CVSS: 9.3EPSS: 53%CPEs: 67EXPL: 1CVE-2018-8284 – Microsoft Security Bulletin CVE Revision Increment for August, 2018
https://notcve.org/view.php?id=CVE-2018-8284
11 Jul 2018 — A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET F... • https://github.com/quantiti/CVE-2018-8284-Sharepoint-RCE • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 60EXPL: 0CVE-2018-8356 – Microsoft Security Bulletin CVE Revision Increment for July, 2018
https://notcve.org/view.php?id=CVE-2018-8356
11 Jul 2018 — A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET C... • http://www.securityfocus.com/bid/104664 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 53EXPL: 0CVE-2018-1039
https://notcve.org/view.php?id=CVE-2018-1039
09 May 2018 — A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.... • http://www.securityfocus.com/bid/104072 •
CVSS: 7.5EPSS: 3%CPEs: 55EXPL: 0CVE-2018-0765
https://notcve.org/view.php?id=CVE-2018-0765
09 May 2018 — A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6... • http://www.securityfocus.com/bid/104060 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 17%CPEs: 51EXPL: 0CVE-2018-0764 – Core: Improper processing of XML documents can cause a denial of service
https://notcve.org/view.php?id=CVE-2018-0764
10 Jan 2018 — Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 y 5.7 y.NET Core 1.0, 1.1 y 2.0 permiten una vulnerabilidad de denegación de servicio (DoS) debido a la form... • http://www.securityfocus.com/bid/102387 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 51EXPL: 0CVE-2018-0786
https://notcve.org/view.php?id=CVE-2018-0786
10 Jan 2018 — Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability." Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1; .NET Core 1.0 y 2.0; y PowerShell Core 6.0.0 permiten una vulnerabilidad de omisión de la característica de seguridad debido a la forma en... • http://www.securityfocus.com/bid/102380 • CWE-295: Improper Certificate Validation •
CVSS: 9.3EPSS: 93%CPEs: 42EXPL: 19CVE-2017-8759 – Microsoft .NET Framework Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8759
13 Sep 2017 — Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability." Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 y 4.7 permite que un atacante ejecute código remotamente mediante un documento o aplicación maliciosos. Esto también se conoce como ".NET Framework Remote Code Execution Vulnerability." Microsoft .NET Framework contains a remote... • https://packetstorm.news/files/id/144182 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 1CVE-2017-0248
https://notcve.org/view.php?id=CVE-2017-0248
12 May 2017 — Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability." Microsoft .NET Framework versiones 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 y 4.7, permiten a un atacante omitir las etiquetas de Enhanced Security Usage cuando presentan un certificado que no es válido para un uso específico, también se conoce como ".NET S... • https://github.com/rubenmamo/CVE-2017-0248-Test • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 17%CPEs: 8EXPL: 2CVE-2017-0160 – Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-0160
12 Apr 2017 — Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability." Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 y 4.7 permite a un atacante con acceso al sistema local ejecutar código malicioso, vulnerabilidad también conocida como ".NET Remote Code Execution Vulnerability". Microsoft Windows suffers from a ManagementObject arbitrary .NET serialization remote code exe... • https://packetstorm.news/files/id/142198 •
CVSS: 7.5EPSS: 38%CPEs: 6EXPL: 0CVE-2016-3255
https://notcve.org/view.php?id=CVE-2016-3255
13 Jul 2016 — Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability." Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6 y 4.6.1 permite a atacantes remotos leer archivos arbitrario a través de datos XML que contienen una declaración de entidad externa en conjunción c... • http://www.securityfocus.com/bid/91601 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •