CVSS: 7.5EPSS: 71%CPEs: 5EXPL: 0CVE-2013-1336
https://notcve.org/view.php?id=CVE-2013-1336
15 May 2013 — The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability." El Common Language Runtime (CLR) en Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, y 4.5, no valida adecuadamente las firmas, lo que permite a atacantes remotos modificar sin ser detectados... • http://www.us-cert.gov/ncas/alerts/TA13-134A • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 23%CPEs: 1EXPL: 0CVE-2013-1337
https://notcve.org/view.php?id=CVE-2013-1337
15 May 2013 — Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability." Microsoft .NET Framework v4.5 no crea correctamente los requisitos de la política de Windows Communication Foundation (WCF) como punto final de autenticación en ciertas situacio... • http://www.us-cert.gov/ncas/alerts/TA13-134A • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 53%CPEs: 43EXPL: 0CVE-2013-0073
https://notcve.org/view.php?id=CVE-2013-0073
13 Feb 2013 — The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability." El componente Windows Forms (conocido como WinForms) de Microsoft .NET Framework v2.0 SP2, v3.5, v3.5.1, v4, y v4.5 no r... • http://www.us-cert.gov/cas/techalerts/TA13-043B.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 20%CPEs: 54EXPL: 0CVE-2013-0001
https://notcve.org/view.php?id=CVE-2013-0001
09 Jan 2013 — The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability." El componente Windows Forms (también conocido como WinForms)de Microsoft .NET... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-004 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 58%CPEs: 54EXPL: 0CVE-2013-0002 – Microsoft .NET Framework EncoderParameters.ConvertToMemory Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0002
09 Jan 2013 — Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability." Desbordamiento de búfer en el componente Windows Forms (también conocido como WinForms) de Micros... • http://www.us-cert.gov/cas/techalerts/TA13-008A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 58%CPEs: 42EXPL: 0CVE-2013-0003 – Microsoft .NET Framework System.DirectoryServices.Protocols Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0003
09 Jan 2013 — Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability." Desbordamiento de búfer en un método de espacio de nombres System.DirectoryServices.Protocols (S.DS... • http://www.us-cert.gov/cas/techalerts/TA13-008A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 10%CPEs: 54EXPL: 0CVE-2013-0004
https://notcve.org/view.php?id=CVE-2013-0004
09 Jan 2013 — Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability." Microsoft. NET Framework 1.0 Service Pack 3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4 y 4.5 no valida correctamente los permisos de los objetos en memoria, lo que permite ... • http://www.us-cert.gov/cas/techalerts/TA13-008A.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 68%CPEs: 35EXPL: 0CVE-2013-0005
https://notcve.org/view.php?id=CVE-2013-0005
09 Jan 2013 — The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability." La función WCF Replace en la implementación del protocolo Open Data (alias OData) en Microsoft. NET Framework v3.5, v3.5 SP1, v3.5.1 y v... • http://www.us-cert.gov/cas/techalerts/TA13-008A.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 48%CPEs: 38EXPL: 0CVE-2012-4776
https://notcve.org/view.php?id=CVE-2012-4776
14 Nov 2012 — The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability." La funcionalidad Web Proxy Auto-Discovery (WPAD) de Microsoft .NET Fram... • http://osvdb.org/87266 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 9%CPEs: 24EXPL: 0CVE-2012-4777
https://notcve.org/view.php?id=CVE-2012-4777
14 Nov 2012 — The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability." La funcionalidad de optimización del código en la implementación de reflection en Microsoft .NET Framework v4 y v4.5 no aplica correctamente los permisos de los ... • http://osvdb.org/87267 • CWE-264: Permissions, Privileges, and Access Controls •