CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2024-38229 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38229
08 Oct 2024 — .NET and Visual Studio Remote Code Execution Vulnerability A flaw was found in dotnet. When closing an HTTP/3 stream while application code is writing to the response body, a race condition can cause a use-after-free. Brennan Conroy discovered that the .NET Kestrel web server did not properly handle closing HTTP/3 streams under certain circumstances. An attacker could possibly use this issue to achieve remote code execution. This vulnerability only impacted Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38229 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 3%CPEs: 4EXPL: 0CVE-2024-38168 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-38168
13 Aug 2024 — .NET and Visual Studio Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38168 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2024-38167 – .NET and Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-38167
13 Aug 2024 — .NET and Visual Studio Information Disclosure Vulnerability A flaw was found in the .NET platform. This issue may lead to the disclosure of sensitive information via TlsStream. It was discovered that .NET suffered from an information disclosure vulnerability. An attacker could potentially use this issue to read targeted email messages. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38167 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.3EPSS: 0%CPEs: 15EXPL: 0CVE-2024-38081 – .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-38081
09 Jul 2024 — .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2024-30046 – Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-30046
14 May 2024 — Visual Studio Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de Visual Studio A flaw was found in ASP.NET Core. A deadlock condition can be triggered in Http2OutputProducer.Stop(), which may lead to a denial of service. It was discovered that .NET did not properly handle memory in it's Double Parse routine. An attacker could possibly use this issue to achieve remote code execution. It was discovered that .NET did not properly handle the usage of a shared resource. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-833: Deadlock •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2024-30045 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30045
14 May 2024 — .NET and Visual Studio Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de .NET y Visual Studio A remote code execution vulnerability exists in .NET 7.0 and .NET 8.0. A stack buffer overrun occurs in the .NET Double Parse routine. It was discovered that .NET did not properly handle memory in it's Double Parse routine. An attacker could possibly use this issue to achieve remote code execution. It was discovered that .NET did not properly handle the usage of a shared resource. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30045 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.3EPSS: 32%CPEs: 16EXPL: 1CVE-2024-21409 – .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-21409
09 Apr 2024 — .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en .NET, .NET Framework y Visual Studio • https://github.com/vkairy/cve-2024-21409-repro • CWE-416: Use After Free •
CVSS: 10.0EPSS: 91%CPEs: 11EXPL: 1CVE-2024-29059 – Microsoft .NET Framework Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-29059
22 Mar 2024 — .NET Framework Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de .NET Framework Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution. • https://github.com/codewhitesec/HttpRemotingObjRefLeak • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.8EPSS: 6%CPEs: 14EXPL: 0CVE-2024-26190 – Microsoft QUIC Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-26190
12 Mar 2024 — Microsoft QUIC Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de Microsoft QUIC • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 10%CPEs: 8EXPL: 0CVE-2024-21392 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-21392
12 Mar 2024 — .NET and Visual Studio Denial of Service Vulnerability Vulnerabilidad de denegación de servicio en .NET y Visual Studio A vulnerability was found in dotnet. The YARP HTTP/2 WebSocket support in .NET Core can cause a denial of service (DoS). It was discovered that .NET did not properly handle certain specially crafted requests. An attacker could potentially use this issue to cause a resource leak, leading to a denial of service. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21392 • CWE-400: Uncontrolled Resource Consumption •