Vulnerability Analysis
In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.
568 articles
CVE-2019-1075: Denial of service in .NET Core
CVE-2019-1075 is a 2019 denial-of-service flaw in .NET Core that let unauthenticated attackers crash web apps with crafted requests. Here's what to know.
CVE-2020-0602: Denial of service in ASP.NET Core
A denial of service flaw in ASP.NET Core 3.0/3.1, patched January 2020. Unauthenticated, network-exploitable, high-severity impact on availability.
CVE-2020-1045: Security feature bypass in ASP.NET Core
CVE-2020-1045 lets attackers bypass CORS protections in ASP.NET Core apps. Here's what's affected, the risk context, and how to remediate it for good.
CVE-2021-26701: Remote code execution in .NET Core
CVE-2021-26701 is a 2021 .NET Core remote code execution flaw tied to text encoding. Here's what was affected, how it was patched, and how to stay protected.
CVE-2022-29117: Regular expression denial of service in .NET
CVE-2022-29117 is a regular expression denial-of-service vulnerability in .NET that lets attackers exhaust CPU with crafted input. Here's what to patch and why.
CVE-2022-29145: Denial of service in .NET SignalR/Network...
CVE-2022-29145 is a High-severity DoS flaw in .NET's networking stack affecting ASP.NET Core and SignalR. Here's the scope, timeline, and how to remediate it.
CVE-2022-29148: Denial of service in .NET Kestrel HTTP stack
CVE-2022-21986 is a CVSS 7.5 denial-of-service flaw in .NET Kestrel's HTTP/2 and HTTP/3 handling. Here's what's affected and how to remediate it.
CVE-2022-38013: Denial of service in .NET via crafted req...
A denial-of-service flaw in .NET, CVE-2022-38013, let attackers crash apps with crafted requests. Here is what is affected, the risk, and how to remediate it.
CVE-2023-29331: Remote code execution in .NET via crafted...
CVE-2023-29331 lets a crafted .NET assembly trigger remote code execution during loading. Here's what's affected, the severity context, and how to remediate it.
CVE-2023-33170: Denial of service in .NET SocketsHttpHandler
A memory-allocation flaw in .NET's SocketsHttpHandler (CVE-2022-23267) let malicious HTTP responses trigger denial of service in HttpClient-based apps.
CVE-2023-36799: Denial of service in .NET Core
CVE-2023-36799 is a denial-of-service flaw in the .NET runtime powering .NET Core-descended apps. Here's what's affected and how to remediate it.
CVE-2024-0056: Security bypass in Microsoft.Data.SqlClient
CVE-2024-0056 lets attackers bypass TLS protections in Microsoft.Data.SqlClient/System.Data.SqlClient. Affected versions, remediation, and masking as defense in depth.