CVE-2021-3146
https://notcve.org/view.php?id=CVE-2021-3146
The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges. El servicio de API Dolby Audio X2 (DAX2) versiones anteriores a 0.8.8.90 en Windows permite a los usuarios locales obtener privilegios • https://professional.dolby.com/siteassets/pdfs/dolby-dax2-security-advisory-2021-04-07.pdf • CWE-426: Untrusted Search Path •
CVE-2020-1147 – Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1147
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota en .NET Framework, Microsoft SharePoint y Visual Studio cuando el software presenta un fallo al comprobar el marcado de origen de una entrada de archivo XML, también se conoce como ".NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability" It was discovered that .NET Core did not properly check the source markup of XML files. A remote, unauthenticated attacker could possibly exploit this flaw to execute arbitrary code by sending specially crafted requests to an application parsing certain kinds of XML files or an ASP.NET Core application. Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for deserialization of the XML content. • https://www.exploit-db.com/exploits/48747 https://www.exploit-db.com/exploits/50151 http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147 https://www.exploitalert.com/view-details.html?id=35992 h • CWE-502: Deserialization of Untrusted Data •
CVE-2019-1079
https://notcve.org/view.php?id=CVE-2019-1079
An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'. Existe una vulnerabilidad de divulgación de información cuando Visual Studio analiza inapropiadamente la entrada XML en ciertos archivos de configuración, también se conoce como "Visual Studio Information Disclosure Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1079 • CWE-20: Improper Input Validation •
CVE-2019-0537 – Microsoft Visual Studio vscontent XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-0537
An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio. Existe una vulnerabilidad de divulgación de información cuando Visual Studio divulga los contenidos de archivos arbitrarios si la víctima abre un archivo malicioso ".vscontent". Esto también se conoce como "Microsoft Visual Studio Information Disclosure Vulnerability". Esto afecta a Microsoft Visual Studio. • http://www.securityfocus.com/bid/106390 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0537 •
CVE-2018-8172
https://notcve.org/view.php?id=CVE-2018-8172
A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4. Existe una vulnerabilidad de ejecución remota de código en el software de Visual Studio cuando el software no comprueba el marcado de fuentes de un archivo para un proyecto sin implementar. Esto también se conoce como "Visual Studio Remote Code Execution Vulnerability". Esto afecta a Microsoft Visual Studio y Expression Blend 4. • https://github.com/SyFi/CVE-2018-8172 http://www.securityfocus.com/bid/104616 http://www.securitytracker.com/id/1041253 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172 •