VARIoT IoT vulnerabilities database

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content in any arbitrary files that reside on the underlying host file system. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco SD-WAN vManage is a software from Cisco that provides software-defined network functions. The software is a form of network virtualization

There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions include: S12700 V200R013C00SPC500, V200R019C00SPC500; S5700 V200R013C00SPC500, V200R019C00SPC500; S6700 V200R013C00SPC500, V200R019C00SPC500; S7700 V200R013C00SPC500, V200R019C00SPC500. plural Huawei product There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Huawei S12700 is an enterprise-class switch product of China's Huawei (Huawei) company. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once. Multiple Siemens products contain fraudulent authentication vulnerabilities.Information may be obtained. Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500 are the products of Germany Siemens (Siemens) company. The SIMATIC S7-1500 CPU is a CPU (Central Processing Unit) module. The SIMATIC S7-1500 is a programmable logic controller. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

A vulnerability has been identified in JT2Go (All versions < V13.2.0.1), Teamcenter Visualization (All versions < V13.2.0.1). When parsing specially crafted CGM Files, a NULL pointer deference condition could cause the application to crash. The application must be restarted to restore the service. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application. JT2Go and Teamcenter Visualization for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). Advantech Provided by the company WebAccess/SCADA Is browser-based SCADA It is a software package. WebAccess/SCADA The following multiple vulnerabilities exist in. * Cross-site scripting (CWE-79) - CVE-2021-22676 ‥ * Relative path traversal (CWE-23) - CVE-2021-22674 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-32943The expected impact depends on each vulnerability, but it may be affected as follows. * Crafted by a remote third party JavaScript When the code is sent, cookie/ Session tokens can be hijacked, redirected to malicious websites, or unintentionally manipulated in a web browser - CVE-2021-22676 ‥ * A remote third party can access the product's files and directories without authentication. - CVE-2021-22674 ‥ * Arbitrary code executed by a remote third party - CVE-2021-32943. A buffer overflow vulnerability exists in Advantech WebAccess/SCADA that stems from the product's failure to properly validate data boundaries. An attacker can use this vulnerability to cause stack overflow. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). Advantech Provided by the company WebAccess/SCADA Is browser-based SCADA It is a software package. WebAccess/SCADA The following multiple vulnerabilities exist in. * Cross-site scripting (CWE-79) - CVE-2021-22676 ‥ * Relative path traversal (CWE-23) - CVE-2021-22674 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-32943The expected impact depends on each vulnerability, but it may be affected as follows. * Crafted by a remote third party JavaScript When the code is sent, cookie/ Session tokens can be hijacked, redirected to malicious websites, or unintentionally manipulated in a web browser - CVE-2021-22676 ‥ * A remote third party can access the product's files and directories without authentication. - CVE-2021-22674 ‥ * Arbitrary code executed by a remote third party - CVE-2021-32943. A path traversal vulnerability exists in Advantech WebAccess/SCADA that stems from the product's failure to add access to input data. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0 SP9 Update 2). Sending specially crafted packets to port 4410/tcp of an affected system could lead to extensive memory being consumed and as such could cause a denial-of-service preventing legitimate users from using the system. Automation License Manager Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. An attacker can exploit the vulnerability to cause a denial of service and prevent legitimate users from using the system. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). Advantech Provided by the company WebAccess/SCADA Is browser-based SCADA It is a software package. WebAccess/SCADA The following multiple vulnerabilities exist in. * Cross-site scripting (CWE-79) - CVE-2021-22676 ‥ * Relative path traversal (CWE-23) - CVE-2021-22674 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-32943The expected impact depends on each vulnerability, but it may be affected as follows. * Crafted by a remote third party JavaScript When the code is sent, cookie/ Session tokens can be hijacked, redirected to malicious websites, or unintentionally manipulated in a web browser - CVE-2021-22676 ‥ * A remote third party can access the product's files and directories without authentication. - CVE-2021-22674 ‥ * Arbitrary code executed by a remote third party - CVE-2021-32943. A cross-site scripting vulnerability exists in Advantech WebAccess/SCADA, which stems from UserExcelOut.asp failing to properly verify the correctness of user data. An attacker could use this vulnerability to hijack the cookie session token and execute client-side code. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472. Western Digital WD My Book Live is a network storage device of Western Digital (Western Digital). The vulnerability stems from the product having an administrator API. Attackers can use this vulnerability to perform system factory recovery without authentication. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system. Advantech Provided by the company WebAccess/SCADA Is browser-based SCADA It is a software package. Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture of Advantech. The software supports dynamic graphic display and real-time data control, and provides functions for remote control and management of automation equipment. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Advantech WebAccess/SCADA-IIoT is a web application developed by Advantech, Taiwan, China. There is a security vulnerability in WebAccess SCADA

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory. SIMOTICS CONNECT 400 is a connector and sensor box installed on a low-voltage motor and provides analysis data for the MindSphere application SIDRIVE IQ Fleet. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure. SIMOTICS CONNECT 400 is a connector and sensor box installed on a low-voltage motor and provides analysis data for the MindSphere application SIDRIVE IQ Fleet. Siemens SIMOTICS CONNECT 400 has an out-of-bounds read vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0 < V1.0.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving. SIMOTICS CONNECT 400 is a connector and sensor box installed on a low-voltage motor and provides analysis data for the MindSphere application SIDRIVE IQ Fleet. Siemens SIMOTICS CONNECT 400 has security vulnerabilities. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition. The Nucleus NET module contains a series of standard-compliant network and communication protocols, drivers and utilities to provide full-featured network support in any embedded device. Siemens Nucleus products have cross-border write vulnerabilities. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the web server may write out of bounds in stack. An attacker might leverage this to denial-of-service of the device or remote code execution. Siemens SCALANCE X switches are used to connect industrial components, such as programmable logic controllers (PLC) or human machine interfaces (HMI). The Siemens SCALANCE X-200 Web server has a stack buffer overflow vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition. SIMOTICS CONNECT 400 is a connector and sensor box installed on a low-voltage motor and provides analysis data for the MindSphere application SIDRIVE IQ Fleet. Siemens SIMOTICS CONNECT 400 has a denial of service vulnerability. Attackers can use vulnerabilities to cause denial of service. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes the Hop-by-Hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing attackers to put the function into an infinite loop by supplying arbitrary length values. The Nucleus NET module contains a series of standard-compliant network and communication protocols, drivers and utilities to provide full-featured network support in any embedded device. Nucleus RTOS provides a highly scalable microkernel-based real-time operating system designed for the scalability and reliability of systems in aerospace, industrial and medical applications. VSTAR is a complete AUTOSAR 4 based ECU solution that provides tools and embedded software for timely product deployment. Nucleus ReadyStart is a platform with integrated software IP, tools and services. Siemens Nucleus products have security vulnerabilities. An attacker can use the vulnerability to put the function into infinity by providing an arbitrary length value. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values. The Nucleus NET module contains a series of standard-compliant network and communication protocols, drivers and utilities to provide full-featured network support in any embedded device. Nucleus RTOS provides a highly scalable microkernel-based real-time operating system designed for the scalability and reliability of systems in aerospace, industrial and medical applications. VSTAR is a complete AUTOSAR 4 based ECU solution that provides tools and embedded software for timely product deployment. Nucleus ReadyStart is a platform with integrated software IP, tools and services. Siemens Nucleus products have security vulnerabilities. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition. The Nucleus NET module contains a series of standard-compliant network and communication protocols, drivers and utilities to provide full-featured network support in any embedded device. The Siemens Nucleus product has an out-of-bounds write vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

.NET and Visual Studio Elevation of Privilege Vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A flaw was found in dotnet. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:1546-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1546 Issue date: 2021-05-12 CVE Names: CVE-2021-31204 ==================================================================== 1. Summary: An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.203 and .NET Runtime 5.0.6. Security Fix(es): * dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204) In order for the update to be complete, self-contained applications deployed using previous versions need to be recompiled and redeployed. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1956815 - CVE-2021-31204 dotnet: .NET Core single-file application privilege escalation 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-31204 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYJuTg9zjgjWX9erEAQi24A/+IQHDppohTDfSg+JLDlRUTIQgwofJr5sa nNxTqZqvbp+qS4q1c/C2rBtRMGwkwn3Nb1+4ea3rUcl9M2vw4ijRK1CVGiBdFUyV k+Mfj3bdBgMovspyNF/Y2vV0419hLGFRZQUIK59naa86wJWvjLpUf5fX88J65R/P O19JYiJKQKudF8LY4KDYU3uRbPJ+Fpi7mv/BLHzxFdoRclHyDhLgtiNg7fn1yDOS pZUV8fi/R4LB65hVqgrJIIJp+nut1RLrb41hPWFS+n3tG48k132D5bIQ4M5qk1nL VpiKAAKLlDtUrlsDsQHmX2Rwa+fKVK1Am1lxI5hhlGa025uzB/WvlWlxvULk+fa2 LFkEdoDfvMKEIvEhnYnpDy5w1VJqW3QcshmOWmCzqpYZVxWpsDS067uh2+b2uaHd y/Na92kAJ2x3Zl6NfXkcGYLzXKJDWH43ngjQmW2tcoGRdh8S287QCEmMA72lDd+M NWsK7q+UsX7O5INSsWja+dp1VKlbfw+Fzc8OS5ozCHZyl0ubUf2meCMwqJlsOTtg Wpj77OODn658HyJ31ItdFLOY4ftKm/SfFku11HIrmuUS8UTvuWz/Skwd1gQ2nYgv vJQSGsESo1M4SqcvPmj//ljMk3RAzxFjh2is0/3KmSe8mqFfLiuG2Wy+KpFvlGPD ryjzBqi6068=tgxd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce