Safeguard
Topic

Vulnerability Analysis

In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.

568 articles

Vulnerability Analysis

CVE-2019-1075: Denial of service in .NET Core

CVE-2019-1075 is a 2019 denial-of-service flaw in .NET Core that let unauthenticated attackers crash web apps with crafted requests. Here's what to know.

Sep 20, 20257 min read
Vulnerability Analysis

CVE-2020-0602: Denial of service in ASP.NET Core

A denial of service flaw in ASP.NET Core 3.0/3.1, patched January 2020. Unauthenticated, network-exploitable, high-severity impact on availability.

Sep 19, 20258 min read
Vulnerability Analysis

CVE-2020-1045: Security feature bypass in ASP.NET Core

CVE-2020-1045 lets attackers bypass CORS protections in ASP.NET Core apps. Here's what's affected, the risk context, and how to remediate it for good.

Sep 19, 20258 min read
Vulnerability Analysis

CVE-2021-26701: Remote code execution in .NET Core

CVE-2021-26701 is a 2021 .NET Core remote code execution flaw tied to text encoding. Here's what was affected, how it was patched, and how to stay protected.

Sep 19, 20257 min read
Vulnerability Analysis

CVE-2022-29117: Regular expression denial of service in .NET

CVE-2022-29117 is a regular expression denial-of-service vulnerability in .NET that lets attackers exhaust CPU with crafted input. Here's what to patch and why.

Sep 19, 20258 min read
Vulnerability Analysis

CVE-2022-29145: Denial of service in .NET SignalR/Network...

CVE-2022-29145 is a High-severity DoS flaw in .NET's networking stack affecting ASP.NET Core and SignalR. Here's the scope, timeline, and how to remediate it.

Sep 18, 20257 min read
Vulnerability Analysis

CVE-2022-29148: Denial of service in .NET Kestrel HTTP stack

CVE-2022-21986 is a CVSS 7.5 denial-of-service flaw in .NET Kestrel's HTTP/2 and HTTP/3 handling. Here's what's affected and how to remediate it.

Sep 18, 20257 min read
Vulnerability Analysis

CVE-2022-38013: Denial of service in .NET via crafted req...

A denial-of-service flaw in .NET, CVE-2022-38013, let attackers crash apps with crafted requests. Here is what is affected, the risk, and how to remediate it.

Sep 18, 20257 min read
Vulnerability Analysis

CVE-2023-29331: Remote code execution in .NET via crafted...

CVE-2023-29331 lets a crafted .NET assembly trigger remote code execution during loading. Here's what's affected, the severity context, and how to remediate it.

Sep 18, 20258 min read
Vulnerability Analysis

CVE-2023-33170: Denial of service in .NET SocketsHttpHandler

A memory-allocation flaw in .NET's SocketsHttpHandler (CVE-2022-23267) let malicious HTTP responses trigger denial of service in HttpClient-based apps.

Sep 17, 20258 min read
Vulnerability Analysis

CVE-2023-36799: Denial of service in .NET Core

CVE-2023-36799 is a denial-of-service flaw in the .NET runtime powering .NET Core-descended apps. Here's what's affected and how to remediate it.

Sep 17, 20257 min read
Vulnerability Analysis

CVE-2024-0056: Security bypass in Microsoft.Data.SqlClient

CVE-2024-0056 lets attackers bypass TLS protections in Microsoft.Data.SqlClient/System.Data.SqlClient. Affected versions, remediation, and masking as defense in depth.

Sep 17, 20257 min read
Vulnerability Analysis (Page 40) — Supply Chain Security Blog | Safeguard