All the vulnerabilites related to Microsoft - .NET Core SDK
var-201904-0811
Vulnerability from variot

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'. Microsoft NuGet is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions.

Bug Fix(es):

  • dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)

  • -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019 Advisory ID: RHSA-2019:0544-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0544 Issue date: 2019-03-13 CVE Names: CVE-2019-0757 ==================================================================== 1. Summary:

Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

.NET Core is a managed-software framework. It implements the .NET standard APIs and several additional APIs, and it includes a CLR implementation.

New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.15, 1.1.12, 2.1.9, and 2.2.3. (CVE-2019-0757)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

For more information, please refer to the upstream doc in the References section.

  1. Solution:

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1685475 - CVE-2019-0757 dotnet: NuGet Tampering Vulnerability 1685718 - Update to .NET Core Runtime 2.2.3 and SDK 2.2.105 1685720 - Update to .NET Core Runtime 2.1.9 and SDK 2.1.505

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm

x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm

x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm

x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm

x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm

x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm

x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2019-0757 https://access.redhat.com/security/updates/classification/#important https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXIkN2NzjgjWX9erEAQifeg//caOX+S+Ysy634WnQ2WKfvAyI2DdmDwtN jsAXT/zd2ckQrk3Idz09zDrrX3bjCbGSALUEF8DNM9X0xs8LiFJj9fl7pQ8eDDuz csbAv7Th64q9m42KlL4+7s4HBzRRDpfp90JMr9zYWHqoDsYbHi/03wUJbM81txYt Ybu1oufw3DNzDoPiZ30x1HvNUa4ZHPrB2eV6gVc4kbTZDG08oDvBHCnS9IXbMPRC sfkGHU6E+kWS6bs2aHMbSNiw2MkKPgRbMXv10o8FRLbXVJ9swiEgBz0rmuirlxkM Zubf4mWUGnLIksPzTYrRrGpCbWduD5dR0Ar+DiLaSRmJQ7rzBTFdoBFWwaN+HoGu tGwrCe2Ve+Aj8WP3EBxHSmhEG9UT2KxmUSA++lqiw3wZBVHBZD9YX1aP0c8j7tCg ijhAzzfo1rbCRJkKdACAbxjih4jjHRzt6x3W/qmu3n+gIKXHGelGoKouyvbKb+8A eqQXoB/W/Dkcz/XHfcII7bDNxZLbT7HVV1fdFAQqGrMcwknVC5ld+N0dnE6tn45r LfDyuyO8Sd+7jDilvdEdWYyI6pbRuRNmcZ+gqu/xPyx5cFXYxQehdv1uIAo5vQP1 35JSu//LGlnoYeYhBoYrtW/forYD77yLKHnlP6/ugcN1JKS+CRAipuDW8nr34ySR FvFvp8/nSm4=KwTi -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0811",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nuget",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.9.4"
      },
      {
        "model": "nuget",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.8.2"
      },
      {
        "model": "nuget",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.7.2"
      },
      {
        "model": "nuget",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.6.3"
      },
      {
        "model": "nuget",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.5.2"
      },
      {
        "model": "nuget",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.4.2"
      },
      {
        "model": "nuget",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.3.1"
      },
      {
        "model": ".net core sdk",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "2.1.500"
      },
      {
        "model": ".net core sdk",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": "framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "mono",
        "version": "5.18.0.223"
      },
      {
        "model": "framework",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "mono",
        "version": "5.20.0"
      },
      {
        "model": ".net core sdk",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "2.2.100"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.2"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.4"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "model": "visual studio 2017",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.2"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.4"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.1"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.2"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.4"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2017 for mac"
      },
      {
        "model": "mono",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mono",
        "version": "5.20"
      },
      {
        "model": "mono",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mono",
        "version": "5.18.0.223"
      },
      {
        "model": "visual studio for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "0"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": ".net core sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.1.505"
      },
      {
        "model": ".net core sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1.1.13"
      },
      {
        "model": ".net core",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.1.9"
      },
      {
        "model": ".net core",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1.1.12"
      },
      {
        "model": ".net core",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1.0.15"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "107285"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002673"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0757"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mono-project:mono_framework:5.18.0.223:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mono-project:mono_framework:5.20.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_core_sdk:1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_core_sdk:2.1.500:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_core_sdk:2.2.100:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0757"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat,The vendor reported this issue.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-445"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-0757",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-0757",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-0757",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-0757",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201903-445",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-0757",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0757"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002673"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0757"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-445"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027. Microsoft NuGet is prone to a security bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. \n\nBug Fix(es):\n\n* dotnet: new SocketException((int)SocketError.InvalidArgument).Message is\nempty (BZ#1712471)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: .NET Core on Red Hat Enterprise Linux security update for March 2019\nAdvisory ID:       RHSA-2019:0544-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:0544\nIssue date:        2019-03-13\nCVE Names:         CVE-2019-0757\n====================================================================\n1. Summary:\n\nUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,\nrh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core\non Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements the .NET standard\nAPIs and several additional APIs, and it includes a CLR implementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core 1.0.15, 1.1.12, 2.1.9, and\n2.2.3. (CVE-2019-0757)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nFor more information, please refer to the upstream doc in the References\nsection. \n\n4. Solution:\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1685475 - CVE-2019-0757 dotnet: NuGet Tampering Vulnerability\n1685718 - Update to .NET Core Runtime 2.2.3 and SDK 2.2.105\n1685720 - Update to .NET Core Runtime 2.1.9 and SDK 2.1.505\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-8.el7.src.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-8.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-8.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-4.el7.src.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-4.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-4.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-8.el7.src.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-8.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-8.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-4.el7.src.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-4.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-4.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-8.el7.src.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-8.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-8.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-4.el7.src.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-4.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-4.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0757\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXIkN2NzjgjWX9erEAQifeg//caOX+S+Ysy634WnQ2WKfvAyI2DdmDwtN\njsAXT/zd2ckQrk3Idz09zDrrX3bjCbGSALUEF8DNM9X0xs8LiFJj9fl7pQ8eDDuz\ncsbAv7Th64q9m42KlL4+7s4HBzRRDpfp90JMr9zYWHqoDsYbHi/03wUJbM81txYt\nYbu1oufw3DNzDoPiZ30x1HvNUa4ZHPrB2eV6gVc4kbTZDG08oDvBHCnS9IXbMPRC\nsfkGHU6E+kWS6bs2aHMbSNiw2MkKPgRbMXv10o8FRLbXVJ9swiEgBz0rmuirlxkM\nZubf4mWUGnLIksPzTYrRrGpCbWduD5dR0Ar+DiLaSRmJQ7rzBTFdoBFWwaN+HoGu\ntGwrCe2Ve+Aj8WP3EBxHSmhEG9UT2KxmUSA++lqiw3wZBVHBZD9YX1aP0c8j7tCg\nijhAzzfo1rbCRJkKdACAbxjih4jjHRzt6x3W/qmu3n+gIKXHGelGoKouyvbKb+8A\neqQXoB/W/Dkcz/XHfcII7bDNxZLbT7HVV1fdFAQqGrMcwknVC5ld+N0dnE6tn45r\nLfDyuyO8Sd+7jDilvdEdWYyI6pbRuRNmcZ+gqu/xPyx5cFXYxQehdv1uIAo5vQP1\n35JSu//LGlnoYeYhBoYrtW/forYD77yLKHnlP6/ugcN1JKS+CRAipuDW8nr34ySR\nFvFvp8/nSm4=KwTi\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0757"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002673"
      },
      {
        "db": "BID",
        "id": "107285"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0757"
      },
      {
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "db": "PACKETSTORM",
        "id": "152073"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-0757",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "107285",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002673",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "152999",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "42934",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0808",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1839",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-445",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0757",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "152073",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0757"
      },
      {
        "db": "BID",
        "id": "107285"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002673"
      },
      {
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "db": "PACKETSTORM",
        "id": "152073"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0757"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-445"
      }
    ]
  },
  "id": "VAR-201904-0811",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.21178882
  },
  "last_update_date": "2023-12-18T13:02:13.321000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.mono-project.com/"
      },
      {
        "title": "CVE-2019-0757 | NuGet Package Manager Tampering Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0757"
      },
      {
        "title": "CVE-2019-0757 | NuGet Package Manager \u306e\u6539\u3056\u3093\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2019-0757"
      },
      {
        "title": "Microsoft NuGet Package Manager Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90061"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2019/03/12/march_patch_tuesday_dhcp/"
      },
      {
        "title": "Red Hat: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190544 - security advisory"
      },
      {
        "title": "Red Hat: Important: dotnet security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191259 - security advisory"
      },
      {
        "title": "Symantec Threat Intelligence Blog",
        "trust": 0.1,
        "url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-march-2019"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/microsoft-patches-two-win32k-bugs-under-active-attack/142742/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0757"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002673"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-445"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002673"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0757"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://access.redhat.com/errata/rhsa-2019:1259"
      },
      {
        "trust": 2.2,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0757"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0757"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/107285"
      },
      {
        "trust": 0.9,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.9,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1685475"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/errata/rhsa-2019:0544"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0757"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20190313-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2019/at190012.html"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2019-0757"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152999/red-hat-security-advisory-2019-1259-01.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/42934"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.1839/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/77050"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-0757 "
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/microsoft-patches-two-win32k-bugs-under-active-attack/142742/"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/107285"
      },
      {
        "trust": 0.1,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0820"
      },
      {
        "trust": 0.1,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0980"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0981"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0980"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0820"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0981"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0980"
      },
      {
        "trust": 0.1,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0981"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0820"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0757"
      },
      {
        "db": "BID",
        "id": "107285"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002673"
      },
      {
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "db": "PACKETSTORM",
        "id": "152073"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0757"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-445"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2019-0757"
      },
      {
        "db": "BID",
        "id": "107285"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002673"
      },
      {
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "db": "PACKETSTORM",
        "id": "152073"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0757"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-445"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-0757"
      },
      {
        "date": "2019-03-12T00:00:00",
        "db": "BID",
        "id": "107285"
      },
      {
        "date": "2019-04-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-002673"
      },
      {
        "date": "2019-05-22T14:39:27",
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "date": "2019-03-13T14:27:10",
        "db": "PACKETSTORM",
        "id": "152073"
      },
      {
        "date": "2019-04-09T02:29:00.600000",
        "db": "NVD",
        "id": "CVE-2019-0757"
      },
      {
        "date": "2019-03-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201903-445"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-0757"
      },
      {
        "date": "2019-03-13T09:00:00",
        "db": "BID",
        "id": "107285"
      },
      {
        "date": "2019-04-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-002673"
      },
      {
        "date": "2022-04-11T20:36:04.833000",
        "db": "NVD",
        "id": "CVE-2019-0757"
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201903-445"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-445"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Microsoft Product  Linux and  Mac For  NuGet Package Manager Vulnerabilities to be tampered with",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002673"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access control error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-445"
      }
    ],
    "trust": 0.6
  }
}

