All the vulnerabilites related to Microsoft - PowerShell Core
cve-2019-1167
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1167 | x_refsource_MISC |
▼ | Vendor | Product |
---|---|---|
Microsoft | PowerShell Core |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:06:31.690Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1167" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "PowerShell Core", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "6.1" }, { "status": "affected", "version": "6.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka \u0027Windows Defender Application Control Security Feature Bypass Vulnerability\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Security Feature Bypass", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-07-19T14:34:19", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1167" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2019-1167", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "PowerShell Core", "version": { "version_data": [ { "version_value": "6.1" }, { "version_value": "6.2" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka \u0027Windows Defender Application Control Security Feature Bypass Vulnerability\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Security Feature Bypass" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1167", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1167" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2019-1167", "datePublished": "2019-07-19T14:34:19", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-08-04T18:06:31.690Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-0627
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0627 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/106857 | vdb-entry, x_refsource_BID |
▼ | Vendor | Product |
---|---|---|
Microsoft | Windows | |
Microsoft | Windows Server | |
Microsoft | PowerShell Core |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:51:26.865Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0627" }, { "name": "106857", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106857" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Windows", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "10 for 32-bit Systems" }, { "status": "affected", "version": "10 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1607 for 32-bit Systems" }, { "status": "affected", "version": "10 Version 1607 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1703 for 32-bit Systems" }, { "status": "affected", "version": "10 Version 1703 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1709 for 32-bit Systems" }, { "status": "affected", "version": "10 Version 1709 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1803 for 32-bit Systems" }, { "status": "affected", "version": "10 Version 1803 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1803 for ARM64-based Systems" }, { "status": "affected", "version": "10 Version 1809 for 32-bit Systems" }, { "status": "affected", "version": "10 Version 1809 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1809 for ARM64-based Systems" }, { "status": "affected", "version": "10 Version 1709 for ARM64-based Systems" } ] }, { "product": "Windows Server", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2016" }, { "status": "affected", "version": "2016 (Core installation)" }, { "status": "affected", "version": "version 1709 (Core Installation)" }, { "status": "affected", "version": "version 1803 (Core Installation)" }, { "status": "affected", "version": "2019" }, { "status": "affected", "version": "2019 (Core installation)" } ] }, { "product": "PowerShell Core", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "6.1" }, { "status": "affected", "version": "6.2" } ] } ], "datePublic": "2019-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka \u0027Windows Security Feature Bypass Vulnerability\u0027. This CVE ID is unique from CVE-2019-0631, CVE-2019-0632." } ], "problemTypes": [ { "descriptions": [ { "description": "Security Feature Bypass", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-03-06T10:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0627" }, { "name": "106857", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106857" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2019-0627", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Windows", "version": { "version_data": [ { "version_value": "10 for 32-bit Systems" }, { "version_value": "10 for x64-based Systems" }, { "version_value": "10 Version 1607 for 32-bit Systems" }, { "version_value": "10 Version 1607 for x64-based Systems" }, { "version_value": "10 Version 1703 for 32-bit Systems" }, { "version_value": "10 Version 1703 for x64-based Systems" }, { "version_value": "10 Version 1709 for 32-bit Systems" }, { "version_value": "10 Version 1709 for x64-based Systems" }, { "version_value": "10 Version 1803 for 32-bit Systems" }, { "version_value": "10 Version 1803 for x64-based Systems" }, { "version_value": "10 Version 1803 for ARM64-based Systems" }, { "version_value": "10 Version 1809 for 32-bit Systems" }, { "version_value": "10 Version 1809 for x64-based Systems" }, { "version_value": "10 Version 1809 for ARM64-based Systems" }, { "version_value": "10 Version 1709 for ARM64-based Systems" } ] } }, { "product_name": "Windows Server", "version": { "version_data": [ { "version_value": "2016" }, { "version_value": "2016 (Core installation)" }, { "version_value": "version 1709 (Core Installation)" }, { "version_value": "version 1803 (Core Installation)" }, { "version_value": "2019" }, { "version_value": "2019 (Core installation)" } ] } }, { "product_name": "PowerShell Core", "version": { "version_data": [ { "version_value": "6.1" }, { "version_value": "6.2" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka \u0027Windows Security Feature Bypass Vulnerability\u0027. This CVE ID is unique from CVE-2019-0631, CVE-2019-0632." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Security Feature Bypass" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0627", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0627" }, { "name": "106857", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106857" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2019-0627", "datePublished": "2019-03-06T00:00:00", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-08-04T17:51:26.865Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-8292
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:2902 | vendor-advisory, x_refsource_REDHAT | |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/105548 | vdb-entry, x_refsource_BID |
▼ | Vendor | Product |
---|---|---|
Microsoft | PowerShell Core | |
Microsoft | .NET Core |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:54:36.373Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:2902", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2902" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292" }, { "name": "105548", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105548" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "PowerShell Core", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "6.0" } ] }, { "product": ".NET Core", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "1.0" }, { "status": "affected", "version": "1.1" }, { "status": "affected", "version": "2.1" } ] } ], "datePublic": "2018-10-09T00:00:00", "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka \".NET Core Information Disclosure Vulnerability.\" This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0." } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T09:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "RHSA-2018:2902", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2902" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292" }, { "name": "105548", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105548" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2018-8292", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "PowerShell Core", "version": { "version_data": [ { "version_value": "6.0" } ] } }, { "product_name": ".NET Core", "version": { "version_data": [ { "version_value": "1.0" }, { "version_value": "1.1" }, { "version_value": "2.1" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka \".NET Core Information Disclosure Vulnerability.\" This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:2902", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2902" }, { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292" }, { "name": "105548", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105548" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2018-8292", "datePublished": "2018-10-10T13:00:00", "dateReserved": "2018-03-14T00:00:00", "dateUpdated": "2024-08-05T06:54:36.373Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-8415
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1042108 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/105792 | vdb-entry, x_refsource_BID | |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8415 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:54:36.516Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1042108", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1042108" }, { "name": "105792", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105792" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8415" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Windows 7", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "32-bit Systems Service Pack 1" }, { "status": "affected", "version": "x64-based Systems Service Pack 1" } ] }, { "product": "Windows Server 2012 R2", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "(Server Core installation)" } ] }, { "product": "Windows RT 8.1", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Windows RT 8.1" } ] }, { "product": "Windows Server 2012", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "(Server Core installation)" } ] }, { "product": "Windows Server 2019", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "(Server Core installation)" } ] }, { "product": "Windows 8.1", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "32-bit systems" }, { "status": "affected", "version": "x64-based systems" } ] }, { "product": "PowerShell Core", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.1" } ] }, { "product": "Windows Server 2016", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "(Server Core installation)" } ] }, { "product": "Windows Server 2008 R2", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "x64-based Systems Service Pack 1" }, { "status": "affected", "version": "x64-based Systems Service Pack 1 (Server Core installation)" } ] }, { "product": "Windows 10", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "32-bit Systems" }, { "status": "affected", "version": "Version 1607 for 32-bit Systems" }, { "status": "affected", "version": "Version 1607 for x64-based Systems" }, { "status": "affected", "version": "Version 1703 for 32-bit Systems" }, { "status": "affected", "version": "Version 1703 for x64-based Systems" }, { "status": "affected", "version": "Version 1709 for 32-bit Systems" }, { "status": "affected", "version": "Version 1709 for ARM64-based Systems" }, { "status": "affected", "version": "Version 1709 for x64-based Systems" }, { "status": "affected", "version": "Version 1803 for 32-bit Systems" }, { "status": "affected", "version": "Version 1803 for ARM64-based Systems" }, { "status": "affected", "version": "Version 1803 for x64-based Systems" }, { "status": "affected", "version": "Version 1809 for 32-bit Systems" }, { "status": "affected", "version": "Version 1809 for ARM64-based Systems" }, { "status": "affected", "version": "Version 1809 for x64-based Systems" }, { "status": "affected", "version": "x64-based Systems" } ] }, { "product": "Windows 10 Servers", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "version 1709 (Server Core Installation)" }, { "status": "affected", "version": "version 1803 (Server Core Installation)" } ] } ], "datePublic": "2018-11-13T00:00:00", "descriptions": [ { "lang": "en", "value": "A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka \"Microsoft PowerShell Tampering Vulnerability.\" This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." } ], "problemTypes": [ { "descriptions": [ { "description": "Tampering", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-14T10:57:02", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "1042108", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1042108" }, { "name": "105792", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105792" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8415" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2018-8415", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Windows 7", "version": { "version_data": [ { "version_value": "32-bit Systems Service Pack 1" }, { "version_value": "x64-based Systems Service Pack 1" } ] } }, { "product_name": "Windows Server 2012 R2", "version": { "version_data": [ { "version_value": "(Server Core installation)" } ] } }, { "product_name": "Windows RT 8.1", "version": { "version_data": [ { "version_value": "Windows RT 8.1" } ] } }, { "product_name": "Windows Server 2012", "version": { "version_data": [ { "version_value": "(Server Core installation)" } ] } }, { "product_name": "Windows Server 2019", "version": { "version_data": [ { "version_value": "(Server Core installation)" } ] } }, { "product_name": "Windows 8.1", "version": { "version_data": [ { "version_value": "32-bit systems" }, { "version_value": "x64-based systems" } ] } }, { "product_name": "PowerShell Core", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.1" } ] } }, { "product_name": "Windows Server 2016", "version": { "version_data": [ { "version_value": "(Server Core installation)" } ] } }, { "product_name": "Windows Server 2008 R2", "version": { "version_data": [ { "version_value": "x64-based Systems Service Pack 1" }, { "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" } ] } }, { "product_name": "Windows 10", "version": { "version_data": [ { "version_value": "32-bit Systems" }, { "version_value": "Version 1607 for 32-bit Systems" }, { "version_value": "Version 1607 for x64-based Systems" }, { "version_value": "Version 1703 for 32-bit Systems" }, { "version_value": "Version 1703 for x64-based Systems" }, { "version_value": "Version 1709 for 32-bit Systems" }, { "version_value": "Version 1709 for ARM64-based Systems" }, { "version_value": "Version 1709 for x64-based Systems" }, { "version_value": "Version 1803 for 32-bit Systems" }, { "version_value": "Version 1803 for ARM64-based Systems" }, { "version_value": "Version 1803 for x64-based Systems" }, { "version_value": "Version 1809 for 32-bit Systems" }, { "version_value": "Version 1809 for ARM64-based Systems" }, { "version_value": "Version 1809 for x64-based Systems" }, { "version_value": "x64-based Systems" } ] } }, { "product_name": "Windows 10 Servers", "version": { "version_data": [ { "version_value": "version 1709 (Server Core Installation)" }, { "version_value": "version 1803 (Server Core Installation)" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka \"Microsoft PowerShell Tampering Vulnerability.\" This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Tampering" } ] } ] }, "references": { "reference_data": [ { "name": "1042108", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1042108" }, { "name": "105792", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105792" }, { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8415", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8415" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2018-8415", "datePublished": "2018-11-14T01:00:00", "dateReserved": "2018-03-14T00:00:00", "dateUpdated": "2024-08-05T06:54:36.516Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-1108
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:25:01.017Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": ".NET Core", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "3.1" }, { "status": "affected", "version": "2.1" } ] }, { "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Visual Studio 2019", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "16.0" } ] }, { "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Visual Studio 2019 version 16.5", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": ".NET Core 5.0", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "PowerShell Core", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "6.2" } ] }, { "product": "PowerShell 7.0", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Windows 7 for 32-bit Systems Service Pack 1" }, { "status": "affected", "version": "Windows 7 for x64-based Systems Service Pack 1" }, { "status": "affected", "version": "Windows 8.1 for 32-bit systems" }, { "status": "affected", "version": "Windows 8.1 for x64-based systems" }, { "status": "affected", "version": "Windows RT 8.1" }, { "status": "affected", "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" }, { "status": "affected", "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" }, { "status": "affected", "version": "Windows Server 2012" }, { "status": "affected", "version": "Windows Server 2012 (Server Core installation)" }, { "status": "affected", "version": "Windows Server 2012 R2" }, { "status": "affected", "version": "Windows Server 2012 R2 (Server Core installation)" } ] }, { "product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.8 on Windows Server 2016", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.8 on Windows RT 8.1", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.8 on Windows Server 2012", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "1903" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 4.6", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Windows Server 2008 for 32-bit Systems Service Pack 2" }, { "status": "affected", "version": "Windows Server 2008 for x64-based Systems Service Pack 2" } ] }, { "product": "Microsoft .NET Framework 2.0", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" }, { "status": "affected", "version": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" } ] }, { "product": "Microsoft .NET Framework 3.0", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" }, { "status": "affected", "version": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" } ] }, { "product": "Microsoft .NET Framework 3.5", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Windows 8.1 for 32-bit systems" }, { "status": "affected", "version": "Windows 8.1 for x64-based systems" }, { "status": "affected", "version": "Windows Server 2012" }, { "status": "affected", "version": "Windows Server 2012 (Server Core installation)" }, { "status": "affected", "version": "Windows Server 2012 R2" }, { "status": "affected", "version": "Windows Server 2012 R2 (Server Core installation)" } ] }, { "product": "Microsoft .NET Framework 3.5.1", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Windows 7 for 32-bit Systems Service Pack 1" }, { "status": "affected", "version": "Windows 7 for x64-based Systems Service Pack 1" }, { "status": "affected", "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" } ] }, { "product": "Microsoft .NET Framework 4.5.2", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Windows 7 for 32-bit Systems Service Pack 1" }, { "status": "affected", "version": "Windows 7 for x64-based Systems Service Pack 1" }, { "status": "affected", "version": "Windows 8.1 for 32-bit systems" }, { "status": "affected", "version": "Windows 8.1 for x64-based systems" }, { "status": "affected", "version": "Windows RT 8.1" }, { "status": "affected", "version": "Windows Server 2008 for 32-bit Systems Service Pack 2" }, { "status": "affected", "version": "Windows Server 2008 for x64-based Systems Service Pack 2" }, { "status": "affected", "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" }, { "status": "affected", "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" }, { "status": "affected", "version": "Windows Server 2012" }, { "status": "affected", "version": "Windows Server 2012 (Server Core installation)" }, { "status": "affected", "version": "Windows Server 2012 R2" }, { "status": "affected", "version": "Windows Server 2012 R2 (Server Core installation)" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for ARM64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] } ], "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka \u0027.NET Core \u0026 .NET Framework Denial of Service Vulnerability\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-05-21T22:53:10", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-1108", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": ".NET Core", "version": { "version_data": [ { "version_value": "3.1" }, { "version_value": "2.1" } ] } }, { "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Visual Studio 2019", "version": { "version_data": [ { "version_value": "16.0" } ] } }, { "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Visual Studio 2019 version 16.5", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": ".NET Core 5.0", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "PowerShell Core", "version": { "version_data": [ { "version_value": "6.2" } ] } }, { "product_name": "PowerShell 7.0", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", "version": { "version_data": [ { "version_value": "Windows 7 for 32-bit Systems Service Pack 1" }, { "version_value": "Windows 7 for x64-based Systems Service Pack 1" }, { "version_value": "Windows 8.1 for 32-bit systems" }, { "version_value": "Windows 8.1 for x64-based systems" }, { "version_value": "Windows RT 8.1" }, { "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" }, { "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" }, { "version_value": "Windows Server 2012" }, { "version_value": "Windows Server 2012 (Server Core installation)" }, { "version_value": "Windows Server 2012 R2" }, { "version_value": "Windows Server 2012 R2 (Server Core installation)" } ] } }, { "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", "version": { "version_data": [ { "version_value": "1903" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 4.6", "version": { "version_data": [ { "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" }, { "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" } ] } }, { "product_name": "Microsoft .NET Framework 2.0", "version": { "version_data": [ { "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" }, { "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" } ] } }, { "product_name": "Microsoft .NET Framework 3.0", "version": { "version_data": [ { "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" }, { "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" } ] } }, { "product_name": "Microsoft .NET Framework 3.5", "version": { "version_data": [ { "version_value": "Windows 8.1 for 32-bit systems" }, { "version_value": "Windows 8.1 for x64-based systems" }, { "version_value": "Windows Server 2012" }, { "version_value": "Windows Server 2012 (Server Core installation)" }, { "version_value": "Windows Server 2012 R2" }, { "version_value": "Windows Server 2012 R2 (Server Core installation)" } ] } }, { "product_name": "Microsoft .NET Framework 3.5.1", "version": { "version_data": [ { "version_value": "Windows 7 for 32-bit Systems Service Pack 1" }, { "version_value": "Windows 7 for x64-based Systems Service Pack 1" }, { "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" } ] } }, { "product_name": "Microsoft .NET Framework 4.5.2", "version": { "version_data": [ { "version_value": "Windows 7 for 32-bit Systems Service Pack 1" }, { "version_value": "Windows 7 for x64-based Systems Service Pack 1" }, { "version_value": "Windows 8.1 for 32-bit systems" }, { "version_value": "Windows 8.1 for x64-based systems" }, { "version_value": "Windows RT 8.1" }, { "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" }, { "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" }, { "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" }, { "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" }, { "version_value": "Windows Server 2012" }, { "version_value": "Windows Server 2012 (Server Core installation)" }, { "version_value": "Windows Server 2012 R2" }, { "version_value": "Windows Server 2012 R2 (Server Core installation)" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for ARM64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka \u0027.NET Core \u0026 .NET Framework Denial of Service Vulnerability\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-1108", "datePublished": "2020-05-21T22:53:10", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:25:01.017Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-8256
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1042108 | vdb-entry, x_refsource_SECTRACK | |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8256 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/105781 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:46:13.720Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1042108", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1042108" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8256" }, { "name": "105781", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105781" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Windows 7", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "32-bit Systems Service Pack 1" }, { "status": "affected", "version": "x64-based Systems Service Pack 1" } ] }, { "product": "Microsoft.PowerShell.Archive", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "1.2.2.0" } ] }, { "product": "Windows 10 Servers", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "version 1709 (Server Core Installation)" }, { "status": "affected", "version": "version 1803 (Server Core Installation)" } ] }, { "product": "Windows Server 2012 R2", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "(Server Core installation)" } ] }, { "product": "Windows RT 8.1", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Windows RT 8.1" } ] }, { "product": "Windows Server 2008 R2", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Itanium-Based Systems Service Pack 1" }, { "status": "affected", "version": "x64-based Systems Service Pack 1" }, { "status": "affected", "version": "x64-based Systems Service Pack 1 (Server Core installation)" } ] }, { "product": "Windows Server 2012", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "(Server Core installation)" } ] }, { "product": "PowerShell Core", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.1" } ] }, { "product": "Windows Server 2016", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "(Server Core installation)" } ] }, { "product": "Windows 8.1", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "32-bit systems" }, { "status": "affected", "version": "x64-based systems" } ] }, { "product": "Windows 10", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "32-bit Systems" }, { "status": "affected", "version": "Version 1607 for 32-bit Systems" }, { "status": "affected", "version": "Version 1607 for x64-based Systems" }, { "status": "affected", "version": "Version 1703 for 32-bit Systems" }, { "status": "affected", "version": "Version 1703 for x64-based Systems" }, { "status": "affected", "version": "Version 1709 for 32-bit Systems" }, { "status": "affected", "version": "Version 1709 for ARM64-based Systems" }, { "status": "affected", "version": "Version 1709 for x64-based Systems" }, { "status": "affected", "version": "Version 1803 for 32-bit Systems" }, { "status": "affected", "version": "Version 1803 for ARM64-based Systems" }, { "status": "affected", "version": "Version 1803 for x64-based Systems" }, { "status": "affected", "version": "Version 1809 for 32-bit Systems" }, { "status": "affected", "version": "Version 1809 for ARM64-based Systems" }, { "status": "affected", "version": "Version 1809 for x64-based Systems" }, { "status": "affected", "version": "x64-based Systems" } ] }, { "product": "Windows Server 2019", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "(Server Core installation)" } ] } ], "datePublic": "2018-11-13T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka \"Microsoft PowerShell Remote Code Execution Vulnerability.\" This affects Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.2.2.0, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, Windows Server 2019, Windows 7, Windows Server 2012 R2, PowerShell Core 6.1, Windows 10 Servers, Windows 10, Windows 8.1." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote Code Execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-14T10:57:02", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "1042108", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1042108" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8256" }, { "name": "105781", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105781" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2018-8256", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Windows 7", "version": { "version_data": [ { "version_value": "32-bit Systems Service Pack 1" }, { "version_value": "x64-based Systems Service Pack 1" } ] } }, { "product_name": "Microsoft.PowerShell.Archive", "version": { "version_data": [ { "version_value": "1.2.2.0" } ] } }, { "product_name": "Windows 10 Servers", "version": { "version_data": [ { "version_value": "version 1709 (Server Core Installation)" }, { "version_value": "version 1803 (Server Core Installation)" } ] } }, { "product_name": "Windows Server 2012 R2", "version": { "version_data": [ { "version_value": "(Server Core installation)" } ] } }, { "product_name": "Windows RT 8.1", "version": { "version_data": [ { "version_value": "Windows RT 8.1" } ] } }, { "product_name": "Windows Server 2008 R2", "version": { "version_data": [ { "version_value": "Itanium-Based Systems Service Pack 1" }, { "version_value": "x64-based Systems Service Pack 1" }, { "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" } ] } }, { "product_name": "Windows Server 2012", "version": { "version_data": [ { "version_value": "(Server Core installation)" } ] } }, { "product_name": "PowerShell Core", "version": { "version_data": [ { "version_value": "6.0" }, { "version_value": "6.1" } ] } }, { "product_name": "Windows Server 2016", "version": { "version_data": [ { "version_value": "(Server Core installation)" } ] } }, { "product_name": "Windows 8.1", "version": { "version_data": [ { "version_value": "32-bit systems" }, { "version_value": "x64-based systems" } ] } }, { "product_name": "Windows 10", "version": { "version_data": [ { "version_value": "32-bit Systems" }, { "version_value": "Version 1607 for 32-bit Systems" }, { "version_value": "Version 1607 for x64-based Systems" }, { "version_value": "Version 1703 for 32-bit Systems" }, { "version_value": "Version 1703 for x64-based Systems" }, { "version_value": "Version 1709 for 32-bit Systems" }, { "version_value": "Version 1709 for ARM64-based Systems" }, { "version_value": "Version 1709 for x64-based Systems" }, { "version_value": "Version 1803 for 32-bit Systems" }, { "version_value": "Version 1803 for ARM64-based Systems" }, { "version_value": "Version 1803 for x64-based Systems" }, { "version_value": "Version 1809 for 32-bit Systems" }, { "version_value": "Version 1809 for ARM64-based Systems" }, { "version_value": "Version 1809 for x64-based Systems" }, { "version_value": "x64-based Systems" } ] } }, { "product_name": "Windows Server 2019", "version": { "version_data": [ { "version_value": "(Server Core installation)" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka \"Microsoft PowerShell Remote Code Execution Vulnerability.\" This affects Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.2.2.0, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, Windows Server 2019, Windows 7, Windows Server 2012 R2, PowerShell Core 6.1, Windows 10 Servers, Windows 10, Windows 8.1." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote Code Execution" } ] } ] }, "references": { "reference_data": [ { "name": "1042108", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1042108" }, { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8256", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8256" }, { "name": "105781", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105781" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2018-8256", "datePublished": "2018-11-14T01:00:00", "dateReserved": "2018-03-14T00:00:00", "dateUpdated": "2024-08-05T06:46:13.720Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-0631
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106875 | vdb-entry, x_refsource_BID | |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0631 | x_refsource_CONFIRM |
▼ | Vendor | Product |
---|---|---|
Microsoft | Windows | |
Microsoft | Windows Server | |
Microsoft | PowerShell Core |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:51:26.917Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106875", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106875" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0631" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Windows", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "10 for 32-bit Systems" }, { "status": "affected", "version": "10 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1607 for 32-bit Systems" }, { "status": "affected", "version": "10 Version 1607 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1703 for 32-bit Systems" }, { "status": "affected", "version": "10 Version 1703 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1709 for 32-bit Systems" }, { "status": "affected", "version": "10 Version 1709 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1803 for 32-bit Systems" }, { "status": "affected", "version": "10 Version 1803 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1803 for ARM64-based Systems" }, { "status": "affected", "version": "10 Version 1809 for 32-bit Systems" }, { "status": "affected", "version": "10 Version 1809 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1809 for ARM64-based Systems" }, { "status": "affected", "version": "10 Version 1709 for ARM64-based Systems" } ] }, { "product": "Windows Server", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2016" }, { "status": "affected", "version": "2016 (Core installation)" }, { "status": "affected", "version": "version 1709 (Core Installation)" }, { "status": "affected", "version": "version 1803 (Core Installation)" }, { "status": "affected", "version": "2019" }, { "status": "affected", "version": "2019 (Core installation)" } ] }, { "product": "PowerShell Core", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "6.1" }, { "status": "affected", "version": "6.2" } ] } ], "datePublic": "2019-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka \u0027Windows Security Feature Bypass Vulnerability\u0027. This CVE ID is unique from CVE-2019-0627, CVE-2019-0632." } ], "problemTypes": [ { "descriptions": [ { "description": "Security Feature Bypass", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-03-06T10:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "106875", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106875" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0631" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2019-0631", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Windows", "version": { "version_data": [ { "version_value": "10 for 32-bit Systems" }, { "version_value": "10 for x64-based Systems" }, { "version_value": "10 Version 1607 for 32-bit Systems" }, { "version_value": "10 Version 1607 for x64-based Systems" }, { "version_value": "10 Version 1703 for 32-bit Systems" }, { "version_value": "10 Version 1703 for x64-based Systems" }, { "version_value": "10 Version 1709 for 32-bit Systems" }, { "version_value": "10 Version 1709 for x64-based Systems" }, { "version_value": "10 Version 1803 for 32-bit Systems" }, { "version_value": "10 Version 1803 for x64-based Systems" }, { "version_value": "10 Version 1803 for ARM64-based Systems" }, { "version_value": "10 Version 1809 for 32-bit Systems" }, { "version_value": "10 Version 1809 for x64-based Systems" }, { "version_value": "10 Version 1809 for ARM64-based Systems" }, { "version_value": "10 Version 1709 for ARM64-based Systems" } ] } }, { "product_name": "Windows Server", "version": { "version_data": [ { "version_value": "2016" }, { "version_value": "2016 (Core installation)" }, { "version_value": "version 1709 (Core Installation)" }, { "version_value": "version 1803 (Core Installation)" }, { "version_value": "2019" }, { "version_value": "2019 (Core installation)" } ] } }, { "product_name": "PowerShell Core", "version": { "version_data": [ { "version_value": "6.1" }, { "version_value": "6.2" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka \u0027Windows Security Feature Bypass Vulnerability\u0027. This CVE ID is unique from CVE-2019-0627, CVE-2019-0632." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Security Feature Bypass" } ] } ] }, "references": { "reference_data": [ { "name": "106875", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106875" }, { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0631", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0631" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2019-0631", "datePublished": "2019-03-06T00:00:00", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-08-04T17:51:26.917Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-0657
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2019:0349 | vendor-advisory, x_refsource_REDHAT | |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/106890 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:51:27.244Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2019:0349", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:0349" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657" }, { "name": "106890", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106890" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microsoft .NET Framework 4.5.2", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Windows 7 for 32-bit Systems Service Pack 1" }, { "status": "affected", "version": "Windows 7 for x64-based Systems Service Pack 1" }, { "status": "affected", "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" }, { "status": "affected", "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" }, { "status": "affected", "version": "Windows Server 2012" }, { "status": "affected", "version": "Windows Server 2012 (Server Core installation)" }, { "status": "affected", "version": "Windows 8.1 for 32-bit systems" }, { "status": "affected", "version": "Windows 8.1 for x64-based systems" }, { "status": "affected", "version": "Windows Server 2012 R2" }, { "status": "affected", "version": "Windows RT 8.1" }, { "status": "affected", "version": "Windows Server 2012 R2 (Server Core installation)" }, { "status": "affected", "version": "Windows Server 2008 for 32-bit Systems Service Pack 2" }, { "status": "affected", "version": "Windows Server 2008 for x64-based Systems Service Pack 2" } ] }, { "product": "Microsoft .NET Framework 4.6", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Windows Server 2008 for 32-bit Systems Service Pack 2" }, { "status": "affected", "version": "Windows Server 2008 for x64-based Systems Service Pack 2" } ] }, { "product": ".NET Core", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "1" }, { "status": "affected", "version": "2.1" }, { "status": "affected", "version": "2.2" } ] }, { "product": "Microsoft Visual Studio", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2017" } ] }, { "product": "Microsoft .NET Framework 4.7.2", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Windows 10 Version 1803 for 32-bit Systems" }, { "status": "affected", "version": "Windows 10 Version 1803 for x64-based Systems" }, { "status": "affected", "version": "Windows Server, version 1803 (Server Core Installation)" }, { "status": "affected", "version": "Windows 10 Version 1803 for ARM64-based Systems" }, { "status": "affected", "version": "Windows 10 Version 1809 for 32-bit Systems" }, { "status": "affected", "version": "Windows 10 Version 1809 for x64-based Systems" }, { "status": "affected", "version": "Windows Server 2019" }, { "status": "affected", "version": "Windows Server 2019 (Server Core installation)" } ] }, { "product": "Microsoft .NET Framework 4.6/4.6.1/4.6.2", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Windows 10 for 32-bit Systems" }, { "status": "affected", "version": "Windows 10 for x64-based Systems" } ] }, { "product": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Windows 7 for 32-bit Systems Service Pack 1" }, { "status": "affected", "version": "Windows 7 for x64-based Systems Service Pack 1" }, { "status": "affected", "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" }, { "status": "affected", "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" }, { "status": "affected", "version": "Windows Server 2012" }, { "status": "affected", "version": "Windows Server 2012 (Server Core installation)" }, { "status": "affected", "version": "Windows 8.1 for 32-bit systems" }, { "status": "affected", "version": "Windows 8.1 for x64-based systems" }, { "status": "affected", "version": "Windows Server 2012 R2" }, { "status": "affected", "version": "Windows RT 8.1" }, { "status": "affected", "version": "Windows Server 2012 R2 (Server Core installation)" } ] }, { "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Windows Server 2016" }, { "status": "affected", "version": "Windows 10 Version 1607 for 32-bit Systems" }, { "status": "affected", "version": "Windows 10 Version 1607 for x64-based Systems" }, { "status": "affected", "version": "Windows Server 2016 (Server Core installation)" } ] }, { "product": "Microsoft .NET Framework 4.7/4.7.1/4.7.2", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Windows 10 Version 1703 for 32-bit Systems" }, { "status": "affected", "version": "Windows 10 Version 1703 for x64-based Systems" } ] }, { "product": "Microsoft .NET Framework 4.7.1/4.7.2", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Windows 10 Version 1709 for 32-bit Systems" }, { "status": "affected", "version": "Windows 10 Version 1709 for x64-based Systems" }, { "status": "affected", "version": "Windows Server, version 1709 (Server Core Installation)" }, { "status": "affected", "version": "Windows 10 Version 1709 for ARM64-based Systems" } ] }, { "product": "PowerShell Core", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "6.1" }, { "status": "affected", "version": "6.2" } ] }, { "product": "Microsoft Visual Studio 2017", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "version 15.9" } ] }, { "product": "Microsoft .NET Framework 3.5", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Windows Server 2012" }, { "status": "affected", "version": "Windows Server 2012 (Server Core installation)" }, { "status": "affected", "version": "Windows 8.1 for 32-bit systems" }, { "status": "affected", "version": "Windows 8.1 for x64-based systems" }, { "status": "affected", "version": "Windows Server 2012 R2" }, { "status": "affected", "version": "Windows Server 2012 R2 (Server Core installation)" }, { "status": "affected", "version": "Windows 10 for 32-bit Systems" }, { "status": "affected", "version": "Windows 10 for x64-based Systems" }, { "status": "affected", "version": "Windows Server 2016" }, { "status": "affected", "version": "Windows 10 Version 1607 for 32-bit Systems" }, { "status": "affected", "version": "Windows 10 Version 1607 for x64-based Systems" }, { "status": "affected", "version": "Windows 10 Version 1703 for 32-bit Systems" }, { "status": "affected", "version": "Windows 10 Version 1703 for x64-based Systems" }, { "status": "affected", "version": "Windows 10 Version 1709 for 32-bit Systems" }, { "status": "affected", "version": "Windows 10 Version 1709 for x64-based Systems" }, { "status": "affected", "version": "Windows Server, version 1709 (Server Core Installation)" }, { "status": "affected", "version": "Windows 10 Version 1803 for 32-bit Systems" }, { "status": "affected", "version": "Windows 10 Version 1803 for x64-based Systems" }, { "status": "affected", "version": "Windows Server, version 1803 (Server Core Installation)" }, { "status": "affected", "version": "Windows 10 Version 1803 for ARM64-based Systems" }, { "status": "affected", "version": "Windows 10 Version 1809 for 32-bit Systems" }, { "status": "affected", "version": "Windows 10 Version 1809 for x64-based Systems" }, { "status": "affected", "version": "Windows Server 2019" }, { "status": "affected", "version": "Windows Server 2019 (Server Core installation)" }, { "status": "affected", "version": "Windows 10 Version 1709 for ARM64-based Systems" } ] }, { "product": "Microsoft .NET Framework 3.0", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" }, { "status": "affected", "version": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" }, { "status": "affected", "version": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" } ] }, { "product": "Microsoft .NET Framework 2.0", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" } ] }, { "product": "Microsoft .NET Framework 3.5.1", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Windows 7 for 32-bit Systems Service Pack 1" }, { "status": "affected", "version": "Windows 7 for x64-based Systems Service Pack 1" }, { "status": "affected", "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" }, { "status": "affected", "version": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" }, { "status": "affected", "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" } ] } ], "datePublic": "2019-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability exists in certain .Net Framework API\u0027s and Visual Studio in the way they parse URL\u0027s, aka \u0027.NET Framework and Visual Studio Spoofing Vulnerability\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Spoofing", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-03-06T10:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "RHSA-2019:0349", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:0349" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657" }, { "name": "106890", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106890" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2019-0657", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft .NET Framework 4.5.2", "version": { "version_data": [ { "version_value": "Windows 7 for 32-bit Systems Service Pack 1" }, { "version_value": "Windows 7 for x64-based Systems Service Pack 1" }, { "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" }, { "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" }, { "version_value": "Windows Server 2012" }, { "version_value": "Windows Server 2012 (Server Core installation)" }, { "version_value": "Windows 8.1 for 32-bit systems" }, { "version_value": "Windows 8.1 for x64-based systems" }, { "version_value": "Windows Server 2012 R2" }, { "version_value": "Windows RT 8.1" }, { "version_value": "Windows Server 2012 R2 (Server Core installation)" }, { "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" }, { "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" } ] } }, { "product_name": "Microsoft .NET Framework 4.6", "version": { "version_data": [ { "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" }, { "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" } ] } }, { "product_name": ".NET Core", "version": { "version_data": [ { "version_value": "1" }, { "version_value": "2.1" }, { "version_value": "2.2" } ] } }, { "product_name": "Microsoft Visual Studio", "version": { "version_data": [ { "version_value": "2017" } ] } }, { "product_name": "Microsoft .NET Framework 4.7.2", "version": { "version_data": [ { "version_value": "Windows 10 Version 1803 for 32-bit Systems" }, { "version_value": "Windows 10 Version 1803 for x64-based Systems" }, { "version_value": "Windows Server, version 1803 (Server Core Installation)" }, { "version_value": "Windows 10 Version 1803 for ARM64-based Systems" }, { "version_value": "Windows 10 Version 1809 for 32-bit Systems" }, { "version_value": "Windows 10 Version 1809 for x64-based Systems" }, { "version_value": "Windows Server 2019" }, { "version_value": "Windows Server 2019 (Server Core installation)" } ] } }, { "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2", "version": { "version_data": [ { "version_value": "Windows 10 for 32-bit Systems" }, { "version_value": "Windows 10 for x64-based Systems" } ] } }, { "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", "version": { "version_data": [ { "version_value": "Windows 7 for 32-bit Systems Service Pack 1" }, { "version_value": "Windows 7 for x64-based Systems Service Pack 1" }, { "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" }, { "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" }, { "version_value": "Windows Server 2012" }, { "version_value": "Windows Server 2012 (Server Core installation)" }, { "version_value": "Windows 8.1 for 32-bit systems" }, { "version_value": "Windows 8.1 for x64-based systems" }, { "version_value": "Windows Server 2012 R2" }, { "version_value": "Windows RT 8.1" }, { "version_value": "Windows Server 2012 R2 (Server Core installation)" } ] } }, { "product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", "version": { "version_data": [ { "version_value": "Windows Server 2016" }, { "version_value": "Windows 10 Version 1607 for 32-bit Systems" }, { "version_value": "Windows 10 Version 1607 for x64-based Systems" }, { "version_value": "Windows Server 2016 (Server Core installation)" } ] } }, { "product_name": "Microsoft .NET Framework 4.7/4.7.1/4.7.2", "version": { "version_data": [ { "version_value": "Windows 10 Version 1703 for 32-bit Systems" }, { "version_value": "Windows 10 Version 1703 for x64-based Systems" } ] } }, { "product_name": "Microsoft .NET Framework 4.7.1/4.7.2", "version": { "version_data": [ { "version_value": "Windows 10 Version 1709 for 32-bit Systems" }, { "version_value": "Windows 10 Version 1709 for x64-based Systems" }, { "version_value": "Windows Server, version 1709 (Server Core Installation)" }, { "version_value": "Windows 10 Version 1709 for ARM64-based Systems" } ] } }, { "product_name": "PowerShell Core", "version": { "version_data": [ { "version_value": "6.1" }, { "version_value": "6.2" } ] } }, { "product_name": "Microsoft Visual Studio 2017", "version": { "version_data": [ { "version_value": "version 15.9" } ] } }, { "product_name": "Microsoft .NET Framework 3.5", "version": { "version_data": [ { "version_value": "Windows Server 2012" }, { "version_value": "Windows Server 2012 (Server Core installation)" }, { "version_value": "Windows 8.1 for 32-bit systems" }, { "version_value": "Windows 8.1 for x64-based systems" }, { "version_value": "Windows Server 2012 R2" }, { "version_value": "Windows Server 2012 R2 (Server Core installation)" }, { "version_value": "Windows 10 for 32-bit Systems" }, { "version_value": "Windows 10 for x64-based Systems" }, { "version_value": "Windows Server 2016" }, { "version_value": "Windows 10 Version 1607 for 32-bit Systems" }, { "version_value": "Windows 10 Version 1607 for x64-based Systems" }, { "version_value": "Windows 10 Version 1703 for 32-bit Systems" }, { "version_value": "Windows 10 Version 1703 for x64-based Systems" }, { "version_value": "Windows 10 Version 1709 for 32-bit Systems" }, { "version_value": "Windows 10 Version 1709 for x64-based Systems" }, { "version_value": "Windows Server, version 1709 (Server Core Installation)" }, { "version_value": "Windows 10 Version 1803 for 32-bit Systems" }, { "version_value": "Windows 10 Version 1803 for x64-based Systems" }, { "version_value": "Windows Server, version 1803 (Server Core Installation)" }, { "version_value": "Windows 10 Version 1803 for ARM64-based Systems" }, { "version_value": "Windows 10 Version 1809 for 32-bit Systems" }, { "version_value": "Windows 10 Version 1809 for x64-based Systems" }, { "version_value": "Windows Server 2019" }, { "version_value": "Windows Server 2019 (Server Core installation)" }, { "version_value": "Windows 10 Version 1709 for ARM64-based Systems" } ] } }, { "product_name": "Microsoft .NET Framework 3.0", "version": { "version_data": [ { "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" }, { "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" }, { "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" } ] } }, { "product_name": "Microsoft .NET Framework 2.0", "version": { "version_data": [ { "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" } ] } }, { "product_name": "Microsoft .NET Framework 3.5.1", "version": { "version_data": [ { "version_value": "Windows 7 for 32-bit Systems Service Pack 1" }, { "version_value": "Windows 7 for x64-based Systems Service Pack 1" }, { "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" }, { "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" }, { "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability exists in certain .Net Framework API\u0027s and Visual Studio in the way they parse URL\u0027s, aka \u0027.NET Framework and Visual Studio Spoofing Vulnerability\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Spoofing" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2019:0349", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0349" }, { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657" }, { "name": "106890", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106890" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2019-0657", "datePublished": "2019-03-06T00:00:00", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-08-04T17:51:27.244Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-0632
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0632 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/106880 | vdb-entry, x_refsource_BID |
▼ | Vendor | Product |
---|---|---|
Microsoft | Windows | |
Microsoft | Windows Server | |
Microsoft | PowerShell Core |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:51:26.708Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0632" }, { "name": "106880", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106880" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Windows", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "10 for 32-bit Systems" }, { "status": "affected", "version": "10 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1607 for 32-bit Systems" }, { "status": "affected", "version": "10 Version 1607 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1703 for 32-bit Systems" }, { "status": "affected", "version": "10 Version 1703 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1709 for 32-bit Systems" }, { "status": "affected", "version": "10 Version 1709 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1803 for 32-bit Systems" }, { "status": "affected", "version": "10 Version 1803 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1803 for ARM64-based Systems" }, { "status": "affected", "version": "10 Version 1809 for 32-bit Systems" }, { "status": "affected", "version": "10 Version 1809 for x64-based Systems" }, { "status": "affected", "version": "10 Version 1809 for ARM64-based Systems" }, { "status": "affected", "version": "10 Version 1709 for ARM64-based Systems" } ] }, { "product": "Windows Server", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2016" }, { "status": "affected", "version": "2016 (Core installation)" }, { "status": "affected", "version": "version 1709 (Core Installation)" }, { "status": "affected", "version": "version 1803 (Core Installation)" }, { "status": "affected", "version": "2019" }, { "status": "affected", "version": "2019 (Core installation)" } ] }, { "product": "PowerShell Core", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "6.1" }, { "status": "affected", "version": "6.2" } ] } ], "datePublic": "2019-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka \u0027Windows Security Feature Bypass Vulnerability\u0027. This CVE ID is unique from CVE-2019-0627, CVE-2019-0631." } ], "problemTypes": [ { "descriptions": [ { "description": "Security Feature Bypass", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-03-06T10:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0632" }, { "name": "106880", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106880" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2019-0632", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Windows", "version": { "version_data": [ { "version_value": "10 for 32-bit Systems" }, { "version_value": "10 for x64-based Systems" }, { "version_value": "10 Version 1607 for 32-bit Systems" }, { "version_value": "10 Version 1607 for x64-based Systems" }, { "version_value": "10 Version 1703 for 32-bit Systems" }, { "version_value": "10 Version 1703 for x64-based Systems" }, { "version_value": "10 Version 1709 for 32-bit Systems" }, { "version_value": "10 Version 1709 for x64-based Systems" }, { "version_value": "10 Version 1803 for 32-bit Systems" }, { "version_value": "10 Version 1803 for x64-based Systems" }, { "version_value": "10 Version 1803 for ARM64-based Systems" }, { "version_value": "10 Version 1809 for 32-bit Systems" }, { "version_value": "10 Version 1809 for x64-based Systems" }, { "version_value": "10 Version 1809 for ARM64-based Systems" }, { "version_value": "10 Version 1709 for ARM64-based Systems" } ] } }, { "product_name": "Windows Server", "version": { "version_data": [ { "version_value": "2016" }, { "version_value": "2016 (Core installation)" }, { "version_value": "version 1709 (Core Installation)" }, { "version_value": "version 1803 (Core Installation)" }, { "version_value": "2019" }, { "version_value": "2019 (Core installation)" } ] } }, { "product_name": "PowerShell Core", "version": { "version_data": [ { "version_value": "6.1" }, { "version_value": "6.2" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka \u0027Windows Security Feature Bypass Vulnerability\u0027. This CVE ID is unique from CVE-2019-0627, CVE-2019-0631." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Security Feature Bypass" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0632", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0632" }, { "name": "106880", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106880" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2019-0632", "datePublished": "2019-03-06T00:00:00", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-08-04T17:51:26.708Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-202108-1026
Vulnerability from variot
.NET Core and Visual Studio Denial of Service Vulnerability. plural Microsoft The product interferes with service operation (DoS) A vulnerability exists.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: .NET Core 3.1 on RHEL 7 security and bugfix update Advisory ID: RHSA-2021:3143-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3143 Issue date: 2021-08-11 CVE Names: CVE-2021-26423 CVE-2021-34485 CVE-2021-34532 =====================================================================
- Summary:
An update for .NET Core 3.1 is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.118 and .NET Runtime 3.1.18.
Security Fix(es):
-
dotnet: ASP.NET Core WebSocket frame processing DoS (CVE-2021-26423)
-
dotnet: Dump file created world-readable (CVE-2021-34485)
-
dotnet: ASP.NET Core JWT token logging (CVE-2021-34532)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1990286 - CVE-2021-34485 dotnet: Dump file created world-readable 1990295 - CVE-2021-26423 dotnet: ASP.NET Core WebSocket frame processing DoS 1990300 - CVE-2021-34532 dotnet: ASP.NET Core JWT token logging
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet31-dotnet-3.1.118-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.118-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet31-dotnet-3.1.118-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.118-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet31-dotnet-3.1.118-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.118-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-26423 https://access.redhat.com/security/cve/CVE-2021-34485 https://access.redhat.com/security/cve/CVE-2021-34532 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYRQa8tzjgjWX9erEAQgZVg//eyD52RIjaXDx3Y8hIiT3Lol1bgP5prfh vgB+Y/IX75XF929mfsAP4QYJGQR9Q6OR511V7SewOqlGMO65S6yvlqVjvDCoesFc Am02/u2D3A8U7HiTYmAPqKNwzf7t8v2KbfZGMIAJQgYCEB4qjT2zvIt9B6TRAKo2 EdQa4XQsnmh4h3bMhkLrI3m8epxUD5Fk7RizA2F7pCwyL/EpiGzlD13nQWNB18gC Y8Csf5i+xPa66EakBo1fWb7u8oda1aoDcKSoDqinfd9t29yTNCAN4g2h1P/1TkDi nLpFRYf5fv7hoWUHmzg6Alp3eZw2GJVVvtMok2bba2TRYmw3MuXuxctaghupD8ph WDtluNCVniryl4SDkgFaSutcAwbyVlQo6M+ku5j1oy+nS26boGv0dIet9UHHkcAS /+tEiTw/atMuRLwkEQ90Y+CUQ9EkTW9X0haKTsvqbJ+/ZKiDdBYQlYxnrvzh5NEx L/a+QneLNviwEJsyFwozWePokB70J1sPPlU2TjtJI7X5hehvIg1U7rfIGSW7yAmB ji512gGjxX6p/k98O2+1DNJ9c8zf6CvHEt+A2KKaZHkJDV/J5aZeJzfmT3rSq+qu 6BQTTYOtPEI7m/u20I5zzeJ1MBE0gE31O+ng3trHf4HzN82T9AZKB0lthLiX4TKK 3V5TkyNr+k0= =JpAp -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202108-1026", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": ".net", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "5.0" }, { "model": ".net core", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "2.1.28" }, { "model": "visual studio 2019", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "16.10" }, { "model": ".net core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "3.1" }, { "model": "visual studio 2017", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "15.0" }, { "model": "visual studio 2019", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "16.0" }, { "model": ".net core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "2.1" }, { "model": "powershell core", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "7.0.7" }, { "model": ".net", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "5.0.8" }, { "model": "powershell core", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "7.1.4" }, { "model": ".net core", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "3.1.17" }, { "model": "powershell core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "7.1" }, { "model": "powershell core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "7.0" }, { "model": "visual studio 2017", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "15.9" }, { "model": "visual studio 2019", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "8.10" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "7.1" }, { "model": ".net", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": "microsoft visual studio", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "7.0" }, { "model": ".net core", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002313" }, { "db": "NVD", "id": "CVE-2021-26423" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.9", "versionStartIncluding": "15.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.10", "versionStartIncluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.0.8", "versionStartIncluding": "5.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.1.28", "versionStartIncluding": "2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.1.17", "versionStartIncluding": "3.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.0.7", "versionStartIncluding": "7.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.1.4", "versionStartIncluding": "7.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-26423" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Peter St\u00f6ckli\u003c/a\u003e with Ergon Informatik", "sources": [ { "db": "CNNVD", "id": "CNNVD-202108-847" } ], "trust": 0.6 }, "cve": "CVE-2021-26423", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-26423", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-26423", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-26423", "trust": 1.8, "value": "HIGH" }, { "author": "secure@microsoft.com", "id": "CVE-2021-26423", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202108-847", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-26423", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-26423" }, { "db": "JVNDB", "id": "JVNDB-2021-002313" }, { "db": "NVD", "id": "CVE-2021-26423" }, { "db": "NVD", "id": "CVE-2021-26423" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202108-847" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": ".NET Core and Visual Studio Denial of Service Vulnerability. plural Microsoft The product interferes with service operation (DoS) A vulnerability exists.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: .NET Core 3.1 on RHEL 7 security and bugfix update\nAdvisory ID: RHSA-2021:3143-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:3143\nIssue date: 2021-08-11\nCVE Names: CVE-2021-26423 CVE-2021-34485 CVE-2021-34532 \n=====================================================================\n\n1. Summary:\n\nAn update for .NET Core 3.1 is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address security vulnerabilities are now\navailable. The updated versions are .NET SDK 3.1.118 and .NET Runtime\n3.1.18. \n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core WebSocket frame processing DoS (CVE-2021-26423)\n\n* dotnet: Dump file created world-readable (CVE-2021-34485)\n\n* dotnet: ASP.NET Core JWT token logging (CVE-2021-34532)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1990286 - CVE-2021-34485 dotnet: Dump file created world-readable\n1990295 - CVE-2021-26423 dotnet: ASP.NET Core WebSocket frame processing DoS\n1990300 - CVE-2021-34532 dotnet: ASP.NET Core JWT token logging\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.118-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.118-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.118-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.118-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.118-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.118-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-26423\nhttps://access.redhat.com/security/cve/CVE-2021-34485\nhttps://access.redhat.com/security/cve/CVE-2021-34532\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYRQa8tzjgjWX9erEAQgZVg//eyD52RIjaXDx3Y8hIiT3Lol1bgP5prfh\nvgB+Y/IX75XF929mfsAP4QYJGQR9Q6OR511V7SewOqlGMO65S6yvlqVjvDCoesFc\nAm02/u2D3A8U7HiTYmAPqKNwzf7t8v2KbfZGMIAJQgYCEB4qjT2zvIt9B6TRAKo2\nEdQa4XQsnmh4h3bMhkLrI3m8epxUD5Fk7RizA2F7pCwyL/EpiGzlD13nQWNB18gC\nY8Csf5i+xPa66EakBo1fWb7u8oda1aoDcKSoDqinfd9t29yTNCAN4g2h1P/1TkDi\nnLpFRYf5fv7hoWUHmzg6Alp3eZw2GJVVvtMok2bba2TRYmw3MuXuxctaghupD8ph\nWDtluNCVniryl4SDkgFaSutcAwbyVlQo6M+ku5j1oy+nS26boGv0dIet9UHHkcAS\n/+tEiTw/atMuRLwkEQ90Y+CUQ9EkTW9X0haKTsvqbJ+/ZKiDdBYQlYxnrvzh5NEx\nL/a+QneLNviwEJsyFwozWePokB70J1sPPlU2TjtJI7X5hehvIg1U7rfIGSW7yAmB\nji512gGjxX6p/k98O2+1DNJ9c8zf6CvHEt+A2KKaZHkJDV/J5aZeJzfmT3rSq+qu\n6BQTTYOtPEI7m/u20I5zzeJ1MBE0gE31O+ng3trHf4HzN82T9AZKB0lthLiX4TKK\n3V5TkyNr+k0=\n=JpAp\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2021-26423" }, { "db": "JVNDB", "id": "JVNDB-2021-002313" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-26423" }, { "db": "PACKETSTORM", "id": "163808" }, { "db": "PACKETSTORM", "id": "163807" }, { "db": "PACKETSTORM", "id": "163802" }, { "db": "PACKETSTORM", "id": "163799" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-26423", "trust": 2.9 }, { "db": "JVNDB", "id": "JVNDB-2021-002313", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "163799", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2729", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2753", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021081011", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021081229", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202108-847", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-26423", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "163808", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "163807", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "163802", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-26423" }, { "db": "JVNDB", "id": "JVNDB-2021-002313" }, { "db": "PACKETSTORM", "id": "163808" }, { "db": "PACKETSTORM", "id": "163807" }, { "db": "PACKETSTORM", "id": "163802" }, { "db": "PACKETSTORM", "id": "163799" }, { "db": "NVD", "id": "CVE-2021-26423" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202108-847" } ] }, "id": "VAR-202108-1026", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2024-01-03T12:07:33.221000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": ".NET\u00a0Core\u00a0and\u00a0Visual\u00a0Studio\u00a0Denial\u00a0of\u00a0Service\u00a0Vulnerability Security Update Guide", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-26423" }, { "title": "Microsoft .NET Core and Microsoft Visual Studio Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=159242" }, { "title": "Red Hat: CVE-2021-26423", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-26423" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-26423 log" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-26423" }, { "db": "JVNDB", "id": "JVNDB-2021-002313" }, { "db": "CNNVD", "id": "CNNVD-202108-847" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002313" }, { "db": "NVD", "id": "CVE-2021-26423" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-26423" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26423" }, { "trust": 1.1, "url": "https://access.redhat.com/security/cve/cve-2021-26423" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20210811-ms.html" }, { "trust": 0.8, "url": "https://www.jpcert.or.jp/at/2021/at210034.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-26423" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2729" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2753" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021081229" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-august-2021-36113" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/163799/red-hat-security-advisory-2021-3142-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021081011" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-34532" }, { "trust": 0.4, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34532" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34485" }, { "trust": 0.4, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-34485" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3148" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3147" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3143" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3142" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-26423" }, { "db": "JVNDB", "id": "JVNDB-2021-002313" }, { "db": "PACKETSTORM", "id": "163808" }, { "db": "PACKETSTORM", "id": "163807" }, { "db": "PACKETSTORM", "id": "163802" }, { "db": "PACKETSTORM", "id": "163799" }, { "db": "NVD", "id": "CVE-2021-26423" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202108-847" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-26423" }, { "db": "JVNDB", "id": "JVNDB-2021-002313" }, { "db": "PACKETSTORM", "id": "163808" }, { "db": "PACKETSTORM", "id": "163807" }, { "db": "PACKETSTORM", "id": "163802" }, { "db": "PACKETSTORM", "id": "163799" }, { "db": "NVD", "id": "CVE-2021-26423" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202108-847" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-08-12T00:00:00", "db": "VULMON", "id": "CVE-2021-26423" }, { "date": "2021-08-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-002313" }, { "date": "2021-08-12T15:49:33", "db": "PACKETSTORM", "id": "163808" }, { "date": "2021-08-12T15:49:21", "db": "PACKETSTORM", "id": "163807" }, { "date": "2021-08-12T15:45:22", "db": "PACKETSTORM", "id": "163802" }, { "date": "2021-08-12T15:43:32", "db": "PACKETSTORM", "id": "163799" }, { "date": "2021-08-12T18:15:08.537000", "db": "NVD", "id": "CVE-2021-26423" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-08-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202108-847" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-08-19T00:00:00", "db": "VULMON", "id": "CVE-2021-26423" }, { "date": "2021-08-26T03:18:00", "db": "JVNDB", "id": "JVNDB-2021-002313" }, { "date": "2023-12-28T20:15:44.377000", "db": "NVD", "id": "CVE-2021-26423" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-08-20T00:00:00", "db": "CNNVD", "id": "CNNVD-202108-847" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202108-847" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0Microsoft\u00a0 Service operation interruption in the product \u00a0(DoS)\u00a0 Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002313" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-201903-1508
Vulnerability from variot
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0627, CVE-2019-0631. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201903-1508", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "powershell core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "6.2" }, { "model": "powershell core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "6.1" }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1809" }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1709" }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1803" }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1607" }, { "model": "windows server 2019", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1803" }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1703" }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1709" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1607 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1607 for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1703 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1703 for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 for 64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 for arm64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 for arm64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1809 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1809 for arm64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1809 for x64-based systems" }, { "model": "windows server", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 (server core installation)" }, { "model": "windows server", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 (server core installation)" }, { "model": "windows server 2016", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "none" }, { "model": "windows server 2016", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(server core installation)" }, { "model": "windows server 2019", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "none" }, { "model": "windows server 2019", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(server core installation)" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20190" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20160" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "18030" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "17090" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018090" }, { "model": "windows version for arm64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018090" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018090" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018030" }, { "model": "windows version for arm64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018030" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018030" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "windows version for arm64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" } ], "sources": [ { "db": "BID", "id": "106880" }, { "db": "JVNDB", "id": "JVNDB-2019-002158" }, { "db": "NVD", "id": "CVE-2019-0632" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-0632" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Matt Graeber from SpecterOps.", "sources": [ { "db": "BID", "id": "106880" }, { "db": "CNNVD", "id": "CNNVD-201902-364" } ], "trust": 0.9 }, "cve": "CVE-2019-0632", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2019-0632", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-0632", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-0632", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201902-364", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002158" }, { "db": "NVD", "id": "CVE-2019-0632" }, { "db": "CNNVD", "id": "CNNVD-201902-364" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka \u0027Windows Security Feature Bypass Vulnerability\u0027. This CVE ID is unique from CVE-2019-0627, CVE-2019-0631. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks", "sources": [ { "db": "NVD", "id": "CVE-2019-0632" }, { "db": "JVNDB", "id": "JVNDB-2019-002158" }, { "db": "BID", "id": "106880" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-0632", "trust": 2.7 }, { "db": "BID", "id": "106880", "trust": 1.9 }, { "db": "JVNDB", "id": "JVNDB-2019-002158", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201902-364", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "106880" }, { "db": "JVNDB", "id": "JVNDB-2019-002158" }, { "db": "NVD", "id": "CVE-2019-0632" }, { "db": "CNNVD", "id": "CNNVD-201902-364" } ] }, "id": "VAR-201903-1508", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2023-12-18T12:43:35.701000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2019-0632 | Windows Security Feature Bypass Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0632" }, { "title": "CVE-2019-0632 | Windows \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u306e\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2019-0632" }, { "title": "Microsoft Windows Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89178" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002158" }, { "db": "CNNVD", "id": "CNNVD-201902-364" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-264", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002158" }, { "db": "NVD", "id": "CVE-2019-0632" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "http://www.securityfocus.com/bid/106880" }, { "trust": 1.9, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0632" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0632" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-cve-2019-0632" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20190213-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2019/at190006.html" }, { "trust": 0.3, "url": "https://github.com/powershell/announcements/issues/13" }, { "trust": 0.3, "url": "http://www.microsoft.com" } ], "sources": [ { "db": "BID", "id": "106880" }, { "db": "JVNDB", "id": "JVNDB-2019-002158" }, { "db": "NVD", "id": "CVE-2019-0632" }, { "db": "CNNVD", "id": "CNNVD-201902-364" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "106880" }, { "db": "JVNDB", "id": "JVNDB-2019-002158" }, { "db": "NVD", "id": "CVE-2019-0632" }, { "db": "CNNVD", "id": "CNNVD-201902-364" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-02-12T00:00:00", "db": "BID", "id": "106880" }, { "date": "2019-04-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-002158" }, { "date": "2019-03-05T23:29:01.350000", "db": "NVD", "id": "CVE-2019-0632" }, { "date": "2019-02-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201902-364" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-02-21T05:00:00", "db": "BID", "id": "106880" }, { "date": "2019-04-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-002158" }, { "date": "2020-08-24T17:37:01.140000", "db": "NVD", "id": "CVE-2019-0632" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201902-364" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "106880" }, { "db": "CNNVD", "id": "CNNVD-201902-364" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Microsoft Windows Vulnerabilities that bypass security functions in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002158" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control", "sources": [ { "db": "CNNVD", "id": "CNNVD-201902-364" } ], "trust": 0.6 } }
var-201905-0991
Vulnerability from variot
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981. This vulnerability CVE-2019-0980 and CVE-2019-0981 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial of service condition.
Bug Fix(es):
-
dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2019:1236-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1236 Issue date: 2019-05-15 CVE Names: CVE-2019-0820 CVE-2019-0980 CVE-2019-0981 ==================================================================== 1. Summary:
Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now available for .NET Core on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.16, 1.1.13, 2.1.11, and 2.2.5.
Security Fix(es):
-
dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)
-
dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0980)
-
dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0981)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)
-
Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)
-
Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)
-
Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1654863 - Re-enable bash completion in rh-dotnet22-dotnet 1678932 - Error rebuilding rh-dotnet22-curl in CentOS 1703479 - Broken apphost caused by unset DOTNET_ROOT 1703508 - Update to .NET Core 1.1.13 1704454 - Update to .NET Core 1.0.16 1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107 1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507 1705259 - Make bash completion compatible with rh-dotnet22 packages 1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service 1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service 1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-0820 https://access.redhat.com/security/cve/CVE-2019-0980 https://access.redhat.com/security/cve/CVE-2019-0981 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB hMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3 3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH kCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ pTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa UcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN NqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg z+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB n7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP DPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD /I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm KCZo5tPFVoU=dJ6F -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0991", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.7.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.7.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.6.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.6.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "3.5.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.8" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.7" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.6" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.5.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "3.5" }, { "model": ".net core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "2.2" }, { "model": ".net core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "2.1" }, { "model": ".net core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "1.1" }, { "model": ".net core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "1.0" }, { "model": ".net framework", "scope": "eq", "trust": 1.3, "vendor": "microsoft", "version": "3.0" }, { "model": ".net framework", "scope": "eq", "trust": 1.3, "vendor": "microsoft", "version": "2.0" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.2" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.4" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.6" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.6" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.2" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.4" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.1" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.2" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.4" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.6" }, { "model": ".net framework", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "2.0 sp2" }, { "model": ".net framework", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "3.0 sp2" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "6.1" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "6.2" } ], "sources": [ { "db": "BID", "id": "108245" }, { "db": "JVNDB", "id": "JVNDB-2019-003848" }, { "db": "NVD", "id": "CVE-2019-0820" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-0820" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat,Microsoft", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-419" } ], "trust": 0.6 }, "cve": "CVE-2019-0820", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-0820", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-0820", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-0820", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201905-419", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2019-0820", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-0820" }, { "db": "JVNDB", "id": "JVNDB-2019-003848" }, { "db": "NVD", "id": "CVE-2019-0820" }, { "db": "CNNVD", "id": "CNNVD-201905-419" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka \u0027.NET Framework and .NET Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981. This vulnerability CVE-2019-0980 and CVE-2019-0981 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial of service condition. \n\nBug Fix(es):\n\n* dotnet: new SocketException((int)SocketError.InvalidArgument).Message is\nempty (BZ#1712471)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update\nAdvisory ID: RHSA-2019:1236-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:1236\nIssue date: 2019-05-15\nCVE Names: CVE-2019-0820 CVE-2019-0980 CVE-2019-0981\n====================================================================\n1. Summary:\n\nUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,\nrh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now\navailable for .NET Core on Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core 1.0.16, 1.1.13, 2.1.11, and\n2.2.5. \n\nSecurity Fix(es):\n\n* dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)\n\n* dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of\nService (CVE-2019-0980)\n\n* dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of\nService (CVE-2019-0981)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)\n\n* Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)\n\n* Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)\n\n* Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1654863 - Re-enable bash completion in rh-dotnet22-dotnet\n1678932 - Error rebuilding rh-dotnet22-curl in CentOS\n1703479 - Broken apphost caused by unset DOTNET_ROOT\n1703508 - Update to .NET Core 1.1.13\n1704454 - Update to .NET Core 1.0.16\n1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107\n1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507\n1705259 - Make bash completion compatible with rh-dotnet22 packages\n1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service\n1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service\n1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0820\nhttps://access.redhat.com/security/cve/CVE-2019-0980\nhttps://access.redhat.com/security/cve/CVE-2019-0981\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB\nhMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3\n3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH\nkCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ\npTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa\nUcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN\nNqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg\nz+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB\nn7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP\nDPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD\n/I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm\nKCZo5tPFVoU=dJ6F\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2019-0820" }, { "db": "JVNDB", "id": "JVNDB-2019-003848" }, { "db": "BID", "id": "108245" }, { "db": "VULMON", "id": "CVE-2019-0820" }, { "db": "PACKETSTORM", "id": "152999" }, { "db": "PACKETSTORM", "id": "152953" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-0820", "trust": 3.0 }, { "db": "BID", "id": "108245", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2019-003848", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "152999", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "152953", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.1839", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.1740", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201905-419", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2019-0820", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-0820" }, { "db": "BID", "id": "108245" }, { "db": "JVNDB", "id": "JVNDB-2019-003848" }, { "db": "PACKETSTORM", "id": "152999" }, { "db": "PACKETSTORM", "id": "152953" }, { "db": "NVD", "id": "CVE-2019-0820" }, { "db": "CNNVD", "id": "CNNVD-201905-419" } ] }, "id": "VAR-201905-0991", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2023-12-18T13:02:13.402000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2019-0820 | .NET Framework and .NET Core Denial of Service Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0820" }, { "title": "CVE-2019-0820 | .NET Framework \u3068 .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2019-0820" }, { "title": "Microsoft .NET Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92588" }, { "title": "Red Hat: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191236 - security advisory" }, { "title": "Red Hat: Important: dotnet security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191259 - security advisory" }, { "title": "snowflake-connector-net", "trust": 0.1, "url": "https://github.com/snowflakedb/snowflake-connector-net " }, { "title": "", "trust": 0.1, "url": "https://github.com/tortugaresearch/tortuga.data.snowflake " }, { "title": "Symantec Threat Intelligence Blog", "trust": 0.1, "url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-may-2019" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-0820" }, { "db": "JVNDB", "id": "JVNDB-2019-003848" }, { "db": "CNNVD", "id": "CNNVD-201905-419" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003848" }, { "db": "NVD", "id": "CVE-2019-0820" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:1259" }, { "trust": 2.2, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0820" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0820" }, { "trust": 0.9, "url": "http://www.microsoft.com" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0820" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20190515-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2019/at190023.html" }, { "trust": 0.7, "url": "https://www.securityfocus.com/bid/108245" }, { "trust": 0.7, "url": "https://access.redhat.com/errata/rhsa-2019:1236" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/152999/red-hat-security-advisory-2019-1259-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/81042" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/152953/red-hat-security-advisory-2019-1236-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.1839/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-may-2019-29296" }, { "trust": 0.2, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0980" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0981" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0980" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0981" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0980" }, { "trust": 0.2, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0981" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0820" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/400.html" }, { "trust": 0.1, "url": "https://github.com/snowflakedb/snowflake-connector-net" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/108245" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0757" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0757" }, { "trust": 0.1, "url": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md" }, { "trust": 0.1, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0757" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-0820" }, { "db": "BID", "id": "108245" }, { "db": "JVNDB", "id": "JVNDB-2019-003848" }, { "db": "PACKETSTORM", "id": "152999" }, { "db": "PACKETSTORM", "id": "152953" }, { "db": "NVD", "id": "CVE-2019-0820" }, { "db": "CNNVD", "id": "CNNVD-201905-419" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2019-0820" }, { "db": "BID", "id": "108245" }, { "db": "JVNDB", "id": "JVNDB-2019-003848" }, { "db": "PACKETSTORM", "id": "152999" }, { "db": "PACKETSTORM", "id": "152953" }, { "db": "NVD", "id": "CVE-2019-0820" }, { "db": "CNNVD", "id": "CNNVD-201905-419" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-05-16T00:00:00", "db": "VULMON", "id": "CVE-2019-0820" }, { "date": "2019-05-14T00:00:00", "db": "BID", "id": "108245" }, { "date": "2019-05-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003848" }, { "date": "2019-05-22T14:39:27", "db": "PACKETSTORM", "id": "152999" }, { "date": "2019-05-16T23:05:23", "db": "PACKETSTORM", "id": "152953" }, { "date": "2019-05-16T19:29:00.880000", "db": "NVD", "id": "CVE-2019-0820" }, { "date": "2019-05-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-419" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-02T00:00:00", "db": "VULMON", "id": "CVE-2019-0820" }, { "date": "2019-05-14T00:00:00", "db": "BID", "id": "108245" }, { "date": "2019-05-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003848" }, { "date": "2023-02-02T19:16:40.193000", "db": "NVD", "id": "CVE-2019-0820" }, { "date": "2021-08-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-419" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-419" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": ".NET Framework and .NET Core Vulnerable to denial of service operation", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003848" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-419" } ], "trust": 0.6 } }
var-201907-1382
Vulnerability from variot
A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'. A local attacker can leverage this issue to bypass certain security restrictions and perform unauthorized actions. PowerShell Core 6.1, and 6.2 are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201907-1382", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "powershell core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "6.2" }, { "model": "powershell core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "6.1" }, { "model": "powershell core", "scope": "ne", "trust": 0.3, "vendor": "microsoft", "version": "6.2.2" }, { "model": "powershell core", "scope": "ne", "trust": 0.3, "vendor": "microsoft", "version": "6.1.5" } ], "sources": [ { "db": "BID", "id": "109267" }, { "db": "JVNDB", "id": "JVNDB-2019-006787" }, { "db": "NVD", "id": "CVE-2019-1167" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-1167" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "109267" } ], "trust": 0.3 }, "cve": "CVE-2019-1167", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.4, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 1.9, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2019-1167", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.5, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.1, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-1167", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-1167", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201907-963", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-006787" }, { "db": "NVD", "id": "CVE-2019-1167" }, { "db": "CNNVD", "id": "CNNVD-201907-963" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka \u0027Windows Defender Application Control Security Feature Bypass Vulnerability\u0027. \nA local attacker can leverage this issue to bypass certain security restrictions and perform unauthorized actions. \nPowerShell Core 6.1, and 6.2 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2019-1167" }, { "db": "JVNDB", "id": "JVNDB-2019-006787" }, { "db": "BID", "id": "109267" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-1167", "trust": 2.7 }, { "db": "BID", "id": "109267", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2019-006787", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201907-963", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "109267" }, { "db": "JVNDB", "id": "JVNDB-2019-006787" }, { "db": "NVD", "id": "CVE-2019-1167" }, { "db": "CNNVD", "id": "CNNVD-201907-963" } ] }, "id": "VAR-201907-1382", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2023-12-18T13:38:14.361000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2019-1167 | Windows Defender Application Control Security Feature Bypass Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1167" }, { "title": "CVE-2019-1167 | Windows Defender \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u5236\u5fa1\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u306e\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2019-1167" }, { "title": "Microsoft Windows Defender Application Control Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95283" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-006787" }, { "db": "CNNVD", "id": "CNNVD-201907-963" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-254", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-006787" }, { "db": "NVD", "id": "CVE-2019-1167" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1167" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1167" }, { "trust": 0.9, "url": "https://github.com/powershell/powershell/security/advisories/ghsa-5frh-8cmj-gc59" }, { "trust": 0.9, "url": "http://www.microsoft.com/windows/default.mspx" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1167" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-windows-powershell-core-privilege-escalation-via-wdac-29800" }, { "trust": 0.6, "url": "https://www.securityfocus.com/bid/109267" }, { "trust": 0.6, "url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-1167" } ], "sources": [ { "db": "BID", "id": "109267" }, { "db": "JVNDB", "id": "JVNDB-2019-006787" }, { "db": "NVD", "id": "CVE-2019-1167" }, { "db": "CNNVD", "id": "CNNVD-201907-963" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "109267" }, { "db": "JVNDB", "id": "JVNDB-2019-006787" }, { "db": "NVD", "id": "CVE-2019-1167" }, { "db": "CNNVD", "id": "CNNVD-201907-963" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-07-16T00:00:00", "db": "BID", "id": "109267" }, { "date": "2019-07-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-006787" }, { "date": "2019-07-19T15:15:12.783000", "db": "NVD", "id": "CVE-2019-1167" }, { "date": "2019-07-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201907-963" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-07-16T00:00:00", "db": "BID", "id": "109267" }, { "date": "2019-07-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-006787" }, { "date": "2020-08-24T17:37:01.140000", "db": "NVD", "id": "CVE-2019-1167" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201907-963" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "109267" }, { "db": "CNNVD", "id": "CNNVD-201907-963" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "PowerShell Core of Windows Defender Application Control Vulnerabilities that bypass security functions", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-006787" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "security feature problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201907-963" } ], "trust": 0.6 } }
var-202005-0234
Vulnerability from variot
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET Core on Red Hat Enterprise Linux 7 security update Advisory ID: RHSA-2020:2476-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2476 Issue date: 2020-06-10 CVE Names: CVE-2020-1108 ==================================================================== 1. Summary:
An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The updated version is .NET Core Runtime 2.1.19 and SDK 2.1.515.
Security Fix(es):
- dotnet: Denial of service via untrusted input (CVE-2020-1108)
This is an additional update to comprehensively address CVE-2020-1108.
Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1827643 - CVE-2020-1108 dotnet: Denial of service via untrusted input
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-18.el7.src.rpm rh-dotnet21-dotnet-2.1.515-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-18.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.19-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.19-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.515-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-18.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-18.el7.src.rpm rh-dotnet21-dotnet-2.1.515-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-18.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.19-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.19-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.515-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-18.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-18.el7.src.rpm rh-dotnet21-dotnet-2.1.515-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-18.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.19-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.19-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.515-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.515-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-18.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-1108 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXuCqrtzjgjWX9erEAQgIPg/7Ba2cdZAbQ4uL6AsEoi4kN888lESbUKUM F3VebsFFw9mpaGJ+dp4O6Ihc9kKZdP6uFWq3VE5I5WPD2BcoZF/OoVfCY1FHmFy6 fWSZ0ii+Axg8Mqj4uqxlhlFujkxdeQSpfsY38rtPscLGBROEzPAZnUMH/RDXg9TD 3TdXT4SNVMQPloanzVRDPXEx4OLqgKn9ITpXLah/Jq6zsM37ZDbnM8vQ3o2nH11d 77N+M+RuGsamPfsbu8sEpgvdXkMtorUjO57PDWeWvxNiRYL/5at5TdcTePjWe5YK XANwzPRFtaEU87TFeTVbNrG3MdRl/Uk6FVbuJtNzFIxwi8+qIf1hnUpV0MZxZ1Rg o77fulouuHCSwV/j7/BN9I8Q7EJj/zm52PldVkbsR0JEr4kZMmlVxS9/VL/LroKS qFSAm8yykqI+g7b2EgBQCekIfuurbp1EPeyJ6WcVSb6kcH0xZrXE/t1u/qKIqICe Ozf/bnjDQ0ACpJTE8pAhs5NhrVXvLuz6qhu8kUHTkW6dRxqRCFhAOhnezsfeWG1K nfQOeNfny0SbIJlwh4nsWE3Zv2f/H8KYilfulHvA2SuIGg7mgE0wyPwDXCltyzEW JIlM5YyJrQOHLdjfFi8XRqcU1mFII/F9QoV6KqAoZfJ2LgjXLm9au8MNLWRkN7M1 XE8bQvAYQCc=mOEK -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202005-0234", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": ".net core", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "3.1.4" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "2.0" }, { "model": "visual studio 2019", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "16.4" }, { "model": ".net core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "3.0" }, { "model": "powershell", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "7.0" }, { "model": ".net core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "2.1" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "3.5" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "4.6.2" }, { "model": ".net core", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "2.1" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "4.5.2" }, { "model": ".net core", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "3.1" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "4.6.1" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "3.0" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "4.8" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "3.5.1" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "4.6" }, { "model": ".net", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "5.0" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "4.7.2" }, { "model": "visual studio 2019", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "16.0" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "4.7.1" }, { "model": "visual studio 2019", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "16.5" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "4.7" }, { "model": ".net core", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "2.1.18" }, { "model": "visual studio 2017", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "15.9" }, { "model": "powershell core", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "6.2" }, { "model": ".net core", "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": ".net framework", "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-006114" }, { "db": "NVD", "id": "CVE-2020-1108" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.1.18", "versionStartIncluding": "2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.1.4", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net:5.0:preview2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net:5.0:preview3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net:5.0:preview1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:arm64:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:arm64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:arm64:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:16.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:16.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-1108" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "158007" }, { "db": "PACKETSTORM", "id": "158019" }, { "db": "PACKETSTORM", "id": "158020" }, { "db": "PACKETSTORM", "id": "157702" }, { "db": "PACKETSTORM", "id": "157794" }, { "db": "PACKETSTORM", "id": "157788" }, { "db": "PACKETSTORM", "id": "158021" }, { "db": "PACKETSTORM", "id": "157704" }, { "db": "CNNVD", "id": "CNNVD-202005-570" } ], "trust": 1.4 }, "cve": "CVE-2020-1108", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-006114", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-006114", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-1108", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-006114", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202005-570", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-006114" }, { "db": "NVD", "id": "CVE-2020-1108" }, { "db": "CNNVD", "id": "CNNVD-202005-570" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka \u0027.NET Core \u0026 .NET Framework Denial of Service Vulnerability\u0027. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET Core on Red Hat Enterprise Linux 7 security update\nAdvisory ID: RHSA-2020:2476-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:2476\nIssue date: 2020-06-10\nCVE Names: CVE-2020-1108\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. The updated version is .NET Core Runtime 2.1.19 and SDK 2.1.515. \n\nSecurity Fix(es):\n\n* dotnet: Denial of service via untrusted input (CVE-2020-1108)\n\nThis is an additional update to comprehensively address CVE-2020-1108. \n\nDefault inclusions for applications built with .NET Core have been updated\nto reference the newest versions and their security fixes. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1827643 - CVE-2020-1108 dotnet: Denial of service via untrusted input\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-18.el7.src.rpm\nrh-dotnet21-dotnet-2.1.515-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-18.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.19-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.19-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-18.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-18.el7.src.rpm\nrh-dotnet21-dotnet-2.1.515-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-18.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.19-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.19-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-18.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-18.el7.src.rpm\nrh-dotnet21-dotnet-2.1.515-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-18.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.19-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.19-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.515-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-18.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1108\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXuCqrtzjgjWX9erEAQgIPg/7Ba2cdZAbQ4uL6AsEoi4kN888lESbUKUM\nF3VebsFFw9mpaGJ+dp4O6Ihc9kKZdP6uFWq3VE5I5WPD2BcoZF/OoVfCY1FHmFy6\nfWSZ0ii+Axg8Mqj4uqxlhlFujkxdeQSpfsY38rtPscLGBROEzPAZnUMH/RDXg9TD\n3TdXT4SNVMQPloanzVRDPXEx4OLqgKn9ITpXLah/Jq6zsM37ZDbnM8vQ3o2nH11d\n77N+M+RuGsamPfsbu8sEpgvdXkMtorUjO57PDWeWvxNiRYL/5at5TdcTePjWe5YK\nXANwzPRFtaEU87TFeTVbNrG3MdRl/Uk6FVbuJtNzFIxwi8+qIf1hnUpV0MZxZ1Rg\no77fulouuHCSwV/j7/BN9I8Q7EJj/zm52PldVkbsR0JEr4kZMmlVxS9/VL/LroKS\nqFSAm8yykqI+g7b2EgBQCekIfuurbp1EPeyJ6WcVSb6kcH0xZrXE/t1u/qKIqICe\nOzf/bnjDQ0ACpJTE8pAhs5NhrVXvLuz6qhu8kUHTkW6dRxqRCFhAOhnezsfeWG1K\nnfQOeNfny0SbIJlwh4nsWE3Zv2f/H8KYilfulHvA2SuIGg7mgE0wyPwDXCltyzEW\nJIlM5YyJrQOHLdjfFi8XRqcU1mFII/F9QoV6KqAoZfJ2LgjXLm9au8MNLWRkN7M1\nXE8bQvAYQCc=mOEK\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2020-1108" }, { "db": "JVNDB", "id": "JVNDB-2020-006114" }, { "db": "VULMON", "id": "CVE-2020-1108" }, { "db": "PACKETSTORM", "id": "158007" }, { "db": "PACKETSTORM", "id": "158019" }, { "db": "PACKETSTORM", "id": "158020" }, { "db": "PACKETSTORM", "id": "157702" }, { "db": "PACKETSTORM", "id": "157794" }, { "db": "PACKETSTORM", "id": "157788" }, { "db": "PACKETSTORM", "id": "158021" }, { "db": "PACKETSTORM", "id": "157704" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-1108", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2020-006114", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "157794", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "158021", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "157704", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.2021", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2010", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1814", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1691", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2061", "trust": 0.6 }, { "db": "NSFOCUS", "id": "46713", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202005-570", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-1108", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158007", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158019", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "158020", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "157702", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "157788", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-1108" }, { "db": "JVNDB", "id": "JVNDB-2020-006114" }, { "db": "PACKETSTORM", "id": "158007" }, { "db": "PACKETSTORM", "id": "158019" }, { "db": "PACKETSTORM", "id": "158020" }, { "db": "PACKETSTORM", "id": "157702" }, { "db": "PACKETSTORM", "id": "157794" }, { "db": "PACKETSTORM", "id": "157788" }, { "db": "PACKETSTORM", "id": "158021" }, { "db": "PACKETSTORM", "id": "157704" }, { "db": "NVD", "id": "CVE-2020-1108" }, { "db": "CNNVD", "id": "CNNVD-202005-570" } ] }, "id": "VAR-202005-0234", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2023-12-20T22:28:09.408000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2020-1108 | .NET Core \u0026 .NET Framework Denial of Service Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1108" }, { "title": "CVE-2020-1108 | .NET Core \u304a\u3088\u3073 .NET Framework \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2020-1108" }, { "title": "Microsoft .NET Core and .NET Framework Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=118696" }, { "title": "Red Hat: Important: .NET Core on Red Hat Enterprise Linux security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202146 - security advisory" }, { "title": "Red Hat: Important: .NET Core security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202143 - security advisory" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-1108" }, { "db": "JVNDB", "id": "JVNDB-2020-006114" }, { "db": "CNNVD", "id": "CNNVD-202005-570" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2020-1108" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1108" }, { "trust": 1.6, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1108" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1108" }, { "trust": 0.8, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2020-1108" }, { "trust": 0.8, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.8, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.8, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.8, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.8, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2061/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1691/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/46713" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/157794/red-hat-security-advisory-2020-2250-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158021/red-hat-security-advisory-2020-2475-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1814/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2010/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2021/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-may-2020-32249" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/157704/red-hat-security-advisory-2020-2146-01.html" }, { "trust": 0.2, "url": "https://access.redhat.com/errata/rhsa-2020:2146" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1161" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1161" }, { "trust": 0.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181094" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2450" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2476" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2471" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2143" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2250" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2249" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:2475" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-1108" }, { "db": "JVNDB", "id": "JVNDB-2020-006114" }, { "db": "PACKETSTORM", "id": "158007" }, { "db": "PACKETSTORM", "id": "158019" }, { "db": "PACKETSTORM", "id": "158020" }, { "db": "PACKETSTORM", "id": "157702" }, { "db": "PACKETSTORM", "id": "157794" }, { "db": "PACKETSTORM", "id": "157788" }, { "db": "PACKETSTORM", "id": "158021" }, { "db": "PACKETSTORM", "id": "157704" }, { "db": "NVD", "id": "CVE-2020-1108" }, { "db": "CNNVD", "id": "CNNVD-202005-570" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2020-1108" }, { "db": "JVNDB", "id": "JVNDB-2020-006114" }, { "db": "PACKETSTORM", "id": "158007" }, { "db": "PACKETSTORM", "id": "158019" }, { "db": "PACKETSTORM", "id": "158020" }, { "db": "PACKETSTORM", "id": "157702" }, { "db": "PACKETSTORM", "id": "157794" }, { "db": "PACKETSTORM", "id": "157788" }, { "db": "PACKETSTORM", "id": "158021" }, { "db": "PACKETSTORM", "id": "157704" }, { "db": "NVD", "id": "CVE-2020-1108" }, { "db": "CNNVD", "id": "CNNVD-202005-570" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-05-21T00:00:00", "db": "VULMON", "id": "CVE-2020-1108" }, { "date": "2020-06-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-006114" }, { "date": "2020-06-10T15:06:32", "db": "PACKETSTORM", "id": "158007" }, { "date": "2020-06-10T15:11:03", "db": "PACKETSTORM", "id": "158019" }, { "date": "2020-06-10T15:11:11", "db": "PACKETSTORM", "id": "158020" }, { "date": "2020-05-14T20:53:30", "db": "PACKETSTORM", "id": "157702" }, { "date": "2020-05-21T16:41:39", "db": "PACKETSTORM", "id": "157794" }, { "date": "2020-05-21T16:34:50", "db": "PACKETSTORM", "id": "157788" }, { "date": "2020-06-10T15:11:23", "db": "PACKETSTORM", "id": "158021" }, { "date": "2020-05-14T20:53:58", "db": "PACKETSTORM", "id": "157704" }, { "date": "2020-05-21T23:15:14.867000", "db": "NVD", "id": "CVE-2020-1108" }, { "date": "2020-05-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-570" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-12-08T00:00:00", "db": "VULMON", "id": "CVE-2020-1108" }, { "date": "2020-06-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-006114" }, { "date": "2023-10-15T16:43:05.807000", "db": "NVD", "id": "CVE-2020-1108" }, { "date": "2020-06-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-570" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-570" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": ".NET Core and .NET Framework Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-006114" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-570" } ], "trust": 0.6 } }
var-201903-1467
Vulnerability from variot
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'. plural Microsoft The product includes URL There is a vulnerability related to input validation due to incomplete analysis method. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update for February 2019 Advisory ID: RHSA-2019:0349-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0349 Issue date: 2019-02-14 CVE Names: CVE-2019-0657 ==================================================================== 1. Summary:
Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.14, 1.1.11, 2.1.8, and 2.2.2.
Security Fix(es):
- .dotnet: Domain-spoofing attack in System.Uri (CVE-2019-0657)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
For more information, please refer to the upstream doc in the References section.
- Solution:
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1673891 - CVE-2019-0657 dotnet: Domain-spoofing attack in System.Uri
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-7.el7.src.rpm rh-dotnet21-dotnet-2.1.504-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-7.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet22-2.2-3.el7.src.rpm rh-dotnet22-dotnet-2.2.104-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-3.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-3.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-7.el7.src.rpm rh-dotnet21-dotnet-2.1.504-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-7.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet22-2.2-3.el7.src.rpm rh-dotnet22-dotnet-2.2.104-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-3.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-3.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-7.el7.src.rpm rh-dotnet21-dotnet-2.1.504-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-7.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet22-2.2-3.el7.src.rpm rh-dotnet22-dotnet-2.2.104-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-3.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-3.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-0657 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXGTxZNzjgjWX9erEAQg28RAAkXyiq8u2m6G6BJN/7LqO31WHqXGmf+Em SeGsTnrnV9YpjFqPXby3WFz3AHGrTITrOy+JA2WyYTezgc3F4aZu28jHCgsuRJmU AvEg8XitYunmg9sxzr0SUmf8bleFUpawLNh+HiHC/fVUSrHA953yH6QjPDj3KT3+ 27SmMMmUvdqpZOxYrHN9iPfYiqONIKEkHq6vGkplqePPOkWja7v7r7UYm8I493zN cFLWzVI6N17qsLIqe2OduMtZ0tBcdOdKwjxi4BVbVwNmhV1qiXfBotP7RdRjvVgu SJw2LObFjPmfHBZX7c8Q+S4oWSLTO+YnqEzjRopXy8adaxxxFDvYCb5FJ5YGvFNK eI4SDGilbT73PXISefvmxjPM3Vu2T7yvvgGwg9Yl64DPgsLLFBxm2kEpXE7h3ZkH JiTBjT3eOPhuK43X5+X9VnM/9C7Add1xb9HMz1iWvJQidKKJ44FDGFhWoHXZMa2Z oca6jNXGpzqUtpMgsnC4ZM7WISyNtnVdBBE31xwEPl1ssi+Mrsq8lFWiFt1GUnQQ /DCPVS8L1aTsIb1q6SUTzqRkEMi2jADvP+tWohxMw/M2NNFKIEbfEgld2xO5X79F +edr0KVq8fgRgN9GP6rs+xNtS30uO6fLNLzXiT/7kgyvmadyuyzpye8mjDDlzJYX 1Uwk7uAgds0=IIGV -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201903-1467", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "powershell core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "6.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.7.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.7.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.6.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.6.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "3.5.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.7" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.6" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.5.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "3.5" }, { "model": ".net core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "2.2" }, { "model": ".net core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "2.1" }, { "model": ".net core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "1.0" }, { "model": ".net framework", "scope": "eq", "trust": 1.3, "vendor": "microsoft", "version": "3.0" }, { "model": ".net framework", "scope": "eq", "trust": 1.3, "vendor": "microsoft", "version": "2.0" }, { "model": "powershell core", "scope": "eq", "trust": 1.1, "vendor": "microsoft", "version": "6.2" }, { "model": "powershell core", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "6.0" }, { "model": "visual studio 2017", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "visual studio 2017", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "15.9" }, { "model": ".net framework", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "2.0 sp2" }, { "model": ".net framework", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "3.0 sp2" }, { "model": "visual studio", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "2017" }, { "model": "visual studio", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "2017 version 15.9" }, { "model": "visual studio", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "201715.9" }, { "model": "visual studio", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20170" }, { "model": ".net core", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1.1" } ], "sources": [ { "db": "BID", "id": "106890" }, { "db": "JVNDB", "id": "JVNDB-2019-002326" }, { "db": "NVD", "id": "CVE-2019-0657" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-0657" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Jonathan Birch of Microsoft Corporation,Red Hat", "sources": [ { "db": "CNNVD", "id": "CNNVD-201902-374" } ], "trust": 0.6 }, "cve": "CVE-2019-0657", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-0657", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.2, "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.9, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-0657", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-0657", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201902-374", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002326" }, { "db": "NVD", "id": "CVE-2019-0657" }, { "db": "CNNVD", "id": "CNNVD-201902-374" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability exists in certain .Net Framework API\u0027s and Visual Studio in the way they parse URL\u0027s, aka \u0027.NET Framework and Visual Studio Spoofing Vulnerability\u0027. plural Microsoft The product includes URL There is a vulnerability related to input validation due to incomplete analysis method. \nAn attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update for February 2019\nAdvisory ID: RHSA-2019:0349-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:0349\nIssue date: 2019-02-14\nCVE Names: CVE-2019-0657\n====================================================================\n1. Summary:\n\nUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,\nrh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for\n.NET Core on Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core 1.0.14, 1.1.11, 2.1.8, and\n2.2.2. \n\nSecurity Fix(es):\n\n* .dotnet: Domain-spoofing attack in System.Uri (CVE-2019-0657)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nFor more information, please refer to the upstream doc in the References\nsection. \n\n4. Solution:\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1673891 - CVE-2019-0657 dotnet: Domain-spoofing attack in System.Uri\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-7.el7.src.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-7.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-3.el7.src.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-3.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-3.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-7.el7.src.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-7.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-3.el7.src.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-3.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-3.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.14-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.14-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.11-2.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.11-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-7.el7.src.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-7.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.8-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.504-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-3.el7.src.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-3.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.104-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-3.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0657\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXGTxZNzjgjWX9erEAQg28RAAkXyiq8u2m6G6BJN/7LqO31WHqXGmf+Em\nSeGsTnrnV9YpjFqPXby3WFz3AHGrTITrOy+JA2WyYTezgc3F4aZu28jHCgsuRJmU\nAvEg8XitYunmg9sxzr0SUmf8bleFUpawLNh+HiHC/fVUSrHA953yH6QjPDj3KT3+\n27SmMMmUvdqpZOxYrHN9iPfYiqONIKEkHq6vGkplqePPOkWja7v7r7UYm8I493zN\ncFLWzVI6N17qsLIqe2OduMtZ0tBcdOdKwjxi4BVbVwNmhV1qiXfBotP7RdRjvVgu\nSJw2LObFjPmfHBZX7c8Q+S4oWSLTO+YnqEzjRopXy8adaxxxFDvYCb5FJ5YGvFNK\neI4SDGilbT73PXISefvmxjPM3Vu2T7yvvgGwg9Yl64DPgsLLFBxm2kEpXE7h3ZkH\nJiTBjT3eOPhuK43X5+X9VnM/9C7Add1xb9HMz1iWvJQidKKJ44FDGFhWoHXZMa2Z\noca6jNXGpzqUtpMgsnC4ZM7WISyNtnVdBBE31xwEPl1ssi+Mrsq8lFWiFt1GUnQQ\n/DCPVS8L1aTsIb1q6SUTzqRkEMi2jADvP+tWohxMw/M2NNFKIEbfEgld2xO5X79F\n+edr0KVq8fgRgN9GP6rs+xNtS30uO6fLNLzXiT/7kgyvmadyuyzpye8mjDDlzJYX\n1Uwk7uAgds0=IIGV\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2019-0657" }, { "db": "JVNDB", "id": "JVNDB-2019-002326" }, { "db": "BID", "id": "106890" }, { "db": "PACKETSTORM", "id": "151684" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-0657", "trust": 2.8 }, { "db": "BID", "id": "106890", "trust": 1.9 }, { "db": "JVNDB", "id": "JVNDB-2019-002326", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "151684", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.0476", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201902-374", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "106890" }, { "db": "JVNDB", "id": "JVNDB-2019-002326" }, { "db": "PACKETSTORM", "id": "151684" }, { "db": "NVD", "id": "CVE-2019-0657" }, { "db": "CNNVD", "id": "CNNVD-201902-374" } ] }, "id": "VAR-201903-1467", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2023-12-18T12:28:25.363000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2019-0657 | .NET Framework and Visual Studio Spoofing Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0657" }, { "title": "CVE-2019-0657 | .NET Framework \u3068 Visual Studio \u306e\u306a\u308a\u3059\u307e\u3057\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2019-0657" }, { "title": "Microsoft .NET Framework and Visual Studio Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89188" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002326" }, { "db": "CNNVD", "id": "CNNVD-201902-374" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002326" }, { "db": "NVD", "id": "CVE-2019-0657" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0657" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/106890" }, { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0657" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2019:0349" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0657" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20190213-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2019/at190006.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-february-2019-28512" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-february-2019-28485" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/75638" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/151684/red-hat-security-advisory-2019-0349-01.html" }, { "trust": 0.3, "url": "https://github.com/powershell/announcements/issues/14" }, { "trust": 0.3, "url": "http://www.microsoft.com" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0657" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" } ], "sources": [ { "db": "BID", "id": "106890" }, { "db": "JVNDB", "id": "JVNDB-2019-002326" }, { "db": "PACKETSTORM", "id": "151684" }, { "db": "NVD", "id": "CVE-2019-0657" }, { "db": "CNNVD", "id": "CNNVD-201902-374" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "106890" }, { "db": "JVNDB", "id": "JVNDB-2019-002326" }, { "db": "PACKETSTORM", "id": "151684" }, { "db": "NVD", "id": "CVE-2019-0657" }, { "db": "CNNVD", "id": "CNNVD-201902-374" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-02-12T00:00:00", "db": "BID", "id": "106890" }, { "date": "2019-04-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-002326" }, { "date": "2019-02-14T14:59:07", "db": "PACKETSTORM", "id": "151684" }, { "date": "2019-03-05T23:29:02.037000", "db": "NVD", "id": "CVE-2019-0657" }, { "date": "2019-02-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201902-374" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-02-21T05:00:00", "db": "BID", "id": "106890" }, { "date": "2019-04-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-002326" }, { "date": "2019-03-07T16:55:52.720000", "db": "NVD", "id": "CVE-2019-0657" }, { "date": "2019-04-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201902-374" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201902-374" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Microsoft Vulnerability related to input validation in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002326" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-201902-374" } ], "trust": 0.6 } }
var-201905-0993
Vulnerability from variot
A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'. Microsoft Windows is prone to a local security-bypass vulnerability. A local attacker can leverage this issue to bypass certain security restrictions and perform unauthorized actions
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0993", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1809" }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1709" }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1803" }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1607" }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1903" }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1803" }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1903" }, { "model": "windows server 2019", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1703" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1607 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1607 for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1703 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1703 for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 for 64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 for arm64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 for arm64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1809 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1809 for arm64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1809 for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1903 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1903 for arm64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1903 for x64-based systems" }, { "model": "windows server", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 (server core installation)" }, { "model": "windows server", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1903 (server core installation)" }, { "model": "windows server 2016", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "none" }, { "model": "windows server 2016", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(server core installation)" }, { "model": "windows server 2019", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "none" }, { "model": "windows server 2019", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(server core installation)" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "6.1" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "6.2" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20190" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "19030" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "18030" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2016" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1019030" }, { "model": "windows version for arm64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1019030" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1019030" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018090" }, { "model": "windows version for arm64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018090" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018090" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018030" }, { "model": "windows version for arm64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018030" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018030" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "windows version for arm64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" } ], "sources": [ { "db": "BID", "id": "108256" }, { "db": "JVNDB", "id": "JVNDB-2019-004750" }, { "db": "NVD", "id": "CVE-2019-0733" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-0733" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Matt Graeber of SpecterOps", "sources": [ { "db": "BID", "id": "108256" }, { "db": "CNNVD", "id": "CNNVD-201905-408" } ], "trust": 0.9 }, "cve": "CVE-2019-0733", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2019-0733", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 1.8, "impactScore": 3.4, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "Low", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2019-0733", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-0733", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201905-408", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2019-0733", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-0733" }, { "db": "JVNDB", "id": "JVNDB-2019-004750" }, { "db": "NVD", "id": "CVE-2019-0733" }, { "db": "CNNVD", "id": "CNNVD-201905-408" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka \u0027Windows Defender Application Control Security Feature Bypass Vulnerability\u0027. Microsoft Windows is prone to a local security-bypass vulnerability. \nA local attacker can leverage this issue to bypass certain security restrictions and perform unauthorized actions", "sources": [ { "db": "NVD", "id": "CVE-2019-0733" }, { "db": "JVNDB", "id": "JVNDB-2019-004750" }, { "db": "BID", "id": "108256" }, { "db": "VULMON", "id": "CVE-2019-0733" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-0733", "trust": 2.8 }, { "db": "BID", "id": "108256", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2019-004750", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201905-408", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2019-0733", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-0733" }, { "db": "BID", "id": "108256" }, { "db": "JVNDB", "id": "JVNDB-2019-004750" }, { "db": "NVD", "id": "CVE-2019-0733" }, { "db": "CNNVD", "id": "CNNVD-201905-408" } ] }, "id": "VAR-201905-0993", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2023-12-18T13:18:42.977000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2019-0733 | Windows Defender Application Control Security Feature Bypass Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0733" }, { "title": "CVE-2019-0733 | Windows Defender \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u5236\u5fa1\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u306e\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2019-0733" }, { "title": "Microsoft Windows Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92557" }, { "title": "Symantec Threat Intelligence Blog", "trust": 0.1, "url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-may-2019" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-0733" }, { "db": "JVNDB", "id": "JVNDB-2019-004750" }, { "db": "CNNVD", "id": "CNNVD-201905-408" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-254", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-004750" }, { "db": "NVD", "id": "CVE-2019-0733" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0733" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0733" }, { "trust": 1.3, "url": "http://www.securityfocus.com/bid/108256" }, { "trust": 0.9, "url": "http://www.microsoft.com/windows/default.mspx" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0733" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20190515-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2019/at190023.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/windows-vulnerabilities-of-may-2019-29301" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/108256" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-0733" }, { "db": "BID", "id": "108256" }, { "db": "JVNDB", "id": "JVNDB-2019-004750" }, { "db": "NVD", "id": "CVE-2019-0733" }, { "db": "CNNVD", "id": "CNNVD-201905-408" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2019-0733" }, { "db": "BID", "id": "108256" }, { "db": "JVNDB", "id": "JVNDB-2019-004750" }, { "db": "NVD", "id": "CVE-2019-0733" }, { "db": "CNNVD", "id": "CNNVD-201905-408" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-05-16T00:00:00", "db": "VULMON", "id": "CVE-2019-0733" }, { "date": "2019-05-14T00:00:00", "db": "BID", "id": "108256" }, { "date": "2019-06-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-004750" }, { "date": "2019-05-16T19:29:00.613000", "db": "NVD", "id": "CVE-2019-0733" }, { "date": "2019-05-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-408" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-24T00:00:00", "db": "VULMON", "id": "CVE-2019-0733" }, { "date": "2019-05-14T00:00:00", "db": "BID", "id": "108256" }, { "date": "2019-06-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-004750" }, { "date": "2020-08-24T17:37:01.140000", "db": "NVD", "id": "CVE-2019-0733" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-408" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "108256" }, { "db": "CNNVD", "id": "CNNVD-201905-408" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Microsoft Windows Products and PowerShell Core of Windows Defender Application Control Vulnerabilities that bypass security functions", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-004750" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "security feature problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-408" } ], "trust": 0.6 } }
var-201901-1456
Vulnerability from variot
An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2. plural Microsoft There is a vulnerability in the product that exposes information. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2019:0040-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0040 Issue date: 2019-01-09 CVE Names: CVE-2019-0545 CVE-2019-0548 CVE-2019-0564 =====================================================================
- Summary:
Updates for rh-dotnet21-dotnet and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 2.1.5 and 2.2.1.
Security Fix(es):
-
.NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure (CVE-2019-0545)
-
.NET Core: ANCM WebSocket DOS (CVE-2019-0548)
-
.NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) (CVE-2019-0564)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
For more information, please refer to the upstream docs in the References section.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1660632 - CVE-2019-0545 .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure 1660634 - CVE-2019-0564 .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) 1660636 - CVE-2019-0548 .NET Core: ANCM WebSocket DOS
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm
x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm
x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm
x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-0545 https://access.redhat.com/security/cve/CVE-2019-0548 https://access.redhat.com/security/cve/CVE-2019-0564 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXDW2sdzjgjWX9erEAQjnURAAoOOF+CAyd0GdKX4LT2eZ/ctDcYggUZkX 1uMSJxXYU64TTYyAmkWUad9GPHMl+7QPjLZGbsLoUv37jSHwfg6VLiPRPy/jGMEq DN1ECN44X2nbUvCO+aKSNSpkRx7oBgQeR3gcPDMS1bzzJgOzhldL8rHH4GnmsoLI DgBXda8QlnFQVXEK+64H9B5hmlD8PERkne9mmqH1M3tkYZeBdnsud7Zb+UTNmMDR ZCVdGr4UIjFZZWpQf5FhjLw4Y2Wv4+e0UBiRFj3GqiS4YYNy+0VxsuTYW3YvNO2R tgZ/UyXljxfgEoQrwg58sI1icuY9CDuyUbLXjEhmlh9E8lDHZ4C3OyK+M7D/KN43 +Hf3E1qgMyg+RDlIFsDsMNDvH7Y6oHv5OIeELIEG9A+oDeQwpoUE6FlQhwMBKZgV kLnwYXahwcbcpJWB2Fwp2htwACGwlWzisanA0+Qqnb0zsgL/UI/ZuHmcmXXW68U3 L7JuUVE61WCdZYPyANW/kkxIuqw875FVM39dInDlUOwcPyGbkiH7qsauiyLLadlR +GpenM0LLRftSh3FILuQyH+6EORUrduB8445BGtdVKOUChiSOc09qcFozzxKki5P Atkajiv2GssKgIFDg7NBMMPETWRjun6SIsxnZ+CcaxLdOjw1isYRzSxMHdNyU7bc eGIiHj6xieM= =m5dC -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201901-1456", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "4.7.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "4.7.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "4.6.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "3.5.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "4.7" }, { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "4.6" }, { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "4.5.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "3.5" }, { "model": ".net core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "2.2" }, { "model": ".net core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "2.1" }, { "model": ".net framework", "scope": "eq", "trust": 1.9, "vendor": "microsoft", "version": "3.0" }, { "model": ".net framework", "scope": "eq", "trust": 1.9, "vendor": "microsoft", "version": "2.0" }, { "model": ".net framework", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "4.6.1" }, { "model": ".net framework", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "2.0 sp2" }, { "model": ".net framework", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "3.0 sp2" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "6.1" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "6.2" }, { "model": ".net core", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2.3" } ], "sources": [ { "db": "BID", "id": "106405" }, { "db": "JVNDB", "id": "JVNDB-2019-001008" }, { "db": "CNNVD", "id": "CNNVD-201901-175" }, { "db": "NVD", "id": "CVE-2019-0545" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-0545" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Microsoft", "sources": [ { "db": "BID", "id": "106405" } ], "trust": 0.3 }, "cve": "CVE-2019-0545", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2019-0545", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-0545", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-0545", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201901-175", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2019-0545", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-0545" }, { "db": "JVNDB", "id": "JVNDB-2019-001008" }, { "db": "CNNVD", "id": "CNNVD-201901-175" }, { "db": "NVD", "id": "CVE-2019-0545" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka \".NET Framework Information Disclosure Vulnerability.\" This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2. plural Microsoft There is a vulnerability in the product that exposes information. \nSuccessful exploits will allow attackers to obtain sensitive information that may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID: RHSA-2019:0040-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:0040\nIssue date: 2019-01-09\nCVE Names: CVE-2019-0545 CVE-2019-0548 CVE-2019-0564 \n=====================================================================\n\n1. Summary:\n\nUpdates for rh-dotnet21-dotnet and rh-dotnet22-dotnet are now available for\n.NET Core on Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core 2.1.5 and 2.2.1. \n\nSecurity Fix(es):\n\n* .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final\nresponse leads to info disclosure (CVE-2019-0545)\n\n* .NET Core: ANCM WebSocket DOS (CVE-2019-0548)\n\n* .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and\nASP.NET) (CVE-2019-0564)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nFor more information, please refer to the upstream docs in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1660632 - CVE-2019-0545 .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure\n1660634 - CVE-2019-0564 .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET)\n1660636 - CVE-2019-0548 .NET Core: ANCM WebSocket DOS\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0545\nhttps://access.redhat.com/security/cve/CVE-2019-0548\nhttps://access.redhat.com/security/cve/CVE-2019-0564\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXDW2sdzjgjWX9erEAQjnURAAoOOF+CAyd0GdKX4LT2eZ/ctDcYggUZkX\n1uMSJxXYU64TTYyAmkWUad9GPHMl+7QPjLZGbsLoUv37jSHwfg6VLiPRPy/jGMEq\nDN1ECN44X2nbUvCO+aKSNSpkRx7oBgQeR3gcPDMS1bzzJgOzhldL8rHH4GnmsoLI\nDgBXda8QlnFQVXEK+64H9B5hmlD8PERkne9mmqH1M3tkYZeBdnsud7Zb+UTNmMDR\nZCVdGr4UIjFZZWpQf5FhjLw4Y2Wv4+e0UBiRFj3GqiS4YYNy+0VxsuTYW3YvNO2R\ntgZ/UyXljxfgEoQrwg58sI1icuY9CDuyUbLXjEhmlh9E8lDHZ4C3OyK+M7D/KN43\n+Hf3E1qgMyg+RDlIFsDsMNDvH7Y6oHv5OIeELIEG9A+oDeQwpoUE6FlQhwMBKZgV\nkLnwYXahwcbcpJWB2Fwp2htwACGwlWzisanA0+Qqnb0zsgL/UI/ZuHmcmXXW68U3\nL7JuUVE61WCdZYPyANW/kkxIuqw875FVM39dInDlUOwcPyGbkiH7qsauiyLLadlR\n+GpenM0LLRftSh3FILuQyH+6EORUrduB8445BGtdVKOUChiSOc09qcFozzxKki5P\nAtkajiv2GssKgIFDg7NBMMPETWRjun6SIsxnZ+CcaxLdOjw1isYRzSxMHdNyU7bc\neGIiHj6xieM=\n=m5dC\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2019-0545" }, { "db": "JVNDB", "id": "JVNDB-2019-001008" }, { "db": "BID", "id": "106405" }, { "db": "VULMON", "id": "CVE-2019-0545" }, { "db": "PACKETSTORM", "id": "151061" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-0545", "trust": 2.9 }, { "db": "BID", "id": "106405", "trust": 1.9 }, { "db": "JVNDB", "id": "JVNDB-2019-001008", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201901-175", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2019-0545", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "151061", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-0545" }, { "db": "BID", "id": "106405" }, { "db": "JVNDB", "id": "JVNDB-2019-001008" }, { "db": "PACKETSTORM", "id": "151061" }, { "db": "CNNVD", "id": "CNNVD-201901-175" }, { "db": "NVD", "id": "CVE-2019-0545" } ] }, "id": "VAR-201901-1456", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2024-02-13T22:42:03.182000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2019-0545 | .NET Framework Information Disclosure Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0545" }, { "title": "CVE-2019-0545 | .NET Framework \u306e\u60c5\u5831\u6f0f\u3048\u3044\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2019-0545" }, { "title": "Microsoft .NET Framework and .NET Core Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88362" }, { "title": "Red Hat: Moderate: .NET Core on Red Hat Enterprise Linux security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190040 - security advisory" }, { "title": "Red Hat: CVE-2019-0545", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2019-0545" }, { "title": "Description\nContent\nInstall\nUsage\nAutomation\nExamples", "trust": 0.1, "url": "https://github.com/eeenvik1/scripts_for_youtrack " } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-0545" }, { "db": "JVNDB", "id": "JVNDB-2019-001008" }, { "db": "CNNVD", "id": "CNNVD-201901-175" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-001008" }, { "db": "NVD", "id": "CVE-2019-0545" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "http://www.securityfocus.com/bid/106405" }, { "trust": 2.0, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0545" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2019:0040" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0545" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0545" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20190109-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2019/at190002.html" }, { "trust": 0.3, "url": "http://www.microsoft.com" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0564" }, { "trust": 0.1, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0548" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0545" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0548" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0548" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0564" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0564" } ], "sources": [ { "db": "BID", "id": "106405" }, { "db": "JVNDB", "id": "JVNDB-2019-001008" }, { "db": "PACKETSTORM", "id": "151061" }, { "db": "CNNVD", "id": "CNNVD-201901-175" }, { "db": "NVD", "id": "CVE-2019-0545" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2019-0545" }, { "db": "BID", "id": "106405" }, { "db": "JVNDB", "id": "JVNDB-2019-001008" }, { "db": "PACKETSTORM", "id": "151061" }, { "db": "CNNVD", "id": "CNNVD-201901-175" }, { "db": "NVD", "id": "CVE-2019-0545" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-01-08T00:00:00", "db": "VULMON", "id": "CVE-2019-0545" }, { "date": "2019-01-08T00:00:00", "db": "BID", "id": "106405" }, { "date": "2019-01-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-001008" }, { "date": "2019-01-09T15:05:39", "db": "PACKETSTORM", "id": "151061" }, { "date": "2019-01-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201901-175" }, { "date": "2019-01-08T21:29:00.580000", "db": "NVD", "id": "CVE-2019-0545" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-23T00:00:00", "db": "VULMON", "id": "CVE-2019-0545" }, { "date": "2019-01-08T00:00:00", "db": "BID", "id": "106405" }, { "date": "2019-01-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-001008" }, { "date": "2022-05-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201901-175" }, { "date": "2022-05-23T17:29:16.137000", "db": "NVD", "id": "CVE-2019-0545" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201901-175" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Microsoft Information disclosure vulnerability in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-001008" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201901-175" } ], "trust": 0.6 } }
var-201807-1618
Vulnerability from variot
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Title: Microsoft Security Update Releases Issued: July 19, 2018
Summary
The following CVEs have undergone a major revision increment:
- CVE-2018-8202
- CVE-2018-8260
- CVE-2018-8284
- CVE-2018-8356
Revision Information:
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: To address a known issue in the security updates released on July 10, Microsoft is releasing Cumulative Update packages for all supported editions of Windows 10. These packages are available via Microsoft Update catalog, WSUS, or by manually searching Windows Update. Customers who are experiencing issues after installing the July Windows security updates should install the replacement packages as applicable. Please refer to the Affected Products table for the replacement package KB numbers. Customers who have successfully installed the security updates and who are not experiencing any issues do not need to take any action.
- Originally posted: July 10, 2018
- Updated: July 19, 2018
- Aggregate CVE Severity Rating: Important
- Version: 2.0
The following CVEs have undergone a major revision increment:
- CVE-2018-0949
- CVE-2018-8242
- CVE-2018-8287
- CVE-2018-8288
- CVE-2018-8291
- CVE-2018-8296
Revision Information:
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: To address a known issue in the security updates released on July 10, Microsoft is releasing Cumulative Update packages for Windows 10, and Standalone and Preview Rollup packages for all other supported editions of Windows. These packages are available via Microsoft Update catalog, WSUS, or by manually searching Windows Update. Customers who are experiencing issues after installing the July Windows security updates should install the replacement packages as applicable. Note that the IE Cumulative updates are not affected. Please refer to the Affected Products table for the replacement package KB numbers. Customers who have successfully installed the security updates and who are not experiencing any issues do not need to take any action.
- Originally posted: July 10, 2018
- Updated: July 19, 2018
- Aggregate CVE Severity Rating: Important
- Version: 2.0
The following CVEs have undergone a major revision increment:
- CVE-2018-8125 * CVE-2018-8279 * CVE-2018-8301
- CVE-2018-8206 * CVE-2018-8280 * CVE-2018-8304
- CVE-2018-8222 * CVE-2018-8282 * CVE-2018-8307
- CVE-2018-8262 * CVE-2018-8286 * CVE-2018-8308
- CVE-2018-8274 * CVE-2018-8289 * CVE-2018-8309
- CVE-2018-8275 * CVE-2018-8290 * CVE-2018-8313
- CVE-2018-8276 * CVE-2018-8294 * CVE-2018-8314
- CVE-2018-8278 * CVE-2018-8297 * CVE-2018-8324 * CVE-2018-8325
Revision Information:
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: To address a known issue in the security updates released on July 10, Microsoft is releasing Cumulative Update packages for Windows 10, and Standalone and Preview Rollup packages for all other supported editions of Windows. These packages are available via Microsoft Update catalog, WSUS, or by manually searching Windows Update. Customers who are experiencing issues after installing the July Windows security updates should install the replacement packages as applicable. Please refer to the Affected Products table for the replacement package KB numbers. Customers who have successfully installed the security updates and who are not experiencing any issues do not need to take any action.
- Originally posted: July 10, 2018
- Updated: July 19, 2018
- Aggregate CVE Severity Rating: Critical
- Version: 2.0
The following CVE has undergone a major revision increment:
- CVE-2018-8356
Revision Information:
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: Revised the Affected Products table to include PowerShell Core 6.0 and PowerShell Core 6.1 because these products are affected by CVE-2018-9356. See https://github.com/PowerShell/Announcements/issues/6 for more information.
- Originally posted: July 10, 2018
- Updated: July 19, 2018
- Aggregate CVE Severity Rating: Important
- Version: 3.0
Other Information
Recognize and avoid fraudulent email to Microsoft customers:
If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.
The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://technet.microsoft.com/security/dn753714.
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
Microsoft respects your privacy. Please read our online Privacy Statement at http://go.microsoft.com/fwlink/?LinkId=81184.
If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033.
These settings will not affect any newsletters youave requested or any mandatory service communications that are considered part of certain Microsoft services.
For legal Information, see: http://www.microsoft.com/info/legalinfo/default.mspx.
This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEELe29pj1Ogz+2MnKbEEiO2re18ugFAltRJ4QACgkQEEiO2re1 8uhBGRAAqV/EWkEhrEVrYfOPJe0fzDxFKVu8PespooUpb+/xYFKj0RvyGPBwWkK0 7lGixsk0HDH/VGRevfEPWBUMEDyPp7yudESs7K/Almv0X5Tq9EXa8xsoLOfWmUsF +8OjbFDlsgmJDnsOvrELRAul7bjJDvte3q0jB8QsDIhaMWDOkvKuFfB6M8KwLEJg BeKY/Mudn4BbDxxpMBq72kDCNy6WQar9igbZMS0xu2sDSuTLzqC7qfUg9jseqwhx 5uKJWSKrgCcJ73erJnZRvb1LAglhxD1NGoFdQP36EiIkccOB6kIYv33hpDNd6jf1 S0N8nJVYiUQVqg4ITBtQch5ws6fxXfTIUh7m+oQ4pxvLBbw5QLScub0/AV6ucSaD 9Ace1QwDaOJP+D8aA/+mdmTwr9SvLspNDOm9HkNu10ktRRDyu8PMPf3XGoCAQ1n9 XGtin526zCPy68yFG4BqzN2XSQfft97pwwgcG0KYRV3kB7tbswrtJWOOFbVXvLUl Yd9yvpMql7qfH6p+6f8hS+LG41EEDTqCVEaMT8HTSjld+W36AP2WqlWuSXG9YRBf yhulJ6nF3lbiG1h4pZkY5vrGjvFcfbN4YhSA+FepEolJAnWOtZBg9lswNSuIse3G lvBVHDiKdzpX3ey1qri1czIaC/r46OKW6YuAr4nzhoJKwdfpS34= =b7n1 -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201807-1618", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": ".net framework", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "3.5" }, { "model": ".net framework", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "3.5.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "4.5.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "4.6" }, { "model": ".net framework", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "4.6.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "4.6.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "4.7" }, { "model": ".net framework", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "4.7.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "4.7.2" }, { "model": ".net core", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "1.0" }, { "model": ".net core", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "1.1" }, { "model": ".net core", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "2.0" }, { "model": ".net framework developer pack", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "4.7.2" }, { "model": "asp.net core", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "1.0" }, { "model": "asp.net core", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "1.1" }, { "model": "asp.net core", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "2.0" }, { "model": "powershell core", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "6.0" }, { "model": "powershell core", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "6.1" }, { "model": ".net framework", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "3.0" }, { "model": ".net framework", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "3.0 sp2" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-007178" }, { "db": "NVD", "id": "CVE-2018-8356" }, { "db": "CNNVD", "id": "CNNVD-201807-831" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework_developer_pack:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-8356" } ] }, "cve": "CVE-2018-8356", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.1, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-8356", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-8356", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-8356", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201807-831", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-007178" }, { "db": "NVD", "id": "CVE-2018-8356" }, { "db": "CNNVD", "id": "CNNVD-201807-831" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka \".NET Framework Security Feature Bypass Vulnerability.\" This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n********************************************************************\nTitle: Microsoft Security Update Releases\nIssued: July 19, 2018\n********************************************************************\n\nSummary\n=======\n\nThe following CVEs have undergone a major revision increment:\n\n* CVE-2018-8202\n* CVE-2018-8260\n* CVE-2018-8284\n* CVE-2018-8356\n \nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance\n - Reason for Revision: To address a known issue in the security\n updates released on July 10, Microsoft is releasing Cumulative\n Update packages for all supported editions of Windows 10. These\n packages are available via Microsoft Update catalog, WSUS, or by\n manually searching Windows Update. Customers who are experiencing\n issues after installing the July Windows security updates should\n install the replacement packages as applicable. Please refer to the Affected Products table for the\n replacement package KB numbers. Customers who have successfully\n installed the security updates and who are not experiencing any\n issues do not need to take any action. \n - Originally posted: July 10, 2018\n - Updated: July 19, 2018\n - Aggregate CVE Severity Rating: Important\n - Version: 2.0\n\nThe following CVEs have undergone a major revision increment:\n\n* CVE-2018-0949\n* CVE-2018-8242\n* CVE-2018-8287\n* CVE-2018-8288\n* CVE-2018-8291\n* CVE-2018-8296\n\nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance\n - Reason for Revision: To address a known issue in the security\n updates released on July 10, Microsoft is releasing Cumulative\n Update packages for Windows 10, and Standalone and Preview Rollup\n packages for all other supported editions of Windows. These packages\n are available via Microsoft Update catalog, WSUS, or by manually\n searching Windows Update. Customers who are experiencing issues\n after installing the July Windows security updates should install\n the replacement packages as applicable. Note that the IE Cumulative\n updates are not affected. Please refer to the Affected Products\n table for the replacement package KB numbers. Customers who have\n successfully installed the security updates and who are not\n experiencing any issues do not need to take any action. \n - Originally posted: July 10, 2018\n - Updated: July 19, 2018\n - Aggregate CVE Severity Rating: Important\n - Version: 2.0\n\nThe following CVEs have undergone a major revision increment:\n\n* CVE-2018-8125\t* CVE-2018-8279\t* CVE-2018-8301\n* CVE-2018-8206\t* CVE-2018-8280\t* CVE-2018-8304\n* CVE-2018-8222\t* CVE-2018-8282\t* CVE-2018-8307\n* CVE-2018-8262\t* CVE-2018-8286\t* CVE-2018-8308\n* CVE-2018-8274\t* CVE-2018-8289\t* CVE-2018-8309\n* CVE-2018-8275\t* CVE-2018-8290\t* CVE-2018-8313\n* CVE-2018-8276\t* CVE-2018-8294\t* CVE-2018-8314\n* CVE-2018-8278\t* CVE-2018-8297\t* CVE-2018-8324\n\t\t\t\t* CVE-2018-8325\n\nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance\n - Reason for Revision: To address a known issue in the security\n updates released on July 10, Microsoft is releasing Cumulative\n Update packages for Windows 10, and Standalone and Preview Rollup\n packages for all other supported editions of Windows. These\n packages are available via Microsoft Update catalog, WSUS, or by\n manually searching Windows Update. Customers who are experiencing\n issues after installing the July Windows security updates should\n install the replacement packages as applicable. Please refer to the\n Affected Products table for the replacement package KB numbers. \n Customers who have successfully installed the security updates and\n who are not experiencing any issues do not need to take any action. \n - Originally posted: July 10, 2018\n - Updated: July 19, 2018\n - Aggregate CVE Severity Rating: Critical\n - Version: 2.0\n\n The following CVE has undergone a major revision increment:\n\n* CVE-2018-8356\n\nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance\n - Reason for Revision: Revised the Affected Products table to\n include PowerShell Core 6.0 and PowerShell Core 6.1 because\n these products are affected by CVE-2018-9356. See \n https://github.com/PowerShell/Announcements/issues/6 for \n more information. \n - Originally posted: July 10, 2018\n - Updated: July 19, 2018\n - Aggregate CVE Severity Rating: Important\n - Version: 3.0\n\nOther Information\n=================\n\nRecognize and avoid fraudulent email to Microsoft customers:\n=============================================================\nIf you receive an email message that claims to be distributing \na Microsoft security update, it is a hoax that may contain \nmalware or pointers to malicious websites. Microsoft does \nnot distribute security updates via email. \n\nThe Microsoft Security Response Center (MSRC) uses PGP to digitally \nsign all security notifications. However, PGP is not required for \nreading security notifications, reading security bulletins, or \ninstalling security updates. You can obtain the MSRC public PGP key\nat \u003chttps://technet.microsoft.com/security/dn753714\u003e. \n\n********************************************************************\nTHE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS\nPROVIDED \"AS IS\" WITHOUT WARRANTY OF ANY KIND. MICROSOFT\nDISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING\nTHE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\nPURPOSE. \nIN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE\nLIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,\nINCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL\nDAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN\nADVISED OF THE POSSIBILITY OF SUCH DAMAGES. \nSOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY\nFOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING\nLIMITATION MAY NOT APPLY. \n********************************************************************\n\nMicrosoft respects your privacy. Please read our online Privacy\nStatement at \u003chttp://go.microsoft.com/fwlink/?LinkId=81184\u003e. \n\nIf you would prefer not to receive future technical security\nnotification alerts by email from Microsoft and its family of\ncompanies please visit the following website to unsubscribe:\n\u003chttps://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar\nd.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e\u0026%3blcid=1033\u003e. \n\nThese settings will not affect any newsletters youave requested or\nany mandatory service communications that are considered part of\ncertain Microsoft services. \n\nFor legal Information, see:\n\u003chttp://www.microsoft.com/info/legalinfo/default.mspx\u003e. \n\nThis newsletter was sent by:\nMicrosoft Corporation\n1 Microsoft Way\nRedmond, Washington, USA\n98052\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEELe29pj1Ogz+2MnKbEEiO2re18ugFAltRJ4QACgkQEEiO2re1\n8uhBGRAAqV/EWkEhrEVrYfOPJe0fzDxFKVu8PespooUpb+/xYFKj0RvyGPBwWkK0\n7lGixsk0HDH/VGRevfEPWBUMEDyPp7yudESs7K/Almv0X5Tq9EXa8xsoLOfWmUsF\n+8OjbFDlsgmJDnsOvrELRAul7bjJDvte3q0jB8QsDIhaMWDOkvKuFfB6M8KwLEJg\nBeKY/Mudn4BbDxxpMBq72kDCNy6WQar9igbZMS0xu2sDSuTLzqC7qfUg9jseqwhx\n5uKJWSKrgCcJ73erJnZRvb1LAglhxD1NGoFdQP36EiIkccOB6kIYv33hpDNd6jf1\nS0N8nJVYiUQVqg4ITBtQch5ws6fxXfTIUh7m+oQ4pxvLBbw5QLScub0/AV6ucSaD\n9Ace1QwDaOJP+D8aA/+mdmTwr9SvLspNDOm9HkNu10ktRRDyu8PMPf3XGoCAQ1n9\nXGtin526zCPy68yFG4BqzN2XSQfft97pwwgcG0KYRV3kB7tbswrtJWOOFbVXvLUl\nYd9yvpMql7qfH6p+6f8hS+LG41EEDTqCVEaMT8HTSjld+W36AP2WqlWuSXG9YRBf\nyhulJ6nF3lbiG1h4pZkY5vrGjvFcfbN4YhSA+FepEolJAnWOtZBg9lswNSuIse3G\nlvBVHDiKdzpX3ey1qri1czIaC/r46OKW6YuAr4nzhoJKwdfpS34=\n=b7n1\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2018-8356" }, { "db": "JVNDB", "id": "JVNDB-2018-007178" }, { "db": "BID", "id": 104664 }, { "db": "PACKETSTORM", "id": "148630" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-8356", "trust": 2.5 }, { "db": "BID", "id": "104664", "trust": 1.9 }, { "db": "SECTRACK", "id": "1041257", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2018-007178", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201807-831", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "148630", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": 104664 }, { "db": "JVNDB", "id": "JVNDB-2018-007178" }, { "db": "PACKETSTORM", "id": "148630" }, { "db": "NVD", "id": "CVE-2018-8356" }, { "db": "CNNVD", "id": "CNNVD-201807-831" } ] }, "id": "VAR-201807-1618", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2023-12-18T12:36:38.137000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2018-8356 | .NET Framework Security Feature Bypass Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8356" }, { "title": "CVE-2018-8356 | .NET Framework \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u306e\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2018-8356" }, { "title": "Microsoft .NET Framework Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81895" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-007178" }, { "db": "CNNVD", "id": "CNNVD-201807-831" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-295", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-007178" }, { "db": "NVD", "id": "CVE-2018-8356" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://www.securityfocus.com/bid/104664" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id/1041257" }, { "trust": 1.6, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8356" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8356" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8356" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20180711-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2018/at180028.html" }, { "trust": 0.1, "url": "http://www.microsoft.com/info/legalinfo/default.mspx\u003e." }, { "trust": 0.1, "url": "http://go.microsoft.com/fwlink/?linkid=81184\u003e." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8260" }, { "trust": 0.1, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8202" }, { "trust": 0.1, "url": "https://github.com/powershell/announcements/issues/6" }, { "trust": 0.1, "url": "https://technet.microsoft.com/security/dn753714\u003e." }, { "trust": 0.1, "url": "https://profile.microsoft.com/regsysprofilecenter/subscriptionwizar" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8284" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-007178" }, { "db": "PACKETSTORM", "id": "148630" }, { "db": "NVD", "id": "CVE-2018-8356" }, { "db": "CNNVD", "id": "CNNVD-201807-831" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": 104664 }, { "db": "JVNDB", "id": "JVNDB-2018-007178" }, { "db": "PACKETSTORM", "id": "148630" }, { "db": "NVD", "id": "CVE-2018-8356" }, { "db": "CNNVD", "id": "CNNVD-201807-831" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-09-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-007178" }, { "date": "2018-07-20T08:22:22", "db": "PACKETSTORM", "id": "148630" }, { "date": "2018-07-11T00:29:02.587000", "db": "NVD", "id": "CVE-2018-8356" }, { "date": "2018-07-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201807-831" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-09-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-007178" }, { "date": "2022-05-23T17:29:15.873000", "db": "NVD", "id": "CVE-2018-8356" }, { "date": "2022-05-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201807-831" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201807-831" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Microsoft Vulnerabilities that bypass security functions in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-007178" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "trust management problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201807-831" } ], "trust": 0.6 } }
var-201909-0497
Vulnerability from variot
A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2019:2732-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2732 Issue date: 2019-09-11 CVE Names: CVE-2019-1301 ==================================================================== 1. Summary:
An update for rh-dotnet21-dotnet and rh-dotnet22-dotnet is now available for .NET Core on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
Security Fix(es):
- dotnet: System.Net.Sockets.dll Socket.ConnectAsync Denial of Service (CVE-2019-1301)
Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1750793 - CVE-2019-1301 dotnet: System.Net.Sockets.dll Socket.ConnectAsync Denial of Service
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-12.el7.src.rpm rh-dotnet21-dotnet-2.1.509-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-12.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.13-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.13-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.509-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-12.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet22-2.2-9.el7.src.rpm rh-dotnet22-dotnet-2.2.109-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-9.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.109-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-9.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-12.el7.src.rpm rh-dotnet21-dotnet-2.1.509-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-12.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.13-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.13-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.509-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-12.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet22-2.2-9.el7.src.rpm rh-dotnet22-dotnet-2.2.109-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-9.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.109-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-9.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-12.el7.src.rpm rh-dotnet21-dotnet-2.1.509-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-12.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.13-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.13-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.509-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.509-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-12.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet22-2.2-9.el7.src.rpm rh-dotnet22-dotnet-2.2.109-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-9.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.7-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.109-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.109-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-9.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-1301 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXXjwE9zjgjWX9erEAQh4+g/+IzAqdtB4ZLUCETa7mQF2dBTDwmedG4TN fcU7Cd0UpbfHs0fTImFN14ZGt+/d4JLSJ0f4yCoXHBVABRkhb/c3XQrfJvundSqP WJdzZ7ITstBE2bxUyLglAgg7dkea0fFsub0WwoYrPCad+ggZznyVoSX0c44W6SR7 U9JVRV6pose3ceECtmFkgBQPcsUJKhYebeNe/xNEBPaSIJsbt/nu63WcnVoQRv9z HJCesQs6DW85QHd9+muvPq27keOvxe3v7ltusVPlvjw/vxVTkHwTDKLl2sWKXbkv k9E8Wiy7MucyRJo/Suc+xW+5mKsMEOQeSiBN/6WAGRnb5fVrUYjo9qtpq/INM8bP 3obkR5svSAPE46DLpnjuNVtiq8m9hrnDTwrxqeURDVC3GLFmskGAp3dWyXIefsuK pVSjgRGiqvJa1C8XZSvbihd5yLCp/0j8yvD8o4beEZyCnfql7T+fkXUE1vNgnNQL RWup6jVPyOK0nMUcob0wImClrmZ2qV/YwrTMvXObQwrQvLx2PblVAk4fX0Ts1Jtv poV6RYyTK5EOS4VgShYkVdGx+drlNNYyNnk3t0mm/Adr5p2H93ZN9wrttTB3qw+C WbtKSOCLJTM4mg3BE9YlyiJnqlXsATIdjfWtctqS8KK7x1HmJKT0hTW+S7IuuXSV RMiic1TBPqQ=HlAt -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0497", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": ".net core", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "2.1" }, { "model": ".net core", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "2.2" }, { "model": "powershell core", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "6.1" }, { "model": "powershell core", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "6.2" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009187" }, { "db": "NVD", "id": "CVE-2019-1301" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-1301" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat,Paul Ryman of VMware Sydney Engineering Team", "sources": [ { "db": "CNNVD", "id": "CNNVD-201909-469" } ], "trust": 0.6 }, "cve": "CVE-2019-1301", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-1301", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-1301", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-1301", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201909-469", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009187" }, { "db": "NVD", "id": "CVE-2019-1301" }, { "db": "CNNVD", "id": "CNNVD-201909-469" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A denial of service vulnerability exists when .NET Core improperly handles web requests, aka \u0027.NET Core Denial of Service Vulnerability\u0027. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update\nAdvisory ID: RHSA-2019:2732-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2732\nIssue date: 2019-09-11\nCVE Names: CVE-2019-1301\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet21-dotnet and rh-dotnet22-dotnet is now available\nfor .NET Core on Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* dotnet: System.Net.Sockets.dll Socket.ConnectAsync Denial of Service\n(CVE-2019-1301)\n\nDefault inclusions for applications built with .NET Core have been updated\nto reference the newest versions and their security fixes. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1750793 - CVE-2019-1301 dotnet: System.Net.Sockets.dll Socket.ConnectAsync Denial of Service\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-12.el7.src.rpm\nrh-dotnet21-dotnet-2.1.509-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-12.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.13-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.13-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-12.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-9.el7.src.rpm\nrh-dotnet22-dotnet-2.2.109-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-9.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.7-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.7-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.7-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-9.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-12.el7.src.rpm\nrh-dotnet21-dotnet-2.1.509-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-12.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.13-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.13-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-12.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-9.el7.src.rpm\nrh-dotnet22-dotnet-2.2.109-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-9.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.7-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.7-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.7-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-9.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-12.el7.src.rpm\nrh-dotnet21-dotnet-2.1.509-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-12.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.13-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.13-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.509-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-12.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-9.el7.src.rpm\nrh-dotnet22-dotnet-2.2.109-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-9.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.7-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.7-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.7-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.109-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-9.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-1301\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXXjwE9zjgjWX9erEAQh4+g/+IzAqdtB4ZLUCETa7mQF2dBTDwmedG4TN\nfcU7Cd0UpbfHs0fTImFN14ZGt+/d4JLSJ0f4yCoXHBVABRkhb/c3XQrfJvundSqP\nWJdzZ7ITstBE2bxUyLglAgg7dkea0fFsub0WwoYrPCad+ggZznyVoSX0c44W6SR7\nU9JVRV6pose3ceECtmFkgBQPcsUJKhYebeNe/xNEBPaSIJsbt/nu63WcnVoQRv9z\nHJCesQs6DW85QHd9+muvPq27keOvxe3v7ltusVPlvjw/vxVTkHwTDKLl2sWKXbkv\nk9E8Wiy7MucyRJo/Suc+xW+5mKsMEOQeSiBN/6WAGRnb5fVrUYjo9qtpq/INM8bP\n3obkR5svSAPE46DLpnjuNVtiq8m9hrnDTwrxqeURDVC3GLFmskGAp3dWyXIefsuK\npVSjgRGiqvJa1C8XZSvbihd5yLCp/0j8yvD8o4beEZyCnfql7T+fkXUE1vNgnNQL\nRWup6jVPyOK0nMUcob0wImClrmZ2qV/YwrTMvXObQwrQvLx2PblVAk4fX0Ts1Jtv\npoV6RYyTK5EOS4VgShYkVdGx+drlNNYyNnk3t0mm/Adr5p2H93ZN9wrttTB3qw+C\nWbtKSOCLJTM4mg3BE9YlyiJnqlXsATIdjfWtctqS8KK7x1HmJKT0hTW+S7IuuXSV\nRMiic1TBPqQ=HlAt\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2019-1301" }, { "db": "JVNDB", "id": "JVNDB-2019-009187" }, { "db": "PACKETSTORM", "id": "154454" }, { "db": "PACKETSTORM", "id": "154453" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-1301", "trust": 2.6 }, { "db": "JVNDB", "id": "JVNDB-2019-009187", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "154454", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.3462", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201909-469", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "154453", "trust": 0.1 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009187" }, { "db": "PACKETSTORM", "id": "154454" }, { "db": "PACKETSTORM", "id": "154453" }, { "db": "NVD", "id": "CVE-2019-1301" }, { "db": "CNNVD", "id": "CNNVD-201909-469" } ] }, "id": "VAR-201909-0497", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2023-12-18T12:50:07.151000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2019-1301 | .NET Core Denial of Service Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1301" }, { "title": "CVE-2019-1301 | .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2019-1301" }, { "title": "Microsoft .NET Core Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98058" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009187" }, { "db": "CNNVD", "id": "CNNVD-201909-469" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009187" }, { "db": "NVD", "id": "CVE-2019-1301" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1301" }, { "trust": 1.6, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1301" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1301" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20190911-ms.html" }, { "trust": 0.8, "url": "https://www.jpcert.or.jp/at/2019/at190036.html" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2019-1301" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/154454/red-hat-security-advisory-2019-2732-01.html" }, { "trust": 0.6, "url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-1301" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-net-core-vulnerabilities-of-september-2019-30306" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3462/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2019:2732" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2019:2731" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009187" }, { "db": "PACKETSTORM", "id": "154454" }, { "db": "PACKETSTORM", "id": "154453" }, { "db": "NVD", "id": "CVE-2019-1301" }, { "db": "CNNVD", "id": "CNNVD-201909-469" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2019-009187" }, { "db": "PACKETSTORM", "id": "154454" }, { "db": "PACKETSTORM", "id": "154453" }, { "db": "NVD", "id": "CVE-2019-1301" }, { "db": "CNNVD", "id": "CNNVD-201909-469" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009187" }, { "date": "2019-09-11T14:02:08", "db": "PACKETSTORM", "id": "154454" }, { "date": "2019-09-11T14:02:01", "db": "PACKETSTORM", "id": "154453" }, { "date": "2019-09-11T22:15:19.023000", "db": "NVD", "id": "CVE-2019-1301" }, { "date": "2019-09-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-469" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009187" }, { "date": "2020-08-24T17:37:01.140000", "db": "NVD", "id": "CVE-2019-1301" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-469" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201909-469" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": ".NET Core and PowerShell Core Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009187" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201909-469" } ], "trust": 0.6 } }
var-201901-1474
Vulnerability from variot
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548. This vulnerability CVE-2019-0548 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Successful exploits will attackers to cause a denial of service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2019:0040-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0040 Issue date: 2019-01-09 CVE Names: CVE-2019-0545 CVE-2019-0548 CVE-2019-0564 =====================================================================
- Summary:
Updates for rh-dotnet21-dotnet and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 2.1.5 and 2.2.1.
Security Fix(es):
-
.NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure (CVE-2019-0545)
-
.NET Core: ANCM WebSocket DOS (CVE-2019-0548)
-
.NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) (CVE-2019-0564)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
For more information, please refer to the upstream docs in the References section.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1660632 - CVE-2019-0545 .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure 1660634 - CVE-2019-0564 .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) 1660636 - CVE-2019-0548 .NET Core: ANCM WebSocket DOS
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm
x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm
x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm
x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-0545 https://access.redhat.com/security/cve/CVE-2019-0548 https://access.redhat.com/security/cve/CVE-2019-0564 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXDW2sdzjgjWX9erEAQjnURAAoOOF+CAyd0GdKX4LT2eZ/ctDcYggUZkX 1uMSJxXYU64TTYyAmkWUad9GPHMl+7QPjLZGbsLoUv37jSHwfg6VLiPRPy/jGMEq DN1ECN44X2nbUvCO+aKSNSpkRx7oBgQeR3gcPDMS1bzzJgOzhldL8rHH4GnmsoLI DgBXda8QlnFQVXEK+64H9B5hmlD8PERkne9mmqH1M3tkYZeBdnsud7Zb+UTNmMDR ZCVdGr4UIjFZZWpQf5FhjLw4Y2Wv4+e0UBiRFj3GqiS4YYNy+0VxsuTYW3YvNO2R tgZ/UyXljxfgEoQrwg58sI1icuY9CDuyUbLXjEhmlh9E8lDHZ4C3OyK+M7D/KN43 +Hf3E1qgMyg+RDlIFsDsMNDvH7Y6oHv5OIeELIEG9A+oDeQwpoUE6FlQhwMBKZgV kLnwYXahwcbcpJWB2Fwp2htwACGwlWzisanA0+Qqnb0zsgL/UI/ZuHmcmXXW68U3 L7JuUVE61WCdZYPyANW/kkxIuqw875FVM39dInDlUOwcPyGbkiH7qsauiyLLadlR +GpenM0LLRftSh3FILuQyH+6EORUrduB8445BGtdVKOUChiSOc09qcFozzxKki5P Atkajiv2GssKgIFDg7NBMMPETWRjun6SIsxnZ+CcaxLdOjw1isYRzSxMHdNyU7bc eGIiHj6xieM= =m5dC -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201901-1474", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "asp.net core", "scope": "eq", "trust": 3.3, "vendor": "microsoft", "version": "2.1" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "6.1" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "6.2" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-16189" }, { "db": "BID", "id": "106413" }, { "db": "JVNDB", "id": "JVNDB-2019-001013" }, { "db": "NVD", "id": "CVE-2019-0564" }, { "db": "CNNVD", "id": "CNNVD-201901-157" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-0564" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Microsoft", "sources": [ { "db": "BID", "id": "106413" } ], "trust": 0.3 }, "cve": "CVE-2019-0564", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-0564", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2019-16189", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-0564", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-0564", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2019-16189", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201901-157", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-16189" }, { "db": "JVNDB", "id": "JVNDB-2019-001013" }, { "db": "NVD", "id": "CVE-2019-0564" }, { "db": "CNNVD", "id": "CNNVD-201901-157" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \"ASP.NET Core Denial of Service Vulnerability.\" This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548. This vulnerability CVE-2019-0548 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. \nSuccessful exploits will attackers to cause a denial of service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID: RHSA-2019:0040-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:0040\nIssue date: 2019-01-09\nCVE Names: CVE-2019-0545 CVE-2019-0548 CVE-2019-0564 \n=====================================================================\n\n1. Summary:\n\nUpdates for rh-dotnet21-dotnet and rh-dotnet22-dotnet are now available for\n.NET Core on Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core 2.1.5 and 2.2.1. \n\nSecurity Fix(es):\n\n* .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final\nresponse leads to info disclosure (CVE-2019-0545)\n\n* .NET Core: ANCM WebSocket DOS (CVE-2019-0548)\n\n* .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and\nASP.NET) (CVE-2019-0564)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nFor more information, please refer to the upstream docs in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1660632 - CVE-2019-0545 .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure\n1660634 - CVE-2019-0564 .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET)\n1660636 - CVE-2019-0548 .NET Core: ANCM WebSocket DOS\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0545\nhttps://access.redhat.com/security/cve/CVE-2019-0548\nhttps://access.redhat.com/security/cve/CVE-2019-0564\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXDW2sdzjgjWX9erEAQjnURAAoOOF+CAyd0GdKX4LT2eZ/ctDcYggUZkX\n1uMSJxXYU64TTYyAmkWUad9GPHMl+7QPjLZGbsLoUv37jSHwfg6VLiPRPy/jGMEq\nDN1ECN44X2nbUvCO+aKSNSpkRx7oBgQeR3gcPDMS1bzzJgOzhldL8rHH4GnmsoLI\nDgBXda8QlnFQVXEK+64H9B5hmlD8PERkne9mmqH1M3tkYZeBdnsud7Zb+UTNmMDR\nZCVdGr4UIjFZZWpQf5FhjLw4Y2Wv4+e0UBiRFj3GqiS4YYNy+0VxsuTYW3YvNO2R\ntgZ/UyXljxfgEoQrwg58sI1icuY9CDuyUbLXjEhmlh9E8lDHZ4C3OyK+M7D/KN43\n+Hf3E1qgMyg+RDlIFsDsMNDvH7Y6oHv5OIeELIEG9A+oDeQwpoUE6FlQhwMBKZgV\nkLnwYXahwcbcpJWB2Fwp2htwACGwlWzisanA0+Qqnb0zsgL/UI/ZuHmcmXXW68U3\nL7JuUVE61WCdZYPyANW/kkxIuqw875FVM39dInDlUOwcPyGbkiH7qsauiyLLadlR\n+GpenM0LLRftSh3FILuQyH+6EORUrduB8445BGtdVKOUChiSOc09qcFozzxKki5P\nAtkajiv2GssKgIFDg7NBMMPETWRjun6SIsxnZ+CcaxLdOjw1isYRzSxMHdNyU7bc\neGIiHj6xieM=\n=m5dC\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2019-0564" }, { "db": "JVNDB", "id": "JVNDB-2019-001013" }, { "db": "CNVD", "id": "CNVD-2019-16189" }, { "db": "CNNVD", "id": "CNNVD-201901-157" }, { "db": "BID", "id": "106413" }, { "db": "PACKETSTORM", "id": "151061" } ], "trust": 3.06 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-0564", "trust": 3.4 }, { "db": "BID", "id": "106413", "trust": 2.5 }, { "db": "JVNDB", "id": "JVNDB-2019-001013", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2019-16189", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201901-157", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "151061", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-16189" }, { "db": "BID", "id": "106413" }, { "db": "JVNDB", "id": "JVNDB-2019-001013" }, { "db": "PACKETSTORM", "id": "151061" }, { "db": "NVD", "id": "CVE-2019-0564" }, { "db": "CNNVD", "id": "CNNVD-201901-157" } ] }, "id": "VAR-201901-1474", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2019-16189" } ], "trust": 0.81178882 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-16189" } ] }, "last_update_date": "2023-12-18T12:56:40.552000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2019-0564 | ASP.NET Core Denial of Service Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0564" }, { "title": "CVE-2019-0564 | ASP.NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2019-0564" }, { "title": "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2019-16189)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/162599" }, { "title": "Microsoft ASP.NET Core Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88344" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-16189" }, { "db": "JVNDB", "id": "JVNDB-2019-001013" }, { "db": "CNNVD", "id": "CNNVD-201901-157" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-19", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-001013" }, { "db": "NVD", "id": "CVE-2019-0564" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "http://www.securityfocus.com/bid/106413" }, { "trust": 2.0, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0564" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2019:0040" }, { "trust": 1.4, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0564" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0564" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20190109-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2019/at190002.html" }, { "trust": 0.3, "url": "http://www.microsoft.com/net/" }, { "trust": 0.3, "url": "http://www.microsoft.com" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0564" }, { "trust": 0.1, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0545" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0545" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0548" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0548" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0545" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-16189" }, { "db": "BID", "id": "106413" }, { "db": "JVNDB", "id": "JVNDB-2019-001013" }, { "db": "PACKETSTORM", "id": "151061" }, { "db": "NVD", "id": "CVE-2019-0564" }, { "db": "CNNVD", "id": "CNNVD-201901-157" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2019-16189" }, { "db": "BID", "id": "106413" }, { "db": "JVNDB", "id": "JVNDB-2019-001013" }, { "db": "PACKETSTORM", "id": "151061" }, { "db": "NVD", "id": "CVE-2019-0564" }, { "db": "CNNVD", "id": "CNNVD-201901-157" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-06-01T00:00:00", "db": "CNVD", "id": "CNVD-2019-16189" }, { "date": "2019-01-08T00:00:00", "db": "BID", "id": "106413" }, { "date": "2019-01-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-001013" }, { "date": "2019-01-09T15:05:39", "db": "PACKETSTORM", "id": "151061" }, { "date": "2019-01-08T21:29:01.317000", "db": "NVD", "id": "CVE-2019-0564" }, { "date": "2019-01-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201901-157" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-06-01T00:00:00", "db": "CNVD", "id": "CNVD-2019-16189" }, { "date": "2019-01-08T00:00:00", "db": "BID", "id": "106413" }, { "date": "2019-01-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-001013" }, { "date": "2019-01-11T21:30:38.007000", "db": "NVD", "id": "CVE-2019-0564" }, { "date": "2019-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201901-157" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201901-157" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ASP.NET Core Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-001013" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201901-157" } ], "trust": 0.6 } }
var-201801-1150
Vulnerability from variot
Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. This vulnerability CVE-2018-0765 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial of service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Title: Microsoft Security Update Releases Issued: January 25, 2018
Summary
The following CVEs have undergone a major revision increment:
- CVE-2018-0764
Revision Information:
- https://portal.msrc.microsoft.com/en-us/security-guidance/ advisory/CVE-2018-0764
- Version: 3.0
- Reason for Revision: Revised the Affected Products table to include PowerShell Core 6.0.0 because it is affected by CVE-2018-0764. See https://github.com/PowerShell/Announcements /issues/2 for more information.
- Originally posted: January 9, 2018
- Updated: January 25, 2018
-
Aggregate CVE Severity Rating: Important
-
CVE-2018-0786
Revision Information:
- https://portal.msrc.microsoft.com/en-us/security-guidance/ advisory/CVE-2018-0786
- Version: 3.0
- Reason for Revision: Revised the Affected Products table to include PowerShell Core 6.0.0 because it is affected by CVE-2018-0786. See https://github.com/PowerShell/Announcements /issues/3 for more information.
- Originally posted: January 9, 2018
- Updated: January 25, 2018
- Aggregate CVE Severity Rating: Important
Other Information
Recognize and avoid fraudulent email to Microsoft customers:
If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.
The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://technet.microsoft.com/security/dn753714.
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
Microsoft respects your privacy. Please read our online Privacy Statement at http://go.microsoft.com/fwlink/?LinkId=81184.
If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033.
These settings will not affect any newsletters youave requested or any mandatory service communications that are considered part of certain Microsoft services.
For legal Information, see: http://www.microsoft.com/info/legalinfo/default.mspx. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:0379-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0379 Issue date: 2018-03-01 CVE Names: CVE-2018-0764 =====================================================================
- Summary:
An update for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and rh-dotnetcore11-dotnetcore is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
-
It implements a subset of the .NET framework APIs and includes a CLR implementation.
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet20-dotnet-2.0.5-1.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet20-dotnet-2.0.5-1.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet20-dotnet-2.0.5-1.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-0764 https://access.redhat.com/security/updates/classification/#moderate https://github.com/dotnet/announcements/issues/52
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFal5nzXlSAg2UNWIIRAldoAKCOs8K/QXdtegDgV9D0EbgK5f8dpgCfdT/D hhk5BDNc5IZlJ+doPAaUxt4= =Pz4Z -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201801-1150", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": ".net core", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "1.0" }, { "model": ".net core", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "1.1" }, { "model": ".net core", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "2.0" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.6.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.6.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "3.5.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.7" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.6" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.5.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "3.5" }, { "model": ".net framework", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "4.7.1" }, { "model": ".net framework", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "2.0" }, { "model": ".net framework", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "3.0" }, { "model": "powershell core", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "6.0" }, { "model": ".net framework", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "2.0 sp2" }, { "model": ".net framework", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "3.0 sp2" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "6.0.0" }, { "model": "windows server r2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20120" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20120" }, { "model": "windows server r2 for x64-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "windows server for itanium-based systems sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "windows server for 32-bit systems sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2016" }, { "model": "windows rt", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "8.1" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "8.10" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "8.10" }, { "model": "windows for x64-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "7" }, { "model": "windows for 32-bit systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "7" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1015110" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1015110" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" }, { "model": ".net framework sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "3.0" }, { "model": ".net framework sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2.0" } ], "sources": [ { "db": "BID", "id": "102387" }, { "db": "JVNDB", "id": "JVNDB-2018-001243" }, { "db": "NVD", "id": "CVE-2018-0764" }, { "db": "CNNVD", "id": "CNNVD-201801-407" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-0764" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Microsoft", "sources": [ { "db": "BID", "id": "102387" } ], "trust": 0.3 }, "cve": "CVE-2018-0764", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-0764", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-0764", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-0764", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201801-407", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001243" }, { "db": "NVD", "id": "CVE-2018-0764" }, { "db": "CNNVD", "id": "CNNVD-201801-407" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765. This vulnerability CVE-2018-0765 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial of service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n********************************************************************\nTitle: Microsoft Security Update Releases\nIssued: January 25, 2018\n********************************************************************\n\nSummary\n======= \n\nThe following CVEs have undergone a major revision increment:\n\n* CVE-2018-0764\n \nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance/\n advisory/CVE-2018-0764\n - Version: 3.0\n - Reason for Revision: Revised the Affected Products table to \n include PowerShell Core 6.0.0 because it is affected by \n CVE-2018-0764. See https://github.com/PowerShell/Announcements\n /issues/2 for more information. \n - Originally posted: January 9, 2018 \n - Updated: January 25, 2018\n - Aggregate CVE Severity Rating: Important\n\n* CVE-2018-0786\n\nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance/\n advisory/CVE-2018-0786\n - Version: 3.0\n - Reason for Revision: Revised the Affected Products table to\n include PowerShell Core 6.0.0 because it is affected by \n CVE-2018-0786. See https://github.com/PowerShell/Announcements\n /issues/3 for more information. \n - Originally posted: January 9, 2018 \n - Updated: January 25, 2018\n - Aggregate CVE Severity Rating: Important\n\n\nOther Information\n=================\n\nRecognize and avoid fraudulent email to Microsoft customers:\n=============================================================\nIf you receive an email message that claims to be distributing \na Microsoft security update, it is a hoax that may contain \nmalware or pointers to malicious websites. Microsoft does \nnot distribute security updates via email. \n\nThe Microsoft Security Response Center (MSRC) uses PGP to digitally \nsign all security notifications. However, PGP is not required for \nreading security notifications, reading security bulletins, or \ninstalling security updates. You can obtain the MSRC public PGP key\nat \u003chttps://technet.microsoft.com/security/dn753714\u003e. \n\n********************************************************************\nTHE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS\nPROVIDED \"AS IS\" WITHOUT WARRANTY OF ANY KIND. MICROSOFT\nDISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING\nTHE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\nPURPOSE. \nIN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE\nLIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,\nINCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL\nDAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN\nADVISED OF THE POSSIBILITY OF SUCH DAMAGES. \nSOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY\nFOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING\nLIMITATION MAY NOT APPLY. \n********************************************************************\n\nMicrosoft respects your privacy. Please read our online Privacy\nStatement at \u003chttp://go.microsoft.com/fwlink/?LinkId=81184\u003e. \n\nIf you would prefer not to receive future technical security\nnotification alerts by email from Microsoft and its family of\ncompanies please visit the following website to unsubscribe:\n\u003chttps://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar\nd.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e\u0026%3blcid=1033\u003e. \n\nThese settings will not affect any newsletters youave requested or\nany mandatory service communications that are considered part of\ncertain Microsoft services. \n\nFor legal Information, see:\n\u003chttp://www.microsoft.com/info/legalinfo/default.mspx\u003e. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID: RHSA-2018:0379-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:0379\nIssue date: 2018-03-01\nCVE Names: CVE-2018-0764 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and\nrh-dotnetcore11-dotnetcore is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and includes a CLR implementation. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-0764\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://github.com/dotnet/announcements/issues/52\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFal5nzXlSAg2UNWIIRAldoAKCOs8K/QXdtegDgV9D0EbgK5f8dpgCfdT/D\nhhk5BDNc5IZlJ+doPAaUxt4=\n=Pz4Z\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2018-0764" }, { "db": "JVNDB", "id": "JVNDB-2018-001243" }, { "db": "BID", "id": "102387" }, { "db": "PACKETSTORM", "id": "146116" }, { "db": "PACKETSTORM", "id": "146617" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-0764", "trust": 2.9 }, { "db": "BID", "id": "102387", "trust": 1.9 }, { "db": "SECTRACK", "id": "1040152", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2018-001243", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201801-407", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "146116", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "146617", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "102387" }, { "db": "JVNDB", "id": "JVNDB-2018-001243" }, { "db": "PACKETSTORM", "id": "146116" }, { "db": "PACKETSTORM", "id": "146617" }, { "db": "NVD", "id": "CVE-2018-0764" }, { "db": "CNNVD", "id": "CNNVD-201801-407" } ] }, "id": "VAR-201801-1150", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2023-12-18T13:52:49.759000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2018-0764 | .NET and .NET Core Denial Of Service Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0764" }, { "title": "CVE-2018-0764 | .NET \u304a\u3088\u3073 .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2018-0764" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001243" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-19", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001243" }, { "db": "NVD", "id": "CVE-2018-0764" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "http://www.securityfocus.com/bid/102387" }, { "trust": 1.9, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0764" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2018:0379" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id/1040152" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0764" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0764" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20180110-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2018/at180002.html" }, { "trust": 0.3, "url": "https://github.com/powershell/announcements/issues/2" }, { "trust": 0.3, "url": "http://www.microsoft.com/net/" }, { "trust": 0.3, "url": "http://www.microsoft.com" }, { "trust": 0.1, "url": "http://www.microsoft.com/info/legalinfo/default.mspx\u003e." }, { "trust": 0.1, "url": "http://go.microsoft.com/fwlink/?linkid=81184\u003e." }, { "trust": 0.1, "url": "https://github.com/powershell/announcements" }, { "trust": 0.1, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/" }, { "trust": 0.1, "url": "https://technet.microsoft.com/security/dn753714\u003e." }, { "trust": 0.1, "url": "https://profile.microsoft.com/regsysprofilecenter/subscriptionwizar" }, { "trust": 0.1, "url": "https://github.com/dotnet/announcements/issues/52" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-0764" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" } ], "sources": [ { "db": "BID", "id": "102387" }, { "db": "JVNDB", "id": "JVNDB-2018-001243" }, { "db": "PACKETSTORM", "id": "146116" }, { "db": "PACKETSTORM", "id": "146617" }, { "db": "NVD", "id": "CVE-2018-0764" }, { "db": "CNNVD", "id": "CNNVD-201801-407" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "102387" }, { "db": "JVNDB", "id": "JVNDB-2018-001243" }, { "db": "PACKETSTORM", "id": "146116" }, { "db": "PACKETSTORM", "id": "146617" }, { "db": "NVD", "id": "CVE-2018-0764" }, { "db": "CNNVD", "id": "CNNVD-201801-407" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-09T00:00:00", "db": "BID", "id": "102387" }, { "date": "2018-02-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-001243" }, { "date": "2018-01-26T13:13:13", "db": "PACKETSTORM", "id": "146116" }, { "date": "2018-03-01T23:24:00", "db": "PACKETSTORM", "id": "146617" }, { "date": "2018-01-10T01:29:00.197000", "db": "NVD", "id": "CVE-2018-0764" }, { "date": "2018-01-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-407" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-29T08:00:00", "db": "BID", "id": "102387" }, { "date": "2018-02-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-001243" }, { "date": "2021-08-12T17:19:05.447000", "db": "NVD", "id": "CVE-2018-0764" }, { "date": "2019-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-407" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-407" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Microsoft .NET Framework and .NET Core Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001243" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-407" } ], "trust": 0.6 } }
var-201811-0470
Vulnerability from variot
A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft PowerShell Remote Code Execution Vulnerability." This affects Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.2.2.0, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, Windows Server 2019, Windows 7, Windows Server 2012 R2, PowerShell Core 6.1, Windows 10 Servers, Windows 10, Windows 8.1. Vendors have identified this vulnerability as " Microsoft PowerShell Is a remote code execution vulnerability.The code could be executed remotely. Successfully exploiting this issue may result in the execution of arbitrary code in the context of the affected system. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0470", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "powershell core", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "6.1" }, { "model": "powershell core", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "6.0" }, { "model": "microsoft.powershell.archive", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "1.2.2.0" }, { "model": "windows server 2012", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "r2" }, { "model": "windows 10", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "1809" }, { "model": "windows 7", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "1709" }, { "model": "windows 10", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "1607" }, { "model": "windows 10", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "1803" }, { "model": "windows 10", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "1703" }, { "model": "windows 8.1", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows server 2012", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows server 2019", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows rt 8.1", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1709" }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1803" }, { "model": "windows server 2008", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "r2" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1607 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1607 for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1703 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1703 for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 for 64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 for arm64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 for arm64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1809 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1809 for arm64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1809 for x64-based systems" }, { "model": "windows 7", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for 32-bit systems sp1" }, { "model": "windows 7", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for x64-based systems sp1" }, { "model": "windows 8.1", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for 32-bit systems" }, { "model": "windows 8.1", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for x64-based systems" }, { "model": "windows rt 8.1", "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": "windows server", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 (server core installation)" }, { "model": "windows server", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 (server core installation)" }, { "model": "windows server 2008", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "r2 for itanium-based systems sp1" }, { "model": "windows server 2008", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "r2 for x64-based systems sp1" }, { "model": "windows server 2008", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "r2 for x64-based systems sp1 (server core installation)" }, { "model": "windows server 2012", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "none" }, { "model": "windows server 2012", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(server core installation)" }, { "model": "windows server 2012", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "r2 (server core installation)" }, { "model": "windows server 2016", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "none" }, { "model": "windows server 2016", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(server core installation)" }, { "model": "windows server 2019", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "none" }, { "model": "windows server 2019", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(server core installation)" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20190" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20160" }, { "model": "windows server r2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20120" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20120" }, { "model": "windows server r2 for x64-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "windows server r2 for itanium-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "18030" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "17090" }, { "model": "windows rt", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "8.1" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "8.10" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "8.10" }, { "model": "windows for x64-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "7" }, { "model": "windows for 32-bit systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "7" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018090" }, { "model": "windows version for arm64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018090" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018090" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018030" }, { "model": "windows version for arm64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018030" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018030" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "windows version for arm64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" }, { "model": "powershell.archive", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1.2.2.0" } ], "sources": [ { "db": "BID", "id": "105781" }, { "db": "JVNDB", "id": "JVNDB-2018-010457" }, { "db": "NVD", "id": "CVE-2018-8256" }, { "db": "CNNVD", "id": "CNNVD-201811-347" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.powershell.archive:1.2.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-8256" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Snyk Security Research Team", "sources": [ { "db": "BID", "id": "105781" }, { "db": "CNNVD", "id": "CNNVD-201811-347" } ], "trust": 0.9 }, "cve": "CVE-2018-8256", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.3, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2018-8256", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-8256", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-8256", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201811-347", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-010457" }, { "db": "NVD", "id": "CVE-2018-8256" }, { "db": "CNNVD", "id": "CNNVD-201811-347" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka \"Microsoft PowerShell Remote Code Execution Vulnerability.\" This affects Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.2.2.0, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, Windows Server 2019, Windows 7, Windows Server 2012 R2, PowerShell Core 6.1, Windows 10 Servers, Windows 10, Windows 8.1. Vendors have identified this vulnerability as \" Microsoft PowerShell Is a remote code execution vulnerability.The code could be executed remotely. \nSuccessfully exploiting this issue may result in the execution of arbitrary code in the context of the affected system. Failed exploit attempts will likely result in denial-of-service conditions", "sources": [ { "db": "NVD", "id": "CVE-2018-8256" }, { "db": "JVNDB", "id": "JVNDB-2018-010457" }, { "db": "BID", "id": "105781" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-8256", "trust": 2.7 }, { "db": "BID", "id": "105781", "trust": 1.9 }, { "db": "SECTRACK", "id": "1042108", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2018-010457", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201811-347", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "105781" }, { "db": "JVNDB", "id": "JVNDB-2018-010457" }, { "db": "NVD", "id": "CVE-2018-8256" }, { "db": "CNNVD", "id": "CNNVD-201811-347" } ] }, "id": "VAR-201811-0470", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2023-12-18T12:43:45.647000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2018-8256 | Microsoft PowerShell Remote Code Execution Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8256" }, { "title": "CVE-2018-8256 | Microsoft PowerShell \u306e\u30ea\u30e2\u30fc\u30c8\u3067\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2018-8256" }, { "title": "Microsoft PowerShell Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86755" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-010457" }, { "db": "CNNVD", "id": "CNNVD-201811-347" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-284", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-010457" }, { "db": "NVD", "id": "CVE-2018-8256" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8256" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/105781" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id/1042108" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8256" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20181114-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2018/at180046.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8256" }, { "trust": 0.3, "url": "http://www.microsoft.com/" } ], "sources": [ { "db": "BID", "id": "105781" }, { "db": "JVNDB", "id": "JVNDB-2018-010457" }, { "db": "NVD", "id": "CVE-2018-8256" }, { "db": "CNNVD", "id": "CNNVD-201811-347" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "105781" }, { "db": "JVNDB", "id": "JVNDB-2018-010457" }, { "db": "NVD", "id": "CVE-2018-8256" }, { "db": "CNNVD", "id": "CNNVD-201811-347" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-13T00:00:00", "db": "BID", "id": "105781" }, { "date": "2018-12-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-010457" }, { "date": "2018-11-14T01:29:00.253000", "db": "NVD", "id": "CVE-2018-8256" }, { "date": "2018-11-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-347" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-13T00:00:00", "db": "BID", "id": "105781" }, { "date": "2018-12-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-010457" }, { "date": "2021-09-30T16:07:32.147000", "db": "NVD", "id": "CVE-2018-8256" }, { "date": "2019-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-347" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-347" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Microsoft Windows Product Remote Code Execution Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-010457" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-347" } ], "trust": 0.6 } }
var-201905-1230
Vulnerability from variot
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981. This vulnerability CVE-2019-0820 and CVE-2019-0981 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial of service condition.
Bug Fix(es):
-
dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2019:1236-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1236 Issue date: 2019-05-15 CVE Names: CVE-2019-0820 CVE-2019-0980 CVE-2019-0981 ==================================================================== 1. Summary:
Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now available for .NET Core on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
Security Fix(es):
-
dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)
-
dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0980)
-
dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0981)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)
-
Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)
-
Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)
-
Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1654863 - Re-enable bash completion in rh-dotnet22-dotnet 1678932 - Error rebuilding rh-dotnet22-curl in CentOS 1703479 - Broken apphost caused by unset DOTNET_ROOT 1703508 - Update to .NET Core 1.1.13 1704454 - Update to .NET Core 1.0.16 1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107 1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507 1705259 - Make bash completion compatible with rh-dotnet22 packages 1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service 1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service 1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-0820 https://access.redhat.com/security/cve/CVE-2019-0980 https://access.redhat.com/security/cve/CVE-2019-0981 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB hMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3 3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH kCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ pTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa UcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN NqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg z+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB n7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP DPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD /I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm KCZo5tPFVoU=dJ6F -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201905-1230", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.7.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.7.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.6.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.6.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "3.5.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.8" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.7" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.6" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.5.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "3.5" }, { "model": ".net core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "2.2" }, { "model": ".net core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "2.1" }, { "model": ".net core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "1.1" }, { "model": ".net core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "1.0" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "2.0" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "3.0" }, { "model": ".net framework", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "2.0 sp2" }, { "model": ".net framework", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "3.0 sp2" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "6.1" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "6.2" }, { "model": ".net framework sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "3.0" }, { "model": ".net framework sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2.0" } ], "sources": [ { "db": "BID", "id": "108232" }, { "db": "JVNDB", "id": "JVNDB-2019-003824" }, { "db": "NVD", "id": "CVE-2019-0980" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-0980" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Nemanja Mijailovic,Red Hat", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-367" } ], "trust": 0.6 }, "cve": "CVE-2019-0980", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-0980", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-0980", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-0980", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201905-367", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2019-0980", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-0980" }, { "db": "JVNDB", "id": "JVNDB-2019-003824" }, { "db": "NVD", "id": "CVE-2019-0980" }, { "db": "CNNVD", "id": "CNNVD-201905-367" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka \u0027.Net Framework and .Net Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981. This vulnerability CVE-2019-0820 and CVE-2019-0981 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial of service condition. \n\nBug Fix(es):\n\n* dotnet: new SocketException((int)SocketError.InvalidArgument).Message is\nempty (BZ#1712471)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update\nAdvisory ID: RHSA-2019:1236-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:1236\nIssue date: 2019-05-15\nCVE Names: CVE-2019-0820 CVE-2019-0980 CVE-2019-0981\n====================================================================\n1. Summary:\n\nUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,\nrh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now\navailable for .NET Core on Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)\n\n* dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of\nService (CVE-2019-0980)\n\n* dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of\nService (CVE-2019-0981)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)\n\n* Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)\n\n* Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)\n\n* Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1654863 - Re-enable bash completion in rh-dotnet22-dotnet\n1678932 - Error rebuilding rh-dotnet22-curl in CentOS\n1703479 - Broken apphost caused by unset DOTNET_ROOT\n1703508 - Update to .NET Core 1.1.13\n1704454 - Update to .NET Core 1.0.16\n1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107\n1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507\n1705259 - Make bash completion compatible with rh-dotnet22 packages\n1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service\n1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service\n1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0820\nhttps://access.redhat.com/security/cve/CVE-2019-0980\nhttps://access.redhat.com/security/cve/CVE-2019-0981\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB\nhMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3\n3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH\nkCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ\npTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa\nUcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN\nNqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg\nz+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB\nn7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP\nDPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD\n/I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm\nKCZo5tPFVoU=dJ6F\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2019-0980" }, { "db": "JVNDB", "id": "JVNDB-2019-003824" }, { "db": "BID", "id": "108232" }, { "db": "VULMON", "id": "CVE-2019-0980" }, { "db": "PACKETSTORM", "id": "152999" }, { "db": "PACKETSTORM", "id": "152953" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-0980", "trust": 3.0 }, { "db": "BID", "id": "108232", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2019-003824", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "152999", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "152953", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.1839", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.1740", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201905-367", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2019-0980", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-0980" }, { "db": "BID", "id": "108232" }, { "db": "JVNDB", "id": "JVNDB-2019-003824" }, { "db": "PACKETSTORM", "id": "152999" }, { "db": "PACKETSTORM", "id": "152953" }, { "db": "NVD", "id": "CVE-2019-0980" }, { "db": "CNNVD", "id": "CNNVD-201905-367" } ] }, "id": "VAR-201905-1230", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2023-12-18T13:02:13.364000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2019-0980 | .Net Framework and .Net Core Denial of Service Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0980" }, { "title": "CVE-2019-0980 | .NET Framework \u3068 .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2019-0980" }, { "title": "Microsoft .NET Framework and .NET Core Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92518" }, { "title": "Red Hat: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191236 - security advisory" }, { "title": "Red Hat: Important: dotnet security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191259 - security advisory" }, { "title": "sharpfuzz", "trust": 0.1, "url": "https://github.com/metalnem/sharpfuzz " }, { "title": "Symantec Threat Intelligence Blog", "trust": 0.1, "url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-may-2019" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-0980" }, { "db": "JVNDB", "id": "JVNDB-2019-003824" }, { "db": "CNNVD", "id": "CNNVD-201905-367" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-19", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003824" }, { "db": "NVD", "id": "CVE-2019-0980" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:1259" }, { "trust": 2.2, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0980" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0980" }, { "trust": 0.9, "url": "http://www.microsoft.com" }, { "trust": 0.8, "url": "https://access.redhat.com/errata/rhsa-2019:1236" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0980" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20190515-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2019/at190023.html" }, { "trust": 0.7, "url": "https://www.securityfocus.com/bid/108232" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/152999/red-hat-security-advisory-2019-1259-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/81042" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/152953/red-hat-security-advisory-2019-1236-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.1839/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-may-2019-29296" }, { "trust": 0.2, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0820" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0981" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0980" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0820" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0981" }, { "trust": 0.2, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0981" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0820" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/19.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/metalnem/sharpfuzz" }, { "trust": 0.1, "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/108232" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0757" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0757" }, { "trust": 0.1, "url": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md" }, { "trust": 0.1, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0757" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-0980" }, { "db": "BID", "id": "108232" }, { "db": "JVNDB", "id": "JVNDB-2019-003824" }, { "db": "PACKETSTORM", "id": "152999" }, { "db": "PACKETSTORM", "id": "152953" }, { "db": "NVD", "id": "CVE-2019-0980" }, { "db": "CNNVD", "id": "CNNVD-201905-367" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2019-0980" }, { "db": "BID", "id": "108232" }, { "db": "JVNDB", "id": "JVNDB-2019-003824" }, { "db": "PACKETSTORM", "id": "152999" }, { "db": "PACKETSTORM", "id": "152953" }, { "db": "NVD", "id": "CVE-2019-0980" }, { "db": "CNNVD", "id": "CNNVD-201905-367" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-05-16T00:00:00", "db": "VULMON", "id": "CVE-2019-0980" }, { "date": "2019-05-14T00:00:00", "db": "BID", "id": "108232" }, { "date": "2019-05-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003824" }, { "date": "2019-05-22T14:39:27", "db": "PACKETSTORM", "id": "152999" }, { "date": "2019-05-16T23:05:23", "db": "PACKETSTORM", "id": "152953" }, { "date": "2019-05-16T19:29:04.957000", "db": "NVD", "id": "CVE-2019-0980" }, { "date": "2019-05-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-367" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-05-22T00:00:00", "db": "VULMON", "id": "CVE-2019-0980" }, { "date": "2019-05-14T00:00:00", "db": "BID", "id": "108232" }, { "date": "2019-05-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003824" }, { "date": "2019-05-22T13:29:00.913000", "db": "NVD", "id": "CVE-2019-0980" }, { "date": "2019-05-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-367" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-367" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Microsoft .NET Framework and .NET Core Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003824" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-367" } ], "trust": 0.6 } }
var-201803-1708
Vulnerability from variot
.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability". Microsoft .NET is prone to a denial-of-service vulnerability. Successful exploits will attackers to cause performance to degrade resulting in a denial of service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Low: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:0522-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0522 Issue date: 2018-03-14 CVE Names: CVE-2018-0875 =====================================================================
- Summary:
Updates for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and rh-dotnetcore11-dotnetcore are now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and includes a CLR implementation.
These correspond to the March 2018 security release by .NET Core upstream projects.
Security Fix(es):
- .NET Core: Hash Collision Denial of Service (CVE-2018-0875)
Red Hat would like to thank Ben Adams (Illyriad Games) for reporting this issue.
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet20-dotnet-2.0.6-1.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet20-dotnet-2.0.6-1.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet20-dotnet-2.0.6-1.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-0875 https://access.redhat.com/security/updates/classification/#low
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFaqUTsXlSAg2UNWIIRAuzUAKCDhqW/mE1ZwG1Bv9JVc2oVTo7cngCfUnVc slFh/sAwzwax82xICfw1G1M= =37s1 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1708", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "asp.net core", "scope": "eq", "trust": 1.9, "vendor": "microsoft", "version": "2.0" }, { "model": "asp.net core", "scope": "eq", "trust": 1.9, "vendor": "microsoft", "version": "1.1" }, { "model": "asp.net core", "scope": "eq", "trust": 1.9, "vendor": "microsoft", "version": "1.0" }, { "model": "powershell core", "scope": "eq", "trust": 1.4, "vendor": "microsoft", "version": "6.0.0" }, { "model": "powershell core", "scope": "eq", "trust": 1.3, "vendor": "microsoft", "version": "6.0" }, { "model": ".net core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "1.0" }, { "model": ".net core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "1.1" }, { "model": ".net core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "2.0" } ], "sources": [ { "db": "BID", "id": "103225" }, { "db": "JVNDB", "id": "JVNDB-2018-002560" }, { "db": "NVD", "id": "CVE-2018-0875" }, { "db": "CNNVD", "id": "CNNVD-201803-522" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-0875" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ben Adams of Illyriad Games", "sources": [ { "db": "BID", "id": "103225" } ], "trust": 0.3 }, "cve": "CVE-2018-0875", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-0875", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-0875", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-0875", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201803-522", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-002560" }, { "db": "NVD", "id": "CVE-2018-0875" }, { "db": "CNNVD", "id": "CNNVD-201803-522" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": ".NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka \".NET Core Denial of Service Vulnerability\". Microsoft .NET is prone to a denial-of-service vulnerability. \nSuccessful exploits will attackers to cause performance to degrade resulting in a denial of service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID: RHSA-2018:0522-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:0522\nIssue date: 2018-03-14\nCVE Names: CVE-2018-0875 \n=====================================================================\n\n1. Summary:\n\nUpdates for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and\nrh-dotnetcore11-dotnetcore are now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and includes a CLR implementation. \n\nThese correspond to the March 2018 security release by .NET Core upstream\nprojects. \n\nSecurity Fix(es):\n\n* .NET Core: Hash Collision Denial of Service (CVE-2018-0875)\n\nRed Hat would like to thank Ben Adams (Illyriad Games) for reporting this\nissue. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-0875\nhttps://access.redhat.com/security/updates/classification/#low\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFaqUTsXlSAg2UNWIIRAuzUAKCDhqW/mE1ZwG1Bv9JVc2oVTo7cngCfUnVc\nslFh/sAwzwax82xICfw1G1M=\n=37s1\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2018-0875" }, { "db": "JVNDB", "id": "JVNDB-2018-002560" }, { "db": "BID", "id": "103225" }, { "db": "PACKETSTORM", "id": "146768" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-0875", "trust": 2.8 }, { "db": "BID", "id": "103225", "trust": 1.9 }, { "db": "SECTRACK", "id": "1040505", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2018-002560", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201803-522", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "146768", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "103225" }, { "db": "JVNDB", "id": "JVNDB-2018-002560" }, { "db": "PACKETSTORM", "id": "146768" }, { "db": "NVD", "id": "CVE-2018-0875" }, { "db": "CNNVD", "id": "CNNVD-201803-522" } ] }, "id": "VAR-201803-1708", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2023-12-18T14:05:29.802000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2018-0875 | .NET Core Denial of Service Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0875" }, { "title": "CVE-2018-0875 | .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2018-0875" }, { "title": "Microsoft .NET Core and PowerShell Core Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79171" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-002560" }, { "db": "CNNVD", "id": "CNNVD-201803-522" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-002560" }, { "db": "NVD", "id": "CVE-2018-0875" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0875" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2018:0522" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/103225" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id/1040505" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0875" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0875" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20180314-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2018/at180011.html" }, { "trust": 0.3, "url": "http://www.microsoft.com/net/" }, { "trust": 0.3, "url": "http://www.microsoft.com" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-0875" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" } ], "sources": [ { "db": "BID", "id": "103225" }, { "db": "JVNDB", "id": "JVNDB-2018-002560" }, { "db": "PACKETSTORM", "id": "146768" }, { "db": "NVD", "id": "CVE-2018-0875" }, { "db": "CNNVD", "id": "CNNVD-201803-522" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "103225" }, { "db": "JVNDB", "id": "JVNDB-2018-002560" }, { "db": "PACKETSTORM", "id": "146768" }, { "db": "NVD", "id": "CVE-2018-0875" }, { "db": "CNNVD", "id": "CNNVD-201803-522" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-03-13T00:00:00", "db": "BID", "id": "103225" }, { "date": "2018-04-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-002560" }, { "date": "2018-03-15T15:52:13", "db": "PACKETSTORM", "id": "146768" }, { "date": "2018-03-14T17:29:00.980000", "db": "NVD", "id": "CVE-2018-0875" }, { "date": "2018-03-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201803-522" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-03-13T00:00:00", "db": "BID", "id": "103225" }, { "date": "2018-04-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-002560" }, { "date": "2021-08-12T17:19:05.447000", "db": "NVD", "id": "CVE-2018-0875" }, { "date": "2020-10-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201803-522" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201803-522" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": ".NET Core and PowerShell Core Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-002560" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201803-522" } ], "trust": 0.6 } }
var-201903-1504
Vulnerability from variot
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0631, CVE-2019-0632. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201903-1504", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "powershell core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "6.2" }, { "model": "powershell core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "6.1" }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1809" }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1709" }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1803" }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1607" }, { "model": "windows server 2019", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1803" }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1703" }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1709" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1607 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1607 for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1703 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1703 for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 for 64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 for arm64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 for arm64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1809 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1809 for arm64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1809 for x64-based systems" }, { "model": "windows server", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 (server core installation)" }, { "model": "windows server", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 (server core installation)" }, { "model": "windows server 2016", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "none" }, { "model": "windows server 2016", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(server core installation)" }, { "model": "windows server 2019", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "none" }, { "model": "windows server 2019", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(server core installation)" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20190" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20160" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "18030" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "17090" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018090" }, { "model": "windows version for arm64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018090" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018090" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018030" }, { "model": "windows version for arm64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018030" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018030" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "windows version for arm64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" } ], "sources": [ { "db": "BID", "id": "106857" }, { "db": "JVNDB", "id": "JVNDB-2019-002191" }, { "db": "NVD", "id": "CVE-2019-0627" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-0627" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Matt Graeber from SpecterOps.", "sources": [ { "db": "BID", "id": "106857" }, { "db": "CNNVD", "id": "CNNVD-201902-347" } ], "trust": 0.9 }, "cve": "CVE-2019-0627", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2019-0627", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-0627", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-0627", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201902-347", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2019-0627", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-0627" }, { "db": "JVNDB", "id": "JVNDB-2019-002191" }, { "db": "NVD", "id": "CVE-2019-0627" }, { "db": "CNNVD", "id": "CNNVD-201902-347" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka \u0027Windows Security Feature Bypass Vulnerability\u0027. This CVE ID is unique from CVE-2019-0631, CVE-2019-0632. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks", "sources": [ { "db": "NVD", "id": "CVE-2019-0627" }, { "db": "JVNDB", "id": "JVNDB-2019-002191" }, { "db": "BID", "id": "106857" }, { "db": "VULMON", "id": "CVE-2019-0627" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-0627", "trust": 2.8 }, { "db": "BID", "id": "106857", "trust": 2.0 }, { "db": "JVNDB", "id": "JVNDB-2019-002191", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201902-347", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2019-0627", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-0627" }, { "db": "BID", "id": "106857" }, { "db": "JVNDB", "id": "JVNDB-2019-002191" }, { "db": "NVD", "id": "CVE-2019-0627" }, { "db": "CNNVD", "id": "CNNVD-201902-347" } ] }, "id": "VAR-201903-1504", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2023-12-18T13:48:00.504000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2019-0627 | Windows Security Feature Bypass Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0627" }, { "title": "CVE-2019-0627 | Windows \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u306e\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2019-0627" }, { "title": "Microsoft Windows Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89161" }, { "title": "", "trust": 0.1, "url": "https://github.com/mattifestation/mattifestation " }, { "title": "Symantec Threat Intelligence Blog", "trust": 0.1, "url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-february-2019" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-0627" }, { "db": "JVNDB", "id": "JVNDB-2019-002191" }, { "db": "CNNVD", "id": "CNNVD-201902-347" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-264", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002191" }, { "db": "NVD", "id": "CVE-2019-0627" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.securityfocus.com/bid/106857" }, { "trust": 2.0, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0627" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0627" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0627" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20190213-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2019/at190006.html" }, { "trust": 0.3, "url": "https://github.com/powershell/announcements/issues/13" }, { "trust": 0.3, "url": "http://www.microsoft.com" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/106857" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-0627" }, { "db": "BID", "id": "106857" }, { "db": "JVNDB", "id": "JVNDB-2019-002191" }, { "db": "NVD", "id": "CVE-2019-0627" }, { "db": "CNNVD", "id": "CNNVD-201902-347" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2019-0627" }, { "db": "BID", "id": "106857" }, { "db": "JVNDB", "id": "JVNDB-2019-002191" }, { "db": "NVD", "id": "CVE-2019-0627" }, { "db": "CNNVD", "id": "CNNVD-201902-347" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-03-05T00:00:00", "db": "VULMON", "id": "CVE-2019-0627" }, { "date": "2019-02-12T00:00:00", "db": "BID", "id": "106857" }, { "date": "2019-04-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-002191" }, { "date": "2019-03-05T23:29:01.223000", "db": "NVD", "id": "CVE-2019-0627" }, { "date": "2019-02-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201902-347" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-24T00:00:00", "db": "VULMON", "id": "CVE-2019-0627" }, { "date": "2019-02-21T05:00:00", "db": "BID", "id": "106857" }, { "date": "2019-04-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-002191" }, { "date": "2020-08-24T17:37:01.140000", "db": "NVD", "id": "CVE-2019-0627" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201902-347" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "106857" }, { "db": "CNNVD", "id": "CNNVD-201902-347" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Microsoft Windows Vulnerabilities that bypass security functions in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002191" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control", "sources": [ { "db": "CNNVD", "id": "CNNVD-201902-347" } ], "trust": 0.6 } }
var-201811-0477
Vulnerability from variot
A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. plural Microsoft Windows Product and PowerShell Core Contains a vulnerability that can be tampered with. The vendor Microsoft PowerShell Has been disclosed as "Tampering Vulnerability".An attacker could execute code that is not logged. Microsoft Powershell is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0477", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "powershell core", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "6.1" }, { "model": "powershell core", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "6.0" }, { "model": "windows server 2012", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "r2" }, { "model": "windows 10", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "1809" }, { "model": "windows 8.1", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "1709" }, { "model": "windows 7", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "1607" }, { "model": "windows 10", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "1803" }, { "model": "windows 10", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "1703" }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1803" }, { "model": "windows server 2012", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows server 2019", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows server 2008", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "r2" }, { "model": "windows rt 8.1", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1709" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1607 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1607 for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1703 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1703 for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 for 64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 for arm64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 for arm64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1809 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1809 for arm64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1809 for x64-based systems" }, { "model": "windows 7", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for 32-bit systems sp1" }, { "model": "windows 7", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for x64-based systems sp1" }, { "model": "windows 8.1", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for 32-bit systems" }, { "model": "windows 8.1", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for x64-based systems" }, { "model": "windows rt 8.1", "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": "windows server", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 (server core installation)" }, { "model": "windows server", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 (server core installation)" }, { "model": "windows server 2008", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "r2 for x64-based systems sp1" }, { "model": "windows server 2008", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "r2 for x64-based systems sp1 (server core installation)" }, { "model": "windows server 2012", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "none" }, { "model": "windows server 2012", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(server core installation)" }, { "model": "windows server 2012", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "r2 (server core installation)" }, { "model": "windows server 2016", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "none" }, { "model": "windows server 2016", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(server core installation)" }, { "model": "windows server 2019", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "none" }, { "model": "windows server 2019", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(server core installation)" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20190" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20160" }, { "model": "windows server r2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20120" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20120" }, { "model": "windows server r2 for x64-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "18030" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "17090" }, { "model": "windows rt", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "8.1" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "8.10" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "8.10" }, { "model": "windows for x64-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "7" }, { "model": "windows for 32-bit systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "7" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018090" }, { "model": "windows version for arm64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018090" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018090" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018030" }, { "model": "windows version for arm64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018030" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018030" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "windows version for arm64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" } ], "sources": [ { "db": "BID", "id": "105792" }, { "db": "JVNDB", "id": "JVNDB-2018-010458" }, { "db": "NVD", "id": "CVE-2018-8415" }, { "db": "CNNVD", "id": "CNNVD-201811-358" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-8415" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Amirreza Niakanlahiji (@DissectMalware) of University of North Carolina at Charlotte and Amirreza Niakanlahiji of University of North Carolina at Charlotte", "sources": [ { "db": "BID", "id": "105792" }, { "db": "CNNVD", "id": "CNNVD-201811-358" } ], "trust": 0.9 }, "cve": "CVE-2018-8415", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-8415", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-8415", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-8415", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201811-358", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-010458" }, { "db": "NVD", "id": "CVE-2018-8415" }, { "db": "CNNVD", "id": "CNNVD-201811-358" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka \"Microsoft PowerShell Tampering Vulnerability.\" This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. plural Microsoft Windows Product and PowerShell Core Contains a vulnerability that can be tampered with. The vendor Microsoft PowerShell Has been disclosed as \"Tampering Vulnerability\".An attacker could execute code that is not logged. Microsoft Powershell is prone to a security bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions", "sources": [ { "db": "NVD", "id": "CVE-2018-8415" }, { "db": "JVNDB", "id": "JVNDB-2018-010458" }, { "db": "BID", "id": "105792" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-8415", "trust": 2.7 }, { "db": "BID", "id": "105792", "trust": 1.9 }, { "db": "SECTRACK", "id": "1042108", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2018-010458", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201811-358", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "105792" }, { "db": "JVNDB", "id": "JVNDB-2018-010458" }, { "db": "NVD", "id": "CVE-2018-8415" }, { "db": "CNNVD", "id": "CNNVD-201811-358" } ] }, "id": "VAR-201811-0477", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2023-12-18T12:43:45.619000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2018-8415 | Microsoft PowerShell Tampering Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8415" }, { "title": "CVE-2018-8415 | Microsoft PowerShell \u306e\u6539\u3056\u3093\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2018-8415" }, { "title": "Microsoft PowerShell Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86766" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-010458" }, { "db": "CNNVD", "id": "CNNVD-201811-358" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-94", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-010458" }, { "db": "NVD", "id": "CVE-2018-8415" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8415" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/105792" }, { "trust": 1.0, "url": "http://www.securitytracker.com/id/1042108" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8415" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20181114-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2018/at180046.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8415" }, { "trust": 0.3, "url": "http://www.microsoft.com" } ], "sources": [ { "db": "BID", "id": "105792" }, { "db": "JVNDB", "id": "JVNDB-2018-010458" }, { "db": "NVD", "id": "CVE-2018-8415" }, { "db": "CNNVD", "id": "CNNVD-201811-358" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "105792" }, { "db": "JVNDB", "id": "JVNDB-2018-010458" }, { "db": "NVD", "id": "CVE-2018-8415" }, { "db": "CNNVD", "id": "CNNVD-201811-358" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-13T00:00:00", "db": "BID", "id": "105792" }, { "date": "2018-12-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-010458" }, { "date": "2018-11-14T01:29:00.380000", "db": "NVD", "id": "CVE-2018-8415" }, { "date": "2018-11-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-358" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-13T00:00:00", "db": "BID", "id": "105792" }, { "date": "2018-12-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-010458" }, { "date": "2018-12-13T18:13:48.827000", "db": "NVD", "id": "CVE-2018-8415" }, { "date": "2018-11-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-358" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "105792" }, { "db": "CNNVD", "id": "CNNVD-201811-358" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Microsoft Windows Product and PowerShell Core Vulnerabilities to be tampered with", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-010458" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-358" } ], "trust": 0.6 } }
var-201810-1125
Vulnerability from variot
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0. An attacker can exploit this issue to obtain sensitive information. Successful exploits will lead to other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:2902-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2902 Issue date: 2018-10-09 CVE Names: CVE-2018-8292 =====================================================================
- Summary:
Updates for rh-dotnetcore11-dotnetcore, and rh-dotnetcore10-dotnetcore are now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
These versions correspond to the October 2018 security release by .NET Core upstream projects.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-8292 https://access.redhat.com/security/updates/classification/#moderate https://github.com/dotnet/announcements/issues/88
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW71EydzjgjWX9erEAQhK3Q/8DwPo83R6HBwUmO2gO56n0ci7BOOZ1HfH VYRSvXSPaBf8fbFSaZN5+OJhPBJfnCiEIgO8cSuMYf3zWebkIONZnkzB55BJqD0N Z7wS2R4bI6Mw33K9ET2WhoUF7JiZDU+Spu7T2TW9roAms7U7IJBXMi52N3pAS3yQ gzvB8Fuci3xsGqyIYMgt0SmqnlkqbZmR35Yq7e3yxMzAlY/lp7tfQ/ZxIHfxDKh3 NrT8nKj58i0WGlOKxlWsTDadHwrCe9YoZVn8FRJJdCDE+tjW6KNmXKOy08qPfp3n LuikowCnqyQh6CoKJ91q47zsq7j8hisj0z7CgMLxO2Y4Gk9hSni5ynlxlDUYWDrB f9mi4LlnBp1Dwjnv7IJee9SXR4M7fIuwbexhBv8OGzijwXvHZkfZ5aceTAqrBYIb INZNaHwGQIgwkHkanz3N6pPbrfXTvOfcIWmrctyYfI05RsW4FRXm1dh2tF7y1uK7 FgWNvDxAAZqYhk2SBYPtUfQNkNktkLZ0M76QEXcgCrYr5OTTCM92pxZjLPmbYx2Y +1Kl+cSvk3nschXLbuXjGtWiuBrJXtdDW8ytt2bC5lyxylo8mYSl7G5V0eDifMKs sdHtMLM5S+4xrAQ4avNEFgqz4h78s6mY4Dq9fXkZUbYXLFLbaIb/foGUnnWJ5/az 9K+HIBmUA6I= =+FXG -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201810-1125", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "powershell core", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "6.0" }, { "model": "asp.net core", "scope": "eq", "trust": 1.9, "vendor": "microsoft", "version": "2.1" }, { "model": "asp.net core", "scope": "eq", "trust": 1.9, "vendor": "microsoft", "version": "1.1" }, { "model": "asp.net core", "scope": "eq", "trust": 1.9, "vendor": "microsoft", "version": "1.0" }, { "model": ".net core", "scope": "eq", "trust": 1.1, "vendor": "microsoft", "version": "2.1" }, { "model": ".net core", "scope": "eq", "trust": 1.1, "vendor": "microsoft", "version": "1.1" }, { "model": ".net core", "scope": "eq", "trust": 1.1, "vendor": "microsoft", "version": "1.0" } ], "sources": [ { "db": "BID", "id": "105548" }, { "db": "JVNDB", "id": "JVNDB-2018-010455" }, { "db": "NVD", "id": "CVE-2018-8292" }, { "db": "CNNVD", "id": "CNNVD-201810-492" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-8292" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Microsoft", "sources": [ { "db": "BID", "id": "105548" } ], "trust": 0.3 }, "cve": "CVE-2018-8292", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-8292", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-8292", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-8292", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201810-492", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2018-8292", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-8292" }, { "db": "JVNDB", "id": "JVNDB-2018-010455" }, { "db": "NVD", "id": "CVE-2018-8292" }, { "db": "CNNVD", "id": "CNNVD-201810-492" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka \".NET Core Information Disclosure Vulnerability.\" This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0. \nAn attacker can exploit this issue to obtain sensitive information. Successful exploits will lead to other attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID: RHSA-2018:2902-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:2902\nIssue date: 2018-10-09\nCVE Names: CVE-2018-8292 \n=====================================================================\n\n1. Summary:\n\nUpdates for rh-dotnetcore11-dotnetcore, and rh-dotnetcore10-dotnetcore are\nnow available for .NET Core on Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nThese versions correspond to the October 2018 security release by .NET Core\nupstream projects. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-8292\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://github.com/dotnet/announcements/issues/88\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW71EydzjgjWX9erEAQhK3Q/8DwPo83R6HBwUmO2gO56n0ci7BOOZ1HfH\nVYRSvXSPaBf8fbFSaZN5+OJhPBJfnCiEIgO8cSuMYf3zWebkIONZnkzB55BJqD0N\nZ7wS2R4bI6Mw33K9ET2WhoUF7JiZDU+Spu7T2TW9roAms7U7IJBXMi52N3pAS3yQ\ngzvB8Fuci3xsGqyIYMgt0SmqnlkqbZmR35Yq7e3yxMzAlY/lp7tfQ/ZxIHfxDKh3\nNrT8nKj58i0WGlOKxlWsTDadHwrCe9YoZVn8FRJJdCDE+tjW6KNmXKOy08qPfp3n\nLuikowCnqyQh6CoKJ91q47zsq7j8hisj0z7CgMLxO2Y4Gk9hSni5ynlxlDUYWDrB\nf9mi4LlnBp1Dwjnv7IJee9SXR4M7fIuwbexhBv8OGzijwXvHZkfZ5aceTAqrBYIb\nINZNaHwGQIgwkHkanz3N6pPbrfXTvOfcIWmrctyYfI05RsW4FRXm1dh2tF7y1uK7\nFgWNvDxAAZqYhk2SBYPtUfQNkNktkLZ0M76QEXcgCrYr5OTTCM92pxZjLPmbYx2Y\n+1Kl+cSvk3nschXLbuXjGtWiuBrJXtdDW8ytt2bC5lyxylo8mYSl7G5V0eDifMKs\nsdHtMLM5S+4xrAQ4avNEFgqz4h78s6mY4Dq9fXkZUbYXLFLbaIb/foGUnnWJ5/az\n9K+HIBmUA6I=\n=+FXG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2018-8292" }, { "db": "JVNDB", "id": "JVNDB-2018-010455" }, { "db": "BID", "id": "105548" }, { "db": "VULMON", "id": "CVE-2018-8292" }, { "db": "PACKETSTORM", "id": "149745" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-8292", "trust": 2.9 }, { "db": "BID", "id": "105548", "trust": 1.4 }, { "db": "JVNDB", "id": "JVNDB-2018-010455", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201810-492", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2018-8292", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "149745", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-8292" }, { "db": "BID", "id": "105548" }, { "db": "JVNDB", "id": "JVNDB-2018-010455" }, { "db": "PACKETSTORM", "id": "149745" }, { "db": "NVD", "id": "CVE-2018-8292" }, { "db": "CNNVD", "id": "CNNVD-201810-492" } ] }, "id": "VAR-201810-1125", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2023-12-18T13:02:25.373000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2018-8292 | .NET Core Information Disclosure Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8292" }, { "title": "CVE-2018-8292 | .NET Core \u306e\u60c5\u5831\u6f0f\u3048\u3044\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2018-8292" }, { "title": "Microsoft .NET Core and PowerShell Core Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85661" }, { "title": "Red Hat: Moderate: .NET Core on Red Hat Enterprise Linux security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182902 - security advisory" }, { "title": "Red Hat: CVE-2018-8292", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-8292" }, { "title": "TrivyDepsFalsePositive", "trust": 0.1, "url": "https://github.com/stasjs/trivydepsfalsepositive " }, { "title": "OssIndexClient", "trust": 0.1, "url": "https://github.com/simoncropp/ossindexclient " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-8292" }, { "db": "JVNDB", "id": "JVNDB-2018-010455" }, { "db": "CNNVD", "id": "CNNVD-201810-492" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-010455" }, { "db": "NVD", "id": "CVE-2018-8292" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8292" }, { "trust": 1.3, "url": "https://access.redhat.com/errata/rhsa-2018:2902" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/105548" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8292" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8292" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20181010-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2018/at180041.html" }, { "trust": 0.4, "url": "https://github.com/dotnet/announcements/issues/88" }, { "trust": 0.3, "url": "http://www.microsoft.com" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/200.html" }, { "trust": 0.1, "url": "https://github.com/stasjs/trivydepsfalsepositive" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/simoncropp/ossindexclient" }, { "trust": 0.1, "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/105548" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-8292" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-8292" }, { "db": "BID", "id": "105548" }, { "db": "JVNDB", "id": "JVNDB-2018-010455" }, { "db": "PACKETSTORM", "id": "149745" }, { "db": "NVD", "id": "CVE-2018-8292" }, { "db": "CNNVD", "id": "CNNVD-201810-492" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2018-8292" }, { "db": "BID", "id": "105548" }, { "db": "JVNDB", "id": "JVNDB-2018-010455" }, { "db": "PACKETSTORM", "id": "149745" }, { "db": "NVD", "id": "CVE-2018-8292" }, { "db": "CNNVD", "id": "CNNVD-201810-492" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-10T00:00:00", "db": "VULMON", "id": "CVE-2018-8292" }, { "date": "2018-10-09T00:00:00", "db": "BID", "id": "105548" }, { "date": "2018-12-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-010455" }, { "date": "2018-10-10T17:38:30", "db": "PACKETSTORM", "id": "149745" }, { "date": "2018-10-10T13:29:01.213000", "db": "NVD", "id": "CVE-2018-8292" }, { "date": "2018-10-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-492" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-06T00:00:00", "db": "VULMON", "id": "CVE-2018-8292" }, { "date": "2018-10-09T00:00:00", "db": "BID", "id": "105548" }, { "date": "2018-12-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-010455" }, { "date": "2018-12-06T14:46:36.853000", "db": "NVD", "id": "CVE-2018-8292" }, { "date": "2018-10-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-492" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-492" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Microsoft NET Core and PowerShell Core Vulnerability in which information is disclosed", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-010455" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-492" } ], "trust": 0.6 } }
var-201811-0478
Vulnerability from variot
A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:3676-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3676 Issue date: 2018-11-27 CVE Names: CVE-2018-8416 ==================================================================== 1. Summary:
An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
Security Fix(es):
- .NET Core: Arbitrary file and directory creation (CVE-2018-8416)
For more information, please refer to the upstream docs in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm
x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm
x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm
x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-8416 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW/zJC9zjgjWX9erEAQi0Pw//WnLvaExr0r/rVkOTSxMDwGEqCu4K7nU6 8FnknCX3hpTmIqwIb5VIGOUwRneeg3DnGxg8vIBm8dwrAGqkgpfpGJLt1H7MNAMK p3idNKfoZgG3gVfiO55aaKkftoimA4rUx915ssPzLtBADWdqPfSG0jHkWJgynpDA gAU2FZOhmIJ2Z2+COCi7i1hf2CKDeRRu7mvFDkyKYb4yoVsGXPsm4dB1piw/2VCh ezp4sWeGq0r1dReejy+O2IU8bx/8LsaPqz2ZaARXjFHCEEg4y2CFxLzv2nsokQfy gmpcNtY7F2+ysHP9YL9xV7/pQF3FR1cHDP8lZ6usNIrgrPO/e7WAszsTEg6u3+9l t4gRjeE1SJHa7JkC6seEpZXsxCdR0/9GeOBm+b2RF9qgSEgQgtD/N/AKNQWt4Qo3 rRQN79cy4sRznmwzP0MBE57RAu7GzmmueLeJK7uAuQikfqxGPn5Q2yOah74I2WR9 lzbwqVLuUBHZZhHautHQA3i4bqz8CEfQRHTGmiagkHYWn2m2yNJsWnDMt5YpLzn2 GpTg+9TU0GmwqSquG/5r/rD9YLJwM2m8KV9Yt0PArzw1ey+z542i0Dwv4GlHpIR4 W9D33bMeOY1o4IhLmT+Qlm5ZbGEWleQ4U59YUaCvnZDzsfg0AcJSSpg42ws2+FkC uuianWdqhaI=i2VD -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0478", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "asp.net core", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "2.1" }, { "model": ".net core", "scope": "eq", "trust": 1.1, "vendor": "microsoft", "version": "2.1" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "6.1" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "6.2" } ], "sources": [ { "db": "BID", "id": "105798" }, { "db": "JVNDB", "id": "JVNDB-2018-013498" }, { "db": "NVD", "id": "CVE-2018-8416" }, { "db": "CNNVD", "id": "CNNVD-201811-363" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-8416" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Danny Grander of Snyk.", "sources": [ { "db": "BID", "id": "105798" }, { "db": "CNNVD", "id": "CNNVD-201811-363" } ], "trust": 0.9 }, "cve": "CVE-2018-8416", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-8416", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-8416", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-8416", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201811-363", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013498" }, { "db": "NVD", "id": "CVE-2018-8416" }, { "db": "CNNVD", "id": "CNNVD-201811-363" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka \".NET Core Tampering Vulnerability.\" This affects .NET Core 2.1. \nSuccessfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID: RHSA-2018:3676-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3676\nIssue date: 2018-11-27\nCVE Names: CVE-2018-8416\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* .NET Core: Arbitrary file and directory creation (CVE-2018-8416)\n\nFor more information, please refer to the upstream docs in the References\nsection. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-dotnet-2.1.500-5.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-dotnet-2.1.500-5.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-dotnet-2.1.500-5.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-8416\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW/zJC9zjgjWX9erEAQi0Pw//WnLvaExr0r/rVkOTSxMDwGEqCu4K7nU6\n8FnknCX3hpTmIqwIb5VIGOUwRneeg3DnGxg8vIBm8dwrAGqkgpfpGJLt1H7MNAMK\np3idNKfoZgG3gVfiO55aaKkftoimA4rUx915ssPzLtBADWdqPfSG0jHkWJgynpDA\ngAU2FZOhmIJ2Z2+COCi7i1hf2CKDeRRu7mvFDkyKYb4yoVsGXPsm4dB1piw/2VCh\nezp4sWeGq0r1dReejy+O2IU8bx/8LsaPqz2ZaARXjFHCEEg4y2CFxLzv2nsokQfy\ngmpcNtY7F2+ysHP9YL9xV7/pQF3FR1cHDP8lZ6usNIrgrPO/e7WAszsTEg6u3+9l\nt4gRjeE1SJHa7JkC6seEpZXsxCdR0/9GeOBm+b2RF9qgSEgQgtD/N/AKNQWt4Qo3\nrRQN79cy4sRznmwzP0MBE57RAu7GzmmueLeJK7uAuQikfqxGPn5Q2yOah74I2WR9\nlzbwqVLuUBHZZhHautHQA3i4bqz8CEfQRHTGmiagkHYWn2m2yNJsWnDMt5YpLzn2\nGpTg+9TU0GmwqSquG/5r/rD9YLJwM2m8KV9Yt0PArzw1ey+z542i0Dwv4GlHpIR4\nW9D33bMeOY1o4IhLmT+Qlm5ZbGEWleQ4U59YUaCvnZDzsfg0AcJSSpg42ws2+FkC\nuuianWdqhaI=i2VD\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2018-8416" }, { "db": "JVNDB", "id": "JVNDB-2018-013498" }, { "db": "BID", "id": "105798" }, { "db": "PACKETSTORM", "id": "150479" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-8416", "trust": 2.8 }, { "db": "BID", "id": "105798", "trust": 1.9 }, { "db": "SECTRACK", "id": "1042128", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2018-013498", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201811-363", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "150479", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "105798" }, { "db": "JVNDB", "id": "JVNDB-2018-013498" }, { "db": "PACKETSTORM", "id": "150479" }, { "db": "NVD", "id": "CVE-2018-8416" }, { "db": "CNNVD", "id": "CNNVD-201811-363" } ] }, "id": "VAR-201811-0478", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2023-12-18T13:33:40.780000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2018-8416 | .NET Core Tampering Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8416" }, { "title": "CVE-2018-8416 | .NET Core \u306e\u6539\u3056\u3093\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2018-8416" }, { "title": "Microsoft .NET Core Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86772" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013498" }, { "db": "CNNVD", "id": "CNNVD-201811-363" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013498" }, { "db": "NVD", "id": "CVE-2018-8416" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2018:3676" }, { "trust": 1.7, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8416" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/105798" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id/1042128" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8416" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8416" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20181114-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2018/at180046.html" }, { "trust": 0.3, "url": "http://www.microsoft.com" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-8416" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" } ], "sources": [ { "db": "BID", "id": "105798" }, { "db": "JVNDB", "id": "JVNDB-2018-013498" }, { "db": "PACKETSTORM", "id": "150479" }, { "db": "NVD", "id": "CVE-2018-8416" }, { "db": "CNNVD", "id": "CNNVD-201811-363" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "105798" }, { "db": "JVNDB", "id": "JVNDB-2018-013498" }, { "db": "PACKETSTORM", "id": "150479" }, { "db": "NVD", "id": "CVE-2018-8416" }, { "db": "CNNVD", "id": "CNNVD-201811-363" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-13T00:00:00", "db": "BID", "id": "105798" }, { "date": "2019-02-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013498" }, { "date": "2018-11-27T17:23:43", "db": "PACKETSTORM", "id": "150479" }, { "date": "2018-11-14T01:29:00.427000", "db": "NVD", "id": "CVE-2018-8416" }, { "date": "2018-11-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-363" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-13T00:00:00", "db": "BID", "id": "105798" }, { "date": "2019-02-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-013498" }, { "date": "2020-08-24T17:37:01.140000", "db": "NVD", "id": "CVE-2018-8416" }, { "date": "2020-10-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-363" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-363" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": ".NET Core Vulnerabilities to be tampered with", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-013498" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input Validation Error", "sources": [ { "db": "BID", "id": "105798" }, { "db": "CNNVD", "id": "CNNVD-201811-363" } ], "trust": 0.9 } }
var-202102-1446
Vulnerability from variot
.NET Core Remote Code Execution Vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:0789-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0789 Issue date: 2021-03-09 CVE Names: CVE-2021-26701 ==================================================================== 1. Summary:
An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The updated versions are .NET Core SDK 3.1.113 and .NET Core Runtime 3.1.13.
Security Fix(es):
- dotnet: System.Text.Encodings.Web Remote Code Execution (CVE-2021-26701)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet31-dotnet-3.1.113-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.113-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet31-dotnet-3.1.113-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.113-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet31-dotnet-3.1.113-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.113-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-26701 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYEfcQtzjgjWX9erEAQjYKQ/9GAgJR6yoeb0rRTrmE8PNW3uAsIBuK1EK uITzaizodY25oMJf0wW9qQGejZDZTRH5QdmRJdNOftA5fNDT0lx72SYE60rw89Ws no+T4n6s2KlnS5GJ/oQKdpZvtF2l2lWyh8oKjKqGO2Vf2lOTFB0+tqdIYpLddlf2 wQAO/RIdBjRE6buqlNA/3iaQRgubL0FMxLrrCMUiVSFcsl9Wh1stIwQCDGQVJzyW 73fA+qastsAy0uTK9F7r9Hp9/fzdWYy4epR2maImkozVQyGIttfOn96wMAEGYQcM B791utMTJQRMoXz1TUpkQ7T31NQH14nW5w1tTjVOwipXBsFqe5IspfUb6iMNihoI UXm/RtLh7z28aamZ7tPkcDW1+WktoD6mL1mToiNPZBLjC6QfSKZCPIS08J3Gyf71 M2BPqwvx8o1YWYJ6oRtEKvOs6QBmYqwsvDEBtMOuf1CqfvqJNsBckPxPibatc49T q3UGj+2OD7rBFuvv/47O/401Sj4yrpddBsWpNg2KDcRqiSwjafTTzCqiS4w38eR/ /0KvKk095cnBbDQ24bezTZrPk4bMUA6gQaObA51pw/VvBnZqxMTxcPgB+LqUzYtK o6/i+D0nxWAlCi31iCvr2pY1jFXHGZzn3v8qCk1Kn4Ii37ifJ55IAYbnI1kIuyQu cDYTfg/xJLITUF -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202102-1446", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "32" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": ".net", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "5.0" }, { "model": "powershell core", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "7.1" }, { "model": ".net core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "2.1" }, { "model": ".net core", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "2.1.28" }, { "model": "visual studio 2019", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "16.0" }, { "model": "visual studio 2019", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "16.9" }, { "model": ".net core", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "3.1.15" }, { "model": ".net", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "5.0.4" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "33" }, { "model": "powershell core", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "7.0" }, { "model": ".net core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "3.1" }, { "model": "visual studio 2019", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "7.0" }, { "model": ".net", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": "microsoft visual studio", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "7.1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-004040" }, { "db": "NVD", "id": "CVE-2021-26701" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:-:*:*:*:*:macos:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.9", "versionStartIncluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.1.15", "versionStartIncluding": "3.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.28", "versionStartIncluding": "2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.0.4", "versionStartIncluding": "5.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-26701" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "161737" }, { "db": "PACKETSTORM", "id": "161740" }, { "db": "PACKETSTORM", "id": "161736" }, { "db": "PACKETSTORM", "id": "161732" }, { "db": "PACKETSTORM", "id": "161733" }, { "db": "PACKETSTORM", "id": "161739" }, { "db": "CNNVD", "id": "CNNVD-202102-685" } ], "trust": 1.2 }, "cve": "CVE-2021-26701", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-26701", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "secure@microsoft.com", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-26701", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-26701", "trust": 1.8, "value": "CRITICAL" }, { "author": "secure@microsoft.com", "id": "CVE-2021-26701", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202102-685", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2021-26701", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-26701" }, { "db": "JVNDB", "id": "JVNDB-2021-004040" }, { "db": "NVD", "id": "CVE-2021-26701" }, { "db": "NVD", "id": "CVE-2021-26701" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202102-685" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": ".NET Core Remote Code Execution Vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update\nAdvisory ID: RHSA-2021:0789-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0789\nIssue date: 2021-03-09\nCVE Names: CVE-2021-26701\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. The updated versions are .NET Core SDK 3.1.113 and .NET Core\nRuntime 3.1.13. \n\nSecurity Fix(es):\n\n* dotnet: System.Text.Encodings.Web Remote Code Execution (CVE-2021-26701)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.113-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.113-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.113-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.113-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.113-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.113-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.113-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-26701\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYEfcQtzjgjWX9erEAQjYKQ/9GAgJR6yoeb0rRTrmE8PNW3uAsIBuK1EK\nuITzaizodY25oMJf0wW9qQGejZDZTRH5QdmRJdNOftA5fNDT0lx72SYE60rw89Ws\nno+T4n6s2KlnS5GJ/oQKdpZvtF2l2lWyh8oKjKqGO2Vf2lOTFB0+tqdIYpLddlf2\nwQAO/RIdBjRE6buqlNA/3iaQRgubL0FMxLrrCMUiVSFcsl9Wh1stIwQCDGQVJzyW\n73fA+qastsAy0uTK9F7r9Hp9/fzdWYy4epR2maImkozVQyGIttfOn96wMAEGYQcM\nB791utMTJQRMoXz1TUpkQ7T31NQH14nW5w1tTjVOwipXBsFqe5IspfUb6iMNihoI\nUXm/RtLh7z28aamZ7tPkcDW1+WktoD6mL1mToiNPZBLjC6QfSKZCPIS08J3Gyf71\nM2BPqwvx8o1YWYJ6oRtEKvOs6QBmYqwsvDEBtMOuf1CqfvqJNsBckPxPibatc49T\nq3UGj+2OD7rBFuvv/47O/401Sj4yrpddBsWpNg2KDcRqiSwjafTTzCqiS4w38eR/\n/0KvKk095cnBbDQ24bezTZrPk4bMUA6gQaObA51pw/VvBnZqxMTxcPgB+LqUzYtK\no6/i+D0nxWAlCi31iCvr2pY1jFXHGZzn3v8qCk1Kn4Ii37ifJ55IAYbnI1kIuyQu\ncDYTfg/xJLITUF\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2021-26701" }, { "db": "JVNDB", "id": "JVNDB-2021-004040" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-26701" }, { "db": "PACKETSTORM", "id": "161737" }, { "db": "PACKETSTORM", "id": "161740" }, { "db": "PACKETSTORM", "id": "161736" }, { "db": "PACKETSTORM", "id": "161732" }, { "db": "PACKETSTORM", "id": "161733" }, { "db": "PACKETSTORM", "id": "161739" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-26701", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2021-004040", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "161732", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0835", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2737", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021081303", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202102-685", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-26701", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161737", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161740", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161736", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161733", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161739", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-26701" }, { "db": "JVNDB", "id": "JVNDB-2021-004040" }, { "db": "PACKETSTORM", "id": "161737" }, { "db": "PACKETSTORM", "id": "161740" }, { "db": "PACKETSTORM", "id": "161736" }, { "db": "PACKETSTORM", "id": "161732" }, { "db": "PACKETSTORM", "id": "161733" }, { "db": "PACKETSTORM", "id": "161739" }, { "db": "NVD", "id": "CVE-2021-26701" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202102-685" } ] }, "id": "VAR-202102-1446", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2024-01-03T13:06:30.040000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": ".NET\u00a0Core\u00a0Remote\u00a0Code\u00a0Execution\u00a0Vulnerability Security Update Guide", "trust": 0.8, "url": "https://msrc.microsoft.com/update-guide/en-us/vulnerability/cve-2021-26701" }, { "title": "Microsoft .NET Core Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=143005" }, { "title": "Red Hat: CVE-2021-26701", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-26701" }, { "title": "Arch Linux Advisories: [ASA-202103-23] dotnet-sdk-3.1: arbitrary code execution", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202103-23" }, { "title": "Arch Linux Advisories: [ASA-202103-20] dotnet-runtime: arbitrary code execution", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202103-20" }, { "title": "Arch Linux Advisories: [ASA-202103-21] dotnet-sdk: arbitrary code execution", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202103-21" }, { "title": "Arch Linux Advisories: [ASA-202103-22] dotnet-runtime-3.1: arbitrary code execution", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202103-22" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-26701 log" }, { "title": null, "trust": 0.1, "url": "https://www.theregister.co.uk/2021/02/09/microsoft_patch_tuesday/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-26701" }, { "db": "JVNDB", "id": "JVNDB-2021-004040" }, { "db": "CNNVD", "id": "CNNVD-202102-685" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-004040" }, { "db": "NVD", "id": "CVE-2021-26701" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26701" }, { "trust": 1.7, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-26701" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/s2azoukmcht2wbhr7mydtyxwobhzw5p5/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tw3zsjttmzafkgw7njwtvvfzuyyu2sjz/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ubossx7u6bshv5ri74fcow4itj5rrjr5/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wa5wqjvhul5c4xmjtly3c67r4wp35ef4/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xpukfhigp5ynjrrfwkdj2xrs4wtfjnnk/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ylfatxasxw4ov2zbsrp4g55hjh73qpbp/" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20210210-ms.html" }, { "trust": 0.8, "url": "https://www.jpcert.or.jp/at/2021/at210008.html" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/s2azoukmcht2wbhr7mydtyxwobhzw5p5/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tw3zsjttmzafkgw7njwtvvfzuyyu2sjz/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ubossx7u6bshv5ri74fcow4itj5rrjr5/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wa5wqjvhul5c4xmjtly3c67r4wp35ef4/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xpukfhigp5ynjrrfwkdj2xrs4wtfjnnk/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ylfatxasxw4ov2zbsrp4g55hjh73qpbp/" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2021-26701" }, { "trust": 0.6, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.6, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021081303" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/161732/red-hat-security-advisory-2021-0790-01.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-net-core-vulnerabilities-of-february-2021-34547" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0835" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2737" }, { "trust": 0.6, "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-26701" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196358" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0787" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0794" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0789" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0790" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0788" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0793" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-26701" }, { "db": "JVNDB", "id": "JVNDB-2021-004040" }, { "db": "PACKETSTORM", "id": "161737" }, { "db": "PACKETSTORM", "id": "161740" }, { "db": "PACKETSTORM", "id": "161736" }, { "db": "PACKETSTORM", "id": "161732" }, { "db": "PACKETSTORM", "id": "161733" }, { "db": "PACKETSTORM", "id": "161739" }, { "db": "NVD", "id": "CVE-2021-26701" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202102-685" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-26701" }, { "db": "JVNDB", "id": "JVNDB-2021-004040" }, { "db": "PACKETSTORM", "id": "161737" }, { "db": "PACKETSTORM", "id": "161740" }, { "db": "PACKETSTORM", "id": "161736" }, { "db": "PACKETSTORM", "id": "161732" }, { "db": "PACKETSTORM", "id": "161733" }, { "db": "PACKETSTORM", "id": "161739" }, { "db": "NVD", "id": "CVE-2021-26701" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202102-685" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-02-25T00:00:00", "db": "VULMON", "id": "CVE-2021-26701" }, { "date": "2021-11-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-004040" }, { "date": "2021-03-10T15:41:10", "db": "PACKETSTORM", "id": "161737" }, { "date": "2021-03-10T15:44:12", "db": "PACKETSTORM", "id": "161740" }, { "date": "2021-03-10T15:41:02", "db": "PACKETSTORM", "id": "161736" }, { "date": "2021-03-10T15:35:42", "db": "PACKETSTORM", "id": "161732" }, { "date": "2021-03-10T15:35:49", "db": "PACKETSTORM", "id": "161733" }, { "date": "2021-03-10T15:43:20", "db": "PACKETSTORM", "id": "161739" }, { "date": "2021-02-25T23:15:16.913000", "db": "NVD", "id": "CVE-2021-26701" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-685" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-03-31T00:00:00", "db": "VULMON", "id": "CVE-2021-26701" }, { "date": "2021-11-12T05:18:00", "db": "JVNDB", "id": "JVNDB-2021-004040" }, { "date": "2023-12-29T17:16:00.430000", "db": "NVD", "id": "CVE-2021-26701" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-08-17T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-685" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-685" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0Microsoft\u00a0 Remote Code Execution Vulnerability in Product", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-004040" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202102-685" } ], "trust": 1.2 } }
var-201905-1185
Vulnerability from variot
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980. This vulnerability CVE-2019-0820 and CVE-2019-0980 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Both Microsoft .NET Core and Microsoft ASP.NET Core are products of Microsoft Corporation of the United States. .NET Core is a free open source development platform. The platform has features such as multi-language support and cross-platform. Microsoft ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability originates from improper design or implementation during code development of a network system or product. The following products and versions are affected: Microsoft .NET Framework version 4.7.2, version 4.7.1, version 4.6.2, version 4.6.1, version 3.5.1, version 4.8, version 4.7, version 4.6, version 4.5.2, Version 3.5, 3.0 SP2, 2.0 SP2; .NET Core 2.2, 2.1, 1.1, 1.0. An attacker can exploit this issue to cause a denial of service condition.
Bug Fix(es):
-
dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2019:1236-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1236 Issue date: 2019-05-15 CVE Names: CVE-2019-0820 CVE-2019-0980 CVE-2019-0981 ==================================================================== 1. Summary:
Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now available for .NET Core on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
Security Fix(es):
-
dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)
-
dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0980)
-
dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0981)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)
-
Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)
-
Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)
-
Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1654863 - Re-enable bash completion in rh-dotnet22-dotnet 1678932 - Error rebuilding rh-dotnet22-curl in CentOS 1703479 - Broken apphost caused by unset DOTNET_ROOT 1703508 - Update to .NET Core 1.1.13 1704454 - Update to .NET Core 1.0.16 1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107 1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507 1705259 - Make bash completion compatible with rh-dotnet22 packages 1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service 1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service 1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm
x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm
x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-0820 https://access.redhat.com/security/cve/CVE-2019-0980 https://access.redhat.com/security/cve/CVE-2019-0981 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB hMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3 3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH kCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ pTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa UcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN NqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg z+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB n7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP DPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD /I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm KCZo5tPFVoU=dJ6F -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201905-1185", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": ".net framework", "scope": "eq", "trust": 3.3, "vendor": "microsoft", "version": "3.5" }, { "model": ".net framework", "scope": "eq", "trust": 3.3, "vendor": "microsoft", "version": "4.5.2" }, { "model": ".net framework", "scope": "eq", "trust": 3.3, "vendor": "microsoft", "version": "4.6.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "3.5.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "4.6" }, { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "4.6.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "4.7" }, { "model": ".net core", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "1.0" }, { "model": ".net core", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "1.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "4.7.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "4.7.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "4.8" }, { "model": ".net core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "2.2" }, { "model": ".net core", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "2.1" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "2.0" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "3.0" }, { "model": ".net framework sp2", "scope": "eq", "trust": 0.9, "vendor": "microsoft", "version": "3.0" }, { "model": ".net framework sp2", "scope": "eq", "trust": 0.9, "vendor": "microsoft", "version": "2.0" }, { "model": ".net framework", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "2.0 sp2" }, { "model": ".net framework", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "3.0 sp2" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "6.1" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "6.2" }, { "model": "asp.net core", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "2.1" }, { "model": "asp.net core", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "2.2" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-20377" }, { "db": "BID", "id": "108207" }, { "db": "JVNDB", "id": "JVNDB-2019-003825" }, { "db": "NVD", "id": "CVE-2019-0981" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-0981" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Nemanja Mijailovic,Red Hat", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-395" } ], "trust": 0.6 }, "cve": "CVE-2019-0981", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-0981", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2020-20377", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-0981", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-0981", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2020-20377", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201905-395", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2019-0981", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-20377" }, { "db": "VULMON", "id": "CVE-2019-0981" }, { "db": "JVNDB", "id": "JVNDB-2019-003825" }, { "db": "NVD", "id": "CVE-2019-0981" }, { "db": "CNNVD", "id": "CNNVD-201905-395" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka \u0027.Net Framework and .Net Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980. This vulnerability CVE-2019-0820 and CVE-2019-0980 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Both Microsoft .NET Core and Microsoft ASP.NET Core are products of Microsoft Corporation of the United States. .NET Core is a free open source development platform. The platform has features such as multi-language support and cross-platform. Microsoft ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability originates from improper design or implementation during code development of a network system or product. The following products and versions are affected: Microsoft .NET Framework version 4.7.2, version 4.7.1, version 4.6.2, version 4.6.1, version 3.5.1, version 4.8, version 4.7, version 4.6, version 4.5.2, Version 3.5, 3.0 SP2, 2.0 SP2; .NET Core 2.2, 2.1, 1.1, 1.0. \nAn attacker can exploit this issue to cause a denial of service condition. \n\nBug Fix(es):\n\n* dotnet: new SocketException((int)SocketError.InvalidArgument).Message is\nempty (BZ#1712471)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update\nAdvisory ID: RHSA-2019:1236-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:1236\nIssue date: 2019-05-15\nCVE Names: CVE-2019-0820 CVE-2019-0980 CVE-2019-0981\n====================================================================\n1. Summary:\n\nUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,\nrh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now\navailable for .NET Core on Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)\n\n* dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of\nService (CVE-2019-0980)\n\n* dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of\nService (CVE-2019-0981)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)\n\n* Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)\n\n* Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)\n\n* Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1654863 - Re-enable bash completion in rh-dotnet22-dotnet\n1678932 - Error rebuilding rh-dotnet22-curl in CentOS\n1703479 - Broken apphost caused by unset DOTNET_ROOT\n1703508 - Update to .NET Core 1.1.13\n1704454 - Update to .NET Core 1.0.16\n1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107\n1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507\n1705259 - Make bash completion compatible with rh-dotnet22 packages\n1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service\n1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service\n1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0820\nhttps://access.redhat.com/security/cve/CVE-2019-0980\nhttps://access.redhat.com/security/cve/CVE-2019-0981\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB\nhMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3\n3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH\nkCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ\npTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa\nUcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN\nNqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg\nz+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB\nn7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP\nDPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD\n/I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm\nKCZo5tPFVoU=dJ6F\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2019-0981" }, { "db": "JVNDB", "id": "JVNDB-2019-003825" }, { "db": "CNVD", "id": "CNVD-2020-20377" }, { "db": "CNNVD", "id": "CNNVD-201905-395" }, { "db": "BID", "id": "108207" }, { "db": "VULMON", "id": "CVE-2019-0981" }, { "db": "PACKETSTORM", "id": "152999" }, { "db": "PACKETSTORM", "id": "152953" } ], "trust": 3.24 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-0981", "trust": 3.6 }, { "db": "BID", "id": "108207", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2019-003825", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "152999", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "152953", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2020-20377", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.1839", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.1740", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201905-395", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2019-0981", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-20377" }, { "db": "VULMON", "id": "CVE-2019-0981" }, { "db": "BID", "id": "108207" }, { "db": "JVNDB", "id": "JVNDB-2019-003825" }, { "db": "PACKETSTORM", "id": "152999" }, { "db": "PACKETSTORM", "id": "152953" }, { "db": "NVD", "id": "CVE-2019-0981" }, { "db": "CNNVD", "id": "CNNVD-201905-395" } ] }, "id": "VAR-201905-1185", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-20377" } ], "trust": 0.81178882 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-20377" } ] }, "last_update_date": "2023-12-18T13:02:13.278000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2019-0981 | .Net Framework and .Net Core Denial of Service Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0981" }, { "title": "CVE-2019-0981 | .NET Framework \u3068 .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2019-0981" }, { "title": "Patch for Microsoft .NET Core and Microsoft ASP.NET Core Denial of Service Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/211629" }, { "title": "Microsoft .NET Core and Microsoft ASP.NET Core Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92545" }, { "title": "Red Hat: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191236 - security advisory" }, { "title": "Red Hat: Important: dotnet security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191259 - security advisory" }, { "title": "sharpfuzz", "trust": 0.1, "url": "https://github.com/metalnem/sharpfuzz " }, { "title": "Symantec Threat Intelligence Blog", "trust": 0.1, "url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-may-2019" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-20377" }, { "db": "VULMON", "id": "CVE-2019-0981" }, { "db": "JVNDB", "id": "JVNDB-2019-003825" }, { "db": "CNNVD", "id": "CNNVD-201905-395" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-19", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003825" }, { "db": "NVD", "id": "CVE-2019-0981" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0981" }, { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:1259" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0981" }, { "trust": 0.9, "url": "http://www.microsoft.com" }, { "trust": 0.8, "url": "https://access.redhat.com/errata/rhsa-2019:1236" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0981" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20190515-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2019/at190023.html" }, { "trust": 0.7, "url": "https://www.securityfocus.com/bid/108207" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/152999/red-hat-security-advisory-2019-1259-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/81042" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/152953/red-hat-security-advisory-2019-1236-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.1839/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-may-2019-29296" }, { "trust": 0.2, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0820" }, { "trust": 0.2, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0980" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0980" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0820" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0981" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0980" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0820" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/19.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/metalnem/sharpfuzz" }, { "trust": 0.1, "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/108207" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0757" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0757" }, { "trust": 0.1, "url": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md" }, { "trust": 0.1, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0757" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-20377" }, { "db": "VULMON", "id": "CVE-2019-0981" }, { "db": "BID", "id": "108207" }, { "db": "JVNDB", "id": "JVNDB-2019-003825" }, { "db": "PACKETSTORM", "id": "152999" }, { "db": "PACKETSTORM", "id": "152953" }, { "db": "NVD", "id": "CVE-2019-0981" }, { "db": "CNNVD", "id": "CNNVD-201905-395" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-20377" }, { "db": "VULMON", "id": "CVE-2019-0981" }, { "db": "BID", "id": "108207" }, { "db": "JVNDB", "id": "JVNDB-2019-003825" }, { "db": "PACKETSTORM", "id": "152999" }, { "db": "PACKETSTORM", "id": "152953" }, { "db": "NVD", "id": "CVE-2019-0981" }, { "db": "CNNVD", "id": "CNNVD-201905-395" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-31T00:00:00", "db": "CNVD", "id": "CNVD-2020-20377" }, { "date": "2019-05-16T00:00:00", "db": "VULMON", "id": "CVE-2019-0981" }, { "date": "2019-05-14T00:00:00", "db": "BID", "id": "108207" }, { "date": "2019-05-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003825" }, { "date": "2019-05-22T14:39:27", "db": "PACKETSTORM", "id": "152999" }, { "date": "2019-05-16T23:05:23", "db": "PACKETSTORM", "id": "152953" }, { "date": "2019-05-16T19:29:05.020000", "db": "NVD", "id": "CVE-2019-0981" }, { "date": "2019-05-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-395" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-31T00:00:00", "db": "CNVD", "id": "CNVD-2020-20377" }, { "date": "2019-05-22T00:00:00", "db": "VULMON", "id": "CVE-2019-0981" }, { "date": "2019-05-14T00:00:00", "db": "BID", "id": "108207" }, { "date": "2019-05-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003825" }, { "date": "2019-05-22T13:29:01.083000", "db": "NVD", "id": "CVE-2019-0981" }, { "date": "2019-05-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-395" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-395" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Microsoft .NET Framework and .NET Core Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003825" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-395" } ], "trust": 0.6 } }
var-201903-1507
Vulnerability from variot
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0627, CVE-2019-0632. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201903-1507", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "powershell core", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "6.1" }, { "model": "powershell core", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "6.2" }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1809" }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1709" }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1803" }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1607" }, { "model": "windows server 2019", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1803" }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1703" }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1709" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1607 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1607 for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1703 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1703 for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 for 64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 for arm64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 for arm64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 for x64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1809 for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1809 for arm64-based systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1809 for x64-based systems" }, { "model": "windows server", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1709 (server core installation)" }, { "model": "windows server", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "version 1803 (server core installation)" }, { "model": "windows server 2016", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "none" }, { "model": "windows server 2016", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(server core installation)" }, { "model": "windows server 2019", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "none" }, { "model": "windows server 2019", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(server core installation)" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20190" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20160" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "18030" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "17090" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018090" }, { "model": "windows version for arm64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018090" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018090" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018030" }, { "model": "windows version for arm64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018030" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018030" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "windows version for arm64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" } ], "sources": [ { "db": "BID", "id": "106875" }, { "db": "JVNDB", "id": "JVNDB-2019-002157" }, { "db": "NVD", "id": "CVE-2019-0631" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-0631" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Matt Graeber from SpecterOps.", "sources": [ { "db": "BID", "id": "106875" }, { "db": "CNNVD", "id": "CNNVD-201902-517" } ], "trust": 0.9 }, "cve": "CVE-2019-0631", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2019-0631", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-0631", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-0631", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201902-517", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002157" }, { "db": "NVD", "id": "CVE-2019-0631" }, { "db": "CNNVD", "id": "CNNVD-201902-517" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka \u0027Windows Security Feature Bypass Vulnerability\u0027. This CVE ID is unique from CVE-2019-0627, CVE-2019-0632. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks", "sources": [ { "db": "NVD", "id": "CVE-2019-0631" }, { "db": "JVNDB", "id": "JVNDB-2019-002157" }, { "db": "BID", "id": "106875" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-0631", "trust": 2.7 }, { "db": "BID", "id": "106875", "trust": 1.9 }, { "db": "JVNDB", "id": "JVNDB-2019-002157", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201902-517", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "106875" }, { "db": "JVNDB", "id": "JVNDB-2019-002157" }, { "db": "NVD", "id": "CVE-2019-0631" }, { "db": "CNNVD", "id": "CNNVD-201902-517" } ] }, "id": "VAR-201903-1507", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2023-12-18T12:50:23.925000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2019-0631 | Windows Security Feature Bypass Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0631" }, { "title": "CVE-2019-0631 | Windows \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u306e\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2019-0631" }, { "title": "Microsoft Windows Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89328" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002157" }, { "db": "CNNVD", "id": "CNNVD-201902-517" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-264", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002157" }, { "db": "NVD", "id": "CVE-2019-0631" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0631" }, { "trust": 2.2, "url": "http://www.securityfocus.com/bid/106875" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0631" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-cve-2019-0631" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20190213-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2019/at190006.html" }, { "trust": 0.3, "url": "http://www.microsoft.com" } ], "sources": [ { "db": "BID", "id": "106875" }, { "db": "JVNDB", "id": "JVNDB-2019-002157" }, { "db": "NVD", "id": "CVE-2019-0631" }, { "db": "CNNVD", "id": "CNNVD-201902-517" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "106875" }, { "db": "JVNDB", "id": "JVNDB-2019-002157" }, { "db": "NVD", "id": "CVE-2019-0631" }, { "db": "CNNVD", "id": "CNNVD-201902-517" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-02-12T00:00:00", "db": "BID", "id": "106875" }, { "date": "2019-04-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-002157" }, { "date": "2019-03-05T23:29:01.333000", "db": "NVD", "id": "CVE-2019-0631" }, { "date": "2019-02-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201902-517" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-02-12T00:00:00", "db": "BID", "id": "106875" }, { "date": "2019-04-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-002157" }, { "date": "2020-08-24T17:37:01.140000", "db": "NVD", "id": "CVE-2019-0631" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201902-517" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "106875" }, { "db": "CNNVD", "id": "CNNVD-201902-517" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Microsoft Windows Vulnerabilities that bypass security functions in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002157" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control", "sources": [ { "db": "CNNVD", "id": "CNNVD-201902-517" } ], "trust": 0.6 } }
var-202102-0778
Vulnerability from variot
.NET Core and Visual Studio Denial of Service Vulnerability. plural Microsoft The product interferes with service operation (DoS) A vulnerability exists.Denial of service (DoS) It may be put into a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:0473-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0473 Issue date: 2021-02-10 CVE Names: CVE-2021-1721 ==================================================================== 1. Summary:
An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.103 and .NET Runtime 5.0.3.
Security Fix(es):
- dotnet: certificate chain building recursion Denial of Service (CVE-2021-1721)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1926918 - CVE-2021-1721 dotnet: certificate chain building recursion Denial of Service
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-1721 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYCQRkNzjgjWX9erEAQgNpQ//YOPnsrlO2lww9KzO1WQGieOjqQ1xLZxZ YEgR3XbSuOiS0y7an842VNVht52BEh+maxUN3cdZfHqkBmb3+Ax4Tdnh/oH2CuYT lNkzcQcU/XxNWgpYE6Whu7o5+b7hS8e4khpoH3snamtuL62G2ncH07/cQOeWLi4o EixaJXGxfkq7b3UoDqq8iTj/3NQNmOaD72O2Rp2/yYjLWKtBRKq4sK756wpC+iEj qs+/z6NRTpw7swp8zpB2SsKpBhaCleqeVez7TAaDQ+yvT5Hijosn87CdDAMgVHxa rzqPzKaEMO/DYvirp70sm0EWaaEkX6FbR2LJRzKH6AxBWbyboIBnGrE8W/EfrI/f 6qeQZ/+GKMqabT7z7x79RzExgg6GPwdvnI2koD3hgT28CEZpnZZ6fmYMlvD5pfNT yPL8jzGRs725jpk2EsjyrIpNRPXqXgiFhmEA/JD2dr6surGj0UCmvHqEzKgGdHDR K8jG/u93IZhP+ijnxrw0gOnrCHq5chwxxpPaD1LvSgCmULjzks21zLbcB4qOldLH ey6xIPrdQcyRtJBecfb9IAN9ygCZXfz0HdRB+0ChK31D+Bhp2ORbJXxPPWYNVbp9 97pAQ2MYpEYDKUUn5lQ43Qj1WlF2D9+dXquuWYjD+1FZYmSXFfUnIx6HY7asElhc +Hn3J/UvwRI\xefGS -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0778", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": ".net core", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "3.1.11" }, { "model": "visual studio 2017", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "15.0" }, { "model": ".net", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "5.0" }, { "model": "powershell core", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "7.1" }, { "model": ".net core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "2.1" }, { "model": "visual studio 2019", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "16.0" }, { "model": "visual studio 2017", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "15.9" }, { "model": ".net core", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "2.1.24" }, { "model": "visual studio 2019", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "16.8" }, { "model": ".net", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "5.0.2" }, { "model": "powershell core", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "7.0" }, { "model": ".net core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "3.1" }, { "model": "microsoft visual studio", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "7.0" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "7.1" }, { "model": ".net core", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": ".net", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-004038" }, { "db": "NVD", "id": "CVE-2021-1721" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.0.2", "versionStartIncluding": "5.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.1.24", "versionStartIncluding": "2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.1.11", "versionStartIncluding": "3.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.9", "versionStartIncluding": "15.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.8", "versionStartIncluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-1721" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "161371" }, { "db": "PACKETSTORM", "id": "161376" }, { "db": "PACKETSTORM", "id": "161372" }, { "db": "PACKETSTORM", "id": "161370" }, { "db": "PACKETSTORM", "id": "161373" }, { "db": "PACKETSTORM", "id": "161375" }, { "db": "CNNVD", "id": "CNNVD-202102-667" } ], "trust": 1.2 }, "cve": "CVE-2021-1721", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-1721", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-1721", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-1721", "trust": 1.8, "value": "MEDIUM" }, { "author": "secure@microsoft.com", "id": "CVE-2021-1721", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202102-667", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-1721", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-1721" }, { "db": "JVNDB", "id": "JVNDB-2021-004038" }, { "db": "NVD", "id": "CVE-2021-1721" }, { "db": "NVD", "id": "CVE-2021-1721" }, { "db": "CNNVD", "id": "CNNVD-202102-667" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": ".NET Core and Visual Studio Denial of Service Vulnerability. plural Microsoft The product interferes with service operation (DoS) A vulnerability exists.Denial of service (DoS) It may be put into a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update\nAdvisory ID: RHSA-2021:0473-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0473\nIssue date: 2021-02-10\nCVE Names: CVE-2021-1721\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet50-dotnet is now available for .NET on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now\navailable. The updated versions are .NET SDK 5.0.103 and .NET Runtime\n5.0.3. \n\nSecurity Fix(es):\n\n* dotnet: certificate chain building recursion Denial of Service\n(CVE-2021-1721)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1926918 - CVE-2021-1721 dotnet: certificate chain building recursion Denial of Service\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-1721\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYCQRkNzjgjWX9erEAQgNpQ//YOPnsrlO2lww9KzO1WQGieOjqQ1xLZxZ\nYEgR3XbSuOiS0y7an842VNVht52BEh+maxUN3cdZfHqkBmb3+Ax4Tdnh/oH2CuYT\nlNkzcQcU/XxNWgpYE6Whu7o5+b7hS8e4khpoH3snamtuL62G2ncH07/cQOeWLi4o\nEixaJXGxfkq7b3UoDqq8iTj/3NQNmOaD72O2Rp2/yYjLWKtBRKq4sK756wpC+iEj\nqs+/z6NRTpw7swp8zpB2SsKpBhaCleqeVez7TAaDQ+yvT5Hijosn87CdDAMgVHxa\nrzqPzKaEMO/DYvirp70sm0EWaaEkX6FbR2LJRzKH6AxBWbyboIBnGrE8W/EfrI/f\n6qeQZ/+GKMqabT7z7x79RzExgg6GPwdvnI2koD3hgT28CEZpnZZ6fmYMlvD5pfNT\nyPL8jzGRs725jpk2EsjyrIpNRPXqXgiFhmEA/JD2dr6surGj0UCmvHqEzKgGdHDR\nK8jG/u93IZhP+ijnxrw0gOnrCHq5chwxxpPaD1LvSgCmULjzks21zLbcB4qOldLH\ney6xIPrdQcyRtJBecfb9IAN9ygCZXfz0HdRB+0ChK31D+Bhp2ORbJXxPPWYNVbp9\n97pAQ2MYpEYDKUUn5lQ43Qj1WlF2D9+dXquuWYjD+1FZYmSXFfUnIx6HY7asElhc\n+Hn3J/UvwRI\\xefGS\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2021-1721" }, { "db": "JVNDB", "id": "JVNDB-2021-004038" }, { "db": "VULMON", "id": "CVE-2021-1721" }, { "db": "PACKETSTORM", "id": "161371" }, { "db": "PACKETSTORM", "id": "161376" }, { "db": "PACKETSTORM", "id": "161372" }, { "db": "PACKETSTORM", "id": "161370" }, { "db": "PACKETSTORM", "id": "161373" }, { "db": "PACKETSTORM", "id": "161375" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-1721", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2021-004038", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "161375", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.0496", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202102-667", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-1721", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161371", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161376", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161372", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161370", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161373", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-1721" }, { "db": "JVNDB", "id": "JVNDB-2021-004038" }, { "db": "PACKETSTORM", "id": "161371" }, { "db": "PACKETSTORM", "id": "161376" }, { "db": "PACKETSTORM", "id": "161372" }, { "db": "PACKETSTORM", "id": "161370" }, { "db": "PACKETSTORM", "id": "161373" }, { "db": "PACKETSTORM", "id": "161375" }, { "db": "NVD", "id": "CVE-2021-1721" }, { "db": "CNNVD", "id": "CNNVD-202102-667" } ] }, "id": "VAR-202102-0778", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2024-01-03T13:47:32.062000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": ".NET\u00a0Core\u00a0and\u00a0Visual\u00a0Studio\u00a0Denial\u00a0of\u00a0Service\u00a0Vulnerability Security Update Guide", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-1721" }, { "title": "Microsoft .NET Core and Microsoft Visual Studio Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=141033" }, { "title": "Red Hat: Important: dotnet3.1 security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210471 - security advisory" }, { "title": "Red Hat: Important: dotnet5.0 security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210476 - security advisory" }, { "title": "Red Hat: Important: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210472 - security advisory" }, { "title": "Red Hat: Important: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210470 - security advisory" }, { "title": "Red Hat: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210473 - security advisory" }, { "title": "Red Hat: Important: dotnet security and bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210474 - security advisory" }, { "title": "Arch Linux Advisories: [ASA-202103-17] dotnet-sdk: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202103-17" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-1721 log" }, { "title": "Arch Linux Advisories: [ASA-202103-16] dotnet-runtime: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202103-16" }, { "title": null, "trust": 0.1, "url": "https://www.theregister.co.uk/2021/02/09/microsoft_patch_tuesday/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-1721" }, { "db": "JVNDB", "id": "JVNDB-2021-004038" }, { "db": "CNNVD", "id": "CNNVD-202102-667" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-004038" }, { "db": "NVD", "id": "CVE-2021-1721" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1721" }, { "trust": 1.7, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-1721" }, { "trust": 1.2, "url": "https://access.redhat.com/security/cve/cve-2021-1721" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20210210-ms.html" }, { "trust": 0.8, "url": "https://www.jpcert.or.jp/at/2021/at210008.html" }, { "trust": 0.6, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.6, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/161375/red-hat-security-advisory-2021-0474-01.html" }, { "trust": 0.6, "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-1721" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0496" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-net-core-vulnerabilities-of-february-2021-34547" }, { "trust": 0.2, "url": "https://access.redhat.com/errata/rhsa-2021:0471" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195571" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0473" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0476" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0472" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0470" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0474" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-1721" }, { "db": "JVNDB", "id": "JVNDB-2021-004038" }, { "db": "PACKETSTORM", "id": "161371" }, { "db": "PACKETSTORM", "id": "161376" }, { "db": "PACKETSTORM", "id": "161372" }, { "db": "PACKETSTORM", "id": "161370" }, { "db": "PACKETSTORM", "id": "161373" }, { "db": "PACKETSTORM", "id": "161375" }, { "db": "NVD", "id": "CVE-2021-1721" }, { "db": "CNNVD", "id": "CNNVD-202102-667" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-1721" }, { "db": "JVNDB", "id": "JVNDB-2021-004038" }, { "db": "PACKETSTORM", "id": "161371" }, { "db": "PACKETSTORM", "id": "161376" }, { "db": "PACKETSTORM", "id": "161372" }, { "db": "PACKETSTORM", "id": "161370" }, { "db": "PACKETSTORM", "id": "161373" }, { "db": "PACKETSTORM", "id": "161375" }, { "db": "NVD", "id": "CVE-2021-1721" }, { "db": "CNNVD", "id": "CNNVD-202102-667" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-02-25T00:00:00", "db": "VULMON", "id": "CVE-2021-1721" }, { "date": "2021-11-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-004038" }, { "date": "2021-02-11T15:15:26", "db": "PACKETSTORM", "id": "161371" }, { "date": "2021-02-11T15:18:57", "db": "PACKETSTORM", "id": "161376" }, { "date": "2021-02-11T15:15:37", "db": "PACKETSTORM", "id": "161372" }, { "date": "2021-02-11T15:15:09", "db": "PACKETSTORM", "id": "161370" }, { "date": "2021-02-11T15:15:47", "db": "PACKETSTORM", "id": "161373" }, { "date": "2021-02-11T15:18:50", "db": "PACKETSTORM", "id": "161375" }, { "date": "2021-02-25T23:15:13.210000", "db": "NVD", "id": "CVE-2021-1721" }, { "date": "2021-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-667" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-02-26T00:00:00", "db": "VULMON", "id": "CVE-2021-1721" }, { "date": "2021-11-12T05:18:00", "db": "JVNDB", "id": "JVNDB-2021-004038" }, { "date": "2023-12-29T17:15:53.590000", "db": "NVD", "id": "CVE-2021-1721" }, { "date": "2021-08-17T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-667" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-667" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0Microsoft\u00a0 Service operation interruption in the product \u00a0(DoS)\u00a0 Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-004038" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-667" } ], "trust": 0.6 } }
var-202108-1006
Vulnerability from variot
.NET Core and Visual Studio Information Disclosure Vulnerability. plural Microsoft The product contains a vulnerability that exposes information.Information may be disclosed. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Low: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:3144-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3144 Issue date: 2021-08-11 CVE Names: CVE-2021-34485 =====================================================================
- Summary:
An update for .NET Core 2.1 is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The updated versions are .NET Core SDK 2.1.525 and .NET Core Runtime 2.1.29.
Security Fix(es):
- dotnet: Dump file created world-readable (CVE-2021-34485)
Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1990286 - CVE-2021-34485 dotnet: Dump file created world-readable
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-28.el7_9.src.rpm rh-dotnet21-dotnet-2.1.525-1.el7_9.src.rpm
x86_64: rh-dotnet21-2.1-28.el7_9.x86_64.rpm rh-dotnet21-dotnet-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-host-2.1.29-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.29-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-runtime-2.1-28.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-28.el7_9.src.rpm rh-dotnet21-dotnet-2.1.525-1.el7_9.src.rpm
x86_64: rh-dotnet21-2.1-28.el7_9.x86_64.rpm rh-dotnet21-dotnet-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-host-2.1.29-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.29-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-runtime-2.1-28.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-28.el7_9.src.rpm rh-dotnet21-dotnet-2.1.525-1.el7_9.src.rpm
x86_64: rh-dotnet21-2.1-28.el7_9.x86_64.rpm rh-dotnet21-dotnet-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-host-2.1.29-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.29-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.525-1.el7_9.x86_64.rpm rh-dotnet21-runtime-2.1-28.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-34485 https://access.redhat.com/security/updates/classification/#low
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYRQa6tzjgjWX9erEAQhpUw/+J+ct/h97dtZeh3ULDlxiCcNatnhVIYQJ RkxfZFN/DzwIFzGXTq3w0EX8W0NiPKGZPdOiIh+kaxo3VtQbtZ0shudEClKoMm22 YhcLZVMsH9e3nHgOK9SsHiy8wB1wC2Sme7S5rAHq7YK4oZKoUtoiPJ5gPlmi60xr Mph3mOtarGbG6TJ/HP+ZeYllSnswveqCnP/XFf2JZE0hVZCB6Euqsx0xnUQ8oRIf jHzEf72lZjgHDxQ5n7epKcrkgKFyezdqnSJP3pGXln8BTAdJAxIKIt7YDbTyJiyN BI8cXEbU4QhuY0Fk7/UnR9ZUzIfftUzFx6jrSz89P0bs5wfsgYg02tFpICs7ZOxC c6n9MVgAUjz2vcdN7g2ZnVUav+RLns8enpOHzrgiYXRvkCPFFo9XeOQiROGMIoSC MFhxAW9Z9R6qd60M8JJnyGGkaLIaFpcNviQXC5QyoiqFUUbhLpvg2KnB/qqLPcyS vSh131Odxu7/kNJOz+Cs7ahOBGJJLske8+qHpQeuB8MCRgvCqm+1a2AYV2noBTzi e1qm4Aj+TCLdYqVXSkogf5fKQhWWZqhZ17sSAlJmVxK8/zJWAeg7Gn4vDfTMvrM9 vhl0gTc4pABXI2CqqQ8ulnlFgbz6HO+3goDqqcMDAakQpGu4LiKZMuu+fvKOut61 yQT8DLJkIgU= =rDt/ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202108-1006", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": ".net", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "5.0" }, { "model": ".net core", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "2.1.28" }, { "model": "visual studio 2019", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "16.10" }, { "model": ".net core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "3.1" }, { "model": "visual studio 2017", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "15.0" }, { "model": "visual studio 2019", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "16.0" }, { "model": ".net core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "2.1" }, { "model": "powershell core", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "7.0.7" }, { "model": ".net", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "5.0.8" }, { "model": "powershell core", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "7.1.4" }, { "model": ".net core", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "3.1.17" }, { "model": "powershell core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "7.1" }, { "model": "powershell core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "7.0" }, { "model": "visual studio 2017", "scope": "lte", "trust": 1.0, "vendor": "microsoft", "version": "15.9" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "7.1" }, { "model": ".net", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": "microsoft visual studio", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "7.0" }, { "model": ".net core", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002310" }, { "db": "NVD", "id": "CVE-2021-34485" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.9", "versionStartIncluding": "15.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.10", "versionStartIncluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.0.8", "versionStartIncluding": "5.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.1.28", "versionStartIncluding": "2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.1.17", "versionStartIncluding": "3.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.0.7", "versionStartIncluding": "7.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.1.4", "versionStartIncluding": "7.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-34485" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "163808" }, { "db": "PACKETSTORM", "id": "163807" }, { "db": "PACKETSTORM", "id": "163803" }, { "db": "PACKETSTORM", "id": "163802" }, { "db": "PACKETSTORM", "id": "163801" }, { "db": "PACKETSTORM", "id": "163799" } ], "trust": 0.6 }, "cve": "CVE-2021-34485", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.1, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-34485", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "secure@microsoft.com", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.3, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-34485", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-34485", "trust": 1.8, "value": "MEDIUM" }, { "author": "secure@microsoft.com", "id": "CVE-2021-34485", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202108-848", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-34485", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-34485" }, { "db": "JVNDB", "id": "JVNDB-2021-002310" }, { "db": "NVD", "id": "CVE-2021-34485" }, { "db": "NVD", "id": "CVE-2021-34485" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202108-848" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": ".NET Core and Visual Studio Information Disclosure Vulnerability. plural Microsoft The product contains a vulnerability that exposes information.Information may be disclosed. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update\nAdvisory ID: RHSA-2021:3144-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:3144\nIssue date: 2021-08-11\nCVE Names: CVE-2021-34485 \n=====================================================================\n\n1. Summary:\n\nAn update for .NET Core 2.1 is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. The updated versions are .NET Core SDK 2.1.525 and .NET Core\nRuntime 2.1.29. \n\nSecurity Fix(es):\n\n* dotnet: Dump file created world-readable (CVE-2021-34485)\n\nDefault inclusions for applications built with .NET Core have been updated\nto reference the newest versions and their security fixes. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1990286 - CVE-2021-34485 dotnet: Dump file created world-readable\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-28.el7_9.src.rpm\nrh-dotnet21-dotnet-2.1.525-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-28.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.29-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.29-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-runtime-2.1-28.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-28.el7_9.src.rpm\nrh-dotnet21-dotnet-2.1.525-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-28.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.29-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.29-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-runtime-2.1-28.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-28.el7_9.src.rpm\nrh-dotnet21-dotnet-2.1.525-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-28.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.29-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.29-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.525-1.el7_9.x86_64.rpm\nrh-dotnet21-runtime-2.1-28.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-34485\nhttps://access.redhat.com/security/updates/classification/#low\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYRQa6tzjgjWX9erEAQhpUw/+J+ct/h97dtZeh3ULDlxiCcNatnhVIYQJ\nRkxfZFN/DzwIFzGXTq3w0EX8W0NiPKGZPdOiIh+kaxo3VtQbtZ0shudEClKoMm22\nYhcLZVMsH9e3nHgOK9SsHiy8wB1wC2Sme7S5rAHq7YK4oZKoUtoiPJ5gPlmi60xr\nMph3mOtarGbG6TJ/HP+ZeYllSnswveqCnP/XFf2JZE0hVZCB6Euqsx0xnUQ8oRIf\njHzEf72lZjgHDxQ5n7epKcrkgKFyezdqnSJP3pGXln8BTAdJAxIKIt7YDbTyJiyN\nBI8cXEbU4QhuY0Fk7/UnR9ZUzIfftUzFx6jrSz89P0bs5wfsgYg02tFpICs7ZOxC\nc6n9MVgAUjz2vcdN7g2ZnVUav+RLns8enpOHzrgiYXRvkCPFFo9XeOQiROGMIoSC\nMFhxAW9Z9R6qd60M8JJnyGGkaLIaFpcNviQXC5QyoiqFUUbhLpvg2KnB/qqLPcyS\nvSh131Odxu7/kNJOz+Cs7ahOBGJJLske8+qHpQeuB8MCRgvCqm+1a2AYV2noBTzi\ne1qm4Aj+TCLdYqVXSkogf5fKQhWWZqhZ17sSAlJmVxK8/zJWAeg7Gn4vDfTMvrM9\nvhl0gTc4pABXI2CqqQ8ulnlFgbz6HO+3goDqqcMDAakQpGu4LiKZMuu+fvKOut61\nyQT8DLJkIgU=\n=rDt/\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2021-34485" }, { "db": "JVNDB", "id": "JVNDB-2021-002310" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-34485" }, { "db": "PACKETSTORM", "id": "163808" }, { "db": "PACKETSTORM", "id": "163807" }, { "db": "PACKETSTORM", "id": "163803" }, { "db": "PACKETSTORM", "id": "163802" }, { "db": "PACKETSTORM", "id": "163801" }, { "db": "PACKETSTORM", "id": "163799" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-34485", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2021-002310", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "163799", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2729", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2723", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2753", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021081011", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021081229", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202108-848", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-34485", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "163808", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "163807", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "163803", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "163802", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "163801", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-34485" }, { "db": "JVNDB", "id": "JVNDB-2021-002310" }, { "db": "PACKETSTORM", "id": "163808" }, { "db": "PACKETSTORM", "id": "163807" }, { "db": "PACKETSTORM", "id": "163803" }, { "db": "PACKETSTORM", "id": "163802" }, { "db": "PACKETSTORM", "id": "163801" }, { "db": "PACKETSTORM", "id": "163799" }, { "db": "NVD", "id": "CVE-2021-34485" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202108-848" } ] }, "id": "VAR-202108-1006", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2024-01-03T13:11:17.801000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": ".NET\u00a0Core\u00a0and\u00a0Visual\u00a0Studio\u00a0Information\u00a0Disclosure\u00a0Vulnerability Security Update Guide", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-34485" }, { "title": "Microsoft .NET Core and Microsoft Visual Studio Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=159243" }, { "title": "Red Hat: CVE-2021-34485", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-34485" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-34485 log" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-34485" }, { "db": "JVNDB", "id": "JVNDB-2021-002310" }, { "db": "CNNVD", "id": "CNNVD-202108-848" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002310" }, { "db": "NVD", "id": "CVE-2021-34485" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34485" }, { "trust": 1.7, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-34485" }, { "trust": 1.3, "url": "https://access.redhat.com/security/cve/cve-2021-34485" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20210811-ms.html" }, { "trust": 0.8, "url": "https://www.jpcert.or.jp/at/2021/at210034.html" }, { "trust": 0.6, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.6, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2729" }, { "trust": 0.6, "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-34485" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2753" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021081229" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2723" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-august-2021-36113" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/163799/red-hat-security-advisory-2021-3142-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021081011" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-26423" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-34532" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34532" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26423" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3148" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3147" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3145" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3143" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3144" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3142" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-34485" }, { "db": "JVNDB", "id": "JVNDB-2021-002310" }, { "db": "PACKETSTORM", "id": "163808" }, { "db": "PACKETSTORM", "id": "163807" }, { "db": "PACKETSTORM", "id": "163803" }, { "db": "PACKETSTORM", "id": "163802" }, { "db": "PACKETSTORM", "id": "163801" }, { "db": "PACKETSTORM", "id": "163799" }, { "db": "NVD", "id": "CVE-2021-34485" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202108-848" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-34485" }, { "db": "JVNDB", "id": "JVNDB-2021-002310" }, { "db": "PACKETSTORM", "id": "163808" }, { "db": "PACKETSTORM", "id": "163807" }, { "db": "PACKETSTORM", "id": "163803" }, { "db": "PACKETSTORM", "id": "163802" }, { "db": "PACKETSTORM", "id": "163801" }, { "db": "PACKETSTORM", "id": "163799" }, { "db": "NVD", "id": "CVE-2021-34485" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202108-848" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-08-12T00:00:00", "db": "VULMON", "id": "CVE-2021-34485" }, { "date": "2021-08-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-002310" }, { "date": "2021-08-12T15:49:33", "db": "PACKETSTORM", "id": "163808" }, { "date": "2021-08-12T15:49:21", "db": "PACKETSTORM", "id": "163807" }, { "date": "2021-08-12T15:45:49", "db": "PACKETSTORM", "id": "163803" }, { "date": "2021-08-12T15:45:22", "db": "PACKETSTORM", "id": "163802" }, { "date": "2021-08-12T15:45:07", "db": "PACKETSTORM", "id": "163801" }, { "date": "2021-08-12T15:43:32", "db": "PACKETSTORM", "id": "163799" }, { "date": "2021-08-12T18:15:09.157000", "db": "NVD", "id": "CVE-2021-34485" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-08-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202108-848" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-08-18T00:00:00", "db": "VULMON", "id": "CVE-2021-34485" }, { "date": "2021-08-26T03:11:00", "db": "JVNDB", "id": "JVNDB-2021-002310" }, { "date": "2023-12-28T20:15:48.690000", "db": "NVD", "id": "CVE-2021-34485" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202108-848" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202108-848" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0Microsoft\u00a0 Vulnerability to disclose information in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002310" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-201801-1128
Vulnerability from variot
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability.". An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201801-1128", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "4.6.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "4.6.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "3.5.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "4.7" }, { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "4.6" }, { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "4.5.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.7, "vendor": "microsoft", "version": "3.5" }, { "model": ".net core", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "1.0" }, { "model": ".net core", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "2.0" }, { "model": ".net framework", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "4.7.1" }, { "model": ".net framework", "scope": "eq", "trust": 1.3, "vendor": "microsoft", "version": "2.0" }, { "model": "powershell core", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "6.0" }, { "model": ".net framework", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "3.0" }, { "model": ".net framework", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "2.0 sp2" }, { "model": ".net framework", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "3.0 sp2" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "6.0.0" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20160" }, { "model": "windows server r2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20120" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20120" }, { "model": "windows server r2 for x64-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "windows server r2 for itanium-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "windows server r2 datacenter sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "windows server for x64-based systems sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "windows server for itanium-based systems sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "windows server for 32-bit systems sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "windows rt", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "8.1" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "8.10" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "8.10" }, { "model": "windows for x64-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "7" }, { "model": "windows for 32-bit systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "7" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1015110" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1015110" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" }, { "model": ".net framework sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "3.0" } ], "sources": [ { "db": "BID", "id": "102380" }, { "db": "JVNDB", "id": "JVNDB-2018-001239" }, { "db": "NVD", "id": "CVE-2018-0786" }, { "db": "CNNVD", "id": "CNNVD-201801-404" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-0786" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "102380" } ], "trust": 0.3 }, "cve": "CVE-2018-0786", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-0786", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-0786", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-0786", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201801-404", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001239" }, { "db": "NVD", "id": "CVE-2018-0786" }, { "db": "CNNVD", "id": "CNNVD-201801-404" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\". \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks", "sources": [ { "db": "NVD", "id": "CVE-2018-0786" }, { "db": "JVNDB", "id": "JVNDB-2018-001239" }, { "db": "BID", "id": "102380" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-0786", "trust": 2.7 }, { "db": "BID", "id": "102380", "trust": 1.9 }, { "db": "SECTRACK", "id": "1040152", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2018-001239", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201801-404", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "102380" }, { "db": "JVNDB", "id": "JVNDB-2018-001239" }, { "db": "NVD", "id": "CVE-2018-0786" }, { "db": "CNNVD", "id": "CNNVD-201801-404" } ] }, "id": "VAR-201801-1128", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2023-12-18T13:52:49.730000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2018-0786 | .NET Security Feature Bypass Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0786" }, { "title": "CVE-2018-0786 | .NET \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u306e\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2018-0786" }, { "title": "Microsoft .NET Framework and .NET Core Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77659" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001239" }, { "db": "CNNVD", "id": "CNNVD-201801-404" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-295", "trust": 1.0 }, { "problemtype": "CWE-254", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001239" }, { "db": "NVD", "id": "CVE-2018-0786" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "http://www.securityfocus.com/bid/102380" }, { "trust": 1.9, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0786" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id/1040152" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0786" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20180110-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2018/at180002.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0786" }, { "trust": 0.3, "url": "http://www.microsoft.com/net/" }, { "trust": 0.3, "url": "http://www.microsoft.com" } ], "sources": [ { "db": "BID", "id": "102380" }, { "db": "JVNDB", "id": "JVNDB-2018-001239" }, { "db": "NVD", "id": "CVE-2018-0786" }, { "db": "CNNVD", "id": "CNNVD-201801-404" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "102380" }, { "db": "JVNDB", "id": "JVNDB-2018-001239" }, { "db": "NVD", "id": "CVE-2018-0786" }, { "db": "CNNVD", "id": "CNNVD-201801-404" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-09T00:00:00", "db": "BID", "id": "102380" }, { "date": "2018-02-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-001239" }, { "date": "2018-01-10T01:29:00.320000", "db": "NVD", "id": "CVE-2018-0786" }, { "date": "2018-01-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-404" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-09T00:00:00", "db": "BID", "id": "102380" }, { "date": "2018-02-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-001239" }, { "date": "2021-08-12T17:19:05.447000", "db": "NVD", "id": "CVE-2018-0786" }, { "date": "2019-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-404" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-404" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Microsoft .NET Framework and .NET Core Vulnerabilities that bypass security functions", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001239" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "trust management problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-404" } ], "trust": 0.6 } }