Details of VAR-201904-0811

ID

VAR-201904-0811

CVE

CVE-2019-0757

TITLE

plural Microsoft Product Linux and Mac For NuGet Package Manager Vulnerabilities to be tampered with

Trust: 0.8

sources: JVNDB: JVNDB-2019-002673

DESCRIPTION

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'. Microsoft NuGet is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Bug Fix(es): * dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019 Advisory ID: RHSA-2019:0544-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0544 Issue date: 2019-03-13 CVE Names: CVE-2019-0757 ==================================================================== 1. Summary: Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET Core is a managed-software framework. It implements the .NET standard APIs and several additional APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.15, 1.1.12, 2.1.9, and 2.2.3. (CVE-2019-0757) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. For more information, please refer to the upstream doc in the References section. 4. Solution: For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1685475 - CVE-2019-0757 dotnet: NuGet Tampering Vulnerability 1685718 - Update to .NET Core Runtime 2.2.3 and SDK 2.2.105 1685720 - Update to .NET Core Runtime 2.1.9 and SDK 2.1.505 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-0757 https://access.redhat.com/security/updates/classification/#important https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXIkN2NzjgjWX9erEAQifeg//caOX+S+Ysy634WnQ2WKfvAyI2DdmDwtN jsAXT/zd2ckQrk3Idz09zDrrX3bjCbGSALUEF8DNM9X0xs8LiFJj9fl7pQ8eDDuz csbAv7Th64q9m42KlL4+7s4HBzRRDpfp90JMr9zYWHqoDsYbHi/03wUJbM81txYt Ybu1oufw3DNzDoPiZ30x1HvNUa4ZHPrB2eV6gVc4kbTZDG08oDvBHCnS9IXbMPRC sfkGHU6E+kWS6bs2aHMbSNiw2MkKPgRbMXv10o8FRLbXVJ9swiEgBz0rmuirlxkM Zubf4mWUGnLIksPzTYrRrGpCbWduD5dR0Ar+DiLaSRmJQ7rzBTFdoBFWwaN+HoGu tGwrCe2Ve+Aj8WP3EBxHSmhEG9UT2KxmUSA++lqiw3wZBVHBZD9YX1aP0c8j7tCg ijhAzzfo1rbCRJkKdACAbxjih4jjHRzt6x3W/qmu3n+gIKXHGelGoKouyvbKb+8A eqQXoB/W/Dkcz/XHfcII7bDNxZLbT7HVV1fdFAQqGrMcwknVC5ld+N0dnE6tn45r LfDyuyO8Sd+7jDilvdEdWYyI6pbRuRNmcZ+gqu/xPyx5cFXYxQehdv1uIAo5vQP1 35JSu//LGlnoYeYhBoYrtW/forYD77yLKHnlP6/ugcN1JKS+CRAipuDW8nr34ySR FvFvp8/nSm4=KwTi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.16

sources: NVD: CVE-2019-0757 // JVNDB: JVNDB-2019-002673 // BID: 107285 // VULMON: CVE-2019-0757 // PACKETSTORM: 152999 // PACKETSTORM: 152073

AFFECTED PRODUCTS

vendor:	microsoft	model:	nuget	scope:	eq	version:	4.9.4	Trust: 2.1
vendor:	microsoft	model:	nuget	scope:	eq	version:	4.8.2	Trust: 2.1
vendor:	microsoft	model:	nuget	scope:	eq	version:	4.7.2	Trust: 2.1
vendor:	microsoft	model:	nuget	scope:	eq	version:	4.6.3	Trust: 2.1
vendor:	microsoft	model:	nuget	scope:	eq	version:	4.5.2	Trust: 2.1
vendor:	microsoft	model:	nuget	scope:	eq	version:	4.4.2	Trust: 2.1
vendor:	microsoft	model:	nuget	scope:	eq	version:	4.3.1	Trust: 2.1
vendor:	microsoft	model:	.net core sdk	scope:	eq	version:	2.1.500	Trust: 2.1
vendor:	microsoft	model:	.net core sdk	scope:	eq	version:	1.1	Trust: 2.1
vendor:	mono	model:	framework	scope:	eq	version:	5.18.0.223	Trust: 1.8
vendor:	mono	model:	framework	scope:	eq	version:	5.20.0	Trust: 1.8
vendor:	microsoft	model:	.net core sdk	scope:	eq	version:	2.2.100	Trust: 1.8
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	8.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	8.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	8.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	8.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	8.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	8.1	Trust: 1.0
vendor:	microsoft	model:	visual studio 2017	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	8.4	Trust: 1.0
vendor:	microsoft	model:	visual studio	scope:	eq	version:	2017 for mac	Trust: 0.8
vendor:	mono	model:	mono	scope:	eq	version:	5.20	Trust: 0.3
vendor:	mono	model:	mono	scope:	eq	version:	5.18.0.223	Trust: 0.3
vendor:	microsoft	model:	visual studio for mac	scope:	eq	version:	0	Trust: 0.3
vendor:	microsoft	model:	.net core	scope:	eq	version:	2.1	Trust: 0.3
vendor:	microsoft	model:	.net core	scope:	eq	version:	1.1	Trust: 0.3
vendor:	microsoft	model:	.net core	scope:	eq	version:	1.0	Trust: 0.3
vendor:	microsoft	model:	.net core sdk	scope:	ne	version:	2.1.505	Trust: 0.3
vendor:	microsoft	model:	.net core sdk	scope:	ne	version:	1.1.13	Trust: 0.3
vendor:	microsoft	model:	.net core	scope:	ne	version:	2.1.9	Trust: 0.3
vendor:	microsoft	model:	.net core	scope:	ne	version:	1.1.12	Trust: 0.3
vendor:	microsoft	model:	.net core	scope:	ne	version:	1.0.15	Trust: 0.3

sources: BID: 107285 // JVNDB: JVNDB-2019-002673 // NVD: CVE-2019-0757

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-0757
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-0757
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201903-445
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2019-0757
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-0757
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2019-0757
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-0757
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2019-0757 // JVNDB: JVNDB-2019-002673 // CNNVD: CNNVD-201903-445 // NVD: CVE-2019-0757

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.8

sources: JVNDB: JVNDB-2019-002673 // NVD: CVE-2019-0757

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-445

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201903-445

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002673

PATCH

title:	Top Page	url:	https://www.mono-project.com/	Trust: 0.8
title:	CVE-2019-0757 \| NuGet Package Manager Tampering Vulnerability	url:	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757	Trust: 0.8
title:	CVE-2019-0757 \| NuGet Package Manager の改ざんの脆弱性	url:	https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0757	Trust: 0.8
title:	Microsoft NuGet Package Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90061	Trust: 0.6
title:	The Register	url:	https://www.theregister.co.uk/2019/03/12/march_patch_tuesday_dhcp/	Trust: 0.2
title:	Red Hat: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20190544 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: dotnet security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191259 - Security Advisory	Trust: 0.1
title:	Symantec Threat Intelligence Blog	url:	https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-march-2019	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/microsoft-patches-two-win32k-bugs-under-active-attack/142742/	Trust: 0.1

sources: VULMON: CVE-2019-0757 // JVNDB: JVNDB-2019-002673 // CNNVD: CNNVD-201903-445

EXTERNAL IDS

db:	NVD	id:	CVE-2019-0757	Trust: 3.0
db:	BID	id:	107285	Trust: 1.0
db:	JVNDB	id:	JVNDB-2019-002673	Trust: 0.8
db:	PACKETSTORM	id:	152999	Trust: 0.7
db:	NSFOCUS	id:	42934	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0808	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1839	Trust: 0.6
db:	CNNVD	id:	CNNVD-201903-445	Trust: 0.6
db:	VULMON	id:	CVE-2019-0757	Trust: 0.1
db:	PACKETSTORM	id:	152073	Trust: 0.1

sources: VULMON: CVE-2019-0757 // BID: 107285 // JVNDB: JVNDB-2019-002673 // PACKETSTORM: 152999 // PACKETSTORM: 152073 // CNNVD: CNNVD-201903-445 // NVD: CVE-2019-0757

REFERENCES

url:	https://access.redhat.com/errata/rhsa-2019:1259	Trust: 2.4
url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0757	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0757	Trust: 1.6
url:	http://www.securityfocus.com/bid/107285	Trust: 1.3
url:	http://www.microsoft.com	Trust: 0.9
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1685475	Trust: 0.9
url:	https://access.redhat.com/errata/rhsa-2019:0544	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0757	Trust: 0.8
url:	https://www.ipa.go.jp/security/ciadr/vul/20190313-ms.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2019/at190012.html	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2019-0757	Trust: 0.8
url:	https://packetstormsecurity.com/files/152999/red-hat-security-advisory-2019-1259-01.html	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/42934	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1839/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/77050	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2019-0757	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/microsoft-patches-two-win32k-bugs-under-active-attack/142742/	Trust: 0.1
url:	https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/107285	Trust: 0.1
url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0820	Trust: 0.1
url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0980	Trust: 0.1
url:	https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0981	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0980	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0820	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0981	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0980	Trust: 0.1
url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0981	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0820	Trust: 0.1

sources: VULMON: CVE-2019-0757 // BID: 107285 // JVNDB: JVNDB-2019-002673 // PACKETSTORM: 152999 // PACKETSTORM: 152073 // CNNVD: CNNVD-201903-445 // NVD: CVE-2019-0757

CREDITS

Red Hat,The vendor reported this issue.

Trust: 0.6

sources: CNNVD: CNNVD-201903-445

SOURCES

db:	VULMON	id:	CVE-2019-0757
db:	BID	id:	107285
db:	JVNDB	id:	JVNDB-2019-002673
db:	PACKETSTORM	id:	152999
db:	PACKETSTORM	id:	152073
db:	CNNVD	id:	CNNVD-201903-445
db:	NVD	id:	CVE-2019-0757

LAST UPDATE DATE

2024-08-14T13:26:22.183000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2019-0757	date:	2021-09-08T00:00:00
db:	BID	id:	107285	date:	2019-03-13T09:00:00
db:	JVNDB	id:	JVNDB-2019-002673	date:	2019-04-19T00:00:00
db:	CNNVD	id:	CNNVD-201903-445	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-0757	date:	2022-04-11T20:36:04.833

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2019-0757	date:	2019-04-09T00:00:00
db:	BID	id:	107285	date:	2019-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-002673	date:	2019-04-19T00:00:00
db:	PACKETSTORM	id:	152999	date:	2019-05-22T14:39:27
db:	PACKETSTORM	id:	152073	date:	2019-03-13T14:27:10
db:	CNNVD	id:	CNNVD-201903-445	date:	2019-03-12T00:00:00
db:	NVD	id:	CVE-2019-0757	date:	2019-04-09T02:29:00.600