CVSS: 10.0EPSS: 8%CPEs: 75EXPL: 0CVE-2024-0057 – NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-0057
09 Jan 2024 — NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability Vulnerabididad en NET, .NET Framework y Visual Studio Security Feature Bypass A security feature bypass vulnerability exists when Microsoft .NET Framework-based applications use X.509 chain building APIs but do not completely validate the X.509 certificate due to a logic flaw. An attacker could present an arbitrary untrusted certificate with malformed signatures, triggering a bug in the framework. The framework will correctly repor... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057 • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 67%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 6.8EPSS: 11%CPEs: 2EXPL: 0CVE-2023-36013 – PowerShell Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-36013
20 Nov 2023 — PowerShell Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de PowerShell • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36013 • CWE-668: Exposure of Resource to Wrong Sphere CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21538 – .NET Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-21538
10 Jan 2023 — .NET Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de .NET A vulnerability was found in dotnet. This flaw occurs when parsing an empty HTTP response as a JSON.NET JObject that causes a stack overflow and crashes a process. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21538 • CWE-121: Stack-based Buffer Overflow CWE-502: Deserialization of Untrusted Data •
CVSS: 8.5EPSS: 35%CPEs: 22EXPL: 0CVE-2022-41076 – PowerShell Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41076
13 Dec 2022 — PowerShell Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de PowerShell. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41076 •
CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 0CVE-2022-41121 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-41121
13 Dec 2022 — Windows Graphics Component Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Windows Graphics Component. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the StretchBlt graphics primitive. The issue results from the lack of pro... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41121 •
CVSS: 5.9EPSS: 1%CPEs: 4EXPL: 1CVE-2022-34716 – .NET Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2022-34716
09 Aug 2022 — .NET Spoofing Vulnerability Una vulnerabilidad de Suplantación en .NET An information disclosure vulnerability exists in .NET Core and .NET. This issue can lead to unauthorized access to privileged information. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28. • https://packetstorm.news/files/id/168332 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 0CVE-2022-23267 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-23267
10 May 2022 — .NET and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET y Visual Studio. Este ID de CVE es diferente de CVE-2022-29117, CVE-2022-29145 A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs an... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2022-26788 – PowerShell Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-26788
15 Apr 2022 — PowerShell Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en PowerShell • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26788 •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-24512 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-24512
09 Mar 2022 — .NET and Visual Studio Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota en .NET y Visual Studio A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •