var-202007-0327
Vulnerability from variot
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Critical: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2020:2937-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2937 Issue date: 2020-07-15 CVE Names: CVE-2020-1147 ==================================================================== 1. Summary:
An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address a security vulnerability are now available. The updated version is .NET Core Runtime 2.1.20 and SDK 2.1.516.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-19.el7.src.rpm rh-dotnet21-dotnet-2.1.516-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-19.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.20-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.20-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.516-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-19.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-19.el7.src.rpm rh-dotnet21-dotnet-2.1.516-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-19.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.20-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.20-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.516-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-19.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-19.el7.src.rpm rh-dotnet21-dotnet-2.1.516-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-19.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.20-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.20-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.516-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.516-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-19.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-1147 https://access.redhat.com/security/updates/classification/#critical
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXw7i7tzjgjWX9erEAQjJcg/6A8FSym0U4wUf51+u8oifaNgi971C1Hcj YHoKmX17Udi6u9wyACSO4MFUaWssoSRblOThz0Ne/zw0q7KUr9Z/cRvdsjsloIz7 VAikaDdBzLQ1gx1ledpCwgFieaHCwyZQ9i1yVEilNmfll7WcoICXMHJCdQerTt5F Ky1I0WICDnN3CUHw+uuwru8inh0K/x+ubTrL5ypVd5gfwgVuePEP6hvLbz3+6LfI EuP/yzx2dPijSOnn4nEKgimiYAmN0kXiFLv/wIrcciVJ3sASQtgeG08e1A35UjSm DVi78xaMGgXLvuKMtwJt4YfD40+wsdla64p+/2RkP8vhfuSpCj2QaKyUsIUplzZY 9XiTDX0TOA/9lH697uvUqrluwwwbSjJRCthMZYWrmP8bZt9YBlaT37FESxhFfZCA nzsFiHVLL+pAx+Gfd1c/lmQzhPgSIgukFOoLu+dthpYiU1z6mlQJQHQbXGit4rYp XYLVDgLZwqLNlkx9HCiuY/pC7oJU+DrWXXP7FIxuh7y79RQCj+tQhbnP0EPmJfnx LRcbfe1YfrjBcjH04K7Cyx7T0PilFt+S9o/Bh4Hq1/DRRagV5J5IKbfdMuaHnYwh 3P/fgWTLWxCv2rovsIcOKNd5XEvGGLGO/UDQ2RdvR8BSaB7iKYwFGbCV0+4pFBMO 27Eu9ftZTIw=ingT -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0327", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "4.7.1" }, { "model": "visual studio 2017", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "15.0" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "3.5.1" }, { "model": "sharepoint server", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "2019" }, { "model": "sharepoint enterprise server", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "2016" }, { "model": "visual studio 2019", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "16.0" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "4.7" }, { "model": "visual studio 2019", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "16.6" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "4.8" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "4.6.1" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "4.6.2" }, { "model": "visual studio 2017", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "15.9" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "2.0" }, { "model": "sharepoint enterprise server", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "2013" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "4.7.2" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "4.6" }, { "model": ".net core", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "2.1" }, { "model": "sharepoint server", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "2010" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "3.0" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "4.5.2" }, { "model": ".net core", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "3.1" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "3.5" }, { "model": ".net core", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2.1" }, { "model": ".net core", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "3.1" }, { "model": "microsoft .net framework", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2.0 sp2" }, { "model": "microsoft .net framework", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "3.0 sp2" }, { "model": "microsoft .net framework", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "3.5" }, { "model": "microsoft .net framework", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "3.5 and 4.6.2/4.7/4.7.1/4.7.2" }, { "model": "microsoft .net framework", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "3.5 