CVE-2022-34716 – .NET Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2022-34716
.NET Spoofing Vulnerability Una vulnerabilidad de Suplantación en .NET An information disclosure vulnerability exists in .NET Core and .NET. This issue can lead to unauthorized access to privileged information. XML signature verification in .NET 6 as implemented in System.Security.Cryptography.Xml.SignedXml is vulnerable to external entity injection attacks. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716 https://access.redhat.com/security/cve/CVE-2022-34716 https://bugzilla.redhat.com/show_bug.cgi?id=2115183 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2022-30184 – .NET and Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-30184
.NET and Visual Studio Information Disclosure Vulnerability Una Vulnerabilidad de Divulgación de Información en .NET y Visual Studio • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMP34G53EA2DBTBLFOAQCDZRRENE2EA2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWNH4AC3LFVX35MDRX5OBZDGD2AMH66K https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30184 https://access.redhat.com/security/cve/CVE-2022-30184 https://bugzilla.redhat.com/show_bug.cgi?id=2096963 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVE-2022-29145 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-29145
.NET and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET y Visual Studio. Este ID de CVE es diferente de CVE-2022-23267, CVE-2022-29117 A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29145 https://access.redhat.com/security/cve/CVE-2022-29145 https://bugzilla.redhat.com/sho • CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization •
CVE-2022-29117 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-29117
.NET and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET y Visual Studio. Este ID de CVE es diferente de CVE-2022-23267, CVE-2022-29145 A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of a malicious client that can send MyCookie=chunks-2147483647 without the actual cookie chunks, causing large allocations, exceptions, and excess CPU utilization on the server when it tries to read or delete that many chunks. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117 https://access.redhat.com/security/cve/CVE-2022-29117 https://bugzilla.redhat.com/sho • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVE-2022-23267 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-23267
.NET and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET y Visual Studio. Este ID de CVE es diferente de CVE-2022-29117, CVE-2022-29145 A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267 https://access.redhat.com/security/cve/CVE-2022-23267 https://bugzilla.redhat.com/sho • CWE-770: Allocation of Resources Without Limits or Throttling •