Security Advisories

ChakraCore RCE Vulnerability

GHSA-4f5g-j7wg-7w8j CVE-2016-7201 HIGH over 3 years ago

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory cor...

nuget

No PRs yet

ChakraCore RCE Vulnerability

GHSA-mmfq-r3rg-8r7w CVE-2016-7202 HIGH over 3 years ago

The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a de...

nuget

No PRs yet

ChakraCore RCE Vulnerability

GHSA-vx5c-598g-qpg6 CVE-2016-7208 HIGH over 3 years ago

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory cor...

nuget

No PRs yet

ChakraCore RCE Vulnerability

GHSA-hh3v-5chw-wgh7 CVE-2016-7240 HIGH over 3 years ago

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory cor...

nuget

No PRs yet

ChakraCore RCE Vulnerability

GHSA-p6f4-h6w5-9jmc CVE-2016-7242 HIGH over 3 years ago

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory cor...

nuget

No PRs yet

ChakraCore RCE Vulnerability

GHSA-77qc-gp37-hr26 CVE-2016-7243 HIGH over 3 years ago

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory cor...

nuget

No PRs yet

ChakraCore information disclosure vulnerability

GHSA-93c7-2942-3h47 CVE-2018-8315 MODERATE over 3 years ago

An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine In...

nuget

No PRs yet

Auth0-ASPNET and Auth0-ASPNET-Owin vulnerable to Cross-Site Request Forgery

GHSA-mmhr-3jr7-qj2p CVE-2018-15121 HIGH over 3 years ago

An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 ...

nuget

No PRs yet

Umbraco CMS vulnerable to stored XSS

GHSA-wrrj-r2j4-969w CVE-2018-17256 MODERATE over 3 years ago

Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header ...

nuget

No PRs yet

Denial of service in ASP.NET Core

GHSA-6px8-22w5-w334 CVE-2019-0564 HIGH over 3 years ago

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." Thi...

nuget

No PRs yet

Exposure of Sensitive Information in System.Net.Http

GHSA-2xjx-v99w-gqf3 CVE-2019-0545 HIGH over 3 years ago

An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configur...

nuget

No PRs yet

Improper Input Validation in .Net Framework API's

GHSA-x5qj-9vmx-7g6g CVE-2019-0657 MODERATE over 3 years ago

A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofin...

nuget

No PRs yet

DNN XSS Vulnerability

GHSA-m6w9-8cxc-jff7 CVE-2018-14486 MODERATE over 3 years ago

DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.

nuget

No PRs yet

jQuery vulnerable to Cross-Site Scripting (XSS)

GHSA-579v-mp3v-rrw5 CVE-2011-4969 MODERATE over 3 years ago

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arb...

npm nuget

No PRs yet

ChakraCore RCE Vulnerability

GHSA-qfcq-4vv7-9mq7 CVE-2017-11911 HIGH over 3 years ago

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the curren...

nuget

No PRs yet

ChakraCore vulnerable to privilege escalation due to exposure from scriptFunction

GHSA-8r5c-8v97-g7vh CVE-2017-11914 HIGH over 3 years ago

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the ...

nuget

No PRs yet

ChakraCore vulnerable to remote code execution

GHSA-9qpf-v72j-j9qh CVE-2017-11909 HIGH over 3 years ago

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the curren...

nuget

No PRs yet

ChakraCore vulnerable to remote code execution

GHSA-c6r3-ghjw-hgrj CVE-2017-11893 HIGH over 3 years ago

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the con...

nuget

No PRs yet

curl FTP path confusion leads to NIL byte out of bounds write

GHSA-674j-7m97-j2p9 CVE-2018-1000120 CRITICAL over 3 years ago

curl can be coerced into writing a zero byte out of bounds. This bug can trigger when curl is told to work on an FTP URL, with the setting to only...

nuget

No PRs yet

CoreFTP Directory Traversal

GHSA-w393-h95m-f879 CVE-2019-9648 MODERATE over 3 years ago

An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command a...

nuget

No PRs yet

ChakraCore information disclosure vulnerability

GHSA-w3qr-8v4r-592m CVE-2018-8452 MODERATE over 3 years ago

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka "Scr...

nuget

No PRs yet

ChakraCore Security Bypass

GHSA-wg47-6cqc-q52j CVE-2018-8276 MODERATE over 3 years ago

A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka "S...

nuget

No PRs yet

ChakraCore information disclosure vulnerability

GHSA-xphq-3x6q-q2qq CVE-2018-8145 HIGH over 3 years ago

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with in...

nuget

No PRs yet

ChakraCore RCE Vulnerability

GHSA-fv8m-p45w-gf38 CVE-2018-0818 HIGH over 3 years ago

Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a tar...

nuget

No PRs yet

Cross-origin Resource Sharing bypass in ASP.NET Core

GHSA-3rp6-rjw4-cq39 CVE-2017-8700 HIGH over 3 years ago

ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted con...

nuget

No PRs yet

Denial of service in ASP.NET Core

GHSA-f9jc-rrm2-pmfg CVE-2017-11883 HIGH over 3 years ago

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by i...

nuget

No PRs yet

ChakraCore vulnerable to privilege escalation

GHSA-c79v-2rjq-965m CVE-2017-11767 CRITICAL over 3 years ago

ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects...

nuget

No PRs yet

Improper Limitation of a Pathname to a Restricted Directory in SharpZipLib

GHSA-cqj4-m2pc-v9m5 CVE-2018-1002208 MODERATE over 3 years ago

SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip ...

nuget

No PRs yet

ChakraCore Memory Corruption Vulnerability

GHSA-qxmj-3c5h-546c CVE-2019-0861 HIGH over 3 years ago

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra S...

nuget

No PRs yet

ChakraCore Memory Corruption Vulnerability

GHSA-fv87-p7qr-xh5x CVE-2019-0860 HIGH over 3 years ago

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra S...

nuget

No PRs yet

ChakraCore Memory Corruption Vulnerability

GHSA-5rq3-9wc9-m9c3 CVE-2019-0829 HIGH over 3 years ago

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra S...

nuget

No PRs yet

ChakraCore RCE Vulnerability

GHSA-hg36-rmmm-hc5r CVE-2019-0806 HIGH over 3 years ago

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra S...

nuget

No PRs yet

ChakraCore RCE Vulnerability

GHSA-2mmc-5phj-4wjj CVE-2019-0810 HIGH over 3 years ago

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra S...

nuget

No PRs yet

ChakraCore RCE Vulnerability

GHSA-rpfg-xf88-cq5r CVE-2019-0812 HIGH over 3 years ago

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra S...

nuget

No PRs yet

Chakra JIT server Privilege Escalation

GHSA-6c6r-39cv-x5fq CVE-2019-0649 HIGH over 3 years ago

A vulnerability exists in Microsoft Chakra JIT server, aka 'Scripting Engine Elevation of Privileges Vulnerability'.

nuget

No PRs yet

ChakraCore information disclosure vulnerability

GHSA-wwfw-m54g-gv72 CVE-2019-0648 MODERATE over 3 years ago

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with in...

nuget

No PRs yet