CVE-2018-0786
https://notcve.org/view.php?id=CVE-2018-0786
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability." Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1; .NET Core 1.0 y 2.0; y PowerShell Core 6.0.0 permiten una vulnerabilidad de omisión de la característica de seguridad debido a la forma en la que se validan los certificados. Esto también se conoce como ".NET Security Feature Bypass Vulnerability". • http://www.securityfocus.com/bid/102380 http://www.securitytracker.com/id/1040152 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786 • CWE-295: Improper Certificate Validation •
CVE-2018-0764 – Core: Improper processing of XML documents can cause a denial of service
https://notcve.org/view.php?id=CVE-2018-0764
Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 y 5.7 y.NET Core 1.0, 1.1 y 2.0 permiten una vulnerabilidad de denegación de servicio (DoS) debido a la forma en la que se procesan los documentos XML. Esto también se conoce como ".NET and .NET Core Denial Of Service Vulnerability". Este CVE es diferente de CVE-2018-0765. • http://www.securityfocus.com/bid/102387 http://www.securitytracker.com/id/1040152 https://access.redhat.com/errata/RHSA-2018:0379 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764 https://access.redhat.com/security/cve/CVE-2018-0764 https://bugzilla.redhat.com/show_bug.cgi?id=1533730 • CWE-20: Improper Input Validation •
CVE-2017-8759 – Microsoft .NET Framework Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8759
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability." Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 y 4.7 permite que un atacante ejecute código remotamente mediante un documento o aplicación maliciosos. Esto también se conoce como ".NET Framework Remote Code Execution Vulnerability." Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system. • https://www.exploit-db.com/exploits/42711 https://github.com/bhdresh/CVE-2017-8759 https://github.com/Voulnet/CVE-2017-8759-Exploit-sample https://github.com/vysecurity/CVE-2017-8759 https://github.com/nccgroup/CVE-2017-8759 https://github.com/sythass/CVE-2017-8759 https://github.com/JonasUliana/CVE-2017-8759 https://github.com/ashr/CVE-2017-8759-exploits https://github.com/BasuCert/CVE-2017-8759 https://github.com/ChaitanyaHaritash/CVE-2017-8759 https://github.com& •
CVE-2017-8585 – Core: DoS via invalid culture
https://notcve.org/view.php?id=CVE-2017-8585
Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability. Microsoft .NET Framework versiones 4.6, 4.6.1, 4.6.2 y 4.7, permiten a un atacante enviar peticiones especialmente creadas a una aplicación web .NET, resultando en una denegación de servicio, también se conoce como vulnerabilidad de denegación de servicio de .NET. • http://www.securityfocus.com/bid/99432 http://www.securitytracker.com/id/1038864 https://access.redhat.com/errata/RHSA-2017:3248 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8585 https://access.redhat.com/security/cve/CVE-2017-8585 https://bugzilla.redhat.com/show_bug.cgi?id=1512982 • CWE-20: Improper Input Validation •
CVE-2017-0248
https://notcve.org/view.php?id=CVE-2017-0248
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability." Microsoft .NET Framework versiones 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 y 4.7, permiten a un atacante omitir las etiquetas de Enhanced Security Usage cuando presentan un certificado que no es válido para un uso específico, también se conoce como ".NET Security Feature Bypass Vulnerability." • https://github.com/rubenmamo/CVE-2017-0248-Test http://www.securityfocus.com/bid/98117 http://www.securitytracker.com/id/1038458 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0248 • CWE-295: Improper Certificate Validation •