Errata ALT-PU-2020-2593-1: Information
Fixes
Published: May 12, 2020
BDU:2020-02481
Уязвимость программных платформ .NET Core и Microsoft .NET Framework, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: July 14, 2020
BDU:2020-03369
Уязвимость программной платформы Microsoft .NET Framework, средства разработки программного обеспечения Microsoft Visual Studio, пакетов программ Microsoft SharePoint Server и Microsoft SharePoint Enterprise Server, связанная с ошибками при обработке XML-запросов, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 22, 2020
Modified: Oct. 15, 2023
Modified: Oct. 15, 2023
CVE-2020-1108
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: July 15, 2020
Modified: July 12, 2022
Modified: July 12, 2022
CVE-2020-1147
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
- http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html
- http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
- https://www.exploitalert.com/view-details.html?id=35992
- http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html