5 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

.NET Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de .NET A denial of service vulnerability exists in .NET applications with OpenSSL support when parsing X509 certificates. The issue arises from inadequate validation of user-supplied input in .NET. This flaw allows a remote attacker to trigger a denial of service (DoS) attack by providing specially crafted input. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21404 https://access.redhat.com/security/cve/CVE-2024-21404 https://bugzilla.redhat.com/show_bug.cgi?id=2263086 • CWE-400: Uncontrolled Resource Consumption CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

.NET Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de .NET A denial of service vulnerability is present in the .NET applications utilizing SignalR, which a malicious client can exploit. The issue arises from inadequate validation of user-supplied input in .NET. This flaw allows a remote attacker to trigger a denial of service (DoS) attack by providing specially crafted input. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386 https://access.redhat.com/security/cve/CVE-2024-21386 https://bugzilla.redhat.com/show_bug.cgi?id=2263085 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.2EPSS: 0%CPEs: 11EXPL: 0

ASP.NET Core - Security Feature Bypass Vulnerability Vulnerabilidad de omisión de funciones de seguridad en ASP.NET Core A security feature bypass vulnerability was found in Blazor forms in ASP.NET in the .NET package. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558 https://access.redhat.com/security/cve/CVE-2023-36558 https://bugzilla.redhat.com/show_bug.cgi?id=2247750 •

CVSS: 7.5EPSS: 83%CPEs: 444EXPL: 7

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en ASP.NET Core y Visual Studio • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43877 •