CVSS: 8.7EPSS: 0%CPEs: 77EXPL: 0CVE-2024-0056 – Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-0056
09 Jan 2024 — Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability Vulnerabilidad de omisión de característica de seguridad del proveedor de datos SQL de Microsoft.Data.SqlClient y System.Data.SqlClient A vulnerability was found in the .NET Framework. This vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attackercan perform an AiTM (adversary-in-the-middle) attack between the SQL client and the SQL server. This ... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056 • CWE-319: Cleartext Transmission of Sensitive Information CWE-420: Unprotected Alternate Channel •
CVSS: 7.8EPSS: 22%CPEs: 2EXPL: 0CVE-2024-20672 – .NET Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-20672
09 Jan 2024 — .NET Denial of Service Vulnerability Vulnerabilidad de denegación de servicio en .NET Core y Visual Studio • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20672 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 67%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 8.2EPSS: 29%CPEs: 14EXPL: 0CVE-2023-36038 – ASP.NET Core Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-36038
14 Nov 2023 — ASP.NET Core Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de ASP.NET Core • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36038 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.2EPSS: 0%CPEs: 11EXPL: 0CVE-2023-36558 – ASP.NET Core Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-36558
14 Nov 2023 — ASP.NET Core - Security Feature Bypass Vulnerability Vulnerabilidad de omisión de funciones de seguridad en ASP.NET Core ASP.NET Core Security Feature Bypass Vulnerability A security feature bypass vulnerability was found in Blazor forms in ASP.NET in the .NET package. Barry Dorrans discovered that .NET did not properly implement certain security features for Blazor server forms. An attacker could possibly use this issue to bypass validation, which could trigger unintended actions. Piotr Bazydlo discovered ... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558 •
CVSS: 10.0EPSS: 13%CPEs: 82EXPL: 0CVE-2023-36049 – .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36049
14 Nov 2023 — .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en .NET, .NET Framework y Visual Studio A vulnerability was found in FormatFtpCommand in the .NET package that may result in a CRLF injection arbitrary file write and deletion. This vulnerability allows remote attackers to create or delete arbitrary files on FTP servers implemented using affected versions of Microsoft .NET. Interaction with the .NET framework is required to exploit this vu... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36049 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 24%CPEs: 74EXPL: 0CVE-2023-36560 – ASP.NET Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-36560
14 Nov 2023 — ASP.NET Security Feature Bypass Vulnerability Vulnerabilidad de omisión de característica de seguridad de ASP.NET. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36560 •
CVSS: 7.8EPSS: 17%CPEs: 4EXPL: 0CVE-2023-36435 – Microsoft QUIC Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-36435
10 Oct 2023 — Microsoft QUIC Denial of Service Vulnerability Vulnerabilidad de denegación de servicio en Microsoft QUIC • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36435 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 18%CPEs: 7EXPL: 0CVE-2023-38171 – Microsoft QUIC Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-38171
10 Oct 2023 — Microsoft QUIC Denial of Service Vulnerability Vulnerabilidad de denegación de servicio en Microsoft QUIC • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •