HIGH

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ASP.NET Core Denial of Service Vulnerability.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-1597
https://lists.fedoraproject.org/archives/list/packa…

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka ‘.NET Framework, SharePoint Server, and Visual Studio Remote Code Executio…

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ‘ASP.NET Core Denial of Service Vulnerability’.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-1161
https://portal.msrc.microsoft.com/en-US/security-…

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka ‘.NET Core & .NET Framework Denial of Service Vulnerability’.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-1108
https://portal.m…

The “Apache NetBeans” autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. “Apache NetBeans” versions up to and including 11.2 are affected by this vulnerability. NetBeans r…

A vulnerability was found in the Undertow HTTP server in versions before 2.0.29 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
References

https://nvd.nist.g…

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka ‘.NET F…

A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kub…

Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM.
References

https://nvd.nist.gov/vuln/detail/CVE-2019-16558
https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1580
http://www.op…

It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized m…