CVSS: 7.8EPSS: 4%CPEs: 8EXPL: 1CVE-2017-0160 – Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-0160
Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability." Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 y 4.7 permite a un atacante con acceso al sistema local ejecutar código malicioso, vulnerabilidad también conocida como ".NET Remote Code Execution Vulnerability". Microsoft Windows suffers from a ManagementObject arbitrary .NET serialization remote code execution vulnerability. • https://www.exploit-db.com/exploits/41903 http://www.securityfocus.com/bid/97447 http://www.securitytracker.com/id/1038236 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0160 •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 0CVE-2016-7270
https://notcve.org/view.php?id=CVE-2016-7270
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability." El Data Provider para SQL Server en Microsoft .NET Framework 4.6.2 no maneja correctamente una clave proporcionada por el desarrollador, lo que permite a atacantes remotos eludir el mecanismo de protección Always Encrypted y obtener información de texto plano sensible aprovechando la adivinabilidad de la clave, vulnerabilidad también conocida como ".NET Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/94741 http://www.securitytracker.com/id/1037455 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-155 • CWE-310: Cryptographic Issues •