CVSS: 7.8EPSS: 14%CPEs: 11EXPL: 1CVE-2022-41032 – NuGet Client Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-41032
11 Oct 2022 — NuGet Client Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en el cliente NuGet A vulnerability was found in dotnet. This flaw allows an attacker to triage a NuGet cache poisoning on Linux via a world-writable cache directory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions a... • https://github.com/ethomson/cve-2022-41032 • CWE-269: Improper Privilege Management CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 7.8EPSS: 1%CPEs: 62EXPL: 0CVE-2022-26929 – .NET Framework Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26929
13 Sep 2022 — .NET Framework Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de .NET Framework • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26929 •
CVSS: 7.8EPSS: 1%CPEs: 11EXPL: 0CVE-2022-38013 – .NET Core and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-38013
13 Sep 2022 — .NET Core and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET Core and Visual Studio .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.109 and Runtime 6.0.9. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 1%CPEs: 4EXPL: 1CVE-2022-34716 – .NET Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2022-34716
09 Aug 2022 — .NET Spoofing Vulnerability Una vulnerabilidad de Suplantación en .NET An information disclosure vulnerability exists in .NET Core and .NET. This issue can lead to unauthorized access to privileged information. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28. • https://packetstorm.news/files/id/168332 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2022-30184 – .NET and Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-30184
15 Jun 2022 — .NET and Visual Studio Information Disclosure Vulnerability Una Vulnerabilidad de Divulgación de Información en .NET y Visual Studio .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.420 and .NET Runtime 3.1.26. Issues addressed include a password leak vulnerability. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMP34G53EA2DBTBLFOAQCDZRRENE2EA2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 5.5EPSS: 0%CPEs: 94EXPL: 0CVE-2022-30130 – .NET Framework Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-30130
10 May 2022 — .NET Framework Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET Framework • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30130 •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2022-29145 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-29145
10 May 2022 — .NET and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET y Visual Studio. Este ID de CVE es diferente de CVE-2022-23267, CVE-2022-29117 A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New ve... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO • CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2022-29117 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-29117
10 May 2022 — .NET and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET y Visual Studio. Este ID de CVE es diferente de CVE-2022-23267, CVE-2022-29145 A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of a malicious client that can send MyCookie=chunks-2147483647 without the actual cookie chunks, causing large allocations, exceptions, and excess CPU utilization on the server when it tries to read or delete that many chunks. .NET Core is a man... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 0CVE-2022-23267 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-23267
10 May 2022 — .NET and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET y Visual Studio. Este ID de CVE es diferente de CVE-2022-29117, CVE-2022-29145 A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs an... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26907 – Azure SDK for .NET Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-26907
15 Apr 2022 — Azure SDK for .NET Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información en Azure SDK for .NET • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26907 • CWE-532: Insertion of Sensitive Information into Log File •