CVSS: 7.3EPSS: 32%CPEs: 16EXPL: 1CVE-2024-21409 – .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-21409
09 Apr 2024 — .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en .NET, .NET Framework y Visual Studio • https://github.com/vkairy/cve-2024-21409-repro • CWE-416: Use After Free •
CVSS: 10.0EPSS: 91%CPEs: 11EXPL: 1CVE-2024-29059 – Microsoft .NET Framework Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-29059
22 Mar 2024 — .NET Framework Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de .NET Framework Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution. • https://github.com/codewhitesec/HttpRemotingObjRefLeak • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.8EPSS: 6%CPEs: 14EXPL: 0CVE-2024-26190 – Microsoft QUIC Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-26190
12 Mar 2024 — Microsoft QUIC Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de Microsoft QUIC • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 10%CPEs: 8EXPL: 0CVE-2024-21392 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-21392
12 Mar 2024 — .NET and Visual Studio Denial of Service Vulnerability Vulnerabilidad de denegación de servicio en .NET y Visual Studio A vulnerability was found in dotnet. The YARP HTTP/2 WebSocket support in .NET Core can cause a denial of service (DoS). It was discovered that .NET did not properly handle certain specially crafted requests. An attacker could potentially use this issue to cause a resource leak, leading to a denial of service. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21392 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 18%CPEs: 6EXPL: 0CVE-2024-21404 – .NET Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-21404
13 Feb 2024 — .NET Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de .NET A denial of service vulnerability exists in .NET applications with OpenSSL support when parsing X509 certificates. The issue arises from inadequate validation of user-supplied input in .NET. This flaw allows a remote attacker to trigger a denial of service (DoS) attack by providing specially crafted input. Brennan Conroy discovered that .NET with SignalR did not properly handle malicious clients. An attacker could possibly... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21404 • CWE-400: Uncontrolled Resource Consumption CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 10%CPEs: 6EXPL: 0CVE-2024-21386 – .NET Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-21386
13 Feb 2024 — .NET Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de .NET A denial of service vulnerability is present in the .NET applications utilizing SignalR, which a malicious client can exploit. The issue arises from inadequate validation of user-supplied input in .NET. This flaw allows a remote attacker to trigger a denial of service (DoS) attack by providing specially crafted input. Brennan Conroy discovered that .NET with SignalR did not properly handle malicious clients. An attacker co... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-24682 – Automation Studio and PVI Multiple unquoted service path vulnerabilities
https://notcve.org/view.php?id=CVE-2020-24682
02 Feb 2024 — Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4. Vulnerabilidad de elemento o ruta de búsqueda sin comillas en B&R Industrial Autom... • https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf • CWE-428: Unquoted Search Path or Element •
CVSS: 6.8EPSS: 2%CPEs: 10EXPL: 0CVE-2024-21319 – Microsoft Identity Denial of service vulnerability
https://notcve.org/view.php?id=CVE-2024-21319
09 Jan 2024 — Microsoft Identity Denial of service vulnerability Vulnerabilidad de denegación de servicio de identidad de Microsoft A Denial of Service vulnerability was found in .NET Core project templates that utilize JWT-based authentication tokens. This issue may allow an unauthenticated client to consume arbitrarily large amounts of server memory, potentially triggering an out-of-memory condition on the server and making the server no longer able to respond to legitimate requests. Vishal Mishra and Anita Gaud discov... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 27%CPEs: 37EXPL: 0CVE-2024-21312 – .NET Framework Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-21312
09 Jan 2024 — .NET Framework Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de .NET Framework • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21312 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 8%CPEs: 75EXPL: 0CVE-2024-0057 – NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-0057
09 Jan 2024 — NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability Vulnerabididad en NET, .NET Framework y Visual Studio Security Feature Bypass A security feature bypass vulnerability exists when Microsoft .NET Framework-based applications use X.509 chain building APIs but do not completely validate the X.509 certificate due to a logic flaw. An attacker could present an arbitrary untrusted certificate with malformed signatures, triggering a bug in the framework. The framework will correctly repor... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057 • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •