CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43590 – Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-43590
08 Oct 2024 — Visual C++ Redistributable Installer Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43590 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 3%CPEs: 9EXPL: 0CVE-2024-43485 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-43485
08 Oct 2024 — .NET and Visual Studio Denial of Service Vulnerability A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an [ExtensionData] property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service. Brennan Conroy discovered that the .NET Kestrel web server did not properly handle closing HTTP/3 streams under certain circumstances. An attacker could possibly use this issue to achieve remote code execution. This vulnerability only impa... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43485 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.8EPSS: 4%CPEs: 19EXPL: 0CVE-2024-43484 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-43484
08 Oct 2024 — .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability A flaw was found in dotnet. The System.IO.Packaging library may allow untrusted inputs to influence algorithmically complex operations, resulting in a denial of service. Brennan Conroy discovered that the .NET Kestrel web server did not properly handle closing HTTP/3 streams under certain circumstances. An attacker could possibly use this issue to achieve remote code execution. This vulnerability only impacted Ubuntu 22.04 LTS and Ubunt... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43484 • CWE-407: Inefficient Algorithmic Complexity CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 7.8EPSS: 3%CPEs: 19EXPL: 0CVE-2024-43483 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-43483
08 Oct 2024 — .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability A flaw was found in dotnet. The System.Security.Cryptography.Cose, System.IO.Packaging and System.Runtime.Caching components may be exposed to hostile input, making them susceptible to hash flooding attacks, resulting in denial of service. Brennan Conroy discovered that the .NET Kestrel web server did not properly handle closing HTTP/3 streams under certain circumstances. An attacker could possibly use this issue to achieve remote code ... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43483 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43601 – Visual Studio Code for Linux Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43601
08 Oct 2024 — Visual Studio Code for Linux Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43601 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2024-38229 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38229
08 Oct 2024 — .NET and Visual Studio Remote Code Execution Vulnerability A flaw was found in dotnet. When closing an HTTP/3 stream while application code is writing to the response body, a race condition can cause a use-after-free. Brennan Conroy discovered that the .NET Kestrel web server did not properly handle closing HTTP/3 streams under certain circumstances. An attacker could possibly use this issue to achieve remote code execution. This vulnerability only impacted Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38229 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 3%CPEs: 4EXPL: 0CVE-2024-38168 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-38168
13 Aug 2024 — .NET and Visual Studio Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38168 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2024-38167 – .NET and Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-38167
13 Aug 2024 — .NET and Visual Studio Information Disclosure Vulnerability A flaw was found in the .NET platform. This issue may lead to the disclosure of sensitive information via TlsStream. It was discovered that .NET suffered from an information disclosure vulnerability. An attacker could potentially use this issue to read targeted email messages. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38167 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 8%CPEs: 5EXPL: 0CVE-2024-38095 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-38095
09 Jul 2024 — .NET and Visual Studio Denial of Service Vulnerability Vulnerabilidad de denegación de servicio en .NET y Visual Studio A vulnerability was found in dotNET when Parsing X.509 Content and ObjectIdentifiers. This issue can lead to a denial of service attack. It was discovered that .NET did not properly handle object deserialization. An attacker could possibly use this issue to cause a denial of service. Radek Zikmund discovered that .NET did not properly manage memory. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38095 • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 15EXPL: 0CVE-2024-38081 – .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-38081
09 Jul 2024 — .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •