2 matches found
CVE-2026-54784 CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session...
CVE-2005-1935
Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library MSASN1.DLL allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as...