CVE-2018-0764 – Core: Improper processing of XML documents can cause a denial of service
https://notcve.org/view.php?id=CVE-2018-0764
Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 y 5.7 y.NET Core 1.0, 1.1 y 2.0 permiten una vulnerabilidad de denegación de servicio (DoS) debido a la forma en la que se procesan los documentos XML. Esto también se conoce como ".NET and .NET Core Denial Of Service Vulnerability". Este CVE es diferente de CVE-2018-0765. • http://www.securityfocus.com/bid/102387 http://www.securitytracker.com/id/1040152 https://access.redhat.com/errata/RHSA-2018:0379 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764 https://access.redhat.com/security/cve/CVE-2018-0764 https://bugzilla.redhat.com/show_bug.cgi?id=1533730 • CWE-20: Improper Input Validation •
CVE-2017-8759 – Microsoft .NET Framework Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8759
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability." Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 y 4.7 permite que un atacante ejecute código remotamente mediante un documento o aplicación maliciosos. Esto también se conoce como ".NET Framework Remote Code Execution Vulnerability." Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system. • https://www.exploit-db.com/exploits/42711 https://github.com/bhdresh/CVE-2017-8759 https://github.com/Voulnet/CVE-2017-8759-Exploit-sample https://github.com/vysecurity/CVE-2017-8759 https://github.com/nccgroup/CVE-2017-8759 https://github.com/sythass/CVE-2017-8759 https://github.com/JonasUliana/CVE-2017-8759 https://github.com/ashr/CVE-2017-8759-exploits https://github.com/BasuCert/CVE-2017-8759 https://github.com/ChaitanyaHaritash/CVE-2017-8759 https://github.com& •
CVE-2017-0248
https://notcve.org/view.php?id=CVE-2017-0248
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability." Microsoft .NET Framework versiones 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 y 4.7, permiten a un atacante omitir las etiquetas de Enhanced Security Usage cuando presentan un certificado que no es válido para un uso específico, también se conoce como ".NET Security Feature Bypass Vulnerability." • https://github.com/rubenmamo/CVE-2017-0248-Test http://www.securityfocus.com/bid/98117 http://www.securitytracker.com/id/1038458 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0248 • CWE-295: Improper Certificate Validation •
CVE-2017-0160 – Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-0160
Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability." Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 y 4.7 permite a un atacante con acceso al sistema local ejecutar código malicioso, vulnerabilidad también conocida como ".NET Remote Code Execution Vulnerability". Microsoft Windows suffers from a ManagementObject arbitrary .NET serialization remote code execution vulnerability. • https://www.exploit-db.com/exploits/41903 http://www.securityfocus.com/bid/97447 http://www.securitytracker.com/id/1038236 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0160 •
CVE-2016-3255
https://notcve.org/view.php?id=CVE-2016-3255
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability." Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6 y 4.6.1 permite a atacantes remotos leer archivos arbitrario a través de datos XML que contienen una declaración de entidad externa en conjunción con una referencia a entidad, relacionado con un caso XML External Entity (XXE), también conocida como ".NET Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/91601 http://www.securitytracker.com/id/1036291 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-091 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •