VARIoT IoT vulnerabilities database

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12040). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12040 Was numbered.Information may be obtained. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12042). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12042 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12041). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-12041 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12043). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12043 Was numbered.Information may be obtained and information may be tampered with. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PAR files

.NET Core and Visual Studio Denial of Service Vulnerability. plural Microsoft The product interferes with service operation (DoS) A vulnerability exists.Denial of service (DoS) It may be put into a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:0473-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0473 Issue date: 2021-02-10 CVE Names: CVE-2021-1721 ==================================================================== 1. Summary: An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.103 and .NET Runtime 5.0.3. Security Fix(es): * dotnet: certificate chain building recursion Denial of Service (CVE-2021-1721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1926918 - CVE-2021-1721 dotnet: certificate chain building recursion Denial of Service 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet50-dotnet-5.0.103-1.el7_9.src.rpm x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.3-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.103-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.103-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-1721 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYCQRkNzjgjWX9erEAQgNpQ//YOPnsrlO2lww9KzO1WQGieOjqQ1xLZxZ YEgR3XbSuOiS0y7an842VNVht52BEh+maxUN3cdZfHqkBmb3+Ax4Tdnh/oH2CuYT lNkzcQcU/XxNWgpYE6Whu7o5+b7hS8e4khpoH3snamtuL62G2ncH07/cQOeWLi4o EixaJXGxfkq7b3UoDqq8iTj/3NQNmOaD72O2Rp2/yYjLWKtBRKq4sK756wpC+iEj qs+/z6NRTpw7swp8zpB2SsKpBhaCleqeVez7TAaDQ+yvT5Hijosn87CdDAMgVHxa rzqPzKaEMO/DYvirp70sm0EWaaEkX6FbR2LJRzKH6AxBWbyboIBnGrE8W/EfrI/f 6qeQZ/+GKMqabT7z7x79RzExgg6GPwdvnI2koD3hgT28CEZpnZZ6fmYMlvD5pfNT yPL8jzGRs725jpk2EsjyrIpNRPXqXgiFhmEA/JD2dr6surGj0UCmvHqEzKgGdHDR K8jG/u93IZhP+ijnxrw0gOnrCHq5chwxxpPaD1LvSgCmULjzks21zLbcB4qOldLH ey6xIPrdQcyRtJBecfb9IAN9ygCZXfz0HdRB+0ChK31D+Bhp2ORbJXxPPWYNVbp9 97pAQ2MYpEYDKUUn5lQ43Qj1WlF2D9+dXquuWYjD+1FZYmSXFfUnIx6HY7asElhc +Hn3J/UvwRI\xefGS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system. Siemens Totally Integrated Administrator (TIA) fails to properly set the module search path to be used by a privileged Node.js component, which can allow an unprivileged Windows user to run arbitrary code with SYSTEM privileges. The PCS neo administration console is reported to be affected as well.CVE-2020-25238 AffectedCVE-2020-25238 Affected. TIA Administrator is a web-based framework that can contain different functional modules for management tasks, as well as functions for managing SIMATIC software and licenses. Siemens TIA Administrator has a privilege escalation vulnerability

HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation.

HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation.

A vulnerability has been identified in SIMARIS configuration (All versions < V4.0.1). During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges should a user with elevated credentials log onto the machine. SIMARIS configuration Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Siemens SIMARIS configuration supports the all-digital engineering process when constructing the power distribution system, from planning to cost calculation and bid preparation, and then to standard-compliant power distribution system documents. The Siemens SIMARIS configuration has security vulnerabilities. Attackers can use vulnerabilities to gain persistent or potential escalation rights

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones. Nucleus NET , Nucleus ReadyStart , PLUSCONTROL 1st Gen Exists in unspecified vulnerabilities.Information may be tampered with. The Nucleus NET module contains a series of standard-compliant network and communication protocols, drivers and utilities to provide full-featured network support in any embedded device. Siemens Nucleus NET has security vulnerabilities

A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1). Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM. DIGSI 4 Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. DIGSI 4 is the operation and configuration software for SIPROTEC 4 and SIPROTEC compact protection devices. Siemens DIGSI 4 has a privilege escalation vulnerability

A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing authentication. SIMATIC PCS 7 and SIMATIC WinCC Contains an authentication vulnerability.Information may be obtained. Siemens SIMATIC WinCC is a set of automated data acquisition and monitoring (SCADA) system of Germany's Siemens (Siemens) company. Siemens SIMATIC WinCC has security vulnerabilities. There are security holes in SIMATIC PCS 7 and SIMATIC WinCC, and there is no related information about this hole at present, please pay attention to CNNVD or manufacturer announcements at any time

Improper access control in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may potentially allow a privileged user to enable a denial of service via local access. Intel(R) Ethernet I210 Controller Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. Intel Ethernet I210 Controller is a hardware device of Intel Corporation. The provision of a complete network protocol stack provides the basis for making small computer groups in the same local area network and a wide area network connected by a routing protocol. There is an access control error vulnerability in Intel Ethernet I210 Controller. The vulnerability is caused by network systems or products that do not properly restrict access to resources from unauthorized roles

Improper initialization in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access. Intel(R) Ethernet I210 Controller Contains an initialization vulnerability.Denial of service (DoS) It may be put into a state. Intel Ethernet I210 Controller is a hardware device of Intel Corporation. The provision of a complete network protocol stack provides the basis for making small computer groups in the same local area network and a wide area network connected by a routing protocol. A security vulnerability exists in Intel Ethernet I210 Controller. The vulnerability is caused by a firmware initialization error

Improper default permissions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow an authenticated user to potentially enable denial of service via local access. Intel(R) Ethernet I210 Controller Is vulnerable to incorrect default permissions.Denial of service (DoS) It may be put into a state

Improper access control in firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access. Intel(R) Ethernet I210 Controller Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state

A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < V6.3). Sending specially crafted packets through the ARP protocol to an affected device could cause a partial denial-of-service, preventing the device to operate normally for a short period of time. SCALANCE W780 and W740 The family is vulnerable to resource allocation without restrictions or throttling.Denial of service (DoS) It may be put into a state. The SCALANCE W700 product is a wireless communication device used to connect industrial components such as a programmable logic controller (PLC) or human machine interface (HMI). The Siemens SCALANCE W780 and W740 ARP protocols have a denial of service vulnerability

.NET Core Remote Code Execution Vulnerability

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. Advantech iView There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Advantech iView is an equipment management application for the energy, water and wastewater industries. Advantech iView versions prior to 5.7.03.6112 have a key feature lack of certification vulnerability. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time

.NET Core Remote Code Execution Vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:0789-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0789 Issue date: 2021-03-09 CVE Names: CVE-2021-26701 ==================================================================== 1. Summary: An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The updated versions are .NET Core SDK 3.1.113 and .NET Core Runtime 3.1.13. Security Fix(es): * dotnet: System.Text.Encodings.Web Remote Code Execution (CVE-2021-26701) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet31-dotnet-3.1.113-1.el7_9.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.113-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet31-dotnet-3.1.113-1.el7_9.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.113-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet31-dotnet-3.1.113-1.el7_9.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.113-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-26701 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYEfcQtzjgjWX9erEAQjYKQ/9GAgJR6yoeb0rRTrmE8PNW3uAsIBuK1EK uITzaizodY25oMJf0wW9qQGejZDZTRH5QdmRJdNOftA5fNDT0lx72SYE60rw89Ws no+T4n6s2KlnS5GJ/oQKdpZvtF2l2lWyh8oKjKqGO2Vf2lOTFB0+tqdIYpLddlf2 wQAO/RIdBjRE6buqlNA/3iaQRgubL0FMxLrrCMUiVSFcsl9Wh1stIwQCDGQVJzyW 73fA+qastsAy0uTK9F7r9Hp9/fzdWYy4epR2maImkozVQyGIttfOn96wMAEGYQcM B791utMTJQRMoXz1TUpkQ7T31NQH14nW5w1tTjVOwipXBsFqe5IspfUb6iMNihoI UXm/RtLh7z28aamZ7tPkcDW1+WktoD6mL1mToiNPZBLjC6QfSKZCPIS08J3Gyf71 M2BPqwvx8o1YWYJ6oRtEKvOs6QBmYqwsvDEBtMOuf1CqfvqJNsBckPxPibatc49T q3UGj+2OD7rBFuvv/47O/401Sj4yrpddBsWpNg2KDcRqiSwjafTTzCqiS4w38eR/ /0KvKk095cnBbDQ24bezTZrPk4bMUA6gQaObA51pw/VvBnZqxMTxcPgB+LqUzYtK o6/i+D0nxWAlCi31iCvr2pY1jFXHGZzn3v8qCk1Kn4Ii37ifJ55IAYbnI1kIuyQu cDYTfg/xJLITUF -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce