7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
8.4 High
AI Score
Confidence
High
It was discovered that .NET did not properly handle the execution
of certain commands. An attacker could possibly use this issue to
achieve remote code execution. (CVE-2023-35390)
Benoit Foucher discovered that .NET did not properly implement the
QUIC stream limit in HTTP/3. An attacker could possibly use this
issue to cause a denial of service. (CVE-2023-38178)
It was discovered that .NET did not properly handle the disconnection
of potentially malicious clients interfacing with a Kestrel server. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2023-38180)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 23.04 | noarch | aspnetcore-runtime-6.0 | <Β 6.0.121-0ubuntu1~23.04.1 | UNKNOWN |
Ubuntu | 23.04 | noarch | aspnetcore-targeting-pack-6.0 | <Β 6.0.121-0ubuntu1~23.04.1 | UNKNOWN |
Ubuntu | 23.04 | noarch | dotnet-apphost-pack-6.0 | <Β 6.0.121-0ubuntu1~23.04.1 | UNKNOWN |
Ubuntu | 23.04 | noarch | dotnet-apphost-pack-6.0-dbgsym | <Β 6.0.121-0ubuntu1~23.04.1 | UNKNOWN |
Ubuntu | 23.04 | noarch | dotnet-host | <Β 6.0.121-0ubuntu1~23.04.1 | UNKNOWN |
Ubuntu | 23.04 | noarch | dotnet-host-dbgsym | <Β 6.0.121-0ubuntu1~23.04.1 | UNKNOWN |
Ubuntu | 23.04 | noarch | dotnet-hostfxr-6.0 | <Β 6.0.121-0ubuntu1~23.04.1 | UNKNOWN |
Ubuntu | 23.04 | noarch | dotnet-hostfxr-6.0-dbgsym | <Β 6.0.121-0ubuntu1~23.04.1 | UNKNOWN |
Ubuntu | 23.04 | noarch | dotnet-runtime-6.0 | <Β 6.0.121-0ubuntu1~23.04.1 | UNKNOWN |
Ubuntu | 23.04 | noarch | dotnet-runtime-6.0-dbgsym | <Β 6.0.121-0ubuntu1~23.04.1 | UNKNOWN |