CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2025-21176 – .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-21176
14 Jan 2025 — .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability A remote code execution vulnerability was found in .NET. This flaw allows an attacker to load a specially crafted file in .NET. It was discovered that .NET did not properly handle input provided to its Convert.TryToHexString method. An attacker could possibly use this issue to execute arbitrary code. It was discovered that .NET did not properly handle an integer overflow when processing certain specially crafted files. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176 • CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 3%CPEs: 9EXPL: 0CVE-2024-43485 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-43485
08 Oct 2024 — .NET and Visual Studio Denial of Service Vulnerability A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an [ExtensionData] property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service. Brennan Conroy discovered that the .NET Kestrel web server did not properly handle closing HTTP/3 streams under certain circumstances. An attacker could possibly use this issue to achieve remote code execution. This vulnerability only impa... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43485 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.8EPSS: 4%CPEs: 19EXPL: 0CVE-2024-43484 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-43484
08 Oct 2024 — .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability A flaw was found in dotnet. The System.IO.Packaging library may allow untrusted inputs to influence algorithmically complex operations, resulting in a denial of service. Brennan Conroy discovered that the .NET Kestrel web server did not properly handle closing HTTP/3 streams under certain circumstances. An attacker could possibly use this issue to achieve remote code execution. This vulnerability only impacted Ubuntu 22.04 LTS and Ubunt... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43484 • CWE-407: Inefficient Algorithmic Complexity CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 7.8EPSS: 3%CPEs: 19EXPL: 0CVE-2024-43483 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-43483
08 Oct 2024 — .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability A flaw was found in dotnet. The System.Security.Cryptography.Cose, System.IO.Packaging and System.Runtime.Caching components may be exposed to hostile input, making them susceptible to hash flooding attacks, resulting in denial of service. Brennan Conroy discovered that the .NET Kestrel web server did not properly handle closing HTTP/3 streams under certain circumstances. An attacker could possibly use this issue to achieve remote code ... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43483 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.3EPSS: 0%CPEs: 15EXPL: 0CVE-2024-38081 – .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-38081
09 Jul 2024 — .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.7EPSS: 1%CPEs: 6EXPL: 1CVE-2024-30052 – Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30052
11 Jun 2024 — Visual Studio Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Visual Studio • https://github.com/ynwarcs/CVE-2024-30052 • CWE-693: Protection Mechanism Failure •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-29060 – Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-29060
11 Jun 2024 — Visual Studio Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Visual Studio • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29060 • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2024-30046 – Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-30046
14 May 2024 — Visual Studio Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de Visual Studio A flaw was found in ASP.NET Core. A deadlock condition can be triggered in Http2OutputProducer.Stop(), which may lead to a denial of service. It was discovered that .NET did not properly handle memory in it's Double Parse routine. An attacker could possibly use this issue to achieve remote code execution. It was discovered that .NET did not properly handle the usage of a shared resource. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-833: Deadlock •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2024-30045 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30045
14 May 2024 — .NET and Visual Studio Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de .NET y Visual Studio A remote code execution vulnerability exists in .NET 7.0 and .NET 8.0. A stack buffer overrun occurs in the .NET Double Parse routine. It was discovered that .NET did not properly handle memory in it's Double Parse routine. An attacker could possibly use this issue to achieve remote code execution. It was discovered that .NET did not properly handle the usage of a shared resource. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30045 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 8%CPEs: 15EXPL: 0CVE-2024-28938 – Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-28938
09 Apr 2024 — Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código del controlador ODBC de Microsoft para SQL Server • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938 • CWE-125: Out-of-bounds Read •