dotnet-runtime

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description The .NET Core runtime
Version 5.0.8.sdk205-1 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-2277 5.0.8.sdk205-1 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-34532 AVG-2277 Medium No Information disclosure
An information disclosure vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK...
CVE-2021-34485 AVG-2277 Medium No Information disclosure
An information disclosure vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK...
CVE-2021-26423 AVG-2277 Medium Yes Denial of service
A denial of service vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK 3.1.118...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1944 5.0.5.sdk202-1 5.0.6.sdk203-1 Medium Fixed
AVG-1698 5.0.3.sdk103-2 5.0.4.sdk104-1 High Fixed FS#69317
AVG-1449 3.1.8.sdk108-1 5.0.3.sdk103-2 High Fixed FS#69317
Issue Group Severity Remote Type Description
CVE-2021-31204 AVG-1944 Medium No Privilege escalation
An elevation of privilege vulnerability exists in .NET 5.0 and .NET Core 3.1 when a user runs a single file application on operating systems based on Linux...
CVE-2021-26701 AVG-1698 High Yes Arbitrary code execution
A remote code execution vulnerability exists in .NET 5.0 before Runtime 5.0.4 and SDK 5.0.104 as well as .NET Core 3.1 before Runtime 3.1.13 and SDK 3.1.113...
CVE-2021-24112 AVG-1449 High No Arbitrary code execution
A remote code execution vulnerability exists in dotnet-core before version 3.1.12 when parsing certain types of graphics files. This vulnerability only...
CVE-2021-1723 AVG-1449 Medium Yes Denial of service
A flaw was found in dotnet-core before version 3.1.11. Running callbacks outside of locks results in Krestel deadlock using HTTP2.
CVE-2021-1721 AVG-1449 Medium Yes Denial of service
A security issue was found in dotnet-core before version 3.1.12. A denial-of-service vulnerability exists when creating HTTPS web request during X509...

Advisories

Date Advisory Group Severity Type
25 May 2021 ASA-202105-21 AVG-1944 Medium privilege escalation
25 Mar 2021 ASA-202103-20 AVG-1698 High arbitrary code execution
25 Mar 2021 ASA-202103-16 AVG-1449 High multiple issues