CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2017-0248
https://notcve.org/view.php?id=CVE-2017-0248
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability." Microsoft .NET Framework versiones 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 y 4.7, permiten a un atacante omitir las etiquetas de Enhanced Security Usage cuando presentan un certificado que no es válido para un uso específico, también se conoce como ".NET Security Feature Bypass Vulnerability." • https://github.com/rubenmamo/CVE-2017-0248-Test http://www.securityfocus.com/bid/98117 http://www.securitytracker.com/id/1038458 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0248 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 4%CPEs: 8EXPL: 1CVE-2017-0160 – Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-0160
Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability." Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 y 4.7 permite a un atacante con acceso al sistema local ejecutar código malicioso, vulnerabilidad también conocida como ".NET Remote Code Execution Vulnerability". Microsoft Windows suffers from a ManagementObject arbitrary .NET serialization remote code execution vulnerability. • https://www.exploit-db.com/exploits/41903 http://www.securityfocus.com/bid/97447 http://www.securitytracker.com/id/1038236 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0160 •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 0CVE-2016-7270
https://notcve.org/view.php?id=CVE-2016-7270
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability." El Data Provider para SQL Server en Microsoft .NET Framework 4.6.2 no maneja correctamente una clave proporcionada por el desarrollador, lo que permite a atacantes remotos eludir el mecanismo de protección Always Encrypted y obtener información de texto plano sensible aprovechando la adivinabilidad de la clave, vulnerabilidad también conocida como ".NET Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/94741 http://www.securitytracker.com/id/1037455 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-155 • CWE-310: Cryptographic Issues •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2887
https://notcve.org/view.php?id=CVE-2016-2887
IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. IBM IMS Enterprise Suite Data Provider en versiones anteriores a 3.2.0.1 para Microsoft .NET permite a usuarios remotos autenticados obtener información sensible o modificar datos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21982967 http://www.securityfocus.com/bid/94611 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 1%CPEs: 25EXPL: 1CVE-2016-3209 – Microsoft Windows - 'win32k.sys' TTF Processing RCVT TrueType Instruction Handler Out-of-Bounds Read (MS16-120)
https://notcve.org/view.php?id=CVE-2016-3209
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability." Graphics Device Interface (también conocido como GDI o GDI+) en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT 8.1; Windows 10 Gold, 1511 y 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2 y 4.6; y Silverlight 5 permite a atacantes remotos eludir el mecanismo de protección ASLR a través de vectores no especificados, vulnerabilidad también conocida como "True Type Font Parsing Information Disclosure Vulnerability". Windows Kernel win32k.sys suffers from a TTF font procession out-of-bounds read in the RCVT TrueType instruction handler. • https://www.exploit-db.com/exploits/40598 http://www.securityfocus.com/bid/93385 http://www.securitytracker.com/id/1036988 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •