CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0CVE-2021-26701 – .NET Core Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-26701
25 Feb 2021 — .NET Core Remote Code Execution Vulnerability Una Vulnerabilidad de Ejecución de Código Remota de .NET Core. Este ID de CVE es diferente de CVE-2021-24112 A remote code execution vulnerability was found in dotnet in the System.Text.Encodings.Web package, caused by a buffer overrun. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and i... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2AZOUKMCHT2WBHR7MYDTYXWOBHZW5P5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1639 – Visual Studio Code Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-1639
25 Feb 2021 — Visual Studio Code Remote Code Execution Vulnerability Una Vulnerabilidad de Ejecución de Código Remota de Visual Studio Code • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1639 •
CVSS: 6.5EPSS: 4%CPEs: 7EXPL: 0CVE-2021-1721 – .NET Core and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1721
11 Feb 2021 — .NET Core and Visual Studio Denial of Service Vulnerability Una Vulnerabilidad de Denegación de Servicio de .NET Core y Visual Studio A flaw was found in dotnet. A recursion error when building X.509 certificate chains can lead to a stack overflow which could crash the system. The highest threat from this vulnerability is to system availability. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New version... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721 • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2021-1723 – ASP.NET Core and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1723
12 Jan 2021 — ASP.NET Core and Visual Studio Denial of Service Vulnerability Una Vulnerabilidad de Denegación de Servicio de ASP.NET Core y Visual Studio A flaw was found in dotnet. Running callbacks outside of locks results in Krestel deadlock using HTTP2. The highest threat from this vulnerability is to system availability. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a secu... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723 • CWE-833: Deadlock •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2021-1680 – Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-1680
12 Jan 2021 — Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios del Diagnostics Hub Standard Collector. Este ID de CVE es diferente de CVE-2021-1651 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1680 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2021-1651 – Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-1651
12 Jan 2021 — Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios del recopilador estándar de Diagnostics Hub. Este ID de CVE es diferente de CVE-2021-1680 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1651 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 4%CPEs: 2EXPL: 0CVE-2020-17156 – Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-17156
09 Dec 2020 — Visual Studio Remote Code Execution Vulnerability Vulnerabilidad de ejecución de código remota en Visual Studio • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17156 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-17100 – Visual Studio Tampering Vulnerability
https://notcve.org/view.php?id=CVE-2020-17100
11 Nov 2020 — Visual Studio Tampering Vulnerability Vulnerabilidad de Manipulación de Visual Studio • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17100 •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 1CVE-2020-26870
https://notcve.org/view.php?id=CVE-2020-26870
07 Oct 2020 — Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. Cure53 DOMPurify versiones anteriores a 2.0.17, permite una mutación de XSS. Esto ocurre porque un viaje de ida y vuelta de análisis serializado no necesariamente devuelve el árbol DOM original, y un espacio de nombres puede cambiar de HTML a MathML, como es demo... • https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2020-8927 – Buffer overflow in Brotli library
https://notcve.org/view.php?id=CVE-2020-8927
15 Sep 2020 — A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. Se presenta un desbordamiento del búfer en la biblioteca Brotli ... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-130: Improper Handling of Length Parameter Inconsistency •