Lucene search

K

.NET Security Vulnerabilities

cve
cve

CVE-2024-29059

.NET Framework Information Disclosure...

7.5CVSS

7AI Score

0.0004EPSS

2024-03-23 12:15 AM
40
cve
cve

CVE-2024-26190

Microsoft QUIC Denial of Service...

7.5CVSS

7.3AI Score

0.0005EPSS

2024-03-12 05:15 PM
77
cve
cve

CVE-2024-21392

.NET and Visual Studio Denial of Service...

7.5CVSS

7.4AI Score

0.0005EPSS

2024-03-12 05:15 PM
82
cve
cve

CVE-2023-45289

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a...

7.2AI Score

0.0004EPSS

2024-03-05 11:15 PM
24
cve
cve

CVE-2023-45290

When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a...

7.4AI Score

0.0004EPSS

2024-03-05 11:15 PM
27
cve
cve

CVE-2024-24784

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different...

7.4AI Score

0.0004EPSS

2024-03-05 11:15 PM
21
cve
cve

CVE-2024-21404

.NET Denial of Service...

7.5CVSS

7.4AI Score

0.001EPSS

2024-02-13 06:15 PM
99
cve
cve

CVE-2023-51440

A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products...

7.5CVSS

7.5AI Score

0.0005EPSS

2024-02-13 09:15 AM
12
cve
cve

CVE-2020-24682

Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from...

7.8CVSS

7.4AI Score

0.0004EPSS

2024-02-02 08:15 AM
7
cve
cve

CVE-2020-24681

Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-02-02 07:15 AM
5
cve
cve

CVE-2024-21319

Microsoft Identity Denial of service...

6.8CVSS

6.7AI Score

0.001EPSS

2024-01-09 07:15 PM
78
cve
cve

CVE-2024-21312

.NET Framework Denial of Service...

7.5CVSS

7.3AI Score

0.001EPSS

2024-01-09 06:15 PM
51
cve
cve

CVE-2024-20672

.NET Denial of Service...

7.5CVSS

8.3AI Score

0.001EPSS

2024-01-09 06:15 PM
70
cve
cve

CVE-2024-0057

NET, .NET Framework, and Visual Studio Security Feature Bypass...

9.8CVSS

7.4AI Score

0.002EPSS

2024-01-09 06:15 PM
83
cve
cve

CVE-2024-0056

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass...

8.7CVSS

8.1AI Score

0.002EPSS

2024-01-09 06:15 PM
94
cve
cve

CVE-2023-51662

The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not...

7.5CVSS

7.2AI Score

0.001EPSS

2023-12-22 05:15 PM
10
cve
cve

CVE-2023-38380

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All.....

7.5CVSS

7.2AI Score

0.0005EPSS

2023-12-12 12:15 PM
38
cve
cve

CVE-2023-39326

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about...

5.3CVSS

6.9AI Score

0.001EPSS

2023-12-06 05:15 PM
86
cve
cve

CVE-2021-22143

The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers...

4.3CVSS

6.7AI Score

0.0004EPSS

2023-11-22 02:15 AM
20
cve
cve

CVE-2023-36558

ASP.NET Core - Security Feature Bypass...

5.5CVSS

6.9AI Score

0.0005EPSS

2023-11-14 10:15 PM
111
cve
cve

CVE-2023-36038

ASP.NET Core Denial of Service...

7.5CVSS

6.9AI Score

0.002EPSS

2023-11-14 10:15 PM
96
cve
cve

CVE-2023-36049

.NET, .NET Framework, and Visual Studio Elevation of Privilege...

9.8CVSS

7AI Score

0.001EPSS

2023-11-14 09:15 PM
109
cve
cve

CVE-2023-36560

ASP.NET Security Feature Bypass...

8.8CVSS

7.4AI Score

0.001EPSS

2023-11-14 06:15 PM
123
cve
cve

CVE-2023-36042

Visual Studio Denial of Service...

5.5CVSS

7.3AI Score

0.0004EPSS

2023-11-14 06:15 PM
78
cve
cve

CVE-2023-44322

Affected devices can be configured to send emails when certain events occur on the device. When presented with an invalid response from the SMTP server, the device triggers an error that disrupts email sending. An attacker with access to the network can use this to do disable notification of users....

