CVE-2018-8284
https://notcve.org/view.php?id=CVE-2018-8284
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. Existe una vulnerabilidad de ejecución remota de código cuando Microsoft .NET Framework no valida las entradas correctamente. Esto también se conoce como ".NET Framework Remote Code Injection Vulnerability". Esto afecta a Microsoft .NET Framework 2.0; Microsoft .NET Framework 3.0; Microsoft .NET Framework 4.6.2, 4.7, 4.7.1 y 4.7.2; Microsoft .NET Framework 4.5.2; Microsoft .NET Framework 4.6; Microsoft .NET Framework 4.7, 4.7.1 y 4.7.2; Microsoft .NET Framework 4.7.1 y 4.7.2; Microsoft .NET Framework 3.5; Microsoft .NET Framework 3.5.1; Microsoft .NET Framework 4.6, 4.6.1 y 4.6.2; Microsoft .NET Framework 4.6,4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.1 y 4.7.2 y Microsoft .NET Framework 4.7.2. • https://github.com/quantiti/CVE-2018-8284-Sharepoint-RCE http://www.securityfocus.com/bid/104667 http://www.securitytracker.com/id/1041257 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8284 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2018-0765
https://notcve.org/view.php?id=CVE-2018-0765
A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2. Existe una vulnerabilidad de denegación de servicio (DoS) cuando .NET y .NET Core gestionan de manera incorrecta documentos XML. Esta vulnerabilidad también se conoce como ".NET and .NET Core Denial of Service Vulnerability". Esto afecta a Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0 y Microsoft .NET Framework 4.7.2. • http://www.securityfocus.com/bid/104060 http://www.securitytracker.com/id/1040851 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0765 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2018-1039
https://notcve.org/view.php?id=CVE-2018-1039
A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2. Existe una vulnerabilidad de omisión de la característica de seguridad en .Net Framework que podría permitir que un atacante omita Device Guard. Esto también se conoce como ".NET Framework Device Guard Security Feature Bypass Vulnerability". Esto afecta a Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0 y Microsoft .NET Framework 4.6/4.6.1/4.6.2. • http://www.securityfocus.com/bid/104072 http://www.securitytracker.com/id/1040851 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1039 •
CVE-2018-0786
https://notcve.org/view.php?id=CVE-2018-0786
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability." Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1; .NET Core 1.0 y 2.0; y PowerShell Core 6.0.0 permiten una vulnerabilidad de omisión de la característica de seguridad debido a la forma en la que se validan los certificados. Esto también se conoce como ".NET Security Feature Bypass Vulnerability". • http://www.securityfocus.com/bid/102380 http://www.securitytracker.com/id/1040152 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786 • CWE-295: Improper Certificate Validation •
CVE-2018-0764 – Core: Improper processing of XML documents can cause a denial of service
https://notcve.org/view.php?id=CVE-2018-0764
Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 y 5.7 y.NET Core 1.0, 1.1 y 2.0 permiten una vulnerabilidad de denegación de servicio (DoS) debido a la forma en la que se procesan los documentos XML. Esto también se conoce como ".NET and .NET Core Denial Of Service Vulnerability". Este CVE es diferente de CVE-2018-0765. • http://www.securityfocus.com/bid/102387 http://www.securitytracker.com/id/1040152 https://access.redhat.com/errata/RHSA-2018:0379 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764 https://access.redhat.com/security/cve/CVE-2018-0764 https://bugzilla.redhat.com/show_bug.cgi?id=1533730 • CWE-20: Improper Input Validation •