ALT-PU-2022-3423-3
Package dotnet-bootstrap-6.0 updated to version 6.0.12-alt1 for branch sisyphus in task 312530.
Closed vulnerabilities
Published: 2023-10-10
BDU:2023-06453
Уязвимость средства разработки программного обеспечения Microsoft Visual Studio, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (7.8)Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM (6.8)Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
References:
Published: 2023-10-12
Modified: 2024-03-01
Modified: 2024-03-01
BDU:2023-06583
Уязвимость программной платформы Microsoft .NET Framework, связанная с неверным ограничением XML-ссылок на внешние объекты, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (5.9)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM (5.4)Vector: AV:N/AC:H/Au:N/C:C/I:N/A:N
References:
Published: 2023-10-12
BDU:2023-06584
Уязвимость средства разработки программного обеспечения Microsoft Visual Studio и программной платформы .NET Core, связанная с некорректной зачисткой или освобождением ресурсов, позволяющая нарушителю выполнить отказ в обслуживании
Severity: HIGH (7.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
References:
Published: 2022-08-09
Modified: 2025-05-29
Modified: 2025-05-29
CVE-2022-34716
.NET Spoofing Vulnerability
Severity: MEDIUM (5.9)Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2022-09-13
Modified: 2025-01-02
Modified: 2025-01-02
CVE-2022-38013
.NET Core and Visual Studio Denial of Service Vulnerability
Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013
Published: 2022-10-11
Modified: 2025-02-28
Modified: 2025-02-28
CVE-2022-41032
NuGet Client Elevation of Privilege Vulnerability
Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41032
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOG35Z5RL5W5RGLLYLN46CI4D2UPDSWM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDPT2MJC3HD7HYZGASOOX6MTDR4ASBL5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7BMHO5ITRBZREVTEKHQRGSFRPDMALV3/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41032
Published: 2022-10-11
Modified: 2025-03-01
Modified: 2025-03-01
GHSA-g3q9-xf95-8hp5
NuGet Elevation of Privilege Vulnerability
Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- https://github.com/NuGet/NuGet.Client/security/advisories/GHSA-g3q9-xf95-8hp5
- https://nvd.nist.gov/vuln/detail/CVE-2022-41032
- https://github.com/NuGet/Announcements/issues/65
- https://github.com/NuGet/NuGet.Client/commit/6392863cf83f4870e18f1d02f2463cca633e59ed
- https://github.com/NuGet/NuGet.Client
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOG35Z5RL5W5RGLLYLN46CI4D2UPDSWM
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDPT2MJC3HD7HYZGASOOX6MTDR4ASBL5
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7BMHO5ITRBZREVTEKHQRGSFRPDMALV3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FOG35Z5RL5W5RGLLYLN46CI4D2UPDSWM
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HDPT2MJC3HD7HYZGASOOX6MTDR4ASBL5
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7BMHO5ITRBZREVTEKHQRGSFRPDMALV3
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41032
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41032
- https://www.edwardthomson.com/blog/my-first-cve.html
Published: 2022-09-15
Modified: 2025-01-03
Modified: 2025-01-03
GHSA-r8m2-4x37-6592
.NET Denial of Service Vulnerability
Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- https://github.com/dotnet/aspnetcore/security/advisories/GHSA-r8m2-4x37-6592
- https://nvd.nist.gov/vuln/detail/CVE-2022-38013
- https://github.com/dotnet/aspnetcore
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013
Published: 2024-02-03
Modified: 2024-04-02
Modified: 2024-04-02
GHSA-vh55-786g-wjwj
.NET Information Disclosure Vulnerability
Severity: MEDIUM (5.9)Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
- https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj
- https://nvd.nist.gov/vuln/detail/CVE-2022-34716
- https://github.com/dotnet/announcements/issues/232
- https://github.com/dotnet/aspnetcore/issues/43166
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716