ALT-PU-2022-1545-2
Package dotnet-runtime-5.0 updated to version 5.0.14-alt1 for branch p9 in task 295274.
Closed vulnerabilities
Published: 2021-02-23
BDU:2021-00931
Уязвимость программной платформы .NET Core, связанная с недостаточной проверкой вводимых даных, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.1)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (7.6)Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
References:
Published: 2021-09-29
BDU:2021-04773
Уязвимость программного средства .NET Core, расширяемого средства автоматизации PowerShell Core и средства разработки программного обеспечения Visual Studio, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2022-03-09
Modified: 2025-07-31
Modified: 2025-07-31
BDU:2022-01176
Уязвимость программной платформы ASP.NET Core и средства разработки программного обеспечения Microsoft Visual Studio, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH (7.1)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
References:
Published: 2023-10-11
BDU:2023-06550
Уязвимость средства разработки программного обеспечения Microsoft Visual Studio, связанная с недостаточной защитой служебных данных, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.7)Vector: AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity: MEDIUM (6.1)Vector: AV:A/AC:L/Au:N/C:C/I:N/A:N
References:
Published: 2023-10-11
BDU:2023-06551
Уязвимость средства разработки программного обеспечения Microsoft Visual Studio, связанная с недостаточной защитой служебных данных, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.5)Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N
References:
Published: 2021-08-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-26423
.NET Core and Visual Studio Denial of Service Vulnerability
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-02-25
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-26701
.NET Core Remote Code Execution Vulnerability
Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: HIGH (8.1)Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2AZOUKMCHT2WBHR7MYDTYXWOBHZW5P5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW3ZSJTTMZAFKGW7NJWTVVFZUYYU2SJZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBOSSX7U6BSHV5RI74FCOW4ITJ5RRJR5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WA5WQJVHUL5C4XMJTLY3C67R4WP35EF4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPUKFHIGP5YNJRRFWKDJ2XRS4WTFJNNK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YLFATXASXW4OV2ZBSRP4G55HJH73QPBP/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26701
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2AZOUKMCHT2WBHR7MYDTYXWOBHZW5P5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW3ZSJTTMZAFKGW7NJWTVVFZUYYU2SJZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBOSSX7U6BSHV5RI74FCOW4ITJ5RRJR5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WA5WQJVHUL5C4XMJTLY3C67R4WP35EF4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPUKFHIGP5YNJRRFWKDJ2XRS4WTFJNNK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YLFATXASXW4OV2ZBSRP4G55HJH73QPBP/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26701
Published: 2021-08-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-34485
.NET Core and Visual Studio Information Disclosure Vulnerability
Severity: LOW (2.1)Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Severity: MEDIUM (5.0)Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
References:
Published: 2021-10-13
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-41355
.NET Core and Visual Studio Information Disclosure Vulnerability
Severity: LOW (2.9)Vector: AV:A/AC:M/Au:N/C:P/I:N/A:N
Severity: MEDIUM (5.7)Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References:
Published: 2022-02-09
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-21986
.NET Denial of Service Vulnerability
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-10-12
Modified: 2022-02-08
Modified: 2022-02-08
GHSA-9cxh-gqpx-qc5m
Credential Disclosure in System.DirectoryServices.Protocols
Severity: MEDIUM (5.7)Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References:
- https://github.com/dotnet/runtime/security/advisories/GHSA-9cxh-gqpx-qc5m
- https://nvd.nist.gov/vuln/detail/CVE-2021-41355
- https://github.com/dotnet/runtime/issues/60301
- https://github.com/dotnet/runtime
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-41355
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41355
- https://www.oracle.com/security-alerts/cpujan2022.html
Published: 2021-04-21
Modified: 2021-04-21
Modified: 2021-04-21
GHSA-ghhp-997w-qr28
.NET Core Remote Code Execution Vulnerability
Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-26701
- https://github.com/dotnet/announcements/issues/178
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2AZOUKMCHT2WBHR7MYDTYXWOBHZW5P5
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW3ZSJTTMZAFKGW7NJWTVVFZUYYU2SJZ
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBOSSX7U6BSHV5RI74FCOW4ITJ5RRJR5
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WA5WQJVHUL5C4XMJTLY3C67R4WP35EF4
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPUKFHIGP5YNJRRFWKDJ2XRS4WTFJNNK
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YLFATXASXW4OV2ZBSRP4G55HJH73QPBP
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2AZOUKMCHT2WBHR7MYDTYXWOBHZW5P5
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW3ZSJTTMZAFKGW7NJWTVVFZUYYU2SJZ
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBOSSX7U6BSHV5RI74FCOW4ITJ5RRJR5
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WA5WQJVHUL5C4XMJTLY3C67R4WP35EF4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPUKFHIGP5YNJRRFWKDJ2XRS4WTFJNNK
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YLFATXASXW4OV2ZBSRP4G55HJH73QPBP
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26701
Published: 2022-10-25
GHSA-rh58-r7jh-xhx3
.NET Core Elevation of Privilege Vulnerability
Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2022-10-21
GHSA-vgwq-hfqc-58wv
.NET Core Information Disclosure Vulnerability
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
- https://github.com/dotnet/runtime/security/advisories/GHSA-vgwq-hfqc-58wv
- https://nvd.nist.gov/vuln/detail/CVE-2021-34485
- https://github.com/dotnet/announcements/issues/196
- https://github.com/github/advisory-database/issues/741
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34485
Published: 2022-10-21
GHSA-x459-p2rx-f8ff
.NET Denial of Service Vulnerability
Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- https://github.com/dotnet/aspnetcore/security/advisories/GHSA-x459-p2rx-f8ff
- https://nvd.nist.gov/vuln/detail/CVE-2022-21986
- https://github.com/dotnet/announcements/issues/207
- https://github.com/dotnet/aspnetcore
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HMQOHV7G5TF6OMBN6DNTDOKQQU7KHMM
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCTBSBE3PNIMXG6ALX2CQG4ZEH7W3YAT
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21986
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21986