cve-2019-0757
Vulnerability from cvelistv5
Published
2019-04-09 01:51
Modified
2024-08-04 17:58
Severity ?
Summary
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:58:59.044Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
          },
          {
            "name": "RHSA-2019:1259",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1259"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Visual Studio",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2017 for Mac"
            }
          ]
        },
        {
          "product": ".NET Core SDK",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "1.1 on .NET Core 1.0"
            },
            {
              "status": "affected",
              "version": "2.1.500 on .NET Core 2.1"
            },
            {
              "status": "affected",
              "version": "2.2.100 on .NET Core 2.2"
            },
            {
              "status": "affected",
              "version": "1.1 on .NET Core 1.1"
            }
          ]
        },
        {
          "product": "Nuget",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "4.3.1"
            },
            {
              "status": "affected",
              "version": "4.4.2"
            },
            {
              "status": "affected",
              "version": "4.5.2"
            },
            {
              "status": "affected",
              "version": "4.6.3"
            },
            {
              "status": "affected",
              "version": "4.7.2"
            },
            {
              "status": "affected",
              "version": "4.8.2"
            },
            {
              "status": "affected",
              "version": "4.9.4"
            }
          ]
        },
        {
          "product": "Mono Framework",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "5.18.0.223"
            },
            {
              "status": "affected",
              "version": "5.20.0"
            }
          ]
        }
      ],
      "datePublic": "2019-03-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Tampering",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-22T12:06:04",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
        },
        {
          "name": "RHSA-2019:1259",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1259"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0757",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Visual Studio",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017 for Mac"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": ".NET Core SDK",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.1 on .NET Core 1.0"
                          },
                          {
                            "version_value": "2.1.500 on .NET Core 2.1"
                          },
                          {
                            "version_value": "2.2.100 on .NET Core 2.2"
                          },
                          {
                            "version_value": "1.1 on .NET Core 1.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nuget",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.3.1"
                          },
                          {
                            "version_value": "4.4.2"
                          },
                          {
                            "version_value": "4.5.2"
                          },
                          {
                            "version_value": "4.6.3"
                          },
                          {
                            "version_value": "4.7.2"
                          },
                          {
                            "version_value": "4.8.2"
                          },
                          {
                            "version_value": "4.9.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Mono Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.18.0.223"
                          },
                          {
                            "version_value": "5.20.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Tampering"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
            },
            {
              "name": "RHSA-2019:1259",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1259"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0757",
    "datePublished": "2019-04-09T01:51:25",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:58:59.044Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}