CVSS: 10.0EPSS: 20%CPEs: 2EXPL: 0CVE-2018-8327
https://notcve.org/view.php?id=CVE-2018-8327
A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension. Existe una vulnerabilidad de ejecución remota de código en PowerShell Editor Services, también conocida como "PowerShell Editor Services Remote Code Execution Vulnerability". Esto afecta a PowerShell Editor y PowerShell Extension. • http://www.securityfocus.com/bid/104649 http://www.securitytracker.com/id/1041251 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8327 •
CVSS: 5.5EPSS: 0%CPEs: 60EXPL: 0CVE-2018-8356
https://notcve.org/view.php?id=CVE-2018-8356
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. Existe una vulnerabilidad de omisión de la característica de seguridad cuando los componentes de Microsoft .NET Framework no validan certificados correctamente. Esto también se conoce como ".NET Framework Security Feature Bypass Vulnerability". Esto afecta a .NET Framework 4.7.2; Microsoft .NET Framework 3.0; Microsoft .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2; ASP.NET Core 1.1; Microsoft .NET Framework 4.5.2; ASP.NET Core 2.0; ASP.NET Core 1.0; .NET Core 1.1; Microsoft .NET Framework 3.5; Microsoft .NET Framework 3.5.1; Microsoft .NET Framework 4.6, 4.6.1, 4.6.2; .NET Core 1.0; .NET Core 2.0; Microsoft .NET Framework 4.6; Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.1, 4.7.2 y Microsoft .NET Framework 4.7.2. • http://www.securityfocus.com/bid/104664 http://www.securitytracker.com/id/1041257 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-0875 – Core: Hash Collision Denial of Service
https://notcve.org/view.php?id=CVE-2018-0875
.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability". .NET Core 1.0, .NET Core 1.1, NET Core 2.0 y PowerShell Core 6.0.0 permiten una vulnerabilidad de denegación de servicio (DoS) debido a la forma en la que se gestionan las peticiones especialmente manipuladas. Esto también se conoce como ".NET Core Denial of Service Vulnerability". It was found that string comparisons in .NET Core did not use a secure hashing algorithm. This could allow an attacker to predict string hashes and cause a denial of service by intentionally creating collisions thus forcing long look up times. • http://www.securityfocus.com/bid/103225 http://www.securitytracker.com/id/1040505 https://access.redhat.com/errata/RHSA-2018:0522 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0875 https://access.redhat.com/security/cve/CVE-2018-0875 https://bugzilla.redhat.com/show_bug.cgi?id=1552060 •
CVSS: 7.5EPSS: 0%CPEs: 51EXPL: 0CVE-2018-0786
https://notcve.org/view.php?id=CVE-2018-0786
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability." Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1; .NET Core 1.0 y 2.0; y PowerShell Core 6.0.0 permiten una vulnerabilidad de omisión de la característica de seguridad debido a la forma en la que se validan los certificados. Esto también se conoce como ".NET Security Feature Bypass Vulnerability". • http://www.securityfocus.com/bid/102380 http://www.securitytracker.com/id/1040152 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 51EXPL: 0CVE-2018-0764 – Core: Improper processing of XML documents can cause a denial of service
https://notcve.org/view.php?id=CVE-2018-0764
Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 y 5.7 y.NET Core 1.0, 1.1 y 2.0 permiten una vulnerabilidad de denegación de servicio (DoS) debido a la forma en la que se procesan los documentos XML. Esto también se conoce como ".NET and .NET Core Denial Of Service Vulnerability". Este CVE es diferente de CVE-2018-0765. • http://www.securityfocus.com/bid/102387 http://www.securitytracker.com/id/1040152 https://access.redhat.com/errata/RHSA-2018:0379 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764 https://access.redhat.com/security/cve/CVE-2018-0764 https://bugzilla.redhat.com/show_bug.cgi?id=1533730 • CWE-20: Improper Input Validation •