CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2022-41032 – NuGet Client Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-41032
11 Oct 2022 — NuGet Client Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en el cliente NuGet A vulnerability was found in dotnet. This flaw allows an attacker to triage a NuGet cache poisoning on Linux via a world-writable cache directory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions a... • https://github.com/ethomson/cve-2022-41032 • CWE-269: Improper Privilege Management CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 10.0EPSS: 1%CPEs: 7EXPL: 0CVE-2022-35777 – Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-35777
09 Aug 2022 — Visual Studio Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota en Visual Studio. Este ID de CVE es diferente de CVE-2022-35825, CVE-2022-35826, CVE-2022-35827 • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777 •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2022-30184 – .NET and Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-30184
15 Jun 2022 — .NET and Visual Studio Information Disclosure Vulnerability Una Vulnerabilidad de Divulgación de Información en .NET y Visual Studio .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.420 and .NET Runtime 3.1.26. Issues addressed include a password leak vulnerability. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMP34G53EA2DBTBLFOAQCDZRRENE2EA2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-29145 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-29145
10 May 2022 — .NET and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET y Visual Studio. Este ID de CVE es diferente de CVE-2022-23267, CVE-2022-29117 A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New ve... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO • CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2022-23267 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-23267
10 May 2022 — .NET and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET y Visual Studio. Este ID de CVE es diferente de CVE-2022-29117, CVE-2022-29145 A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs an... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24513 – Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-24513
15 Apr 2022 — Visual Studio Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Visual Studio This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Visual Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the VSIX Auto Update task. The issue results from the lack of proper validation of user-supplied data, which can... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24513 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-24767
https://notcve.org/view.php?id=CVE-2022-24767
12 Apr 2022 — GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account. GitHub: El desinstalador de Git para Windows es vulnerable al secuestro de DLL cuando se ejecuta bajo la cuenta de usuario SYSTEM • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24767 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-24512 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-24512
09 Mar 2022 — .NET and Visual Studio Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota en .NET y Visual Studio A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2022-24464 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-24464
09 Mar 2022 — .NET and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET y Visual Studio A flaw was found in .NET Core, related to the FormPipeReader. This issue allows remote unauthenticated attackers to cause a denial of service. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated version... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464 • CWE-1173: Improper Use of Validation Framework •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-21986 – .NET Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-21986
09 Feb 2022 — .NET Denial of Service Vulnerability Una Vulnerabilidad de Denegación de Servicio en .NET A vulnerability was found in dotnet’s ASP.NET Core Krestel when pooling HTTP/2 and HTTP/3 headers. This flaw allows a remote, unauthenticated attacker to cause a denial of service. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21986 • CWE-770: Allocation of Resources Without Limits or Throttling •