5 results (0.003 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Mono Authenticode Validation Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35373 • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 0

.NET Core Remote Code Execution Vulnerability Una Vulnerabilidad de Ejecución de Código Remota de .NET Core. Este ID de CVE es diferente de CVE-2021-26701 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24112 •

CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'. Existe una vulnerabilidad de manipulación en NuGet Package Manager para Linux y Mac que podría permitir que un atacante autenticado modifique la estructura de carpetas de un paquete de NuGet, también conocida como 'NuGet Package Manager Tampering Vulnerability'. A flaw was found in dotnet. A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. • https://access.redhat.com/errata/RHSA-2019:1259 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757 https://access.redhat.com/security/cve/CVE-2019-0757 https://bugzilla.redhat.com/show_bug.cgi?id=1685475 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP. StaticFileHandler.cs en System.Web de Mono anterior a 1.2.5.2, al ser ejecutado en Windows, permite a atacantes remotos obtener el código fuente de ficheros sensibles mediante una petición que contiene (1) un espacio o (2) un punto de seguimiento, que no es manejado adecuadamente por XSP. • http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs http://osvdb.org/41871 http://secunia.com/advisories/27349 http://www.securityfocus.com/bid/26166 https://exchange.xforce.ibmcloud.com/vulnerabilities/37341 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". • http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml http://marc.info/?l=bugtraq&m=110867912714913&w=2 http://secunia.com/advisories/14325 •