Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-0757 (GCVE-0-2019-0757)
Vulnerability from cvelistv5 – Published: 2019-04-09 01:51 – Updated: 2024-08-04 17:58
VLAI
EPSS
Summary
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
Severity
No CVSS data available.
CWE
- Tampering
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2019:1259 | vendor-advisoryx_refsource_REDHAT |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Visual Studio |
Affected:
2017 for Mac
|
|
| Microsoft | .NET Core SDK |
Affected:
1.1 on .NET Core 1.0
Affected: 2.1.500 on .NET Core 2.1 Affected: 2.2.100 on .NET Core 2.2 Affected: 1.1 on .NET Core 1.1 |
|
| Microsoft | Nuget |
Affected:
4.3.1
Affected: 4.4.2 Affected: 4.5.2 Affected: 4.6.3 Affected: 4.7.2 Affected: 4.8.2 Affected: 4.9.4 |
|
| Microsoft | Mono Framework |
Affected:
5.18.0.223
Affected: 5.20.0 |
Date Public
2019-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:59.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
},
{
"name": "RHSA-2019:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Visual Studio",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 for Mac"
}
]
},
{
"product": ".NET Core SDK",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1.1 on .NET Core 1.0"
},
{
"status": "affected",
"version": "2.1.500 on .NET Core 2.1"
},
{
"status": "affected",
"version": "2.2.100 on .NET Core 2.2"
},
{
"status": "affected",
"version": "1.1 on .NET Core 1.1"
}
]
},
{
"product": "Nuget",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.2"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.7.2"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.4"
}
]
},
{
"product": "Mono Framework",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "5.18.0.223"
},
{
"status": "affected",
"version": "5.20.0"
}
]
}
],
"datePublic": "2019-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Tampering",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T12:06:04.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
},
{
"name": "RHSA-2019:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Visual Studio",
"version": {
"version_data": [
{
"version_value": "2017 for Mac"
}
]
}
},
{
"product_name": ".NET Core SDK",
"version": {
"version_data": [
{
"version_value": "1.1 on .NET Core 1.0"
},
{
"version_value": "2.1.500 on .NET Core 2.1"
},
{
"version_value": "2.2.100 on .NET Core 2.2"
},
{
"version_value": "1.1 on .NET Core 1.1"
}
]
}
},
{
"product_name": "Nuget",
"version": {
"version_data": [
{
"version_value": "4.3.1"
},
{
"version_value": "4.4.2"
},
{
"version_value": "4.5.2"
},
{
"version_value": "4.6.3"
},
{
"version_value": "4.7.2"
},
{
"version_value": "4.8.2"
},
{
"version_value": "4.9.4"
}
]
}
},
{
"product_name": "Mono Framework",
"version": {
"version_data": [
{
"version_value": "5.18.0.223"
},
{
"version_value": "5.20.0"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Tampering"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
},
{
"name": "RHSA-2019:1259",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0757",
"datePublished": "2019-04-09T01:51:25.000Z",
"dateReserved": "2018-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:58:59.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-0757",
"date": "2026-05-28",
"epss": "0.05388",
"percentile": "0.90241"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDA983E6-A2DA-48BB-9874-14CF4B3AAE15\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"387021A0-AF36-463C-A605-32EA7DAC172E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:nuget:4.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3BBC3EE0-4087-41B2-A68E-547BC2E555B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:nuget:4.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A682279C-B149-4B8C-A77B-358734FEED04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:nuget:4.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D679328-6D42-47AA-9442-39EDD7934AC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:nuget:4.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CEF9AC2-976B-4984-ACE7-7F1FFDC5DE4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:nuget:4.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"687F6CDF-90C8-4452-8EF4-2B7B2583D399\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:nuget:4.8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCA80AC0-B4F7-4318-B1DF-CC12C878B458\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:nuget:4.9.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C821DB95-80BF-4B94-8194-AAA286457FA3\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono-project:mono_framework:5.18.0.223:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A9C97DF-AF6E-4D4D-9A65-F4DA1E8B4F91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mono-project:mono_framework:5.20.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A56F0C3E-21CF-4887-B931-505E9F9BAE54\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_core_sdk:1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F38B0049-4EF6-4EFB-AC6A-71B8A9FA6544\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EDF760A-C775-457E-8091-586E56545B07\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F87DCF0-0552-4815-8148-C9894397C5EF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_core_sdk:2.1.500:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BACCC0F-721B-4039-985D-EFAD2044996E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3BF7E3F6-D3AE-404D-8F0E-0C57BF23006C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:.net_core_sdk:2.2.100:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8A3CDDB-8FF1-4CB0-BD4E-5BF78792D9CC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:microsoft:.net_core:2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5AB75F9-B0FC-46B5-A863-0458696773DB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92BC9265-6959-4D37-BE5E-8C45E98992F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"831F0F47-3565-4763-B16F-C87B1FF2035E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E3F09B5-569F-4C58-9FCA-3C0953D107B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6897676D-53F9-45B3-B27F-7FF9A4C58D33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E28F226A-CBC7-4A32-BE58-398FA5B42481\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B09ACF2D-D83F-4A86-8185-9569605D8EE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC10D919-57FD-4725-B8D2-39ECB476902F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de manipulaci\\u00f3n en NuGet Package Manager para Linux y Mac que podr\\u00eda permitir que un atacante autenticado modifique la estructura de carpetas de un paquete de NuGet, tambi\\u00e9n conocida como \u0027NuGet Package Manager Tampering Vulnerability\u0027.\"}]",
"id": "CVE-2019-0757",
"lastModified": "2024-11-21T04:17:13.843",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-04-09T02:29:00.600",
"references": "[{\"url\": \"https://access.redhat.com/errata/RHSA-2019:1259\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1259\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-0757\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2019-04-09T02:29:00.600\",\"lastModified\":\"2024-11-21T04:17:13.843\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de manipulaci\u00f3n en NuGet Package Manager para Linux y Mac que podr\u00eda permitir que un atacante autenticado modifique la estructura de carpetas de un paquete de NuGet, tambi\u00e9n conocida como \u0027NuGet Package Manager Tampering Vulnerability\u0027.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDA983E6-A2DA-48BB-9874-14CF4B3AAE15\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:nuget:4.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BBC3EE0-4087-41B2-A68E-547BC2E555B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:nuget:4.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A682279C-B149-4B8C-A77B-358734FEED04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:nuget:4.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D679328-6D42-47AA-9442-39EDD7934AC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:nuget:4.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CEF9AC2-976B-4984-ACE7-7F1FFDC5DE4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:nuget:4.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"687F6CDF-90C8-4452-8EF4-2B7B2583D399\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:nuget:4.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCA80AC0-B4F7-4318-B1DF-CC12C878B458\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:nuget:4.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C821DB95-80BF-4B94-8194-AAA286457FA3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono-project:mono_framework:5.18.0.223:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A9C97DF-AF6E-4D4D-9A65-F4DA1E8B4F91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono-project:mono_framework:5.20.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A56F0C3E-21CF-4887-B931-505E9F9BAE54\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_core_sdk:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F38B0049-4EF6-4EFB-AC6A-71B8A9FA6544\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EDF760A-C775-457E-8091-586E56545B07\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F87DCF0-0552-4815-8148-C9894397C5EF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_core_sdk:2.1.500:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BACCC0F-721B-4039-985D-EFAD2044996E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BF7E3F6-D3AE-404D-8F0E-0C57BF23006C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_core_sdk:2.2.100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8A3CDDB-8FF1-4CB0-BD4E-5BF78792D9CC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5AB75F9-B0FC-46B5-A863-0458696773DB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92BC9265-6959-4D37-BE5E-8C45E98992F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"831F0F47-3565-4763-B16F-C87B1FF2035E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E3F09B5-569F-4C58-9FCA-3C0953D107B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6897676D-53F9-45B3-B27F-7FF9A4C58D33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E28F226A-CBC7-4A32-BE58-398FA5B42481\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B09ACF2D-D83F-4A86-8185-9569605D8EE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC10D919-57FD-4725-B8D2-39ECB476902F\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1259\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1259\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2019-AVI-105
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans Microsoft .Net. Elle permet à un attaquant de provoquer un contournement de la fonctionnalité de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": ".NET Core SDK 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core SDK 2.1.500",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0757",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0757"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-105",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-03-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\n.Net\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un contournement de\nla fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 mars 2019",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2019-AVI-106
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données, une exécution de code à distance, une usurpation d'identité et un contournement de la fonctionnalité de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Nuget 4.6.3 | ||
| Microsoft | N/A | ChakraCore | ||
| Microsoft | N/A | Mono Framework Version 5.18.0.223 | ||
| Microsoft | N/A | Team Foundation Server 2018 Update 3.2 | ||
| Microsoft | N/A | Nuget 4.4.2 | ||
| Microsoft | N/A | Visual Studio pour Mac | ||
| Microsoft | N/A | Nuget 4.7.2 | ||
| Microsoft | N/A | Skype pour Business Server 2015 March 2019 Update | ||
| Microsoft | N/A | Mono Framework Version 5.20.0 | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 | ||
| Microsoft | N/A | Nuget 4.8.2 | ||
| Microsoft | N/A | Team Foundation Server 2017 Update 3.1 | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 8 | ||
| Microsoft | N/A | Nuget 4.9.4 | ||
| Microsoft | N/A | Microsoft Lync Server 2013 July 2018 Update | ||
| Microsoft | N/A | Team Foundation Server 2018 Updated 1.2 | ||
| Microsoft | N/A | UbuntuServer:18.04-LTS | ||
| Microsoft | N/A | Nuget 4.3.1 | ||
| Microsoft | N/A | Nuget 4.5.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nuget 4.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ChakraCore",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Mono Framework Version 5.18.0.223",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2018 Update 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 4.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio pour Mac",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business Server 2015 March 2019 Update",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Mono Framework Version 5.20.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 4.8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2017 Update 3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 4.9.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync Server 2013 July 2018 Update",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2018 Updated 1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "UbuntuServer:18.04-LTS",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 4.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 4.5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0639",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0639"
},
{
"name": "CVE-2019-0769",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0769"
},
{
"name": "CVE-2019-0592",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0592"
},
{
"name": "CVE-2019-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0777"
},
{
"name": "CVE-2019-0809",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0809"
},
{
"name": "CVE-2019-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0798"
},
{
"name": "CVE-2019-0746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0746"
},
{
"name": "CVE-2019-0757",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0757"
},
{
"name": "CVE-2019-0611",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0611"
},
{
"name": "CVE-2019-0773",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0773"
},
{
"name": "CVE-2018-8654",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8654"
},
{
"name": "CVE-2019-0609",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0609"
},
{
"name": "CVE-2019-0771",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0771"
},
{
"name": "CVE-2019-0816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0816"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-106",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-03-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code \u00e0 distance, une\nusurpation d\u0027identit\u00e9 et un contournement de la fonctionnalit\u00e9 de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 mars 2019",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2019-AVI-105
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans Microsoft .Net. Elle permet à un attaquant de provoquer un contournement de la fonctionnalité de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": ".NET Core SDK 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core SDK 2.1.500",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0757",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0757"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-105",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-03-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\n.Net\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un contournement de\nla fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 mars 2019",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2019-AVI-106
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données, une exécution de code à distance, une usurpation d'identité et un contournement de la fonctionnalité de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Nuget 4.6.3 | ||
| Microsoft | N/A | ChakraCore | ||
| Microsoft | N/A | Mono Framework Version 5.18.0.223 | ||
| Microsoft | N/A | Team Foundation Server 2018 Update 3.2 | ||
| Microsoft | N/A | Nuget 4.4.2 | ||
| Microsoft | N/A | Visual Studio pour Mac | ||
| Microsoft | N/A | Nuget 4.7.2 | ||
| Microsoft | N/A | Skype pour Business Server 2015 March 2019 Update | ||
| Microsoft | N/A | Mono Framework Version 5.20.0 | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 | ||
| Microsoft | N/A | Nuget 4.8.2 | ||
| Microsoft | N/A | Team Foundation Server 2017 Update 3.1 | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 8 | ||
| Microsoft | N/A | Nuget 4.9.4 | ||
| Microsoft | N/A | Microsoft Lync Server 2013 July 2018 Update | ||
| Microsoft | N/A | Team Foundation Server 2018 Updated 1.2 | ||
| Microsoft | N/A | UbuntuServer:18.04-LTS | ||
| Microsoft | N/A | Nuget 4.3.1 | ||
