Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1592?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1592?format=api", "purl": "pkg:nuget/System.Security.Cryptography.Xml@4.4.2", "type": "nuget", "namespace": "", "name": "System.Security.Cryptography.Xml", "version": "4.4.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.7.1", "latest_non_vulnerable_version": "10.0.6", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15466?format=api", "vulnerability_id": "VCID-rz8f-jn6b-a7fw", "summary": ".NET Information Disclosure Vulnerability\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nAn information disclosure vulnerability exists in .NET Core 3.1 and .NET 6.0 that could lead to unauthorized access of privileged information.\n\n## <a name=\"affected-software\"></a>Affected software\n\n* Any .NET 6.0 application running on .NET 6.0.7 or earlier.\n* Any .NET Core 3.1 applicaiton running on .NET Core 3.1.27 or earlier.\n\nIf your application uses the following package versions, ensure you update to the latest version of .NET.\n\n### <a name=\".NET Core 3.1\"></a>.NET Core 3.1\n\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Xml](http://system.security)| <=4.7.0| 4.7.1\n[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)| >=3.1.0, 3.1.27| 3.1.28\n[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)| >=3.1.0, 3.1.27| 3.1.28\n[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)| >=3.1.0, 3.1.27| 3.1.28\n[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)| >=3.1.0, 3.1.27| 3.1.28\n[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)| >=3.1.0, 3.1.27| 3.1.28\n[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)| >=3.1.0, 3.1.27| 3.1.28\n[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)| >=3.1.0, 3.1.27| 3.1.28\n[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)| >=3.1.0, 3.1.27| 3.1.28\n[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)| >=3.1.0, 3.1.27| 3.1.28\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)| >=3.1.0, 3.1.27| 3.1.28\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)| >=3.1.0, 3.1.27| 3.1.28\n\n### <a name=\".NET 6\"></a>.NET 6\n\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[System.Security.Cryptography.Xml](https://www.nuget.org/packages/System.Security.Cryptography.Xml)| >=5.0.0, 6.0.0| 6.0.1\n[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)| >=6.0.0, 6.0.7| 6.0.8\n[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)| >=6.0.0, 6.0.7| 6.0.8\n[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)| >=6.0.0, 6.0.7| 6.0.8\n[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)| >=6.0.0, 6.0.7| 6.0.8\n[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)| >=6.0.0, 6.0.7| 6.0.8\n[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)| >=6.0.0, 6.0.7| 6.0.8\n[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)| >=6.0.0, 6.0.7| 6.0.8\n[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)| >=6.0.0, 6.0.7| 6.0.8\n[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)| >=6.0.0, 6.0.7| 6.0.8\n[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64)| >=6.0.0, 6.0.7| 6.0.8\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)| >=6.0.0, 6.0.7| 6.0.8\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)| >=6.0.0, 6.0.7| 6.0.8\n\n## Patches\n\n\n* If you're using .NET 6.0, you should download and install Runtime 6.0.8 or SDK 6.0.108 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0.\n* If you're using .NET Core 3.1, you should download and install Runtime 3.1.28 (for Visual Studio 2019 v16.9) from https://dotnet.microsoft.com/download/dotnet-core/3.1.\n\n\n### Other\n\nAnnouncement for this issue can be found at https://github.com/dotnet/announcements/issues/232\nAn Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/43166\nMSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34716.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34716.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34716", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00952", "scoring_system": "epss", "scoring_elements": "0.76415", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00952", "scoring_system": "epss", "scoring_elements": "0.76431", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00952", "scoring_system": "epss", "scoring_elements": "0.76425", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00952", "scoring_system": "epss", "scoring_elements": "0.76385", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01106", "scoring_system": "epss", "scoring_elements": "0.78103", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01106", "scoring_system": "epss", "scoring_elements": "0.78121", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01106", "scoring_system": "epss", "scoring_elements": "0.78094", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01106", "scoring_system": "epss", "scoring_elements": "0.7809", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01106", "scoring_system": "epss", "scoring_elements": "0.78064", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01106", "scoring_system": "epss", "scoring_elements": "0.78082", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01106", "scoring_system": "epss", "scoring_elements": "0.78053", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-34716" }, { "reference_url": "https://github.com/dotnet/announcements/issues/232", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dotnet/announcements/issues/232" }, { "reference_url": "https://github.com/dotnet/aspnetcore/issues/43166", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dotnet/aspnetcore/issues/43166" }, { "reference_url": "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj" }, { "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T20:04:18Z/" } ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34716", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34716" }, { "reference_url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115183", "reference_id": "2115183", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115183" }, { "reference_url": "https://github.com/advisories/GHSA-vh55-786g-wjwj", "reference_id": "GHSA-vh55-786g-wjwj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vh55-786g-wjwj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6037", "reference_id": "RHSA-2022:6037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6038", "reference_id": "RHSA-2022:6038", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6038" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6043", "reference_id": "RHSA-2022:6043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6057", "reference_id": "RHSA-2022:6057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6058", "reference_id": "RHSA-2022:6058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6058" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54502?format=api", "purl": "pkg:nuget/System.Security.Cryptography.Xml@4.7.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/System.Security.Cryptography.Xml@4.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54503?format=api", "purl": "pkg:nuget/System.Security.Cryptography.Xml@6.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/System.Security.Cryptography.Xml@6.0.1" } ], "aliases": [ "CVE-2022-34716", "GHSA-vh55-786g-wjwj", "GMS-2024-75", "GMS-2024-76", "GMS-2024-77", "GMS-2024-78", "GMS-2024-79", "GMS-2024-80", "GMS-2024-81", "GMS-2024-82", "GMS-2024-83", "GMS-2024-84", "GMS-2024-85", "GMS-2024-86", "GMS-2024-90" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rz8f-jn6b-a7fw" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5151?format=api", "vulnerability_id": "VCID-2sz2-usex-xfhd", "summary": "Microsoft Security Advisory CVE-2018-0765: .NET Core Denial Of Service Vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0765.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0765.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0991", "scoring_system": "epss", "scoring_elements": "0.9303", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0991", "scoring_system": "epss", "scoring_elements": "0.92991", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0991", "scoring_system": "epss", "scoring_elements": "0.93001", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0991", "scoring_system": "epss", "scoring_elements": "0.92993", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0991", "scoring_system": "epss", "scoring_elements": "0.92994", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0991", "scoring_system": "epss", "scoring_elements": "0.93022", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0991", "scoring_system": "epss", "scoring_elements": "0.9302", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0991", "scoring_system": "epss", "scoring_elements": "0.9301", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0991", "scoring_system": "epss", "scoring_elements": "0.93009", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0991", "scoring_system": "epss", "scoring_elements": "0.93011", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0991", "scoring_system": "epss", "scoring_elements": "0.93006", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0991", "scoring_system": "epss", "scoring_elements": "0.92982", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0765" }, { "reference_url": "https://github.com/dotnet/announcements/issues/67", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dotnet/announcements/issues/67" }, { "reference_url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0765", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0765" }, { "reference_url": "http://www.securityfocus.com/bid/104060", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/104060" }, { "reference_url": "http://www.securitytracker.com/id/1040851", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1040851" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576631", "reference_id": "1576631", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576631" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0765", "reference_id": "CVE-2018-0765", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0765" }, { "reference_url": "https://github.com/advisories/GHSA-35hc-x2cw-2j4v", "reference_id": "GHSA-35hc-x2cw-2j4v", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-35hc-x2cw-2j4v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1592?format=api", "purl": "pkg:nuget/System.Security.Cryptography.Xml@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rz8f-jn6b-a7fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/System.Security.Cryptography.Xml@4.4.2" } ], "aliases": [ "CVE-2018-0765", "GHSA-35hc-x2cw-2j4v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2sz2-usex-xfhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9925?format=api", "vulnerability_id": "VCID-3ba4-y4bs-eff3", "summary": "Moderate severity vulnerability that affects System.Security.Cryptography.Xml\nMicrosoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0379", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0379" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0764.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0764.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.34677", "scoring_system": "epss", "scoring_elements": "0.97026", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.34677", "scoring_system": "epss", "scoring_elements": "0.96981", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.34677", "scoring_system": "epss", "scoring_elements": "0.96988", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.34677", "scoring_system": "epss", "scoring_elements": "0.96993", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.34677", "scoring_system": "epss", "scoring_elements": "0.96995", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.34677", "scoring_system": "epss", "scoring_elements": "0.97004", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.34677", "scoring_system": "epss", "scoring_elements": "0.97005", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.34677", "scoring_system": "epss", "scoring_elements": "0.97008", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.34677", "scoring_system": "epss", "scoring_elements": "0.97009", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.34677", "scoring_system": "epss", "scoring_elements": "0.9701", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.34677", "scoring_system": "epss", "scoring_elements": "0.9702", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.34677", "scoring_system": "epss", "scoring_elements": "0.97023", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0764" }, { "reference_url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764" }, { "reference_url": "http://www.securityfocus.com/bid/102387", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/102387" }, { "reference_url": "http://www.securitytracker.com/id/1040152", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1040152" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1533730", "reference_id": "1533730", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1533730" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "reference_id": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "reference_id": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0764", "reference_id": "CVE-2018-0764", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0764" }, { "reference_url": "https://github.com/advisories/GHSA-rr3c-f55v-qhv5", "reference_id": "GHSA-rr3c-f55v-qhv5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rr3c-f55v-qhv5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1592?format=api", "purl": "pkg:nuget/System.Security.Cryptography.Xml@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rz8f-jn6b-a7fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/System.Security.Cryptography.Xml@4.4.2" } ], "aliases": [ "CVE-2018-0764", "GHSA-rr3c-f55v-qhv5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ba4-y4bs-eff3" } ], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/System.Security.Cryptography.Xml@4.4.2" }