CVE-2019-0657 – dotnet: Domain-spoofing attack in System.Uri
https://notcve.org/view.php?id=CVE-2019-0657
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'. Existe una vulnerabilidad en determinadas API de .Net Framework y en Visual Studio en la manera en la que analizan sintácticamente las URL. Esto también se conoce como ".NET Framework and Visual Studio Spoofing Vulnerability". • http://www.securityfocus.com/bid/106890 https://access.redhat.com/errata/RHSA-2019:0349 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657 https://access.redhat.com/security/cve/CVE-2019-0657 https://bugzilla.redhat.com/show_bug.cgi?id=1673891 • CWE-20: Improper Input Validation •
CVE-2018-8415
https://notcve.org/view.php?id=CVE-2018-8415
A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. Existe una vulnerabilidad de falsificación en PowerShell que podría permitir que un atacante ejecute código no registrado. Esto también se conoce como "Microsoft PowerShell Tampering Vulnerability". Esto afecta a Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10 y Windows 10 Servers. • http://www.securityfocus.com/bid/105792 http://www.securitytracker.com/id/1042108 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8415 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2018-8256
https://notcve.org/view.php?id=CVE-2018-8256
A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft PowerShell Remote Code Execution Vulnerability." This affects Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.2.2.0, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, Windows Server 2019, Windows 7, Windows Server 2012 R2, PowerShell Core 6.1, Windows 10 Servers, Windows 10, Windows 8.1. Existe una vulnerabilidad de ejecución remota de código cuando PowerShell gestiona incorrectamente los archivos especialmente manipulados. Esto también se conoce como "Windows PowerShell Remote Code Execution Vulnerability". Esto afecta a Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.2.2.0, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, Windows Server 2019, Windows 7, Windows Server 2012 R2, PowerShell Core 6.1, Windows 10 Servers, Windows 10 y Windows 8.1. • http://www.securityfocus.com/bid/105781 http://www.securitytracker.com/id/1042108 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8256 •
CVE-2018-8292 – Core: information disclosure due to authentication information exposed in a redirect
https://notcve.org/view.php?id=CVE-2018-8292
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0. Existe una vulnerabilidad de divulgación de información en .NET Core cuando la información de autenticación se expone de forma inadvertida en una redirección. Esto también se conoce como ".NET Core Information Disclosure Vulnerability". Esto afecta a .NET Core 2.1, .NET Core 1.0, .NET Core 1.1 y PowerShell Core 6.0. • http://www.securityfocus.com/bid/105548 https://access.redhat.com/errata/RHSA-2018:2902 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292 https://access.redhat.com/security/cve/CVE-2018-8292 https://bugzilla.redhat.com/show_bug.cgi?id=1636274 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVE-2018-8356
https://notcve.org/view.php?id=CVE-2018-8356
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. Existe una vulnerabilidad de omisión de la característica de seguridad cuando los componentes de Microsoft .NET Framework no validan certificados correctamente. Esto también se conoce como ".NET Framework Security Feature Bypass Vulnerability". Esto afecta a .NET Framework 4.7.2; Microsoft .NET Framework 3.0; Microsoft .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2; ASP.NET Core 1.1; Microsoft .NET Framework 4.5.2; ASP.NET Core 2.0; ASP.NET Core 1.0; .NET Core 1.1; Microsoft .NET Framework 3.5; Microsoft .NET Framework 3.5.1; Microsoft .NET Framework 4.6, 4.6.1, 4.6.2; .NET Core 1.0; .NET Core 2.0; Microsoft .NET Framework 4.6; Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.1, 4.7.2 y Microsoft .NET Framework 4.7.2. • http://www.securityfocus.com/bid/104664 http://www.securitytracker.com/id/1041257 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356 • CWE-295: Improper Certificate Validation •