Page 36 of 263 results (0.024 seconds)

CVSS: 8.8EPSS: 89%CPEs: 88EXPL: 6

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota en .NET Framework, Microsoft SharePoint y Visual Studio cuando el software presenta un fallo al comprobar el marcado de origen de una entrada de archivo XML, también se conoce como ".NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability" It was discovered that .NET Core did not properly check the source markup of XML files. A remote, unauthenticated attacker could possibly exploit this flaw to execute arbitrary code by sending specially crafted requests to an application parsing certain kinds of XML files or an ASP.NET Core application. Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for deserialization of the XML content. • https://www.exploit-db.com/exploits/48747 https://www.exploit-db.com/exploits/50151 http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147 https://www.exploitalert.com/view-details.html?id=35992 h • CWE-502: Deserialization of Untrusted Data •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text, aka 'Visual Studio Code Live Share Information Disclosure Vulnerability'. Se presenta una vulnerabilidad de divulgación de información en Visual Studio Code Live Share Extension cuando expone tokens en texto plano, también se conoce como "Visual Studio Code Live Share Information Disclosure Vulnerability" • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1343 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278. Se presenta una vulnerabilidad de elevación de privilegios cuando el Diagnostics Hub Standard Collector Service maneja inapropiadamente las operaciones de archivo, también se conoce como "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability". Este ID de CVE es diferente de CVE-2020-1257, CVE-2020-1278 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1293 •

CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293. Se presenta una vulnerabilidad de elevación de privilegios cuando el Diagnostics Hub Standard Collector Service maneja inapropiadamente las operaciones de archivo, también se conoce como "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability". Este ID de CVE es diferente de CVE-2020-1257, CVE-2020-1293 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1278 •

CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293. Se presenta una vulnerabilidad de elevación de privilegios cuando el Diagnostics Hub Standard Collector Service maneja inapropiadamente las operaciones de archivo, también se conoce como "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability". Este ID de CVE es diferente de CVE-2020-1278, CVE-2020-1293 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1257 •