and 4.6/4.6.1/4.6.2" }, { "model": "microsoft .net framework", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "3.5 and 4.7.1/4.7.2" }, { "model": "microsoft .net framework", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "3.5 and 4.7.2" }, { "model": "microsoft .net framework", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "3.5 and 4.8" }, { "model": "microsoft .net framework", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "3.5.1" }, { "model": "microsoft .net framework", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "4.5.2" }, { "model": "microsoft .net framework", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "4.6" }, { "model": "microsoft .net framework", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2" }, { "model": "microsoft .net framework", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "4.8" }, { "model": "microsoft sharepoint enterprise server", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2013 sp1" }, { "model": "microsoft sharepoint enterprise server", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2016" }, { "model": "microsoft sharepoint server", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2010 sp2" }, { "model": "microsoft sharepoint server", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2019" }, { "model": "microsoft visual studio", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2017 version 15.9 (includes 15.0 - 15.8)" }, { "model": "microsoft visual studio", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2019 version 16.0" }, { "model": "microsoft visual studio", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2019 version 16.4 (includes 16.0 - 16.3)" }, { "model": "microsoft visual studio", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2019 version 16.6 (includes 16.0 - 16.5)" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008157" }, { "db": "NVD", "id": "CVE-2020-1147" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "158436" }, { "db": "PACKETSTORM", "id": "158433" }, { "db": "PACKETSTORM", "id": "158432" }, { "db": "PACKETSTORM", "id": "158431" }, { "db": "PACKETSTORM", "id": "158465" }, { "db": "PACKETSTORM", "id": "158467" } ], "trust": 0.6 }, "cve": "CVE-2020-1147", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-1147", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-1147", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-1147", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-1147", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-1147", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202007-597", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2020-1147", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-1147" }, { "db": "JVNDB", "id": "JVNDB-2020-008157" }, { "db": "CNNVD", "id": "CNNVD-202007-597" }, { "db": "NVD", "id": "CVE-2020-1147" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka \u0027.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability\u0027. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Critical: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update\nAdvisory ID: RHSA-2020:2937-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:2937\nIssue date: 2020-07-15\nCVE Names: CVE-2020-1147\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address a security vulnerability are now\navailable. The updated version is .NET Core Runtime 2.1.20 and SDK 2.1.516. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-19.el7.src.rpm\nrh-dotnet21-dotnet-2.1.516-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-19.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.20-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.20-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-19.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-19.el7.src.rpm\nrh-dotnet21-dotnet-2.1.516-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-19.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.20-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.20-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-19.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-19.el7.src.rpm\nrh-dotnet21-dotnet-2.1.516-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-19.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.20-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.20-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.516-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-19.