CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-34485 – .NET Core and Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-34485
12 Aug 2021 — .NET Core and Visual Studio Information Disclosure Vulnerability Una Vulnerabilidad de Divulgación de Información en .NET Core y Visual Studio .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.118 and .NET Runtime 3.1.18. Issues addressed include a denial of service vulnerability. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34485 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0CVE-2021-26423 – .NET Core and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-26423
12 Aug 2021 — .NET Core and Visual Studio Denial of Service Vulnerability Una Vulnerabilidad de Denegación de Servicio en .NET Core y Visual Studio An infinite loop error was found in ASP.NET when processing WebSocket frames. The exploitation of this issue can cause high CPU resource consumption. The highest threat from this vulnerability is to system availability. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versio... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26423 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0CVE-2021-26701 – .NET Core Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-26701
25 Feb 2021 — .NET Core Remote Code Execution Vulnerability Una Vulnerabilidad de Ejecución de Código Remota de .NET Core. Este ID de CVE es diferente de CVE-2021-24112 A remote code execution vulnerability was found in dotnet in the System.Text.Encodings.Web package, caused by a buffer overrun. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and i... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2AZOUKMCHT2WBHR7MYDTYXWOBHZW5P5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 4%CPEs: 7EXPL: 0CVE-2021-1721 – .NET Core and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1721
11 Feb 2021 — .NET Core and Visual Studio Denial of Service Vulnerability Una Vulnerabilidad de Denegación de Servicio de .NET Core y Visual Studio A flaw was found in dotnet. A recursion error when building X.509 certificate chains can lead to a stack overflow which could crash the system. The highest threat from this vulnerability is to system availability. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New version... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721 • CWE-674: Uncontrolled Recursion •