dotnet-runtime
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | The .NET Core runtime |
| Version | 5.0.5.sdk202-1 [community] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1698 | 5.0.3.sdk103-2 | 5.0.4.sdk104-1 | High | Fixed | FS#69317 |
| AVG-1449 | 3.1.8.sdk108-1 | 5.0.3.sdk103-2 | High | Fixed | FS#69317 |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-26701 | AVG-1698 | High | Yes | Arbitrary code execution | A remote code execution vulnerability exists in .NET 5.0 before Runtime 5.0.4 and SDK 5.0.104 as well as .NET Core 3.1 before Runtime 3.1.13 and SDK 3.1.113... |
| CVE-2021-24112 | AVG-1449 | High | No | Arbitrary code execution | A remote code execution vulnerability exists in dotnet-core before version 3.1.12 when parsing certain types of graphics files. This vulnerability only... |
| CVE-2021-1723 | AVG-1449 | Medium | Yes | Denial of service | A flaw was found in dotnet-core before version 3.1.11. Running callbacks outside of locks results in Krestel deadlock using HTTP2. |
| CVE-2021-1721 | AVG-1449 | Medium | Yes | Denial of service | A security issue was found in dotnet-core before version 3.1.12. A denial-of-service vulnerability exists when creating HTTPS web request during X509... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 25 Mar 2021 | ASA-202103-20 | AVG-1698 | High | arbitrary code execution |
| 25 Mar 2021 | ASA-202103-16 | AVG-1449 | High | multiple issues |