CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 0CVE-2022-23267 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-23267
10 May 2022 — .NET and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET y Visual Studio. Este ID de CVE es diferente de CVE-2022-29117, CVE-2022-29145 A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs an... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24513 – Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-24513
15 Apr 2022 — Visual Studio Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Visual Studio This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Visual Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the VSIX Auto Update task. The issue results from the lack of proper validation of user-supplied data, which can... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24513 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-24767
https://notcve.org/view.php?id=CVE-2022-24767
12 Apr 2022 — GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account. GitHub: El desinstalador de Git para Windows es vulnerable al secuestro de DLL cuando se ejecuta bajo la cuenta de usuario SYSTEM • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24767 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2020-8927 – Buffer overflow in Brotli library
https://notcve.org/view.php?id=CVE-2020-8927
15 Sep 2020 — A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. Se presenta un desbordamiento del búfer en la biblioteca Brotli ... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-130: Improper Handling of Length Parameter Inconsistency •