CVSS: 7.5EPSS: 1%CPEs: 53EXPL: 0CVE-2018-8360
https://notcve.org/view.php?id=CVE-2018-8360
An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2. Existe una vulnerabilidad de divulgación de información en Microsoft .NET Framework que podría permitir que un atacante acceda a información en entornos multitenant. Esto también se conoce como ".NET Framework Information Disclosure Vulnerability". Esto afecta Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0 y Microsoft .NET Framework 4.6/4.6.1/4.6.2. • http://www.securityfocus.com/bid/104986 http://www.securitytracker.com/id/1041462 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8360 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 59EXPL: 0CVE-2018-8202
https://notcve.org/view.php?id=CVE-2018-8202
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. Existe una vulnerabilidad de elevación de privilegios en .NET Framework, lo que podria permitir que un atacante eleve su nivel de privilegios. Esto también se conoce como ".NET Framework Elevation of Privilege Vulnerability". Esto afecta a Microsoft .NET Framework 2.0; Microsoft .NET Framework 3.0; Microsoft .NET Framework 4.6.2, 4.7, 4.7.1 y 4.7.2; Microsoft .NET Framework 4.5.2; Microsoft .NET Framework 4.6; Microsoft .NET Framework 4.7, 4.7.1 y 4.7.2; Microsoft .NET Framework 4.7.1 y 4.7.2; Microsoft .NET Framework 3.5; Microsoft .NET Framework 3.5.1; Microsoft .NET Framework 4.6, 4.6.1 y 4.6.2; Microsoft .NET Framework 4.6,4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.1 y 4.7.2 y Microsoft .NET Framework 4.7.2. • http://www.securityfocus.com/bid/104665 http://www.securitytracker.com/id/1041257 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8202 •
CVSS: 5.5EPSS: 0%CPEs: 60EXPL: 0CVE-2018-8356
https://notcve.org/view.php?id=CVE-2018-8356
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. Existe una vulnerabilidad de omisión de la característica de seguridad cuando los componentes de Microsoft .NET Framework no validan certificados correctamente. Esto también se conoce como ".NET Framework Security Feature Bypass Vulnerability". Esto afecta a .NET Framework 4.7.2; Microsoft .NET Framework 3.0; Microsoft .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2; ASP.NET Core 1.1; Microsoft .NET Framework 4.5.2; ASP.NET Core 2.0; ASP.NET Core 1.0; .NET Core 1.1; Microsoft .NET Framework 3.5; Microsoft .NET Framework 3.5.1; Microsoft .NET Framework 4.6, 4.6.1, 4.6.2; .NET Core 1.0; .NET Core 2.0; Microsoft .NET Framework 4.6; Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.1, 4.7.2 y Microsoft .NET Framework 4.7.2. • http://www.securityfocus.com/bid/104664 http://www.securitytracker.com/id/1041257 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 12%CPEs: 14EXPL: 0CVE-2018-8260
https://notcve.org/view.php?id=CVE-2018-8260
A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka ".NET Framework Remote Code Execution Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 4.7.2. Existe una vulnerabilidad de ejecución remota de código en el software de .NET cuando el software no comprueba el marcado de fuentes de un archivo. Esto también se conoce como ".NET Framework Remote Code Execution Vulnerability". Esto afecta a .NET Framework 4.7.2 y Microsoft .NET Framework 4.7.2. • http://www.securityfocus.com/bid/104666 http://www.securitytracker.com/id/1041257 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8260 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 18%CPEs: 67EXPL: 1CVE-2018-8284
https://notcve.org/view.php?id=CVE-2018-8284
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. Existe una vulnerabilidad de ejecución remota de código cuando Microsoft .NET Framework no valida las entradas correctamente. Esto también se conoce como ".NET Framework Remote Code Injection Vulnerability". Esto afecta a Microsoft .NET Framework 2.0; Microsoft .NET Framework 3.0; Microsoft .NET Framework 4.6.2, 4.7, 4.7.1 y 4.7.2; Microsoft .NET Framework 4.5.2; Microsoft .NET Framework 4.6; Microsoft .NET Framework 4.7, 4.7.1 y 4.7.2; Microsoft .NET Framework 4.7.1 y 4.7.2; Microsoft .NET Framework 3.5; Microsoft .NET Framework 3.5.1; Microsoft .NET Framework 4.6, 4.6.1 y 4.6.2; Microsoft .NET Framework 4.6,4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.1 y 4.7.2 y Microsoft .NET Framework 4.7.2. • https://github.com/quantiti/CVE-2018-8284-Sharepoint-RCE http://www.securityfocus.com/bid/104667 http://www.securitytracker.com/id/1041257 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8284 • CWE-94: Improper Control of Generation of Code ('Code Injection') •