dotnet-sdk
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | The .NET Core SDK |
| Version | 5.0.8.sdk205-1 [community] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2277 | 5.0.8.sdk205-1 | Medium | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-34532 | AVG-2277 | Medium | No | Information disclosure | An information disclosure vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK... |
| CVE-2021-34485 | AVG-2277 | Medium | No | Information disclosure | An information disclosure vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK... |
| CVE-2021-26423 | AVG-2277 | Medium | Yes | Denial of service | A denial of service vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK 3.1.118... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1944 | 5.0.5.sdk202-1 | 5.0.6.sdk203-1 | Medium | Fixed | |
| AVG-1698 | 5.0.3.sdk103-2 | 5.0.4.sdk104-1 | High | Fixed | FS#69317 |
| AVG-1449 | 3.1.8.sdk108-1 | 5.0.3.sdk103-2 | High | Fixed | FS#69317 |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-31204 | AVG-1944 | Medium | No | Privilege escalation | An elevation of privilege vulnerability exists in .NET 5.0 and .NET Core 3.1 when a user runs a single file application on operating systems based on Linux... |
| CVE-2021-26701 | AVG-1698 | High | Yes | Arbitrary code execution | A remote code execution vulnerability exists in .NET 5.0 before Runtime 5.0.4 and SDK 5.0.104 as well as .NET Core 3.1 before Runtime 3.1.13 and SDK 3.1.113... |
| CVE-2021-24112 | AVG-1449 | High | No | Arbitrary code execution | A remote code execution vulnerability exists in dotnet-core before version 3.1.12 when parsing certain types of graphics files. This vulnerability only... |
| CVE-2021-1723 | AVG-1449 | Medium | Yes | Denial of service | A flaw was found in dotnet-core before version 3.1.11. Running callbacks outside of locks results in Krestel deadlock using HTTP2. |
| CVE-2021-1721 | AVG-1449 | Medium | Yes | Denial of service | A security issue was found in dotnet-core before version 3.1.12. A denial-of-service vulnerability exists when creating HTTPS web request during X509... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 25 May 2021 | ASA-202105-20 | AVG-1944 | Medium | privilege escalation |
| 25 Mar 2021 | ASA-202103-21 | AVG-1698 | High | arbitrary code execution |
| 25 Mar 2021 | ASA-202103-17 | AVG-1449 | High | multiple issues |