5.9CVSS

5.7AI Score

0.001EPSS

2023-11-14 11:15 AM
48
cve
cve

CVE-2023-44373

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of...

9.1CVSS

9AI Score

0.001EPSS

2023-11-14 11:15 AM
53
cve
cve

CVE-2023-44374

Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her...

8.8CVSS

7.6AI Score

0.001EPSS

2023-11-14 11:15 AM
44
cve
cve

CVE-2023-44319

Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration...

4.9CVSS

5.9AI Score

0.001EPSS

2023-11-14 11:15 AM
50
cve
cve

CVE-2023-44318

Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the...

4.9CVSS

5.7AI Score

0.001EPSS

2023-11-14 11:15 AM
42
cve
cve

CVE-2023-44320

Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an...

4.3CVSS

5.6AI Score

0.001EPSS

2023-11-14 11:15 AM
50
cve
cve

CVE-2023-44317

Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the...

7.2CVSS

7.5AI Score

0.001EPSS

2023-11-14 11:15 AM
46
cve
cve

CVE-2023-44321

Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available...

6.5CVSS

5.4AI Score

0.001EPSS

2023-11-14 11:15 AM
47
cve
cve

CVE-2023-31247

A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this...

9.8CVSS

7.8AI Score

0.001EPSS

2023-11-14 10:15 AM
26
cve
cve

CVE-2023-28391

A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this...

9.8CVSS

7.8AI Score

0.001EPSS

2023-11-14 10:15 AM
25
cve
cve

CVE-2023-27882

A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this...

9.8CVSS

8.1AI Score

0.001EPSS

2023-11-14 10:15 AM
28
cve
cve

CVE-2023-28379

A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this...

9.8CVSS

7.8AI Score

0.001EPSS

2023-11-14 10:15 AM
30
cve
cve

CVE-2023-25181

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this...

9.8CVSS

8.4AI Score

0.001EPSS

2023-11-14 10:15 AM
26
cve
cve

CVE-2023-24585

An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this...

9.8CVSS

7.3AI Score

0.001EPSS

2023-11-14 10:15 AM
24
cve
cve

CVE-2023-39325

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new....

7.5CVSS

7.4AI Score

0.002EPSS

2023-10-11 10:15 PM
2519
cve
cve

CVE-2023-4990

Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary...

7.5CVSS

7.3AI Score

0.001EPSS

2023-10-11 08:15 AM
35
cve
cve

CVE-2023-38171

Microsoft QUIC Denial of Service...

7.5CVSS

7.3AI Score

0.002EPSS

2023-10-10 06:15 PM
361
cve
cve

CVE-2023-36415

Azure Identity SDK Remote Code Execution...

8.8CVSS

8.8AI Score

0.002EPSS

2023-10-10 06:15 PM
36
cve
cve

CVE-2023-36414

Azure Identity SDK Remote Code Execution...

8.8CVSS

8.8AI Score

0.002EPSS

2023-10-10 06:15 PM
53
cve
cve

CVE-2023-36435

Microsoft QUIC Denial of Service...

7.5CVSS

7.3AI Score

0.002EPSS

2023-10-10 06:15 PM
334
cve
cve

CVE-2023-30806

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to...

9.8CVSS

8.9AI Score

0.089EPSS

2023-10-10 03:15 PM
32
cve
cve

CVE-2023-30805

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling...

9.8CVSS

8.9AI Score

0.089EPSS

2023-10-10 03:15 PM
16
cve
cve

CVE-2023-30804

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated...

6.5CVSS

9AI Score

0.001EPSS

2023-10-10 03:15 PM
19
cve
cve

CVE-2023-30802

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length...

5.3CVSS

7.7AI Score

0.001EPSS

2023-10-10 03:15 PM
13
cve
cve

CVE-2023-30803

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for...

9.8CVSS

6.7AI Score

0.003EPSS

2023-10-10 03:15 PM
12
cve
cve

CVE-2023-36799

.NET Core and Visual Studio Denial of Service...

6.5CVSS

6.4AI Score

0.001EPSS

2023-09-12 05:15 PM
426
Total number of security vulnerabilities366
Page: