CVSS: 10.0EPSS: 3%CPEs: 88EXPL: 0CVE-2018-8540
https://notcve.org/view.php?id=CVE-2018-8540
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.6.2. Existe una vulnerabilidad de ejecución remota de código cuando Microsoft .NET Framework no valida las entradas correctamente. Esto también se conoce como ".NET Framework Remote Code Injection Vulnerability". Esto afecta a Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2 y Microsoft .NET Framework 4.6.2. • http://www.securityfocus.com/bid/106073 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8540 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 21%CPEs: 63EXPL: 0CVE-2018-8421
https://notcve.org/view.php?id=CVE-2018-8421
A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0. Existe una vulnerabilidad de ejecución remota de código cuando Microsoft .NET Framework procesa entradas no fiables. Esto también se conoce como ".NET Framework Remote Code Execution Vulnerability". Esto afecta a Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2 y Microsoft .NET Framework 2.0. • http://www.securityfocus.com/bid/105222 http://www.securitytracker.com/id/1041636 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8421 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 53EXPL: 0CVE-2018-8360
https://notcve.org/view.php?id=CVE-2018-8360
An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2. Existe una vulnerabilidad de divulgación de información en Microsoft .NET Framework que podría permitir que un atacante acceda a información en entornos multitenant. Esto también se conoce como ".NET Framework Information Disclosure Vulnerability". Esto afecta Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0 y Microsoft .NET Framework 4.6/4.6.1/4.6.2. • http://www.securityfocus.com/bid/104986 http://www.securitytracker.com/id/1041462 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8360 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 59EXPL: 0CVE-2018-8202
https://notcve.org/view.php?id=CVE-2018-8202
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. Existe una vulnerabilidad de elevación de privilegios en .NET Framework, lo que podria permitir que un atacante eleve su nivel de privilegios. Esto también se conoce como ".NET Framework Elevation of Privilege Vulnerability". Esto afecta a Microsoft .NET Framework 2.0; Microsoft .NET Framework 3.0; Microsoft .NET Framework 4.6.2, 4.7, 4.7.1 y 4.7.2; Microsoft .NET Framework 4.5.2; Microsoft .NET Framework 4.6; Microsoft .NET Framework 4.7, 4.7.1 y 4.7.2; Microsoft .NET Framework 4.7.1 y 4.7.2; Microsoft .NET Framework 3.5; Microsoft .NET Framework 3.5.1; Microsoft .NET Framework 4.6, 4.6.1 y 4.6.2; Microsoft .NET Framework 4.6,4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.1 y 4.7.2 y Microsoft .NET Framework 4.7.2. • http://www.securityfocus.com/bid/104665 http://www.securitytracker.com/id/1041257 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8202 •
CVSS: 5.5EPSS: 0%CPEs: 60EXPL: 0CVE-2018-8356
https://notcve.org/view.php?id=CVE-2018-8356
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. Existe una vulnerabilidad de omisión de la característica de seguridad cuando los componentes de Microsoft .NET Framework no validan certificados correctamente. Esto también se conoce como ".NET Framework Security Feature Bypass Vulnerability". Esto afecta a .NET Framework 4.7.2; Microsoft .NET Framework 3.0; Microsoft .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2; ASP.NET Core 1.1; Microsoft .NET Framework 4.5.2; ASP.NET Core 2.0; ASP.NET Core 1.0; .NET Core 1.1; Microsoft .NET Framework 3.5; Microsoft .NET Framework 3.5.1; Microsoft .NET Framework 4.6, 4.6.1, 4.6.2; .NET Core 1.0; .NET Core 2.0; Microsoft .NET Framework 4.6; Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.1, 4.7.2 y Microsoft .NET Framework 4.7.2. • http://www.securityfocus.com/bid/104664 http://www.securitytracker.com/id/1041257 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356 • CWE-295: Improper Certificate Validation •