CVSS: 7.6EPSS: 5%CPEs: 82EXPL: 0CVE-2023-24936 – .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-24936
14 Jun 2023 — .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability A flaw was found in dotnet. This issue can allow bypass restrictions when deserializing a DataSet or DataTable from XML. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936 •
CVSS: 7.8EPSS: 10%CPEs: 82EXPL: 0CVE-2023-29331 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-29331
14 Jun 2023 — .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.3EPSS: 1%CPEs: 6EXPL: 0CVE-2023-33135 – .NET and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-33135
13 Jun 2023 — .NET and Visual Studio Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33135 •
CVSS: 7.3EPSS: 1%CPEs: 6EXPL: 0CVE-2023-33128 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-33128
13 Jun 2023 — .NET and Visual Studio Remote Code Execution Vulnerability A vulnerability was found in dotnet. This issue may allow remote code execution via source generators that can lead to a crash due to unmanaged heap corruption. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18.... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33128 • CWE-416: Use After Free •
CVSS: 7.3EPSS: 1%CPEs: 6EXPL: 0CVE-2023-33126 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-33126
13 Jun 2023 — .NET and Visual Studio Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33126 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-28260 – .NET DLL Hijacking Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-28260
11 Apr 2023 — .NET DLL Hijacking Remote Code Execution Vulnerability It was discovered that .NET did not properly manage dll files. An attacker could potentially use this issue to execute arbitrary code. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28260 •
CVSS: 7.8EPSS: 1%CPEs: 96EXPL: 0CVE-2023-21808 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21808
14 Feb 2023 — .NET and Visual Studio Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21538 – .NET Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-21538
10 Jan 2023 — .NET Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de .NET A vulnerability was found in dotnet. This flaw occurs when parsing an empty HTTP response as a JSON.NET JObject that causes a stack overflow and crashes a process. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21538 • CWE-121: Stack-based Buffer Overflow CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 14%CPEs: 11EXPL: 1CVE-2022-41032 – NuGet Client Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-41032
11 Oct 2022 — NuGet Client Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en el cliente NuGet A vulnerability was found in dotnet. This flaw allows an attacker to triage a NuGet cache poisoning on Linux via a world-writable cache directory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions a... • https://github.com/ethomson/cve-2022-41032 • CWE-269: Improper Privilege Management CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 7.8EPSS: 1%CPEs: 11EXPL: 0CVE-2022-38013 – .NET Core and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-38013
13 Sep 2022 — .NET Core and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET Core and Visual Studio .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.109 and Runtime 6.0.9. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY • CWE-400: Uncontrolled Resource Consumption •