CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21538 – .NET Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-21538
.NET Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de .NET A vulnerability was found in dotnet. This flaw occurs when parsing an empty HTTP response as a JSON.NET JObject that causes a stack overflow and crashes a process. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21538 https://access.redhat.com/security/cve/CVE-2023-21538 https://bugzilla.redhat.com/show_bug.cgi?id=2158342 • CWE-121: Stack-based Buffer Overflow CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 0CVE-2022-41121 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-41121
Windows Graphics Component Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Windows Graphics Component. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the StretchBlt graphics primitive. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41121 •
CVSS: 8.5EPSS: 1%CPEs: 22EXPL: 0CVE-2022-41076 – PowerShell Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41076
PowerShell Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de PowerShell. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41076 •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34716 – .NET Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2022-34716
.NET Spoofing Vulnerability Una vulnerabilidad de Suplantación en .NET An information disclosure vulnerability exists in .NET Core and .NET. This issue can lead to unauthorized access to privileged information. XML signature verification in .NET 6 as implemented in System.Security.Cryptography.Xml.SignedXml is vulnerable to external entity injection attacks. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716 https://access.redhat.com/security/cve/CVE-2022-34716 https://bugzilla.redhat.com/show_bug.cgi?id=2115183 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2022-23267 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-23267
.NET and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET y Visual Studio. Este ID de CVE es diferente de CVE-2022-29117, CVE-2022-29145 A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267 https://access.redhat.com/security/cve/CVE-2022-23267 https://bugzilla.redhat.com/sho • CWE-770: Allocation of Resources Without Limits or Throttling •