CVSS: 9.3EPSS: 97%CPEs: 42EXPL: 13CVE-2017-8759 – Microsoft .NET Framework Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8759
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability." Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 y 4.7 permite que un atacante ejecute código remotamente mediante un documento o aplicación maliciosos. Esto también se conoce como ".NET Framework Remote Code Execution Vulnerability." Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system. • https://www.exploit-db.com/exploits/42711 https://github.com/bhdresh/CVE-2017-8759 https://github.com/Voulnet/CVE-2017-8759-Exploit-sample https://github.com/vysecurity/CVE-2017-8759 https://github.com/nccgroup/CVE-2017-8759 https://github.com/sythass/CVE-2017-8759 https://github.com/JonasUliana/CVE-2017-8759 https://github.com/ashr/CVE-2017-8759-exploits https://github.com/BasuCert/CVE-2017-8759 https://github.com/ChaitanyaHaritash/CVE-2017-8759 https://github.com& •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-8585 – Core: DoS via invalid culture
https://notcve.org/view.php?id=CVE-2017-8585
Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability. Microsoft .NET Framework versiones 4.6, 4.6.1, 4.6.2 y 4.7, permiten a un atacante enviar peticiones especialmente creadas a una aplicación web .NET, resultando en una denegación de servicio, también se conoce como vulnerabilidad de denegación de servicio de .NET. • http://www.securityfocus.com/bid/99432 http://www.securitytracker.com/id/1038864 https://access.redhat.com/errata/RHSA-2017:3248 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8585 https://access.redhat.com/security/cve/CVE-2017-8585 https://bugzilla.redhat.com/show_bug.cgi?id=1512982 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 101EXPL: 0CVE-2017-0256
https://notcve.org/view.php?id=CVE-2017-0256
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Se presenta una vulnerabilidad de suplantación de identidad cuando el Core de ASP.NET no puede sanear apropiadamente las peticiones web. • https://github.com/aspnet/Announcements/issues/239 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 101EXPL: 1CVE-2017-0247
https://notcve.org/view.php?id=CVE-2017-0247
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. Se presenta una vulnerabilidad de denegación de servicio cuando el Core de ASP.NET no puede comprobar apropiadamente las peticiones web. NOTA: Microsoft no ha comentado en reclamos de terceros de que el problema es que la función TextEncoder.EncodeCore en el paquete System.Text.Encodings.Web en ASP.NET Core Mvc versiones anteriores a 1.0.4 y versiones 1.1.x anteriores a 1.1.3 permite a los atacantes remotos causar una denegación de servicio aprovechando un fallo en calcular apropiadamente la longitud de los caracteres de 4 bytes en el rango sin carácter Unicode. • https://github.com/aspnet/Announcements/issues/239 https://technet.microsoft.com/en-us/library/security/4021279.aspx https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 101EXPL: 0CVE-2017-0249
https://notcve.org/view.php?id=CVE-2017-0249
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Existe una vulnerabilidad de elevación de privilegios cuando el ASP.NET Core falla al desinfectar adecuadamente las solicitudes web. • https://github.com/aspnet/Announcements/issues/239 • CWE-20: Improper Input Validation •