CVSS: 7.8EPSS: 10%CPEs: 3EXPL: 0CVE-2023-38178 – .NET Core and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-38178
08 Aug 2023 — .NET Core and Visual Studio Denial of Service Vulnerability It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could possibly use this issue to cause a denial of service. It was discovered that .NET did not properly handle the disconnection of potentially malicious clients interfacing with a... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38178 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 8%CPEs: 5EXPL: 0CVE-2023-35390 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35390
08 Aug 2023 — .NET and Visual Studio Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de .NET y Visual Studio A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution. It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. Benoit Foucher discovered that .NET did not prop... • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-33170 – ASP.NET and Visual Studio Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-33170
11 Jul 2023 — ASP.NET and Visual Studio Security Feature Bypass Vulnerability A vulnerability was found in dotNET applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords and bypass security restrictions. This flaw allows a remote attacker to bypass security features, causing an impact on confidentiality, integrity, and availability. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and... • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.1EPSS: 2%CPEs: 7EXPL: 0CVE-2023-33127 – .NET and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-33127
11 Jul 2023 — .NET and Visual Studio Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33127 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.8EPSS: 27%CPEs: 80EXPL: 0CVE-2023-32030 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-32030
14 Jun 2023 — .NET and Visual Studio Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32030 •
CVSS: 7.8EPSS: 1%CPEs: 86EXPL: 0CVE-2023-24895 – .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-24895
14 Jun 2023 — .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895 •
CVSS: 7.8EPSS: 1%CPEs: 61EXPL: 0CVE-2023-29326 – .NET Framework Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-29326
14 Jun 2023 — .NET Framework Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29326 •
CVSS: 7.8EPSS: 1%CPEs: 81EXPL: 0CVE-2023-24897 – .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-24897
14 Jun 2023 — .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.6EPSS: 5%CPEs: 82EXPL: 0CVE-2023-24936 – .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-24936
14 Jun 2023 — .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability A flaw was found in dotnet. This issue can allow bypass restrictions when deserializing a DataSet or DataTable from XML. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936 •
CVSS: 7.8EPSS: 10%CPEs: 82EXPL: 0CVE-2023-29331 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-29331
14 Jun 2023 — .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331 • CWE-400: Uncontrolled Resource Consumption •