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1147\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXw7i7tzjgjWX9erEAQjJcg/6A8FSym0U4wUf51+u8oifaNgi971C1Hcj\nYHoKmX17Udi6u9wyACSO4MFUaWssoSRblOThz0Ne/zw0q7KUr9Z/cRvdsjsloIz7\nVAikaDdBzLQ1gx1ledpCwgFieaHCwyZQ9i1yVEilNmfll7WcoICXMHJCdQerTt5F\nKy1I0WICDnN3CUHw+uuwru8inh0K/x+ubTrL5ypVd5gfwgVuePEP6hvLbz3+6LfI\nEuP/yzx2dPijSOnn4nEKgimiYAmN0kXiFLv/wIrcciVJ3sASQtgeG08e1A35UjSm\nDVi78xaMGgXLvuKMtwJt4YfD40+wsdla64p+/2RkP8vhfuSpCj2QaKyUsIUplzZY\n9XiTDX0TOA/9lH697uvUqrluwwwbSjJRCthMZYWrmP8bZt9YBlaT37FESxhFfZCA\nnzsFiHVLL+pAx+Gfd1c/lmQzhPgSIgukFOoLu+dthpYiU1z6mlQJQHQbXGit4rYp\nXYLVDgLZwqLNlkx9HCiuY/pC7oJU+DrWXXP7FIxuh7y79RQCj+tQhbnP0EPmJfnx\nLRcbfe1YfrjBcjH04K7Cyx7T0PilFt+S9o/Bh4Hq1/DRRagV5J5IKbfdMuaHnYwh\n3P/fgWTLWxCv2rovsIcOKNd5XEvGGLGO/UDQ2RdvR8BSaB7iKYwFGbCV0+4pFBMO\n27Eu9ftZTIw=ingT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2020-1147" }, { "db": "JVNDB", "id": "JVNDB-2020-008157" }, { "db": "VULMON", "id": "CVE-2020-1147" }, { "db": "PACKETSTORM", "id": "158436" }, { "db": "PACKETSTORM", "id": "158433" }, { "db": "PACKETSTORM", "id": "158432" }, { "db": "PACKETSTORM", "id": "158431" }, { "db": "PACKETSTORM", "id": "158465" }, { "db": "PACKETSTORM", "id": "158467" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-1147", "trust": 3.1 }, { "db": "EXPLOITALERT", "id": "35992", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "158694", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "163644", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "158876", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2020-008157", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "158436", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "158467", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.2441", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2418", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2445", "trust": 0.6 }, { "db": "EXPLOIT-DB", "id": "50151", "trust": 0.6 }, { "db": "EXPLOIT-DB", "id": "48747", "trust": 0.6 }, { "db": "CXSECURITY", "id": "WLB-2021070135", "trust": 0.6 }, { "db": "CXSECURITY", "id": "WLB-2020080098", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202007-597", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-1147", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158433", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158432", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158431", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158465", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-1147" }, { "db": "JVNDB", "id": "JVNDB-2020-008157" }, { "db": "PACKETSTORM", "id": "158436" }, { "db": "PACKETSTORM", "id": "158433" }, { "db": "PACKETSTORM", "id": "158432" }, { "db": "PACKETSTORM", "id": "158431" }, { "db": "PACKETSTORM", "id": "158465" }, { "db": "PACKETSTORM", "id": "158467" }, { "db": "CNNVD", "id": "CNNVD-202007-597" }, { "db": "NVD", "id": "CVE-2020-1147" } ] }, "id": "VAR-202007-0327", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.19172932 }, "last_update_date": "2024-11-23T22:44:29.294000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2020-1147\u00a0|\u00a0.NET\u00a0Framework,\u00a0SharePoint\u00a0Server,\u00a0and\u00a0Visual\u00a0Studio\u00a0Remote\u00a0Code\u00a0Execution\u00a0Vulnerability Security Update Guide", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1147" }, { "title": "Microsoft .NET Framework , SharePoint Server and Visual Studio Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124874" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2020/07/15/july_2020_patch_tuesday/" }, { "title": "Red Hat: Critical: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202937 - Security Advisory" }, { "title": "Red Hat: Critical: .NET Core security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202988 - Security Advisory" }, { "title": "Red Hat: Critical: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202939 - Security Advisory" }, { "title": "Red Hat: Critical: .NET Core security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202938 - Security Advisory" }, { "title": "Red Hat: Critical: .NET Core security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202989 - Security Advisory" }, { "title": "Red Hat: Critical: .NET Core 3.1 security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202954 - Security Advisory" }, { "title": "cs2020_msels", "trust": 0.1, "url": "https://github.com/wshepherd0010/cs2020_msels " }, { "title": "template", "trust": 0.1, "url": "https://github.com/wshepherd0010/template " }, { "title": "EzpzSharepoint", "trust": 0.1, "url": "https://github.com/H0j3n/EzpzSharepoint " }, { "title": "ysoserial.net", "trust": 0.1, "url": "https://github.com/pwntester/ysoserial.net " }, { "title": "nuclei-templates", "trust": 0.1, "url": "https://github.com/projectdiscovery/nuclei-templates " }, { "title": "nuclei-templates", "trust": 0.1, "url": "https://github.com/storenth/nuclei-templates " }, { "title": "", "trust": 0.1, "url": "https://github.com/merlinepedra25/nuclei-templates " }, { "title": "", "trust": 0.1, "url": "https://github.com/merlinepedra/nuclei-templates " }, { "title": "kenzer-templates", "trust": 0.1, "url": "https://github.com/Elsfa7-110/kenzer-templates " }, { "title": "kenzer-templates", "trust": 0.1, "url": "https://github.com/ARPSyndicate/kenzer-templates " }, { "title": "BleepingComputer", "trust": 0.1, "url": "https://www.bleepingcomputer.com/news/security/critical-sharepoint-flaw-dissected-rce-details-now-available/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-1147" }, { "db": "JVNDB", "id": "JVNDB-2020-008157" }, { "db": "CNNVD", "id": "CNNVD-202007-597" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008157" }, { "db": "NVD", "id": "CVE-2020-1147" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://packetstormsecurity.com/files/158694/sharepoint-dataset-datatable-deserialization.html" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/158876/microsoft-sharepoint-server-2019-remote-code-execution.html" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/163644/microsoft-sharepoint-server-2019-remote-code-execution.html" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1147" }, { "trust": 1.7, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1147" }, { "trust": 1.7, "url": "https://www.exploitalert.com/view-details.html?id=35992" }, { "trust": 1.2, "url": "https://access.redhat.com/security/cve/cve-2020-1147" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20200715-ms.html" }, { "trust": 0.8, "url": "https://www.jpcert.or.jp/at/2020/at200029.html" }, { "trust": 0.6, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.6, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.6, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2020-1147" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-july-2020-32824" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2441/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2445/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158467/red-hat-security-advisory-2020-2989-01.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/net-core-code-execution-via-xml-source-markup-32836" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2418/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158436/red-hat-security-advisory-2020-2954-01.html" }, { "trust": 0.6, "url": "https://www.exploit-db.com/exploits/50151" }, { "trust": 0.6, "url": "https://cxsecurity.com/issue/wlb-2020080098" }, { "trust": 0.6, "url": "https://cxsecurity.com/issue/wlb-2021070135" }, { "trust": 0.6, "url": "https://www.exploit-db.com/exploits/48747" }, { "trust": 0.2, "url": "https://access.redhat.com/errata/rhsa-2020:2937" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/wshepherd0010/template" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2954" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2939" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2938" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2988" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2989" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-1147" }, { "db": "JVNDB", "id": "JVNDB-2020-008157" }, { "db": "PACKETSTORM", "id": "158436" }, { "db": "PACKETSTORM", "id": "158433" }, { "db": "PACKETSTORM", "id": "158432" }, { "db": "PACKETSTORM", "id": "158431" }, { "db": "PACKETSTORM", "id": "158465" }, { "db": "PACKETSTORM", "id": "158467" }, { "db": "CNNVD", "id": "CNNVD-202007-597" }, { "db": "NVD", "id": "CVE-2020-1147" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2020-1147" }, { "db": "JVNDB", "id": "JVNDB-2020-008157" }, { "db": "PACKETSTORM", "id": "158436" }, { "db": "PACKETSTORM", "id": "158433" }, { "db": "PACKETSTORM", "id": "158432" }, { "db": "PACKETSTORM", "id": "158431" }, { "db": "PACKETSTORM", "id": "158465" }, { "db": "PACKETSTORM", "id": "158467" }, { "db": "CNNVD", "id": "CNNVD-202007-597" }, { "db": "NVD", "id": "CVE-2020-1147" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-14T00:00:00", "db": "VULMON", "id": "CVE-2020-1147" }, { "date": "2020-09-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008157" }, { "date": "2020-07-15T22:47:00", "db": "PACKETSTORM", "id": "158436" }, { "date": "2020-07-15T14:38:40", "db": "PACKETSTORM", "id": "158433" }, { "date": "2020-07-15T14:38:32", "db": "PACKETSTORM", "id": "158432" }, { "date": "2020-07-15T14:38:24", "db": "PACKETSTORM", "id": "158431" }, { "date": "2020-07-17T19:35:18", "db": "PACKETSTORM", "id": "158465" }, { "date": "2020-07-17T19:36:00", "db": "PACKETSTORM", "id": "158467" }, { "date": "2020-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-597" }, { "date": "2020-07-14T23:15:12.057000", "db": "NVD", "id": "CVE-2020-1147" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-12T00:00:00", "db": "VULMON", "id": "CVE-2020-1147" }, { "date": "2020-09-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008157" }, { "date": "2022-07-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-597" }, { "date": "2024-11-21T05:09:50.860000", "db": "NVD", "id": "CVE-2020-1147" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-597" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0Microsoft\u00a0 Remote Code Execution Vulnerability in Product", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008157" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code execution", "sources": [ { "db": "PACKETSTORM", "id": "158436" }, { "db": "PACKETSTORM", "id": "158433" }, { "db": "PACKETSTORM", "id": "158432" }, { "db": "PACKETSTORM", "id": "158431" }, { "db": "PACKETSTORM", "id": "158465" }, { "db": "PACKETSTORM", "id": "158467" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.