CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43498 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43498
.NET and Visual Studio Remote Code Execution Vulnerability A type confusion vulnerability was found in .NET 9.0 Core in .NET that leads to AV in the .NET Core NrbfDecoder component. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43498 https://access.redhat.com/security/cve/CVE-2024-43498 https://bugzilla.redhat.com/show_bug.cgi?id=2323239 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43499 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-43499
.NET and Visual Studio Denial of Service Vulnerability A vulnerability was found in .NET. Specifically .NET 9.0 Core - DoS - (unbounded work factor) in NrbfDecoder component • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43499 https://access.redhat.com/security/cve/CVE-2024-43499 https://bugzilla.redhat.com/show_bug.cgi?id=2323240 • CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) CWE-606: Unchecked Input for Loop Condition •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43603 – Visual Studio Collector Service Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-43603
Visual Studio Collector Service Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43603 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43590 – Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-43590
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43590 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2024-35272 – SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-35272
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35272 • CWE-122: Heap-based Buffer Overflow •