CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2022-30184 – .NET and Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-30184
15 Jun 2022 — .NET and Visual Studio Information Disclosure Vulnerability Una Vulnerabilidad de Divulgación de Información en .NET y Visual Studio .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.420 and .NET Runtime 3.1.26. Issues addressed include a password leak vulnerability. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMP34G53EA2DBTBLFOAQCDZRRENE2EA2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24513 – Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2022-24513
15 Apr 2022 — Visual Studio Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Visual Studio This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Visual Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the VSIX Auto Update task. The issue results from the lack of proper validation of user-supplied data, which can... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24513 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-21986 – .NET Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-21986
09 Feb 2022 — .NET Denial of Service Vulnerability Una Vulnerabilidad de Denegación de Servicio en .NET A vulnerability was found in dotnet’s ASP.NET Core Krestel when pooling HTTP/2 and HTTP/3 headers. This flaw allows a remote, unauthenticated attacker to cause a denial of service. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21986 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-34532 – ASP.NET Core and Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-34532
12 Aug 2021 — ASP.NET Core and Visual Studio Information Disclosure Vulnerability Una Vulnerabilidad de Divulgación de Información en ASP.NET Core y Visual Studio .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.118 and .NET Runtime 3.1.18. Issues addressed include a denial of service vulnerability. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34532 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0CVE-2021-26423 – .NET Core and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-26423
12 Aug 2021 — .NET Core and Visual Studio Denial of Service Vulnerability Una Vulnerabilidad de Denegación de Servicio en .NET Core y Visual Studio An infinite loop error was found in ASP.NET when processing WebSocket frames. The exploitation of this issue can cause high CPU resource consumption. The highest threat from this vulnerability is to system availability. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versio... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26423 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 5%CPEs: 6EXPL: 0CVE-2021-31957 – ASP.NET Core Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-31957
08 Jun 2021 — ASP.NET Core Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en ASP.NET A flaw was found in dotnet. The way client disconnects are handled can allow a remote, unauthenticated attacker to exploit this vulnerability to cause a denial of service against an ASP.NET Core application. The highest threat from this vulnerability is to system availability. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR i... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 4%CPEs: 9EXPL: 0CVE-2021-31204 – .NET and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-31204
11 May 2021 — .NET and Visual Studio Elevation of Privilege Vulnerability Una vulnerabilidad de Escalada de Privilegios de .NET y Visual Studio A flaw was found in dotnet. A .NET Core single-file application running with elevated permissions could allow an attacker to gain elevated privileges. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it in... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F3VM3RMPE7PNNLLI3BPCSAXITQZCFCA • CWE-273: Improper Check for Dropped Privileges •