CVSS: 7.8EPSS: 18%CPEs: 6EXPL: 0CVE-2024-21404 – .NET Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-21404
13 Feb 2024 — .NET Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de .NET A denial of service vulnerability exists in .NET applications with OpenSSL support when parsing X509 certificates. The issue arises from inadequate validation of user-supplied input in .NET. This flaw allows a remote attacker to trigger a denial of service (DoS) attack by providing specially crafted input. Brennan Conroy discovered that .NET with SignalR did not properly handle malicious clients. An attacker could possibly... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21404 • CWE-400: Uncontrolled Resource Consumption CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 10%CPEs: 6EXPL: 0CVE-2024-21386 – .NET Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-21386
13 Feb 2024 — .NET Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de .NET A denial of service vulnerability is present in the .NET applications utilizing SignalR, which a malicious client can exploit. The issue arises from inadequate validation of user-supplied input in .NET. This flaw allows a remote attacker to trigger a denial of service (DoS) attack by providing specially crafted input. Brennan Conroy discovered that .NET with SignalR did not properly handle malicious clients. An attacker co... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.2EPSS: 0%CPEs: 11EXPL: 0CVE-2023-36558 – ASP.NET Core Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-36558
14 Nov 2023 — ASP.NET Core - Security Feature Bypass Vulnerability Vulnerabilidad de omisión de funciones de seguridad en ASP.NET Core ASP.NET Core Security Feature Bypass Vulnerability A security feature bypass vulnerability was found in Blazor forms in ASP.NET in the .NET package. Barry Dorrans discovered that .NET did not properly implement certain security features for Blazor server forms. An attacker could possibly use this issue to bypass validation, which could trigger unintended actions. Piotr Bazydlo discovered ... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558 •
CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •