Page 18 of 180 results (0.011 seconds)

CVSS: 4.3EPSS: 53%CPEs: 8EXPL: 0

The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability." El analizador gramatical XML DTD en Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2 y 4.6 permite a atacantes remotos leer archivos arbitrarios a través de una declaración de entidad externa en conjunción con una referencia de entidad, relacionada con un problema de XML External Entity (XXE), también conocido como '.NET Information Disclosure Vulnerability'. • http://www.securitytracker.com/id/1034116 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-118 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 3%CPEs: 4EXPL: 0

Microsoft .NET Framework 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to cause a denial of service to an ASP.NET web site via crafted requests, aka "MVC Denial of Service Vulnerability." Vulnerabilidad en Microsoft .NET Framework 4.5, 4.5.1, 4.5.2 y 4.6, permite a usuarios remotos causar una denegación de servicio a un sitio web ASP.NET a través de una petición manipulada, también conocida como 'MVC Denial of Service Vulnerability.' • http://www.securityfocus.com/bid/76567 http://www.securitytracker.com/id/1033493 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-101 • CWE-17: DEPRECATED: Code •

CVSS: 9.3EPSS: 45%CPEs: 8EXPL: 0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a crafted .NET Framework application, aka ".NET Elevation of Privilege Vulnerability." Vulnerabilidad en Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2 y 4.6, no cuenta adecuadamente los objetos antes de realizar una copia del array, lo que permite a atacantes remotos (1) ejecutar código arbitrario a través de una aplicación de navegador XAML (XBAP) manipulada o (2) eludir las restricciones Code Access Security a través de una aplicación .NET Framework manipulada, también conocida como '.NET Elevation of Privilege Vulnerability.' • http://www.securityfocus.com/bid/76560 http://www.securitytracker.com/id/1033493 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-101 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 10%CPEs: 37EXPL: 1

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2455. Vulnerabilidad en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1, Windows 10, Office 2007 SP3 y 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight en versiones anteriores a 5.1.40728 y .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2 y 4.6, permite a atacantes remotos ejecutar código arbitrario a través de fuente TrueType manipulada, también conocida como 'TrueType Font Parsing Vulnerability', una vulnerabilidad diferente de la CVE-2015-2455. Researchers have encountered a number of Windows kernel crashes in the win32k!scl_ApplyTranslation function while processing corrupted TTF font files. • https://www.exploit-db.com/exploits/37918 http://www.securityfocus.com/bid/76241 http://www.securitytracker.com/id/1033238 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 37%CPEs: 17EXPL: 1

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." Vulnerabilidad en ATMFD.DLL en Windows Adobe Type Manager Library en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1 y .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2 y 4.6, permite a atacantes remotos ejecutar código arbitrario a través de fuente OpenType manipulada, también conocida como 'OpenType Font Parsing Vulnerability'. Researchers have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files. • https://www.exploit-db.com/exploits/37921 http://www.securitytracker.com/id/1033238 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080 • CWE-20: Improper Input Validation •