CVSS: 7.6EPSS: 0%CPEs: 9EXPL: 0CVE-2025-21172 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-21172
14 Jan 2025 — .NET and Visual Studio Remote Code Execution Vulnerability A remote code execution vulnerability was found in .NET. This flaw allows an attacker to load a specially crafted file in .NET. It was discovered that .NET did not properly handle input provided to its Convert.TryToHexString method. An attacker could possibly use this issue to execute arbitrary code. It was discovered that .NET did not properly handle an integer overflow when processing certain specially crafted files. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21178 – Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-21178
14 Jan 2025 — Visual Studio Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21178 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2025-21176 – .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-21176
14 Jan 2025 — .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability A remote code execution vulnerability was found in .NET. This flaw allows an attacker to load a specially crafted file in .NET. It was discovered that .NET did not properly handle input provided to its Convert.TryToHexString method. An attacker could possibly use this issue to execute arbitrary code. It was discovered that .NET did not properly handle an integer overflow when processing certain specially crafted files. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176 • CWE-126: Buffer Over-read •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43603 – Visual Studio Collector Service Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-43603
08 Oct 2024 — Visual Studio Collector Service Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43603 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •