CVSS: 7.5EPSS: 0%CPEs: 132EXPL: 0CVE-2020-1108 – dotnet: Denial of service via untrusted input
https://notcve.org/view.php?id=CVE-2020-1108
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'. Se presenta una vulnerabilidad denegación de servicio cuando .NET Core o .NET Framework manejan inapropiadamente las peticiones web, también se conoce como ".NET Core & .NET Framework Denial of Service Vulnerability" An integer overflow condition was found in dotnet and dotnet3.1's BinaryReader Read7BitEncodedInt() method. This method is used by BinaryReader's ReadString() method, and given a certain input, and cause a denial of service to dotnet applications using BinaryReader. The exploitation of this flaw depends on the application but does not inherently require the attacker to be authenticated or have any specific privileges. An attacker could exploit this flaw remotely via the internet by sending crafted data to a dotnet application that is passed into Read7BitEncodedInt(), resulting in a denial of service when the output is used by ReadString(). • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108 https://access.redhat.com/security/cve/CVE-2020-1108 https://bugzilla.redhat.com/show_bug.cgi?id=1827643 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-1301 – dotnet: System.Net.Sockets.dll Socket.ConnectAsync Denial of Service
https://notcve.org/view.php?id=CVE-2019-1301
A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'. Se presenta una vulnerabilidad de denegación de servicio cuando .NET Core maneja inapropiadamente las peticiones web, también se conoce como ".NET Core Denial of Service Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1301 https://access.redhat.com/security/cve/CVE-2019-1301 https://bugzilla.redhat.com/show_bug.cgi?id=1750793 • CWE-20: Improper Input Validation •
CVSS: 4.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1167
https://notcve.org/view.php?id=CVE-2019-1167
A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'. Se presenta una vulnerabilidad de omisión de característica de seguridad en Windows Defender Application Control (WDAC), que podría permitir a un atacante omitir la aplicación de WDAC, también se conoce como "Windows Defender Application Control Security Feature Bypass Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1167 •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2019-0632
https://notcve.org/view.php?id=CVE-2019-0632
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0627, CVE-2019-0631. Existe una vulnerabilidad de omisión de la característica de seguridad en Windows que podría permitir que un atacante omita Device Guard. Esto también se conoce como "Windows Security Feature Bypass Vulnerability". El ID de este CVE es diferente de CVE-2019-0627 y CVE-2019-0631. • http://www.securityfocus.com/bid/106880 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0632 •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2019-0631
https://notcve.org/view.php?id=CVE-2019-0631
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0627, CVE-2019-0632. Existe una vulnerabilidad de omisión de la característica de seguridad en Windows que podría permitir que un atacante omita Device Guard. Esto también se conoce como "Windows Security Feature Bypass Vulnerability". El ID de este CVE es diferente de CVE-2019-0627 y CVE-2019-0632. • http://www.securityfocus.com/bid/106875 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0631 •