CVSS: 8.8EPSS: 6%CPEs: 1EXPL: 0CVE-2017-11879
https://notcve.org/view.php?id=CVE-2017-11879
15 Nov 2017 — ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability". ASP.NET Core 2.0 permite que un atacante robe información de inicio de sesión, como cookies o tokens de autenticación mediante una URL especialmente manipulada. Esto también se conoce como "ASP.NET Core Elevation Of Privilege Vulnerability". • http://www.securityfocus.com/bid/101713 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.3EPSS: 93%CPEs: 42EXPL: 19CVE-2017-8759 – Microsoft .NET Framework Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8759
13 Sep 2017 — Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability." Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 y 4.7 permite que un atacante ejecute código remotamente mediante un documento o aplicación maliciosos. Esto también se conoce como ".NET Framework Remote Code Execution Vulnerability." Microsoft .NET Framework contains a remote... • https://packetstorm.news/files/id/144182 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 18%CPEs: 4EXPL: 0CVE-2017-8585 – Core: DoS via invalid culture
https://notcve.org/view.php?id=CVE-2017-8585
11 Jul 2017 — Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability. Microsoft .NET Framework versiones 4.6, 4.6.1, 4.6.2 y 4.7, permiten a un atacante enviar peticiones especialmente creadas a una aplicación web .NET, resultando en una denegación de servicio, también se conoce como vulnerabilidad de denegación de servicio de .NET. New versions of .NET Core that address se... • http://www.securityfocus.com/bid/99432 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 11%CPEs: 101EXPL: 1CVE-2017-0247
https://notcve.org/view.php?id=CVE-2017-0247
12 May 2017 — A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. Se presenta una vulnerabilidad ... • https://github.com/aspnet/Announcements/issues/239 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 1CVE-2017-0248
https://notcve.org/view.php?id=CVE-2017-0248
12 May 2017 — Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability." Microsoft .NET Framework versiones 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 y 4.7, permiten a un atacante omitir las etiquetas de Enhanced Security Usage cuando presentan un certificado que no es válido para un uso específico, también se conoce como ".NET S... • https://github.com/rubenmamo/CVE-2017-0248-Test • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 5%CPEs: 101EXPL: 0CVE-2017-0249
https://notcve.org/view.php?id=CVE-2017-0249
12 May 2017 — An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Existe una vulnerabilidad de elevación de privilegios cuando el ASP.NET Core falla al desinfectar adecuadamente las solicitudes web. • https://github.com/aspnet/Announcements/issues/239 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 4%CPEs: 101EXPL: 0CVE-2017-0256
https://notcve.org/view.php?id=CVE-2017-0256
12 May 2017 — A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Se presenta una vulnerabilidad de suplantación de identidad cuando el Core de ASP.NET no puede sanear apropiadamente las peticiones web. • https://github.com/aspnet/Announcements/issues/239 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 17%CPEs: 8EXPL: 2CVE-2017-0160 – Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-0160
12 Apr 2017 — Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability." Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 y 4.7 permite a un atacante con acceso al sistema local ejecutar código malicioso, vulnerabilidad también conocida como ".NET Remote Code Execution Vulnerability". Microsoft Windows suffers from a ManagementObject arbitrary .NET serialization remote code exe... • https://packetstorm.news/files/id/142198 •
CVSS: 7.5EPSS: 37%CPEs: 1EXPL: 0CVE-2016-7270
https://notcve.org/view.php?id=CVE-2016-7270
20 Dec 2016 — The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability." El Data Provider para SQL Server en Microsoft .NET Framework 4.6.2 no maneja correctamente una clave proporcionada por el desarrollador, lo que permite a atacantes remotos eludir el mecanismo de protecc... • http://www.securityfocus.com/bid/94741 • CWE-310: Cryptographic Issues •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2887
https://notcve.org/view.php?id=CVE-2016-2887
30 Nov 2016 — IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. IBM IMS Enterprise Suite Data Provider en versiones anteriores a 3.2.0.1 para Microsoft .NET permite a usuarios remotos autenticados obtener información sensible o modificar datos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21982967 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •