Search criteria
33 vulnerabilities found for .Net by Microsoft
CERTFR-2026-AVI-0150
Vulnerability from certfr_avis - Published: 2026-02-11 - Updated: 2026-02-11
De multiples vulnérabilités ont été découvertes dans Microsoft Windows. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Microsoft indique que les vulnérabilités CVE-2026-21510, CVE-2026-21513, CVE-2026-21519, CVE-2026-21525 et CVE-2026-21533 sont activement exploitées.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes x64 versions antérieures à 10.0.19045.6937 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes 32 bits versions antérieures à 10.0.17763.8389 | ||
| Microsoft | Windows | Windows Server 2022 (Server Core installation) versions antérieures à 10.0.20348.4711 | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes x64 versions antérieures à 10.0.19044.6937 | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes 32 bits versions antérieures à 10.0.14393.8868 | ||
| Microsoft | Windows | Windows App pour Mac versions antérieures à 11.3.2 | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.19045.6937 | ||
| Microsoft | Windows | Windows Server 2012 R2 versions antérieures à 6.3.9600.23022 | ||
| Microsoft | Windows | Windows Server 2012 versions antérieures à 6.2.9200.25923 | ||
| Microsoft | Windows | Windows Server 2025 (Server Core installation) versions antérieures à 10.0.26100.32313 | ||
| Microsoft | Windows | Windows Server 2012 (Server Core installation) versions antérieures à 6.2.9200.25923 | ||
| Microsoft | Windows | Windows Server 2025 versions antérieures à 10.0.26100.32313 | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes 32 bits versions antérieures à 10.0.19044.6937 | ||
| Microsoft | .Net | .NET 10.0 installed sur Windows versions antérieures à 10.0.3 | ||
| Microsoft | .Net | .NET 8.0 installed sur Windows versions antérieures à 8.0.24 | ||
| Microsoft | Windows | Windows Server 2016 (Server Core installation) versions antérieures à 10.0.14393.8868 | ||
| Microsoft | Windows | Windows Server 2019 (Server Core installation) versions antérieures à 10.0.17763.8389 | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes 32 bits versions antérieures à 10.0.19045.6937 | ||
| Microsoft | Windows | Windows 11 Version 24H2 pour systèmes x64 versions antérieures à 10.0.26100.7781 | ||
| Microsoft | Windows | Windows 11 Version 25H2 pour systèmes x64 versions antérieures à 10.0.26200.7781 | ||
| Microsoft | .Net | .NET 9.0 installed sur Windows versions antérieures à 9.0.13 | ||
| Microsoft | Windows | Windows 11 Version 23H2 pour systèmes x64 versions antérieures à 10.0.22631.6649 | ||
| Microsoft | Windows | Windows Server 2022 versions antérieures à 10.0.20348.4711 | ||
| Microsoft | Windows | Windows Server 2022, 23H2 Edition (Server Core installation) versions antérieures à 10.0.25398.2149 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes x64 versions antérieures à 10.0.17763.8389 | ||
| Microsoft | Windows | Windows 11 version 26H1 pour systèmes x64 antérieures à 10.0.28000.1575 | ||
| Microsoft | Windows | Windows Notepad versions antérieures à 11.2510 | ||
| Microsoft | Windows | Windows Server 2019 versions antérieures à 10.0.17763.8389 | ||
| Microsoft | Windows | Windows Server 2016 versions antérieures à 10.0.14393.8868 | ||
| Microsoft | Windows | Windows 11 Version 23H2 pour systèmes ARM64 versions antérieures à 10.0.22631.6649 | ||
| Microsoft | Windows | Windows 11 Version 24H2 pour systèmes ARM64 versions antérieures à 10.0.26100.7781 | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes ARM64 versions antérieures à 10.0.19044.6937 | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes x64 versions antérieures à 10.0.14393.8868 | ||
| Microsoft | Windows | Windows 11 Version 25H2 pour systèmes ARM64 versions antérieures à 10.0.26200.7781 | ||
| Microsoft | Windows | Windows Server 2012 R2 (Server Core installation) versions antérieures à 6.3.9600.23022 | ||
| Microsoft | Windows | Windows 11 Version 26H1 pour systèmes ARM64 versions antérieures à 10.0.28000.1575 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19045.6937",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.17763.8389",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.20348.4711",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19044.6937",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.14393.8868",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows App pour Mac versions ant\u00e9rieures \u00e0 11.3.2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19045.6937",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 versions ant\u00e9rieures \u00e0 6.3.9600.23022",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 versions ant\u00e9rieures \u00e0 6.2.9200.25923",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2025 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.26100.32313",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation) versions ant\u00e9rieures \u00e0 6.2.9200.25923",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2025 versions ant\u00e9rieures \u00e0 10.0.26100.32313",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19044.6937",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 10.0 installed sur Windows versions ant\u00e9rieures \u00e0 10.0.3",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 8.0 installed sur Windows versions ant\u00e9rieures \u00e0 8.0.24",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.14393.8868",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.17763.8389",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19045.6937",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 24H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.26100.7781",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 25H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.26200.7781",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 9.0 installed sur Windows versions ant\u00e9rieures \u00e0 9.0.13",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 23H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.6649",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 versions ant\u00e9rieures \u00e0 10.0.20348.4711",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022, 23H2 Edition (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.25398.2149",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.17763.8389",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 version 26H1 pour syst\u00e8mes x64 ant\u00e9rieures \u00e0 10.0.28000.1575",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Notepad versions ant\u00e9rieures \u00e0 11.2510",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 versions ant\u00e9rieures \u00e0 10.0.17763.8389",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 versions ant\u00e9rieures \u00e0 10.0.14393.8868",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 23H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22631.6649",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 24H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.26100.7781",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19044.6937",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.14393.8868",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 25H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.26200.7781",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.3.9600.23022",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 26H1 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.28000.1575",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-21245",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21245"
},
{
"name": "CVE-2026-21247",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21247"
},
{
"name": "CVE-2026-21525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21525"
},
{
"name": "CVE-2026-21232",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21232"
},
{
"name": "CVE-2026-21513",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21513"
},
{
"name": "CVE-2026-21244",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21244"
},
{
"name": "CVE-2026-21243",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21243"
},
{
"name": "CVE-2026-21249",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21249"
},
{
"name": "CVE-2026-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21235"
},
{
"name": "CVE-2026-21231",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21231"
},
{
"name": "CVE-2026-21519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21519"
},
{
"name": "CVE-2026-21238",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21238"
},
{
"name": "CVE-2026-21533",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21533"
},
{
"name": "CVE-2026-21237",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21237"
},
{
"name": "CVE-2023-2804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2804"
},
{
"name": "CVE-2026-21240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21240"
},
{
"name": "CVE-2026-21246",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21246"
},
{
"name": "CVE-2026-21253",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21253"
},
{
"name": "CVE-2026-21251",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21251"
},
{
"name": "CVE-2026-21508",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21508"
},
{
"name": "CVE-2026-20841",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20841"
},
{
"name": "CVE-2026-21239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21239"
},
{
"name": "CVE-2026-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21248"
},
{
"name": "CVE-2026-21242",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21242"
},
{
"name": "CVE-2026-21222",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21222"
},
{
"name": "CVE-2026-21234",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21234"
},
{
"name": "CVE-2026-20846",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20846"
},
{
"name": "CVE-2026-21517",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21517"
},
{
"name": "CVE-2026-21218",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21218"
},
{
"name": "CVE-2026-21250",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21250"
},
{
"name": "CVE-2026-21255",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21255"
},
{
"name": "CVE-2026-21241",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21241"
},
{
"name": "CVE-2026-21236",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21236"
},
{
"name": "CVE-2026-21510",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21510"
}
],
"initial_release_date": "2026-02-11T00:00:00",
"last_revision_date": "2026-02-11T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0150",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Windows. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nMicrosoft indique que les vuln\u00e9rabilit\u00e9s CVE-2026-21510, CVE-2026-21513, CVE-2026-21519, CVE-2026-21525 et CVE-2026-21533 sont activement exploit\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
"vendor_advisories": [
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21251",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21251"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21231",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21231"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-20846",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20846"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21513",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21519",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21247",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21247"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21238",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21238"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21241",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21241"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21244",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21244"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21243",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21243"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21245",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21245"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21232",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21232"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21525",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21235",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21235"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21248",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21248"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21234",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21234"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21517",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21517"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21250",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21250"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21218",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21218"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-20841",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21242",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21242"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21510",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21237",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21237"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21222",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21222"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21255",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21255"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21240",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21240"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2023-2804",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2804"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21253",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21253"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21249",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21249"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21508",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21508"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21246",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21246"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21236",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21236"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21239",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21239"
},
{
"published_at": "2026-02-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2026-21533",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533"
}
]
}
CERTFR-2025-AVI-0880
Vulnerability from certfr_avis - Published: 2025-10-15 - Updated: 2025-10-15
De multiples vulnérabilités ont été découvertes dans Microsoft .Net. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | .Net | .NET 8.0 installé sur Mac OS versions antérieures à 8.0.21 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.8 versions antérieures à 4.8.04798.04 | ||
| Microsoft | .Net | .NET 9.0 installé sur Linux versions antérieures à 9.0.10 | ||
| Microsoft | .Net | ASP.NET Core 9.0 versions antérieures à 9.0.10 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.7.2 versions antérieures à 10.0.14393.8519 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5.1 versions antérieures à 2.0.50727.8981 | ||
| Microsoft | .Net | Microsoft .NET Framework 2.0 Service Pack 2 versions antérieures à 2.0.50727.8981 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.0 Service Pack 2 versions antérieures à 2.0.50727.8981 | ||
| Microsoft | .Net | .NET 9.0 installé sur Mac OS versions antérieures à 9.0.10 | ||
| Microsoft | .Net | ASP.NET Core 2.3 versions antérieures à 2.3.6 | ||
| Microsoft | .Net | ASP.NET Core 8.0 versions antérieures à 8.0.21 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 versions antérieures à 2.0.50727.8981 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions antérieures à 4.7.04137.06 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.8.1 versions antérieures à 4.8.1.09321.01 | ||
| Microsoft | .Net | .NET 8.0 installé sur Linux versions antérieures à 8.0.21 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": ".NET 8.0 install\u00e9 sur Mac OS versions ant\u00e9rieures \u00e0 8.0.21",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8 versions ant\u00e9rieures \u00e0 4.8.04798.04",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 9.0 install\u00e9 sur Linux versions ant\u00e9rieures \u00e0 9.0.10",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 9.0 versions ant\u00e9rieures \u00e0 9.0.10",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.7.2 versions ant\u00e9rieures \u00e0 10.0.14393.8519",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5.1 versions ant\u00e9rieures \u00e0 2.0.50727.8981",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 2.0 Service Pack 2 versions ant\u00e9rieures \u00e0 2.0.50727.8981",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.0 Service Pack 2 versions ant\u00e9rieures \u00e0 2.0.50727.8981",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 9.0 install\u00e9 sur Mac OS versions ant\u00e9rieures \u00e0 9.0.10",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.3 versions ant\u00e9rieures \u00e0 2.3.6",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 8.0 versions ant\u00e9rieures \u00e0 8.0.21",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 versions ant\u00e9rieures \u00e0 2.0.50727.8981",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions ant\u00e9rieures \u00e0 4.7.04137.06",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.8.1 versions ant\u00e9rieures \u00e0 4.8.1.09321.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 8.0 install\u00e9 sur Linux versions ant\u00e9rieures \u00e0 8.0.21",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-55248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55248"
},
{
"name": "CVE-2025-55247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55247"
},
{
"name": "CVE-2025-55315",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55315"
}
],
"initial_release_date": "2025-10-15T00:00:00",
"last_revision_date": "2025-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0880",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft .Net. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2025-55315",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2025-55247",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55247"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2025-55248",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55248"
}
]
}
CERTFR-2025-AVI-0500
Vulnerability from certfr_avis - Published: 2025-06-11 - Updated: 2025-06-11
Une vulnérabilité a été découverte dans Microsoft .Net. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | .Net | .NET 8.0 pour Linux versions antérieures à 8.0.17 | ||
| Microsoft | .Net | .NET 8.0 pour Mac OS versions antérieures à 8.0.17 | ||
| Microsoft | .Net | .NET 8.0 pour Windows versions antérieures à 8.0.17 | ||
| Microsoft | .Net | .NET 9.0 pour Mac OS versions antérieures à 9.0.6 | ||
| Microsoft | .Net | .NET 9.0 pour Windows versions antérieures à 9.0.6 | ||
| Microsoft | .Net | .NET 9.0 pour Linux versions antérieures à 9.0.6 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": ".NET 8.0 pour Linux versions ant\u00e9rieures \u00e0 8.0.17",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 8.0 pour Mac OS versions ant\u00e9rieures \u00e0 8.0.17",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 8.0 pour Windows versions ant\u00e9rieures \u00e0 8.0.17",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 9.0 pour Mac OS versions ant\u00e9rieures \u00e0 9.0.6",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 9.0 pour Windows versions ant\u00e9rieures \u00e0 9.0.6",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 9.0 pour Linux versions ant\u00e9rieures \u00e0 9.0.6",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-30399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30399"
}
],
"initial_release_date": "2025-06-11T00:00:00",
"last_revision_date": "2025-06-11T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0500",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft .Net. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2025-30399",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30399"
}
]
}
CERTFR-2025-AVI-0289
Vulnerability from certfr_avis - Published: 2025-04-09 - Updated: 2025-04-09
Une vulnérabilité a été découverte dans Microsoft .Net. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ASP.NET Core 9.0 versions ant\u00e9rieures \u00e0 9.0.5",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 8.0 versions ant\u00e9rieures \u00e0 8.0.16",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-26682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26682"
}
],
"initial_release_date": "2025-04-09T00:00:00",
"last_revision_date": "2025-04-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0289",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft .Net. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2025-26682",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26682"
}
]
}
CERTFR-2025-AVI-0040
Vulnerability from certfr_avis - Published: 2025-01-15 - Updated: 2025-01-15
De multiples vulnérabilités ont été découvertes dans Microsoft .Net. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | .Net | .NET 8.0 installé sur Linux versions antérieures à 8.0.12 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.6/4.6.2 versions antérieures à 10.0.10240.20890 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.8.1 versions antérieures à 4.8.1.09294.01 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions antérieures à 4.7.04126.02 | ||
| Microsoft | .Net | .NET 9.0 installé sur Windows versions antérieures à 9.0.1 | ||
| Microsoft | .Net | .NET 8.0 installé sur Mac OS versions antérieures à 8.0.12 | ||
| Microsoft | .Net | .NET 9.0 installé sur Linux versions antérieures à 9.0.1 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.8 versions antérieures à 4.8.04775.01 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.8 versions antérieures à 4.8.04775.01 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.7.2 versions antérieures à 4.7.04126.01 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.7.2 versions antérieures à 10.0.14393.7699 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.6.2/4.7/4.7.1/4.7.2 versions antérieures à 10.0.14393.7699 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions antérieures à 4.7.04126.01 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.8 versions antérieures à 4.8.04775.02 | ||
| Microsoft | .Net | .NET 9.0 installé sur Mac OS versions antérieures à 9.0.1 | ||
| Microsoft | .Net | .NET 8.0 installé sur Windows versions antérieures à 8.0.12 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.6.2 versions antérieures à 4.7.04126.02 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": ".NET 8.0 install\u00e9 sur Linux versions ant\u00e9rieures \u00e0 8.0.12",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.2 versions ant\u00e9rieures \u00e0 10.0.10240.20890",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.8.1 versions ant\u00e9rieures \u00e0 4.8.1.09294.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions ant\u00e9rieures \u00e0 4.7.04126.02",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 9.0 install\u00e9 sur Windows versions ant\u00e9rieures \u00e0 9.0.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 8.0 install\u00e9 sur Mac OS versions ant\u00e9rieures \u00e0 8.0.12",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 9.0 install\u00e9 sur Linux versions ant\u00e9rieures \u00e0 9.0.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8 versions ant\u00e9rieures \u00e0 4.8.04775.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.8 versions ant\u00e9rieures \u00e0 4.8.04775.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.7.2 versions ant\u00e9rieures \u00e0 4.7.04126.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.7.2 versions ant\u00e9rieures \u00e0 10.0.14393.7699",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.6.2/4.7/4.7.1/4.7.2 versions ant\u00e9rieures \u00e0 10.0.14393.7699",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions ant\u00e9rieures \u00e0 4.7.04126.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8 versions ant\u00e9rieures \u00e0 4.8.04775.02",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 9.0 install\u00e9 sur Mac OS versions ant\u00e9rieures \u00e0 9.0.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 8.0 install\u00e9 sur Windows versions ant\u00e9rieures \u00e0 8.0.12",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2 versions ant\u00e9rieures \u00e0 4.7.04126.02",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-21176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21176"
},
{
"name": "CVE-2025-21171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21171"
},
{
"name": "CVE-2025-21173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21173"
},
{
"name": "CVE-2025-21172",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21172"
}
],
"initial_release_date": "2025-01-15T00:00:00",
"last_revision_date": "2025-01-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0040",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft .Net. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2025-21171",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21171"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2025-21173",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2025-21176",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2025-21172",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172"
}
]
}
CERTFR-2024-AVI-0976
Vulnerability from certfr_avis - Published: 2024-11-13 - Updated: 2024-11-13
De multiples vulnérabilités ont été découvertes dans Microsoft .Net. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": ".NET 9.0 versions ant\u00e9rieures \u00e0 9.0.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-43499",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43499"
},
{
"name": "CVE-2024-43498",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43498"
}
],
"initial_release_date": "2024-11-13T00:00:00",
"last_revision_date": "2024-11-13T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0976",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft .Net. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2024-43499",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43499"
},
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2024-43498",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43498"
}
]
}
CERTFR-2024-AVI-0855
Vulnerability from certfr_avis - Published: 2024-10-09 - Updated: 2024-10-09
De multiples vulnérabilités ont été découvertes dans Microsoft .Net. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | .Net | Microsoft .NET Framework 3.5 versions antérieures à 4.7.04115.01 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.8 versions antérieures à 4.8.04762.02 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 versions antérieures à 3.5.30729.8972 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.8 versions antérieures à 4.8.04762.01 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.7.2 versions antérieures à 3,5,04115.01 | ||
| Microsoft | .Net | .NET 8.0 installé sur Linux versions antérieures à 8.0.10 | ||
| Microsoft | .Net | .NET 6.0 installé sur Linux versions antérieures à 6.0.35 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.6/4.6.2 versions antérieures à 10.0.10240.20796 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.6.2 versions antérieures à 4.7.04115.03 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions antérieures à 4.7.4115.01 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.8.1 versions antérieures à 4.8.1.9277.03 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.8.1 versions antérieures à 4.8.109277.02 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions antérieures à 4.7.04115.01 | ||
| Microsoft | .Net | .NET 8.0 installé sur Mac OS versions antérieures à 8.0.10 | ||
| Microsoft | .Net | .NET 6.0 installé sur Mac OS versions antérieures à 6.0.35 | ||
| Microsoft | .Net | .NET 6.0 installé sur Windows versions antérieures à 6.0.35 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.8.1 versions antérieures à 4.8.1.09277.02 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 versions antérieures à 3.5.30729.8974 | ||
| Microsoft | .Net | .NET 8.0 installé sur Windows versions antérieures à 8.0.10 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5 et 4.7.2 versions antérieures à 10.0.14393.7428 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions antérieures à 4.7.04115.03 | ||
| Microsoft | .Net | Microsoft .NET Framework 2.0 Service Pack 2 versions antérieures à 3.0.30729.8974 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.8 versions antérieures à 4.8.04762.01 | ||
| Microsoft | .Net | Microsoft .NET Framework 4.8 versions antérieures à 4.8.04761.02 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.0 Service Pack 2 versions antérieures à 3.0.30729.8974 | ||
| Microsoft | .Net | Microsoft .NET Framework 3.5.1 versions antérieures à 3.5.1.30729.8974 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft .NET Framework 3.5 versions ant\u00e9rieures \u00e0 4.7.04115.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.8 versions ant\u00e9rieures \u00e0 4.8.04762.02",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 versions ant\u00e9rieures \u00e0 3.5.30729.8972",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.8 versions ant\u00e9rieures \u00e0 4.8.04762.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.7.2 versions ant\u00e9rieures \u00e0 3,5,04115.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 8.0 install\u00e9 sur Linux versions ant\u00e9rieures \u00e0 8.0.10",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 6.0 install\u00e9 sur Linux versions ant\u00e9rieures \u00e0 6.0.35",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.2 versions ant\u00e9rieures \u00e0 10.0.10240.20796",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2 versions ant\u00e9rieures \u00e0 4.7.04115.03",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions ant\u00e9rieures \u00e0 4.7.4115.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.8.1 versions ant\u00e9rieures \u00e0 4.8.1.9277.03",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.8.1 versions ant\u00e9rieures \u00e0 4.8.109277.02",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions ant\u00e9rieures \u00e0 4.7.04115.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 8.0 install\u00e9 sur Mac OS versions ant\u00e9rieures \u00e0 8.0.10",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 6.0 install\u00e9 sur Mac OS versions ant\u00e9rieures \u00e0 6.0.35",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 6.0 install\u00e9 sur Windows versions ant\u00e9rieures \u00e0 6.0.35",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.8.1 versions ant\u00e9rieures \u00e0 4.8.1.09277.02",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 versions ant\u00e9rieures \u00e0 3.5.30729.8974",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 8.0 install\u00e9 sur Windows versions ant\u00e9rieures \u00e0 8.0.10",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 et 4.7.2 versions ant\u00e9rieures \u00e0 10.0.14393.7428",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 versions ant\u00e9rieures \u00e0 4.7.04115.03",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 2.0 Service Pack 2 versions ant\u00e9rieures \u00e0 3.0.30729.8974",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8 versions ant\u00e9rieures \u00e0 4.8.04762.01",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8 versions ant\u00e9rieures \u00e0 4.8.04761.02",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.0 Service Pack 2 versions ant\u00e9rieures \u00e0 3.0.30729.8974",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5.1 versions ant\u00e9rieures \u00e0 3.5.1.30729.8974",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-43484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43484"
},
{
"name": "CVE-2024-38229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38229"
},
{
"name": "CVE-2024-43483",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43483"
},
{
"name": "CVE-2024-43485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43485"
}
],
"initial_release_date": "2024-10-09T00:00:00",
"last_revision_date": "2024-10-09T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0855",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft .Net. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2024-43484",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43484"
},
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2024-43483",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43483"
},
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2024-38229",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38229"
},
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft .Net CVE-2024-43485",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43485"
}
]
}
CERTFR-2024-AVI-0129
Vulnerability from certfr_avis - Published: 2024-02-14 - Updated: 2024-02-14
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ASP.NET Core 7.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 6.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 8.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-21404",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21404"
},
{
"name": "CVE-2024-21386",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21386"
}
],
"initial_release_date": "2024-02-14T00:00:00",
"last_revision_date": "2024-02-14T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21404 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21404"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21386 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386"
}
],
"reference": "CERTFR-2024-AVI-0129",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0945
Vulnerability from certfr_avis - Published: 2023-11-15 - Updated: 2023-11-15
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer un déni de service, une élévation de privilèges et un contournement de la fonctionnalité de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft .NET Framework 4.8 | ||
| Microsoft | .Net | ASP.NET Core 7.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.0 Service Pack 2 | ||
| Microsoft | N/A | .NET 8.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.8 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.2 | ||
| Microsoft | .Net | ASP.NET Core 6.0 | ||
| Microsoft | N/A | .NET 7.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 2.0 Service Pack 2 | ||
| Microsoft | N/A | .NET 6.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.8.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.6/4.6.2 | ||
| Microsoft | .Net | ASP.NET Core 8.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft .NET Framework 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 7.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 6.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 2.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.6/4.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 8.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36049"
},
{
"name": "CVE-2023-36560",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36560"
},
{
"name": "CVE-2023-36038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36038"
},
{
"name": "CVE-2023-36558",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36558"
}
],
"initial_release_date": "2023-11-15T00:00:00",
"last_revision_date": "2023-11-15T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36038 du 14 novembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36038"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36049 du 14 novembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36049"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36560 du 14 novembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36560"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36558 du 14 novembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558"
}
],
"reference": "CERTFR-2023-AVI-0945",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service, une \u00e9l\u00e9vation de privil\u00e8ges et un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 novembre 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0828
Vulnerability from certfr_avis - Published: 2023-10-11 - Updated: 2023-10-11
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ASP.NET Core 7.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 6.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-38171",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38171"
},
{
"name": "CVE-2023-36435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36435"
}
],
"initial_release_date": "2023-10-11T00:00:00",
"last_revision_date": "2023-10-11T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-44487 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38171 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36435 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36435"
}
],
"reference": "CERTFR-2023-AVI-0828",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0643
Vulnerability from certfr_avis - Published: 2023-08-09 - Updated: 2023-08-09
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer un déni de service, une élévation de privilèges, une usurpation d'identité, une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft .NET Framework 4.8 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.8 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.2 | ||
| Microsoft | N/A | .NET 7.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 2.0 Service Pack 2 | ||
| Microsoft | N/A | .NET 6.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.8.1 | ||
| Microsoft | .Net | ASP.NET Core 2.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft .NET Framework 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 2.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-35390",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35390"
},
{
"name": "CVE-2023-38180",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38180"
},
{
"name": "CVE-2023-38178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38178"
},
{
"name": "CVE-2023-36873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36873"
},
{
"name": "CVE-2023-35391",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35391"
},
{
"name": "CVE-2023-36899",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36899"
}
],
"initial_release_date": "2023-08-09T00:00:00",
"last_revision_date": "2023-08-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38180 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-35390 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35390"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36899 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36899"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-35391 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35391"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36873 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36873"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38178 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38178"
}
],
"reference": "CERTFR-2023-AVI-0643",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service, une \u00e9l\u00e9vation de privil\u00e8ges, une\nusurpation d\u0027identit\u00e9, une ex\u00e9cution de code arbitraire \u00e0 distance et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2021-AVI-960
Vulnerability from certfr_avis - Published: 2021-12-15 - Updated: 2021-12-15
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer une élévation de privilèges et une exécution de code à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Bot Framework SDK pour .NET Framework",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 6.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 3.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 5.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-43225",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43225"
},
{
"name": "CVE-2021-43877",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43877"
}
],
"initial_release_date": "2021-12-15T00:00:00",
"last_revision_date": "2021-12-15T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-960",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges et une ex\u00e9cution de code \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 d\u00e9cembre 2021",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2021-AVI-619
Vulnerability from certfr_avis - Published: 2021-08-11 - Updated: 2021-08-11
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": ".NET Core 3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 3.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 5.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-26423",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26423"
},
{
"name": "CVE-2021-34485",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34485"
},
{
"name": "CVE-2021-34532",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34532"
}
],
"initial_release_date": "2021-08-11T00:00:00",
"last_revision_date": "2021-08-11T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-619",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-08-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 ao\u00fbt 2021",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2021-AVI-028
Vulnerability from certfr_avis - Published: 2021-01-13 - Updated: 2021-01-13
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Bot Framework SDK pour .NET Framework",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 3.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 5.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1725"
},
{
"name": "CVE-2021-1723",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1723"
}
],
"initial_release_date": "2021-01-13T00:00:00",
"last_revision_date": "2021-01-13T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-028",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de\nservice.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 janvier 2021",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2020-AVI-563
Vulnerability from certfr_avis - Published: 2020-09-09 - Updated: 2020-09-09
Une vulnérabilité a été corrigée dans Microsoft .Net. Elle permet à un attaquant de provoquer un contournement de la fonctionnalité de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ASP.NET Core 3.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-1045",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1045"
}
],
"initial_release_date": "2020-09-09T00:00:00",
"last_revision_date": "2020-09-09T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-563",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-09-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\n.Net\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un contournement de\nla fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 septembre 2020",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2020-AVI-502
Vulnerability from certfr_avis - Published: 2020-08-12 - Updated: 2020-08-12
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer un déni de service, une élévation de privilèges et une exécution de code à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft .NET Framework 4.8 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.8 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 2.0 Service Pack 2 | ||
| Microsoft | .Net | ASP.NET Core 3.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.5.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 | ||
| Microsoft | .Net | ASP.NET Core 2.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft .NET Framework 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 2.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 3.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-1476",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1476"
},
{
"name": "CVE-2020-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1597"
},
{
"name": "CVE-2020-1046",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1046"
}
],
"initial_release_date": "2020-08-12T00:00:00",
"last_revision_date": "2020-08-12T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-502",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-08-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service, une \u00e9l\u00e9vation de privil\u00e8ges et une\nex\u00e9cution de code \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 11 ao\u00fbt 2020",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2020-AVI-288
Vulnerability from certfr_avis - Published: 2020-05-13 - Updated: 2020-05-13
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer un déni de service et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft .NET Framework 4.8 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.0 Service Pack 2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.8 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 2.0 Service Pack 2 | ||
| Microsoft | N/A | .NET Core 3.1 | ||
| Microsoft | .Net | ASP.NET Core 3.1 | ||
| Microsoft | N/A | .NET Core 5.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.5.2 | ||
| Microsoft | N/A | .NET Core 2.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft .NET Framework 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 2.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 3.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-1066",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1066"
},
{
"name": "CVE-2020-1161",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1161"
},
{
"name": "CVE-2020-1108",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1108"
}
],
"initial_release_date": "2020-05-13T00:00:00",
"last_revision_date": "2020-05-13T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-288",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-05-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 mai 2020",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2020-AVI-027
Vulnerability from certfr_avis - Published: 2020-01-14 - Updated: 2020-01-14
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer une exécution de code à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | .Net | ASP.NET Core 3.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.8 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.0 Service Pack 2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.8 | ||
| Microsoft | N/A | .NET Core 3.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.2 | ||
| Microsoft | N/A | .NET Core 3.1 | ||
| Microsoft | .Net | ASP.NET Core 3.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.5.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 | ||
| Microsoft | .Net | ASP.NET Core 2.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ASP.NET Core 3.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 3.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-0605",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0605"
},
{
"name": "CVE-2020-0606",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0606"
},
{
"name": "CVE-2020-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0646"
},
{
"name": "CVE-2020-0602",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0602"
},
{
"name": "CVE-2020-0603",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0603"
}
],
"initial_release_date": "2020-01-14T00:00:00",
"last_revision_date": "2020-01-14T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-027",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-01-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 janvier 2020",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2019-AVI-569
Vulnerability from certfr_avis - Published: 2019-11-13 - Updated: 2019-11-13
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer une élévation de privilèges et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | .Net | ASP.NET Core 3.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.8 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.8 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.2 | ||
| Microsoft | .Net | ASP.NET Core 2.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.5.2 | ||
| Microsoft | N/A | .NET Core 2.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 | ||
| Microsoft | .Net | ASP.NET Core 2.1 | ||
| Microsoft | N/A | .NET Core 2.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ASP.NET Core 3.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.2",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1302"
},
{
"name": "CVE-2019-1142",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1142"
},
{
"name": "CVE-2019-1301",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1301"
}
],
"initial_release_date": "2019-11-13T00:00:00",
"last_revision_date": "2019-11-13T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-569",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-11-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 novembre 2019",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2019-AVI-437
Vulnerability from certfr_avis - Published: 2019-09-11 - Updated: 2019-09-11
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer une élévation de privilèges et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | .Net | ASP.NET Core 3.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.8 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.8 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.2 | ||
| Microsoft | .Net | ASP.NET Core 2.2 | ||
| Microsoft | .Net | ADAL.NET | ||
| Microsoft | N/A | Microsoft .NET Framework 4.5.2 | ||
| Microsoft | N/A | .NET Core 2.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 | ||
| Microsoft | .Net | ASP.NET Core 2.1 | ||
| Microsoft | N/A | .NET Core 2.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ASP.NET Core 3.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.2",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ADAL.NET",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1302"
},
{
"name": "CVE-2019-1142",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1142"
},
{
"name": "CVE-2019-1258",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1258"
},
{
"name": "CVE-2019-1301",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1301"
}
],
"initial_release_date": "2019-09-11T00:00:00",
"last_revision_date": "2019-09-11T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-437",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-09-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 septembre 2019",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2019-AVI-321
Vulnerability from certfr_avis - Published: 2019-07-10 - Updated: 2019-07-10
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer une élévation de privilèges, une exécution de code à distance, une usurpation d'identité et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft .NET Framework 4.8 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.0 Service Pack 2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.8 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 AND 4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 2.0 Service Pack 2 | ||
| Microsoft | .Net | ASP.NET Core 2.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.5.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6/4.6.1/4.6.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 | ||
| Microsoft | .Net | ASP.NET Core 2.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft .NET Framework 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5 AND 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 2.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.2",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.1/4.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1006"
},
{
"name": "CVE-2019-1083",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1083"
},
{
"name": "CVE-2019-1075",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1075"
},
{
"name": "CVE-2019-1113",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1113"
}
],
"initial_release_date": "2019-07-10T00:00:00",
"last_revision_date": "2019-07-10T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-321",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges, une ex\u00e9cution de code \u00e0 distance,\nune usurpation d\u0027identit\u00e9 et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 juillet 2019",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2019-AVI-224
Vulnerability from certfr_avis - Published: 2019-05-15 - Updated: 2019-05-15
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | .NET Core 1.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.8 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.0 Service Pack 2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 2.0 Service Pack 2 | ||
| Microsoft | .Net | ASP.NET Core 2.2 | ||
| Microsoft | N/A | .NET Core 1.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.5.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.7.2 | ||
| Microsoft | N/A | .NET Core 2.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.7/4.7.1/4.7.2 | ||
| Microsoft | .Net | ASP.NET Core 2.1 | ||
| Microsoft | N/A | .NET Core 2.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": ".NET Core 1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 2.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.2",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0864",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0864"
},
{
"name": "CVE-2019-0820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0820"
},
{
"name": "CVE-2019-0980",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0980"
},
{
"name": "CVE-2019-0982",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0982"
},
{
"name": "CVE-2019-0981",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0981"
}
],
"initial_release_date": "2019-05-15T00:00:00",
"last_revision_date": "2019-05-15T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-224",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 mai 2019",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2019-AVI-159
Vulnerability from certfr_avis - Published: 2019-04-10 - Updated: 2019-04-10
Une vulnérabilité a été corrigée dans Microsoft .Net. Elle permet à un attaquant de provoquer un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ASP.NET Core 2.2",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0815"
}
],
"initial_release_date": "2019-04-10T00:00:00",
"last_revision_date": "2019-04-10T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-159",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\n.Net\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 avril 2019",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2019-AVI-010
Vulnerability from certfr_avis - Published: 2019-01-09 - Updated: 2019-01-09
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft .NET Framework 4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.0 Service Pack 2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 2.0 Service Pack 2 | ||
| Microsoft | .Net | ASP.NET Core 2.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.5.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6/4.6.1/4.6.2 | ||
| Microsoft | N/A | .NET Core 2.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.7/4.7.1/4.7.2 | ||
| Microsoft | .Net | ASP.NET Core 2.1 | ||
| Microsoft | N/A | .NET Core 2.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft .NET Framework 4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 2.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.2",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.1/4.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0548",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0548"
},
{
"name": "CVE-2019-0564",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0564"
},
{
"name": "CVE-2019-0545",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0545"
}
],
"initial_release_date": "2019-01-09T00:00:00",
"last_revision_date": "2019-01-09T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-010",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-01-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de\nservice.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 janvier 2019",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2018-AVI-437
Vulnerability from certfr_avis - Published: 2018-09-12 - Updated: 2018-09-12
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer un déni de service et une exécution de code à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft .NET Framework 4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.0 Service Pack 2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 2.0 Service Pack 2 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.5.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.7.2 | ||
| Microsoft | N/A | .NET Core 2.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.7/4.7.1/4.7.2 | ||
| Microsoft | .Net | ASP.NET Core 2.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft .NET Framework 4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 2.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-8409",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8409"
},
{
"name": "CVE-2018-8421",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8421"
}
],
"initial_release_date": "2018-09-12T00:00:00",
"last_revision_date": "2018-09-12T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-437",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service et une ex\u00e9cution de code \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 11 septembre 2018",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2018-AVI-337
Vulnerability from certfr_avis - Published: 2018-07-11 - Updated: 2018-07-11
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer une élévation de privilèges, une exécution de code à distance et un contournement de la fonctionnalité de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | .NET Core 1.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.7.1/4.7.2 | ||
| Microsoft | .Net | ASP.NET Core 1.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.0 Service Pack 2 | ||
| Microsoft | .Net | ASP.NET Web Pages 3.2.3 | ||
| Microsoft | N/A | .NET Framework 4.7.2 Developer Pack | ||
| Microsoft | .Net | ASP.NET Core 2.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | ||
| Microsoft | .Net | ASP.NET MVC 5.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 | ||
| Microsoft | N/A | .NET Core 2.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 2.0 Service Pack 2 | ||
| Microsoft | N/A | .NET Core 1.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.5.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.7.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6/4.6.1/4.6.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.7/4.7.1/4.7.2 | ||
| Microsoft | .Net | ASP.NET Core 1.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": ".NET Core 1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 1.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Web Pages 3.2.3",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Framework 4.7.2 Developer Pack",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET MVC 5.2",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 2.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.1/4.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.7/4.7.1/4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 1.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-8260",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8260"
},
{
"name": "CVE-2018-8202",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8202"
},
{
"name": "CVE-2018-8356",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8356"
},
{
"name": "CVE-2018-8171",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8171"
},
{
"name": "CVE-2018-8284",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8284"
}
],
"initial_release_date": "2018-07-11T00:00:00",
"last_revision_date": "2018-07-11T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-337",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges, une ex\u00e9cution de code \u00e0 distance\net un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 juillet 2018",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2018-AVI-132
Vulnerability from certfr_avis - Published: 2018-03-14 - Updated: 2018-03-14
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer une élévation de privilèges et un déni de service
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": ".NET Core 1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-0875",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0875"
},
{
"name": "CVE-2018-0787",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0787"
},
{
"name": "CVE-2018-0808",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0808"
}
],
"initial_release_date": "2018-03-14T00:00:00",
"last_revision_date": "2018-03-14T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-132",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 13 mars 2018",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
}
]
}
CERTFR-2018-AVI-023
Vulnerability from certfr_avis - Published: 2018-01-10 - Updated: 2018-01-10
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer une élévation de privilèges, un contournement de la fonctionnalité de sécurité, un déni de service et une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | .NET Core 1.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2/4.7 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.0 Service Pack 2 | ||
| Microsoft | .Net | ASP.NET Core 2.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.7.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.1 | ||
| Microsoft | N/A | .NET Core 2.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 2.0 Service Pack 2 | ||
| Microsoft | N/A | .NET Core 1.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.5.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.7 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": ".NET Core 1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 2.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-0784",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0784"
},
{
"name": "CVE-2018-0764",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0764"
},
{
"name": "CVE-2018-0786",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0786"
},
{
"name": "CVE-2018-0785",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0785"
}
],
"initial_release_date": "2018-01-10T00:00:00",
"last_revision_date": "2018-01-10T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-023",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges, un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9, un d\u00e9ni de service et une \u003cspan\nclass=\"st\"\u003einjection de requ\u00eates ill\u00e9gitimes par rebond (*CSRF*).\u003c/span\u003e\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 janvier 2018",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
}
]
}
CERTFR-2017-AVI-410
Vulnerability from certfr_avis - Published: 2017-11-15 - Updated: 2017-11-15
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer une divulgation d'informations, une élévation de privilèges et un déni de service
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": ".NET Core 1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 1.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 1.1",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-11883",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11883"
},
{
"name": "CVE-2017-11770",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11770"
},
{
"name": "CVE-2017-8700",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8700"
},
{
"name": "CVE-2017-11879",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11879"
}
],
"initial_release_date": "2017-11-15T00:00:00",
"last_revision_date": "2017-11-15T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-410",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-11-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Divulgation d\u0027informations"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une divulgation d\u0027informations, une \u00e9l\u00e9vation de privil\u00e8ges et\nun d\u00e9ni de service\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 novembre 2017",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
}
]
}
CERTA-2013-AVI-669
Vulnerability from certfr_avis - Published: 2013-12-11 - Updated: 2013-12-11
Une vulnérabilité a été corrigée dans Microsoft ASP.NET SignalR. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft ASP.NET SignalR 1.1.x",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio Team Foundation Server 2013",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ASP.NET SignalR 2.0.x",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-5042",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5042"
}
],
"initial_release_date": "2013-12-11T00:00:00",
"last_revision_date": "2013-12-11T00:00:00",
"links": [],
"reference": "CERTA-2013-AVI-669",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-12-11T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\nASP.NET SignalR\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft ASP.NET SignalR",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS13-103 du 10 d\u00e9cembre 2013",
"url": "http://technet.microsoft.com/fr-fr/security/bulletin/ms13-103"
}
]
}