CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-34485 – .NET Core and Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-34485
12 Aug 2021 — .NET Core and Visual Studio Information Disclosure Vulnerability Una Vulnerabilidad de Divulgación de Información en .NET Core y Visual Studio .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.118 and .NET Runtime 3.1.18. Issues addressed include a denial of service vulnerability. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34485 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0CVE-2021-26423 – .NET Core and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-26423
12 Aug 2021 — .NET Core and Visual Studio Denial of Service Vulnerability Una Vulnerabilidad de Denegación de Servicio en .NET Core y Visual Studio An infinite loop error was found in ASP.NET when processing WebSocket frames. The exploitation of this issue can cause high CPU resource consumption. The highest threat from this vulnerability is to system availability. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versio... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26423 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 5%CPEs: 6EXPL: 0CVE-2021-31957 – ASP.NET Core Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-31957
08 Jun 2021 — ASP.NET Core Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en ASP.NET A flaw was found in dotnet. The way client disconnects are handled can allow a remote, unauthenticated attacker to exploit this vulnerability to cause a denial of service against an ASP.NET Core application. The highest threat from this vulnerability is to system availability. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR i... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 4%CPEs: 9EXPL: 0CVE-2021-31204 – .NET and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-31204
11 May 2021 — .NET and Visual Studio Elevation of Privilege Vulnerability Una vulnerabilidad de Escalada de Privilegios de .NET y Visual Studio A flaw was found in dotnet. A .NET Core single-file application running with elevated permissions could allow an attacker to gain elevated privileges. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it in... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F3VM3RMPE7PNNLLI3BPCSAXITQZCFCA • CWE-273: Improper Check for Dropped Privileges •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0CVE-2021-26701 – .NET Core Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-26701
25 Feb 2021 — .NET Core Remote Code Execution Vulnerability Una Vulnerabilidad de Ejecución de Código Remota de .NET Core. Este ID de CVE es diferente de CVE-2021-24112 A remote code execution vulnerability was found in dotnet in the System.Text.Encodings.Web package, caused by a buffer overrun. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and i... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2AZOUKMCHT2WBHR7MYDTYXWOBHZW5P5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-24112 – .NET Core Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-24112
25 Feb 2021 — .NET Core Remote Code Execution Vulnerability Una Vulnerabilidad de Ejecución de Código Remota de .NET Core. Este ID de CVE es diferente de CVE-2021-26701 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24112 •
CVSS: 6.5EPSS: 4%CPEs: 7EXPL: 0CVE-2021-1721 – .NET Core and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1721
11 Feb 2021 — .NET Core and Visual Studio Denial of Service Vulnerability Una Vulnerabilidad de Denegación de Servicio de .NET Core y Visual Studio A flaw was found in dotnet. A recursion error when building X.509 certificate chains can lead to a stack overflow which could crash the system. The highest threat from this vulnerability is to system availability. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New version... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721 • CWE-674: Uncontrolled Recursion •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2020-8927 – Buffer overflow in Brotli library
https://notcve.org/view.php?id=CVE-2020-8927
15 Sep 2020 — A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. Se presenta un desbordamiento del búfer en la biblioteca Brotli ... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 7.5EPSS: 6%CPEs: 7EXPL: 0CVE-2020-1597 – ASP.NET Core Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-1597
11 Aug 2020 — A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web appl... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 92%CPEs: 88EXPL: 9CVE-2020-1147 – Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1147
14 Jul 2020 — A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota en .NET Framework, Microsoft SharePoint y Visual Studio cuando el software presenta un fallo al comprobar el marcado de origen de una entrada de archivo XML, también se conoce como ... • https://packetstorm.news/files/id/163644 • CWE-502: Deserialization of Untrusted Data •