A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka ‘.NET Framework, SharePoint Server, and Visual Studio Remote Code Executio…
[Microsoft.AspNetCore.App.Runtime.linux-musl-x64] ASP.NET Core Denial of Service Vulnerability
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ‘ASP.NET Core Denial of Service Vulnerability’.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-1161
https://portal.msrc.microsoft.com/en-US/security-…
[Microsoft.NETCore.App.Runtime.linux-arm64] .NET Core & .NET Framework Denial of Service Vulnerability
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka ‘.NET Core & .NET Framework Denial of Service Vulnerability’.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-1108
https://portal.m…
[org.apache.dubbo:dubbo-rpc-http-invoker] Deserialization of Untrusted Data in Apache Dubbo
Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This i…
[org.codehaus.mevenide:netbeans] Improper Verification of Cryptographic Signature in Apache Netbeans
The “Apache NetBeans” autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. “Apache NetBeans” versions up to and including 11.2 are affected by this vulnerability. NetBeans r…
[org.apache.struts:struts2-core] Cross-site Scripting in Apache Struts
When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the ‘Problem Report’ screen. Also if JSP files are exposed to be accessed directly it’s possible to execute an arbitrary script.
It is generally …
[io.undertow:undertow-core] Undertow vulnerable to Uncontrolled Resource Consumption
A vulnerability was found in the Undertow HTTP server in versions before 2.0.29 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
References
https://nvd.nist.g…
[Microsoft.WindowsDesktop.App.Runtime.win-x86] Remote code execution in Microsoft.WindowsDesktop.App.Ref
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka ‘.NET F…
[Microsoft.AspNetCore.App.Runtime.linux-x64] Denial of service in ASP.NET Core
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ‘ASP.NET Core Denial of Service Vulnerability’.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-0602
https://access.redhat.com/errata/RHSA-2020:0130
h…
[org.keycloak:keycloak-core] keycloak vulnerable to unauthorized login via mail server setup
A flaw was found in keycloack before version 8.0.0. The owner of ‘placeholder.org’ domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name ‘test’ the email address w…