CVSS: 7.5EPSS: 93%CPEs: 6EXPL: 0CVE-2016-0033
https://notcve.org/view.php?id=CVE-2016-0033
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service Vulnerability." Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6 y 4.6.1 no impide la compilación recursiva de transformaciones XSLT, lo que permite a atacantes remotos causar una denegación de servicio (degradación de rendimiento) a través de datos XSLT manipulados, también conocida como ".NET Framework Stack Overflow Denial of Service Vulnerability". • http://www.securitytracker.com/id/1034983 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-019 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2016-0047
https://notcve.org/view.php?id=CVE-2016-0047
WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability." WinForms en Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6 y 4.6.1 permite a atacantes remotos obtener información sensible desde la memoria de procesos a través de datos icon manipulados, también conocida como "Windows Forms Information Disclosure Vulnerability". • http://www.securitytracker.com/id/1034983 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-019 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 13%CPEs: 36EXPL: 0CVE-2015-6108
https://notcve.org/view.php?id=CVE-2015-6108
The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability." La librería font Windows en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT Gold y 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2 y 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console y Silverlight 5 permiten a atacantes remotos ejecutar código arbitrario a través de una fuente embebida manipulada, también conocida como 'Graphics Memory Corruption Vulnerability'. • http://www.securitytracker.com/id/1034329 http://www.securitytracker.com/id/1034330 http://www.securitytracker.com/id/1034331 http://www.securitytracker.com/id/1034332 http://www.securitytracker.com/id/1034333 http://www.securitytracker.com/id/1034336 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-128 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 23%CPEs: 5EXPL: 0CVE-2015-6099 – Microsoft .NET Framework CVE-2015-6099 Analysis
https://notcve.org/view.php?id=CVE-2015-6099
Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability." Vulnerabilidad de XSS en ASP.NET en Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2 y 4.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un valor manipulado, también conocida como '.NET Elevation of Privilege Vulnerability'. • http://packetstormsecurity.com/files/134314/Microsoft-.NET-Framework-XSS-Privilege-Escalation.html http://www.securityfocus.com/archive/1/536875/100/0/threaded http://www.securitytracker.com/id/1034116 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 53%CPEs: 8EXPL: 0CVE-2015-6096
https://notcve.org/view.php?id=CVE-2015-6096
The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability." El analizador gramatical XML DTD en Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2 y 4.6 permite a atacantes remotos leer archivos arbitrarios a través de una declaración de entidad externa en conjunción con una referencia de entidad, relacionada con un problema de XML External Entity (XXE), también conocido como '.NET Information Disclosure Vulnerability'. • http://www.securitytracker.com/id/1034116 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-118 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •