CVE-2024-38229 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38229
.NET and Visual Studio Remote Code Execution Vulnerability A flaw was found in dotnet. When closing an HTTP/3 stream while application code is writing to the response body, a race condition can cause a use-after-free. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38229 https://access.redhat.com/security/cve/CVE-2024-38229 https://bugzilla.redhat.com/show_bug.cgi?id=2316161 • CWE-416: Use After Free •
CVE-2024-38168 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-38168
.NET and Visual Studio Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38168 • CWE-400: Uncontrolled Resource Consumption •
CVE-2024-38167 – .NET and Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-38167
.NET and Visual Studio Information Disclosure Vulnerability A flaw was found in the .NET platform. This issue may lead to the disclosure of sensitive information via TlsStream. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38167 https://access.redhat.com/security/cve/CVE-2024-38167 https://bugzilla.redhat.com/show_bug.cgi?id=2302428 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2024-38081 – .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-38081
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2024-30046 – Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-30046
Visual Studio Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de Visual Studio A flaw was found in ASP.NET Core. A deadlock condition can be triggered in Http2OutputProducer.Stop(), which may lead to a denial of service. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046 https://access.redhat.com/security/cve/CVE-2024-30046 https://bugzilla.redhat.com/show_bug.cgi?id=2279697 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-833: Deadlock •