CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.3EPSS: 47%CPEs: 73EXPL: 0CVE-2020-0605
https://notcve.org/view.php?id=CVE-2020-0605
14 Jan 2020 — A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606. Se presenta una vulnerabilidad de ejecución de código remota en el software .NET cuando el software presenta un fallo al comprobar el marcado de origen de un archivo. Un a... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 84EXPL: 0CVE-2019-0980 – dotnet: infinite loop in Uri.TryCreate leading to ASP.Net Core Denial of Service
https://notcve.org/view.php?id=CVE-2019-0980
16 May 2019 — A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981. Existe una vulnerabilidad de Denegación de Servicio (DoS) cuando .NET Framework o .NET Core manejan inapropiadamente las solicitudes web, también conocidas como '.Net Framework y .Net Core Denial of Service Vulnerability'. Este ID de CVE es diferente de CVE-2019-0820, CVE-2019-098... • https://access.redhat.com/errata/RHSA-2019:1259 • CWE-19: Data Processing Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 1%CPEs: 84EXPL: 0CVE-2019-0981 – dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service
https://notcve.org/view.php?id=CVE-2019-0981
16 May 2019 — A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980. Existe una vulnerabilidad de Denegación de Servicio (DoS) cuando .NET Framework o .NET Core manejan inapropiadamente las solicitudes web, también conocidas como '.Net Framework y .Net Core Denial of Service Vulnerability'. Este ID de CVE es diferente de CVE-2019-0820, CVE-2019-098... • https://access.redhat.com/errata/RHSA-2019:1259 • CWE-19: Data Processing Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 2%CPEs: 95EXPL: 0CVE-2019-0820 – dotnet: timeouts for regular expressions are not enforced
https://notcve.org/view.php?id=CVE-2019-0820
16 May 2019 — A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981. Existe una vulnerabilidad de Denegación de Servicio (DoS) cuando .NET Framework y .NET Core procesan inapropiadamente cadenas RegEx, conocidas como ".NET Framework y .NET Core Denial of Service Vulnerability". Este ID de CVE es diferente de CVE-2019-0980, CVE-2019-0981. .NET Co... • https://access.redhat.com/errata/RHSA-2019:1259 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 4%CPEs: 26EXPL: 0CVE-2019-0757 – dotnet: NuGet Tampering Vulnerability
https://notcve.org/view.php?id=CVE-2019-0757
13 Mar 2019 — A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'. Existe una vulnerabilidad de manipulación en NuGet Package Manager para Linux y Mac que podría permitir que un atacante autenticado modifique la estructura de carpetas de un paquete de NuGet, también conocida como 'NuGet Package Manager Tampering Vulnerability'. A flaw was found in dotnet.... • https://access.redhat.com/errata/RHSA-2019:1259 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 2%CPEs: 72EXPL: 0CVE-2019-0657 – dotnet: Domain-spoofing attack in System.Uri
https://notcve.org/view.php?id=CVE-2019-0657
14 Feb 2019 — A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'. Existe una vulnerabilidad en determinadas API de .Net Framework y en Visual Studio en la manera en la que analizan sintácticamente las URL. Esto también se conoce como ".NET Framework and Visual Studio Spoofing Vulnerability". .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and i... • http://www.securityfocus.com/bid/106890 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 60EXPL: 0CVE-2018-8356 – Microsoft Security Bulletin CVE Revision Increment for July, 2018
https://notcve.org/view.php?id=CVE-2018-8356
11 Jul 2018 — A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET C... • http://www.securityfocus.com/bid/104664 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 17%CPEs: 51EXPL: 0CVE-2018-0764 – Core: Improper processing of XML documents can cause a denial of service
https://notcve.org/view.php?id=CVE-2018-0764
10 Jan 2018 — Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 y 5.7 y.NET Core 1.0, 1.1 y 2.0 permiten una vulnerabilidad de denegación de servicio (DoS) debido a la form... • http://www.securityfocus.com/bid/102387 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 51EXPL: 0CVE-2018-0786
https://notcve.org/view.php?id=CVE-2018-0786
10 Jan 2018 — Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability." Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1; .NET Core 1.0 y 2.0; y PowerShell Core 6.0.0 permiten una vulnerabilidad de omisión de la característica de seguridad debido a la forma en... • http://www.securityfocus.com/bid/102380 • CWE-295: Improper Certificate Validation •