sdk-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.101-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-sdk-8.0-source-built-artifacts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.101-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-targeting-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-templates-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.101-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "netstandard-targeting-pack-2.1"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.101-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.101 and .NET Runtime 8.0.1.\n\nSecurity Fix(es):\n\n* dotnet: Information Disclosure: MD.SqlClient(MDS) \u0026 System.data.SQLClient (SDS) (CVE-2024-0056)\n* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)\n* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:0150",
  "modified": "2024-01-11T20:16:03Z",
  "published": "2024-01-10T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:0150"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0056"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0057"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21319"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255384"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255386"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2257566"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-0150.html"
    }
  ],
  "related": [
    "CVE-2024-0056",
    "CVE-2024-0057",
    "CVE-2024-21319"
  ],
  "summary": "Important: .NET 8.0 security update"
}

alsa-2024:0151

Vulnerability from osv_almalinux

Published

2024-01-10 00:00

Modified

2024-01-11 16:35

Summary

Important: .NET 7.0 security update

Details

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.115 and .NET Runtime 7.0.15.

Security Fix(es):

dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)
dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)
dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:0151	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-0056	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0057	REPORT
	https://access.redhat.com/security/cve/CVE-2024-21319	REPORT
	https://bugzilla.redhat.com/2255384	REPORT
	https://bugzilla.redhat.com/2255386	REPORT
	https://bugzilla.redhat.com/2257566	REPORT
	https://errata.almalinux.org/9/ALSA-2024-0151.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "aspnetcore-runtime-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "aspnetcore-targeting-pack-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-apphost-pack-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-hostfxr-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-runtime-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-sdk-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.115-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-sdk-7.0-source-built-artifacts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.115-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-targeting-pack-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-templates-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.115-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.115 and .NET Runtime 7.0.15.\n\nSecurity Fix(es):\n\n* dotnet: Information Disclosure: MD.SqlClient(MDS) \u0026 System.data.SQLClient (SDS) (CVE-2024-0056)\n* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)\n* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:0151",
  "modified": "2024-01-11T16:35:33Z",
  "published": "2024-01-10T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:0151"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0056"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0057"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21319"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255384"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255386"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2257566"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-0151.html"
    }
  ],
  "related": [
    "CVE-2024-0056",
    "CVE-2024-0057",
    "CVE-2024-21319"
  ],
  "summary": "Important: .NET 7.0 security update"
}

alsa-2024:0152

Vulnerability from osv_almalinux

Published

2024-01-10 00:00

Modified

2024-01-11 16:40

Summary

Important: .NET 8.0 security update

Details

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.101 and .NET Runtime 8.0.1.

Security Fix(es):

dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)
dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)
dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:0152	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-0056	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0057	REPORT
	https://access.redhat.com/security/cve/CVE-2024-21319	REPORT
	https://bugzilla.redhat.com/2255384	REPORT
	https://bugzilla.redhat.com/2255386	REPORT
	https://bugzilla.redhat.com/2257566	REPORT
	https://errata.almalinux.org/9/ALSA-2024-0152.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "aspnetcore-runtime-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "aspnetcore-targeting-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-apphost-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-host"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-hostfxr-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-runtime-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-sdk-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.101-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-sdk-8.0-source-built-artifacts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.101-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-targeting-pack-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.1-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-templates-8.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.101-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "netstandard-targeting-pack-2.1"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.101-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.101 and .NET Runtime 8.0.1.\n\nSecurity Fix(es):\n\n* dotnet: Information Disclosure: MD.SqlClient(MDS) \u0026 System.data.SQLClient (SDS) (CVE-2024-0056)\n* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)\n* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:0152",
  "modified": "2024-01-11T16:40:36Z",
  "published": "2024-01-10T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:0152"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0056"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0057"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21319"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255384"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255386"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2257566"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-0152.html"
    }
  ],
  "related": [
    "CVE-2024-0056",
    "CVE-2024-0057",
    "CVE-2024-21319"
  ],
  "summary": "Important: .NET 8.0 security update"
}

alsa-2024:0156

Vulnerability from osv_almalinux

Published

2024-01-10 00:00

Modified

2024-01-11 22:19

Summary

Important: .NET 6.0 security update

Details

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.126 and .NET Runtime 6.0.26.

Security Fix(es):

dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)
dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)
dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:0156	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-0056	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0057	REPORT
	https://access.redhat.com/security/cve/CVE-2024-21319	REPORT
	https://bugzilla.redhat.com/2255384	REPORT
	https://bugzilla.redhat.com/2255386	REPORT
	https://bugzilla.redhat.com/2257566	REPORT
	https://errata.almalinux.org/9/ALSA-2024-0156.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "aspnetcore-runtime-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "aspnetcore-targeting-pack-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-apphost-pack-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-hostfxr-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-runtime-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-sdk-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.126-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-sdk-6.0-source-built-artifacts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.126-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-targeting-pack-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "dotnet-templates-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.126-1.el9_3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.126 and .NET Runtime 6.0.26.\n\nSecurity Fix(es):\n\n* dotnet: Information Disclosure: MD.SqlClient(MDS) \u0026 System.data.SQLClient (SDS) (CVE-2024-0056)\n* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)\n* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:0156",
  "modified": "2024-01-11T22:19:35Z",
  "published": "2024-01-10T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:0156"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0056"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0057"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21319"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255384"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255386"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2257566"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-0156.html"
    }
  ],
  "related": [
    "CVE-2024-0056",
    "CVE-2024-0057",
    "CVE-2024-21319"
  ],
  "summary": "Important: .NET 6.0 security update"
}

alsa-2024:0157

Vulnerability from osv_almalinux

Published

2024-01-10 00:00

Modified

2024-01-11 19:02

Summary

Important: .NET 7.0 security update

Details

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.115 and .NET Runtime 7.0.15.

Security Fix(es):

dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)
dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)
dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:0157	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-0056	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0057	REPORT
	https://access.redhat.com/security/cve/CVE-2024-21319	REPORT
	https://bugzilla.redhat.com/2255384	REPORT
	https://bugzilla.redhat.com/2255386	REPORT
	https://bugzilla.redhat.com/2257566	REPORT
	https://errata.almalinux.org/8/ALSA-2024-0157.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aspnetcore-runtime-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aspnetcore-targeting-pack-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-apphost-pack-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-hostfxr-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-runtime-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-sdk-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.115-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-sdk-7.0-source-built-artifacts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.115-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-targeting-pack-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.15-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-templates-7.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.115-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.115 and .NET Runtime 7.0.15.\n\nSecurity Fix(es):\n\n* dotnet: Information Disclosure: MD.SqlClient(MDS) \u0026 System.data.SQLClient (SDS) (CVE-2024-0056)\n* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)\n* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:0157",
  "modified": "2024-01-11T19:02:02Z",
  "published": "2024-01-10T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:0157"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0056"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0057"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21319"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255384"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255386"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2257566"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-0157.html"
    }
  ],
  "related": [
    "CVE-2024-0056",
    "CVE-2024-0057",
    "CVE-2024-21319"
  ],
  "summary": "Important: .NET 7.0 security update"
}

alsa-2024:0158

Vulnerability from osv_almalinux

Published

2024-01-10 00:00

Modified

2024-01-11 18:37

Summary

Important: .NET 6.0 security update

Details

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.126 and .NET Runtime 6.0.26.

Security Fix(es):

dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)
dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)
dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:0158	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-0056	REPORT
	https://access.redhat.com/security/cve/CVE-2024-0057	REPORT
	https://access.redhat.com/security/cve/CVE-2024-21319	REPORT
	https://bugzilla.redhat.com/2255384	REPORT
	https://bugzilla.redhat.com/2255386	REPORT
	https://bugzilla.redhat.com/2257566	REPORT
	https://errata.almalinux.org/8/ALSA-2024-0158.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aspnetcore-runtime-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "aspnetcore-targeting-pack-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-apphost-pack-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-hostfxr-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-runtime-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-sdk-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.126-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-sdk-6.0-source-built-artifacts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.126-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-targeting-pack-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.26-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "dotnet-templates-6.0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.126-1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.126 and .NET Runtime 6.0.26.\n\nSecurity Fix(es):\n\n* dotnet: Information Disclosure: MD.SqlClient(MDS) \u0026 System.data.SQLClient (SDS) (CVE-2024-0056)\n* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)\n* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2024:0158",
  "modified": "2024-01-11T18:37:05Z",
  "published": "2024-01-10T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:0158"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0056"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0057"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21319"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255384"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2255386"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2257566"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-0158.html"
    }
  ],
  "related": [
    "CVE-2024-0056",
    "CVE-2024-0057",
    "CVE-2024-21319"
  ],
  "summary": "Important: .NET 6.0 security update"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-0057 (GCVE-0-2024-0057)

Solution

Solution

Solution

Solutions

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature