CVSS: 7.8EPSS: 4%CPEs: 19EXPL: 0CVE-2024-43484 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-43484
08 Oct 2024 — .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability A flaw was found in dotnet. The System.IO.Packaging library may allow untrusted inputs to influence algorithmically complex operations, resulting in a denial of service. Brennan Conroy discovered that the .NET Kestrel web server did not properly handle closing HTTP/3 streams under certain circumstances. An attacker could possibly use this issue to achieve remote code execution. This vulnerability only impacted Ubuntu 22.04 LTS and Ubunt... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43484 • CWE-407: Inefficient Algorithmic Complexity CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 7.8EPSS: 3%CPEs: 19EXPL: 0CVE-2024-43483 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-43483
08 Oct 2024 — .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability A flaw was found in dotnet. The System.Security.Cryptography.Cose, System.IO.Packaging and System.Runtime.Caching components may be exposed to hostile input, making them susceptible to hash flooding attacks, resulting in denial of service. Brennan Conroy discovered that the .NET Kestrel web server did not properly handle closing HTTP/3 streams under certain circumstances. An attacker could possibly use this issue to achieve remote code ... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43483 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.3EPSS: 0%CPEs: 15EXPL: 0CVE-2024-38081 – .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-38081
09 Jul 2024 — .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 91%CPEs: 11EXPL: 1CVE-2024-29059 – Microsoft .NET Framework Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-29059
22 Mar 2024 — .NET Framework Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de .NET Framework Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution. • https://github.com/codewhitesec/HttpRemotingObjRefLeak • CWE-209: Generation of Error Message Containing Sensitive Information •