| Microsoft | N/A | Nuget 4.5.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nuget 4.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ChakraCore",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Mono Framework Version 5.18.0.223",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2018 Update 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 4.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio pour Mac",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business Server 2015 March 2019 Update",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Mono Framework Version 5.20.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 4.8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2017 Update 3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 4.9.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync Server 2013 July 2018 Update",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2018 Updated 1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "UbuntuServer:18.04-LTS",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 4.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 4.5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0639",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0639"
},
{
"name": "CVE-2019-0769",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0769"
},
{
"name": "CVE-2019-0592",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0592"
},
{
"name": "CVE-2019-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0777"
},
{
"name": "CVE-2019-0809",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0809"
},
{
"name": "CVE-2019-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0798"
},
{
"name": "CVE-2019-0746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0746"
},
{
"name": "CVE-2019-0757",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0757"
},
{
"name": "CVE-2019-0611",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0611"
},
{
"name": "CVE-2019-0773",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0773"
},
{
"name": "CVE-2018-8654",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8654"
},
{
"name": "CVE-2019-0609",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0609"
},
{
"name": "CVE-2019-0771",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0771"
},
{
"name": "CVE-2019-0816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0816"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-106",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-03-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code \u00e0 distance, une\nusurpation d\u0027identit\u00e9 et un contournement de la fonctionnalit\u00e9 de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 mars 2019",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
BDU:2019-01186
Vulnerability from fstec - Published: 13.03.2019
VLAI
Title
Уязвимость системы управления пакетами NuGet, позволяющая нарушителю изменить структуру папок пакета
Description
Уязвимость системы управления пакетами NuGet связана с небезопасным управлением привилегиями. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, изменить структуру папок пакета
Severity
Vendor
Microsoft Corp
Software Name
Nuget, Mono Framework, .NET Core SDK
Software Version
4.3.1 (Nuget), 4.4.2 (Nuget), 4.5.2 (Nuget), 4.6.3 (Nuget), 4.7.2 (Nuget), 4.8.2 (Nuget), 4.9.4 (Nuget), 5.18.0.223 (Mono Framework), 5.20.0 (Mono Framework), 1.1 (.NET Core SDK), 2.1.500 (.NET Core SDK), 2.2.100 (.NET Core SDK)
Possible Mitigations
Использование рекомендаций:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757
Reference
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757
https://www.securityfocus.com/bid/107285/info
CWE
CWE-269
{
"CVSS 2.0": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "4.3.1 (Nuget), 4.4.2 (Nuget), 4.5.2 (Nuget), 4.6.3 (Nuget), 4.7.2 (Nuget), 4.8.2 (Nuget), 4.9.4 (Nuget), 5.18.0.223 (Mono Framework), 5.20.0 (Mono Framework), 1.1 (.NET Core SDK), 2.1.500 (.NET Core SDK), 2.2.100 (.NET Core SDK)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439: \nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.03.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.03.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01186",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-0757",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Nuget, Mono Framework, .NET Core SDK",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0430\u043a\u0435\u0442\u0430\u043c\u0438 NuGet, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u043f\u0430\u043f\u043e\u043a \u043f\u0430\u043a\u0435\u0442\u0430",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 (CWE-269)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0430\u043a\u0435\u0442\u0430\u043c\u0438 NuGet \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u043f\u0430\u043f\u043e\u043a \u043f\u0430\u043a\u0435\u0442\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757\nhttps://www.securityfocus.com/bid/107285/info",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-269",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,3)"
}
FKIE_CVE-2019-0757
Vulnerability from fkie_nvd - Published: 2019-04-09 02:29 - Updated: 2024-11-21 04:17
Severity
Summary
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://access.redhat.com/errata/RHSA-2019:1259 | Third Party Advisory | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:1259 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | visual_studio_2017 | - | |
| apple | macos | - | |
| microsoft | nuget | 4.3.1 | |
| microsoft | nuget | 4.4.2 | |
| microsoft | nuget | 4.5.2 | |
| microsoft | nuget | 4.6.3 | |
| microsoft | nuget | 4.7.2 | |
| microsoft | nuget | 4.8.2 | |
| microsoft | nuget | 4.9.4 | |
| mono-project | mono_framework | 5.18.0.223 | |
| mono-project | mono_framework | 5.20.0 | |
| microsoft | .net_core_sdk | 1.1 | |
| microsoft | .net_core | 1.0 | |
| microsoft | .net_core | 1.1 | |
| microsoft | .net_core_sdk | 2.1.500 | |
| microsoft | .net_core | 2.1 | |
| microsoft | .net_core_sdk | 2.2.100 | |
| microsoft | .net_core | 2.2 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_eus | 8.1 | |
| redhat | enterprise_linux_eus | 8.2 | |
| redhat | enterprise_linux_eus | 8.4 | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA983E6-A2DA-48BB-9874-14CF4B3AAE15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:nuget:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBC3EE0-4087-41B2-A68E-547BC2E555B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuget:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A682279C-B149-4B8C-A77B-358734FEED04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuget:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D679328-6D42-47AA-9442-39EDD7934AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuget:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEF9AC2-976B-4984-ACE7-7F1FFDC5DE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuget:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "687F6CDF-90C8-4452-8EF4-2B7B2583D399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuget:4.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA80AC0-B4F7-4318-B1DF-CC12C878B458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:nuget:4.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C821DB95-80BF-4B94-8194-AAA286457FA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mono-project:mono_framework:5.18.0.223:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9C97DF-AF6E-4D4D-9A65-F4DA1E8B4F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono-project:mono_framework:5.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A56F0C3E-21CF-4887-B931-505E9F9BAE54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_core_sdk:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F38B0049-4EF6-4EFB-AC6A-71B8A9FA6544",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDF760A-C775-457E-8091-586E56545B07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87DCF0-0552-4815-8148-C9894397C5EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_core_sdk:2.1.500:*:*:*:*:*:*:*",
"matchCriteriaId": "7BACCC0F-721B-4039-985D-EFAD2044996E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF7E3F6-D3AE-404D-8F0E-0C57BF23006C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_core_sdk:2.2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A3CDDB-8FF1-4CB0-BD4E-5BF78792D9CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_core:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5AB75F9-B0FC-46B5-A863-0458696773DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de manipulaci\u00f3n en NuGet Package Manager para Linux y Mac que podr\u00eda permitir que un atacante autenticado modifique la estructura de carpetas de un paquete de NuGet, tambi\u00e9n conocida como \u0027NuGet Package Manager Tampering Vulnerability\u0027."
}
],
"id": "CVE-2019-0757",
"lastModified": "2024-11-21T04:17:13.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-09T02:29:00.600",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-C2WG-P84Q-4X76
Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2022-05-13 01:02
VLAI
Details
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
Severity
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2019-0757"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-09T02:29:00Z",
"severity": "MODERATE"
},
"details": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027.",
"id": "GHSA-c2wg-p84q-4x76",
"modified": "2022-05-13T01:02:36Z",
"published": "2022-05-13T01:02:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0757"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2019-0757
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-0757",
"description": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027.",
"id": "GSD-2019-0757",
"references": [
"https://access.redhat.com/errata/RHSA-2019:1259",
"https://access.redhat.com/errata/RHSA-2019:0544",
"https://linux.oracle.com/cve/CVE-2019-0757.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-0757"
],
"details": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027.",
"id": "GSD-2019-0757",
"modified": "2023-12-13T01:23:39.067349Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Visual Studio",
"version": {
"version_data": [
{
"version_value": "2017 for Mac"
}
]
}
},
{
"product_name": ".NET Core SDK",
"version": {
"version_data": [
{
"version_value": "1.1 on .NET Core 1.0"
},
{
"version_value": "2.1.500 on .NET Core 2.1"
},
{
"version_value": "2.2.100 on .NET Core 2.2"
},
{
"version_value": "1.1 on .NET Core 1.1"
}
]
}
},
{
"product_name": "Nuget",
"version": {
"version_data": [
{
"version_value": "4.3.1"
},
{
"version_value": "4.4.2"
},
{
"version_value": "4.5.2"
},
{
"version_value": "4.6.3"
},
{
"version_value": "4.7.2"
},
{
"version_value": "4.8.2"
},
{
"version_value": "4.9.4"
}
]
}
},
{
"product_name": "Mono Framework",
"version": {
"version_data": [
{
"version_value": "5.18.0.223"
},
{
"version_value": "5.20.0"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Tampering"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
},
{
"name": "RHSA-2019:1259",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mono-project:mono_framework:5.18.0.223:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mono-project:mono_framework:5.20.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core_sdk:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core_sdk:2.1.500:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core_sdk:2.2.100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0757"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
},
{
"name": "RHSA-2019:1259",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-04-11T20:36Z",
"publishedDate": "2019-04-09T02:29Z"
}
}
}
RHSA-2019:0544
Vulnerability from csaf_redhat - Published: 2019-03-13 14:04 - Updated: 2025-11-21 18:07Summary
Red Hat Security Advisory: .NET Core on Red Hat Enterprise Linux security update for March 2019
Severity
Important
Notes
Topic: Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: .NET Core is a managed-software framework. It implements the .NET standard APIs and several additional APIs, and it includes a CLR implementation.
New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.15, 1.1.12, 2.1.9, and 2.2.3.
Security Fix(es):
* A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. (CVE-2019-0757)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
For more information, please refer to the upstream doc in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in dotnet. A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.8 (High)
Affected products
Fixed
81 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": ".NET Core is a managed-software framework. It implements the .NET standard APIs and several additional APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.15, 1.1.12, 2.1.9, and 2.2.3.\n\nSecurity Fix(es):\n\n* A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. (CVE-2019-0757)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nFor more information, please refer to the upstream doc in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0544",
"url": "https://access.redhat.com/errata/RHSA-2019:0544"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
},
{
"category": "external",
"summary": "1685475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1685475"
},
{
"category": "external",
"summary": "1685718",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1685718"
},
{
"category": "external",
"summary": "1685720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1685720"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0544.json"
}
],
"title": "Red Hat Security Advisory: .NET Core on Red Hat Enterprise Linux security update for March 2019",
"tracking": {
"current_release_date": "2025-11-21T18:07:44+00:00",
"generator": {
"date": "2025-11-21T18:07:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2019:0544",
"initial_release_date": "2019-03-13T14:04:55+00:00",
"revision_history": [
{
"date": "2019-03-13T14:04:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-03-13T14:04:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:07:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:1.1::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:1.1::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:1.1::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:2.1::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:2.1::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:2.1::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:2.2::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:2.2::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:2.2::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:1.0::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:1.0::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:1.0::el7"
}
}
}
],
"category": "product_family",
"name": ".NET Core on Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"product": {
"name": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"product_id": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnetcore11-dotnetcore@1.1.12-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"product": {
"name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"product_id": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnetcore11-dotnetcore-debuginfo@1.1.12-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"product": {
"name": "rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"product_id": "rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-runtime@2.1-8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-0:2.1-8.el7.x86_64",
"product": {
"name": "rh-dotnet21-0:2.1-8.el7.x86_64",
"product_id": "rh-dotnet21-0:2.1-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21@2.1-8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"product": {
"name": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"product_id": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet-sdk-2.1.5xx@2.1.505-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"product": {
"name": "rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"product_id": "rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet-debuginfo@2.1.505-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"product": {
"name": "rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"product_id": "rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet-host@2.1.9-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"product": {
"name": "rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"product_id": "rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet@2.1.505-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"product": {
"name": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"product_id": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet-sdk-2.1@2.1.505-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"product": {
"name": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"product_id": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet-runtime-2.1@2.1.9-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"product": {
"name": "rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"product_id": "rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22-runtime@2.2-4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-0:2.2-4.el7.x86_64",
"product": {
"name": "rh-dotnet22-0:2.2-4.el7.x86_64",
"product_id": "rh-dotnet22-0:2.2-4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22@2.2-4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"product": {
"name": "rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"product_id": "rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22-dotnet@2.2.105-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"product": {
"name": "rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"product_id": "rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22-dotnet-host@2.2.3-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"product": {
"name": "rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"product_id": "rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22-dotnet-debuginfo@2.2.105-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"product": {
"name": "rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"product_id": "rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22-dotnet-sdk-2.2.1xx@2.2.105-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"product": {
"name": "rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"product_id": "rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22-dotnet-runtime-2.2@2.2.3-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"product": {
"name": "rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"product_id": "rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22-dotnet-sdk-2.2@2.2.105-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"product": {
"name": "rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"product_id": "rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22-dotnet-host-fxr-2.2@2.2.3-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"product": {
"name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"product_id": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnetcore10-dotnetcore-debuginfo@1.0.15-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"product": {
"name": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"product_id": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnetcore10-dotnetcore@1.0.15-1.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"product": {
"name": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"product_id": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnetcore11-dotnetcore@1.1.12-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-0:2.1-8.el7.src",
"product": {
"name": "rh-dotnet21-0:2.1-8.el7.src",
"product_id": "rh-dotnet21-0:2.1-8.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21@2.1-8.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"product": {
"name": "rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"product_id": "rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet@2.1.505-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-0:2.2-4.el7.src",
"product": {
"name": "rh-dotnet22-0:2.2-4.el7.src",
"product_id": "rh-dotnet22-0:2.2-4.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22@2.2-4.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"product": {
"name": "rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"product_id": "rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22-dotnet@2.2.105-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"product": {
"name": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"product_id": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnetcore10-dotnetcore@1.0.15-1.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src"
},
"product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"relates_to_product_reference": "7ComputeNode-dotNET-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src"
},
"product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"relates_to_product_reference": "7ComputeNode-dotNET-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-0:2.1-8.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src"
},
"product_reference": "rh-dotnet21-0:2.1-8.el7.src",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-0:2.1-8.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64"
},
"product_reference": "rh-dotnet21-0:2.1-8.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-0:2.1.505-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src"
},
"product_reference": "rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-runtime-0:2.1-8.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64"
},
"product_reference": "rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-0:2.2-4.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src"
},
"product_reference": "rh-dotnet22-0:2.2-4.el7.src",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-0:2.2-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64"
},
"product_reference": "rh-dotnet22-0:2.2-4.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-0:2.2.105-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src"
},
"product_reference": "rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-runtime-0:2.2-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64"
},
"product_reference": "rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src"
},
"product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"relates_to_product_reference": "7Server-dotNET-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src"
},
"product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"relates_to_product_reference": "7Server-dotNET-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-0:2.1-8.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src"
},
"product_reference": "rh-dotnet21-0:2.1-8.el7.src",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-0:2.1-8.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64"
},
"product_reference": "rh-dotnet21-0:2.1-8.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-0:2.1.505-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src"
},
"product_reference": "rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-runtime-0:2.1-8.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64"
},
"product_reference": "rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-0:2.2-4.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src"
},
"product_reference": "rh-dotnet22-0:2.2-4.el7.src",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-0:2.2-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64"
},
"product_reference": "rh-dotnet22-0:2.2-4.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-0:2.2.105-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src"
},
"product_reference": "rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-runtime-0:2.2-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64"
},
"product_reference": "rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src"
},
"product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"relates_to_product_reference": "7Workstation-dotNET-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src"
},
"product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"relates_to_product_reference": "7Workstation-dotNET-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-0:2.1-8.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src"
},
"product_reference": "rh-dotnet21-0:2.1-8.el7.src",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-0:2.1-8.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64"
},
"product_reference": "rh-dotnet21-0:2.1-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-0:2.1.505-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src"
},
"product_reference": "rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-runtime-0:2.1-8.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64"
},
"product_reference": "rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-0:2.2-4.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src"
},
"product_reference": "rh-dotnet22-0:2.2-4.el7.src",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-0:2.2-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64"
},
"product_reference": "rh-dotnet22-0:2.2-4.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-0:2.2.105-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src"
},
"product_reference": "rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-runtime-0:2.2-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64"
},
"product_reference": "rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-0757",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2019-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1685475"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in dotnet. A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: NuGet Tampering Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src",
"7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src",
"7ComputeNode-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src",
"7Server-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src",
"7Server-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src",
"7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src",
"7Workstation-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0757"
},
{
"category": "external",
"summary": "RHBZ#1685475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1685475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0757",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0757"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0757",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0757"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
}
],
"release_date": "2019-03-12T17:33:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-03-13T14:04:55+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src",
"7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src",
"7ComputeNode-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src",
"7Server-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src",
"7Server-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src",
"7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src",
"7Workstation-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0544"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src",
"7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src",
"7ComputeNode-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src",
"7Server-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src",
"7Server-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src",
"7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src",
"7Workstation-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: NuGet Tampering Vulnerability"
}
]
}
RHSA-2019:1259
Vulnerability from csaf_redhat - Published: 2019-05-22 10:22 - Updated: 2025-11-21 18:08Summary
Red Hat Security Advisory: dotnet security, bug fix, and enhancement update
Severity
Important
Notes
Topic: An update for dotnet is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
A new version of .NET Core that address security vulnerabilities is now available. The updated version is .NET Core Runtime 2.1.11 and SDK 2.1.507.
Security Fix(es):
* dotnet: NuGet Tampering Vulnerability (CVE-2019-0757)
* dotnet: timeouts for regular expressions are not enforced (CVE-2019-0820)
* dotnet: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0980)
* dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0981)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in dotnet. A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.8 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
35 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for dotnet is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": ".NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nA new version of .NET Core that address security vulnerabilities is now available. The updated version is .NET Core Runtime 2.1.11 and SDK 2.1.507.\n\nSecurity Fix(es):\n\n* dotnet: NuGet Tampering Vulnerability (CVE-2019-0757)\n\n* dotnet: timeouts for regular expressions are not enforced (CVE-2019-0820)\n\n* dotnet: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0980)\n\n* dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0981)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:1259",
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981"
},
{
"category": "external",
"summary": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md",
"url": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md"
},
{
"category": "external",
"summary": "1685475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1685475"
},
{
"category": "external",
"summary": "1696836",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1696836"
},
{
"category": "external",
"summary": "1705502",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705502"
},
{
"category": "external",
"summary": "1705504",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705504"
},
{
"category": "external",
"summary": "1705506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705506"
},
{
"category": "external",
"summary": "1710068",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1710068"
},
{
"category": "external",
"summary": "1712471",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712471"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_1259.json"
}
],
"title": "Red Hat Security Advisory: dotnet security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T18:08:32+00:00",
"generator": {
"date": "2025-11-21T18:08:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2019:1259",
"initial_release_date": "2019-05-22T10:22:43+00:00",
"revision_history": [
{
"date": "2019-05-22T10:22:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-05-22T10:22:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:08:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"product": {
"name": "dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"product_id": "dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-2.1-debuginfo@2.1.11-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64",
"product": {
"name": "dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64",
"product_id": "dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-2.1.5xx-debuginfo@2.1.507-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"product": {
"name": "dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"product_id": "dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-debugsource@2.1.507-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"product": {
"name": "dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"product_id": "dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-2.1@2.1.11-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"product": {
"name": "dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"product_id": "dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host-fxr-2.1-debuginfo@2.1.11-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-0:2.1.11-2.el8_0.x86_64",
"product": {
"name": "dotnet-host-0:2.1.11-2.el8_0.x86_64",
"product_id": "dotnet-host-0:2.1.11-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host@2.1.11-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"product": {
"name": "dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"product_id": "dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-2.1@2.1.507-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"product": {
"name": "dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"product_id": "dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-debuginfo@2.1.507-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"product": {
"name": "dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"product_id": "dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host-debuginfo@2.1.11-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"product": {
"name": "dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"product_id": "dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-2.1.5xx@2.1.507-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-0:2.1.507-2.el8_0.x86_64",
"product": {
"name": "dotnet-0:2.1.507-2.el8_0.x86_64",
"product_id": "dotnet-0:2.1.507-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet@2.1.507-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"product": {
"name": "dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"product_id": "dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host-fxr-2.1@2.1.11-2.el8_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet-0:2.1.507-2.el8_0.src",
"product": {
"name": "dotnet-0:2.1.507-2.el8_0.src",
"product_id": "dotnet-0:2.1.507-2.el8_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet@2.1.507-2.el8_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-0:2.1.507-2.el8_0.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src"
},
"product_reference": "dotnet-0:2.1.507-2.el8_0.src",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-0:2.1.507-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64"
},
"product_reference": "dotnet-0:2.1.507-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64"
},
"product_reference": "dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-debugsource-0:2.1.507-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64"
},
"product_reference": "dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:2.1.11-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64"
},
"product_reference": "dotnet-host-0:2.1.11-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64"
},
"product_reference": "dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64"
},
"product_reference": "dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64"
},
"product_reference": "dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64"
},
"product_reference": "dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64"
},
"product_reference": "dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64"
},
"product_reference": "dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64"
},
"product_reference": "dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
},
"product_reference": "dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-0757",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2019-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1685475"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in dotnet. A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: NuGet Tampering Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0757"
},
{
"category": "external",
"summary": "RHBZ#1685475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1685475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0757",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0757"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0757",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0757"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
}
],
"release_date": "2019-03-12T17:33:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-05-22T10:22:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: NuGet Tampering Vulnerability"
},
{
"cve": "CVE-2019-0820",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1705506"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka \u0027.NET Framework and .NET Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: timeouts for regular expressions are not enforced",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0820"
},
{
"category": "external",
"summary": "RHBZ#1705506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705506"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0820"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820"
}
],
"release_date": "2019-05-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-05-22T10:22:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dotnet: timeouts for regular expressions are not enforced"
},
{
"cve": "CVE-2019-0980",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1705502"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka \u0027.Net Framework and .Net Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: infinite loop in Uri.TryCreate leading to ASP.Net Core Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0980"
},
{
"category": "external",
"summary": "RHBZ#1705502",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705502"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0980",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0980"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0980",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0980"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0980",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0980"
}
],
"release_date": "2019-05-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-05-22T10:22:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dotnet: infinite loop in Uri.TryCreate leading to ASP.Net Core Denial of Service"
},
{
"cve": "CVE-2019-0981",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1705504"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka \u0027.Net Framework and .Net Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0981"
},
{
"category": "external",
"summary": "RHBZ#1705504",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705504"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0981",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0981"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0981",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0981"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981"
}
],
"release_date": "2019-05-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-05-22T10:22:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…