CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2021-1723 – ASP.NET Core and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1723
12 Jan 2021 — ASP.NET Core and Visual Studio Denial of Service Vulnerability Una Vulnerabilidad de Denegación de Servicio de ASP.NET Core y Visual Studio A flaw was found in dotnet. Running callbacks outside of locks results in Krestel deadlock using HTTP2. The highest threat from this vulnerability is to system availability. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a secu... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723 • CWE-833: Deadlock •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2021-1680 – Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-1680
12 Jan 2021 — Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios del Diagnostics Hub Standard Collector. Este ID de CVE es diferente de CVE-2021-1651 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1680 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2021-1651 – Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-1651
12 Jan 2021 — Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios del recopilador estándar de Diagnostics Hub. Este ID de CVE es diferente de CVE-2021-1680 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1651 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 4%CPEs: 2EXPL: 0CVE-2020-17156 – Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-17156
09 Dec 2020 — Visual Studio Remote Code Execution Vulnerability Vulnerabilidad de ejecución de código remota en Visual Studio • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17156 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-17100 – Visual Studio Tampering Vulnerability
https://notcve.org/view.php?id=CVE-2020-17100
11 Nov 2020 — Visual Studio Tampering Vulnerability Vulnerabilidad de Manipulación de Visual Studio • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17100 •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 1CVE-2020-26870
https://notcve.org/view.php?id=CVE-2020-26870
07 Oct 2020 — Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. Cure53 DOMPurify versiones anteriores a 2.0.17, permite una mutación de XSS. Esto ocurre porque un viaje de ida y vuelta de análisis serializado no necesariamente devuelve el árbol DOM original, y un espacio de nombres puede cambiar de HTML a MathML, como es demo... • https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2020-8927 – Buffer overflow in Brotli library
https://notcve.org/view.php?id=CVE-2020-8927
15 Sep 2020 — A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. Se presenta un desbordamiento del búfer en la biblioteca Brotli ... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2020-1130 – Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-1130
11 Sep 2020 —
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
An attacker could exploit this vulnerability by running a specially crafted application on the victim system.
The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles data operations.
Se presenta una vulnerabili... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1130 •CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2020-1133 – Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-1133
11 Sep 2020 —
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
An attacker could exploit this vulnerability by running a specially crafted application on the victim system.
The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles file operations.
Se presenta una vulnerabili... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1133 •