CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-36758 – Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36758
12 Sep 2023 — Visual Studio Elevation of Privilege Vulnerability Vulnerabilidad de Elevación de Privilegios en Visual Studio • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.7EPSS: 1%CPEs: 5EXPL: 0CVE-2023-36759 – Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36759
12 Sep 2023 — Visual Studio Elevation of Privilege Vulnerability Vulnerabilidad de Elevación de Privilegios en Visual Studio • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 56%CPEs: 8EXPL: 0CVE-2023-38180 – Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-38180
08 Aug 2023 — .NET and Visual Studio Denial of Service Vulnerability An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service. It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. Benoit Foucher discovered that .NET did not properly implement the Q... • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 2%CPEs: 6EXPL: 0CVE-2023-35391 – ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-35391
08 Aug 2023 — ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35391 •
CVSS: 7.8EPSS: 10%CPEs: 3EXPL: 0CVE-2023-38178 – .NET Core and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-38178
08 Aug 2023 — .NET Core and Visual Studio Denial of Service Vulnerability It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could possibly use this issue to cause a denial of service. It was discovered that .NET did not properly handle the disconnection of potentially malicious clients interfacing with a... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38178 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 8%CPEs: 5EXPL: 0CVE-2023-35390 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35390
08 Aug 2023 — .NET and Visual Studio Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de .NET y Visual Studio A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution. It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. Benoit Foucher discovered that .NET did not prop... • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.1EPSS: 1%CPEs: 12EXPL: 0CVE-2023-36897 – Visual Studio Tools for Office Runtime Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-36897
08 Aug 2023 — Visual Studio Tools for Office Runtime Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-33170 – ASP.NET and Visual Studio Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-33170
11 Jul 2023 — ASP.NET and Visual Studio Security Feature Bypass Vulnerability A vulnerability was found in dotNET applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords and bypass security restrictions. This flaw allows a remote attacker to bypass security features, causing an impact on confidentiality, integrity, and availability. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and... • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.1EPSS: 2%CPEs: 7EXPL: 0CVE-2023-33127 – .NET and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-33127
11 Jul 2023 — .NET and Visual Studio Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33127 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.8EPSS: 1%CPEs: 86EXPL: 0CVE-2023-24895 – .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-24895
14 Jun 2023 — .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895 •