CVSS: 9.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 92%CPEs: 88EXPL: 9CVE-2020-1147 – Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1147
14 Jul 2020 — A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota en .NET Framework, Microsoft SharePoint y Visual Studio cuando el software presenta un fallo al comprobar el marcado de origen de una entrada de archivo XML, también se conoce como ... • https://packetstorm.news/files/id/163644 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 2%CPEs: 132EXPL: 0CVE-2020-1108 – dotnet: Denial of service via untrusted input
https://notcve.org/view.php?id=CVE-2020-1108
14 May 2020 — A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'. Se presenta una vulnerabilidad denegación de servicio cuando .NET Core o .NET Framework manejan inapropiadamente las peticiones web, también se conoce como ".NET Core & .NET Framework Denial of Service Vulnerability" An integer overflow condition was found in dotnet and dotnet3.1's BinaryReader Read7BitEncodedInt() method. This metho... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 47%CPEs: 73EXPL: 0CVE-2020-0605
https://notcve.org/view.php?id=CVE-2020-0605
14 Jan 2020 — A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606. Se presenta una vulnerabilidad de ejecución de código remota en el software .NET cuando el software presenta un fallo al comprobar el marcado de origen de un archivo. Un a... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 84EXPL: 0CVE-2019-0980 – dotnet: infinite loop in Uri.TryCreate leading to ASP.Net Core Denial of Service
https://notcve.org/view.php?id=CVE-2019-0980
16 May 2019 — A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981. Existe una vulnerabilidad de Denegación de Servicio (DoS) cuando .NET Framework o .NET Core manejan inapropiadamente las solicitudes web, también conocidas como '.Net Framework y .Net Core Denial of Service Vulnerability'. Este ID de CVE es diferente de CVE-2019-0820, CVE-2019-098... • https://access.redhat.com/errata/RHSA-2019:1259 • CWE-19: Data Processing Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 1%CPEs: 84EXPL: 0CVE-2019-0981 – dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service
https://notcve.org/view.php?id=CVE-2019-0981
16 May 2019 — A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980. Existe una vulnerabilidad de Denegación de Servicio (DoS) cuando .NET Framework o .NET Core manejan inapropiadamente las solicitudes web, también conocidas como '.Net Framework y .Net Core Denial of Service Vulnerability'. Este ID de CVE es diferente de CVE-2019-0820, CVE-2019-098... • https://access.redhat.com/errata/RHSA-2019:1259 • CWE-19: Data Processing Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 2%CPEs: 95EXPL: 0CVE-2019-0820 – dotnet: timeouts for regular expressions are not enforced
https://notcve.org/view.php?id=CVE-2019-0820
16 May 2019 — A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981. Existe una vulnerabilidad de Denegación de Servicio (DoS) cuando .NET Framework y .NET Core procesan inapropiadamente cadenas RegEx, conocidas como ".NET Framework y .NET Core Denial of Service Vulnerability". Este ID de CVE es diferente de CVE-2019-0980, CVE-2019-0981. .NET Co... • https://access.redhat.com/errata/RHSA-2019:1259 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 4%CPEs: 26EXPL: 0CVE-2019-0757 – dotnet: NuGet Tampering Vulnerability
https://notcve.org/view.php?id=CVE-2019-0757
13 Mar 2019 — A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'. Existe una vulnerabilidad de manipulación en NuGet Package Manager para Linux y Mac que podría permitir que un atacante autenticado modifique la estructura de carpetas de un paquete de NuGet, también conocida como 'NuGet Package Manager Tampering Vulnerability'. A flaw was found in dotnet.... • https://access.redhat.com/errata/RHSA-2019:1259 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 2%CPEs: 72EXPL: 0CVE-2019-0657 – dotnet: Domain-spoofing attack in System.Uri
https://notcve.org/view.php?id=CVE-2019-0657
14 Feb 2019 — A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'. Existe una vulnerabilidad en determinadas API de .Net Framework y en Visual Studio en la manera en la que analizan sintácticamente las URL. Esto también se conoce como ".NET Framework and Visual Studio Spoofing Vulnerability". .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and i... • http://www.securityfocus.com/bid/106890 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 6%CPEs: 58EXPL: 0CVE-2019-0545 – Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure
https://notcve.org/view.php?id=CVE-2019-0545
08 Jan 2019 — An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, ... • http://www.securityfocus.com/bid/106405 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •