CVSS: 7.8EPSS: 8%CPEs: 5EXPL: 0CVE-2024-38095 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-38095
09 Jul 2024 — .NET and Visual Studio Denial of Service Vulnerability Vulnerabilidad de denegación de servicio en .NET y Visual Studio A vulnerability was found in dotNET when Parsing X.509 Content and ObjectIdentifiers. This issue can lead to a denial of service attack. It was discovered that .NET did not properly handle object deserialization. An attacker could possibly use this issue to cause a denial of service. Radek Zikmund discovered that .NET did not properly manage memory. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38095 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 5%CPEs: 5EXPL: 0CVE-2024-30105 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-30105
09 Jul 2024 — .NET Core and Visual Studio Denial of Service Vulnerability Vulnerabilidad de denegación de servicio en .NET Core y Visual Studio .NET and Visual Studio Denial of Service Vulnerability A vulnerability was found in .NET. This issue can cause a denial of service in the System.Text.Json deserialization. It was discovered that .NET did not properly handle object deserialization. An attacker could possibly use this issue to cause a denial of service. Radek Zikmund discovered that .NET did not properly manage mem... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30105 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.1EPSS: 2%CPEs: 5EXPL: 0CVE-2024-35264 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-35264
09 Jul 2024 — .NET and Visual Studio Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de .NET y Visual Studio A vulnerability was found in dotNET when parsing ASP.NET Core 8. This issue can lead to a denial of service attack. It was discovered that .NET did not properly handle object deserialization. An attacker could possibly use this issue to cause a denial of service. Radek Zikmund discovered that .NET did not properly manage memory. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 18%CPEs: 6EXPL: 0CVE-2024-21404 – .NET Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-21404
13 Feb 2024 — .NET Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de .NET A denial of service vulnerability exists in .NET applications with OpenSSL support when parsing X509 certificates. The issue arises from inadequate validation of user-supplied input in .NET. This flaw allows a remote attacker to trigger a denial of service (DoS) attack by providing specially crafted input. Brennan Conroy discovered that .NET with SignalR did not properly handle malicious clients. An attacker could possibly... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21404 • CWE-400: Uncontrolled Resource Consumption CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 10%CPEs: 6EXPL: 0CVE-2024-21386 – .NET Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-21386
13 Feb 2024 — .NET Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de .NET A denial of service vulnerability is present in the .NET applications utilizing SignalR, which a malicious client can exploit. The issue arises from inadequate validation of user-supplied input in .NET. This flaw allows a remote attacker to trigger a denial of service (DoS) attack by providing specially crafted input. Brennan Conroy discovered that .NET with SignalR did not properly handle malicious clients. An attacker co... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 2%CPEs: 10EXPL: 0CVE-2024-21319 – Microsoft Identity Denial of service vulnerability
https://notcve.org/view.php?id=CVE-2024-21319
09 Jan 2024 — Microsoft Identity Denial of service vulnerability Vulnerabilidad de denegación de servicio de identidad de Microsoft A Denial of Service vulnerability was found in .NET Core project templates that utilize JWT-based authentication tokens. This issue may allow an unauthenticated client to consume arbitrarily large amounts of server memory, potentially triggering an out-of-memory condition on the server and making the server no longer able to respond to legitimate requests. Vishal Mishra and Anita Gaud discov... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 27%CPEs: 6EXPL: 1CVE-2024-20656 – Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-20656
09 Jan 2024 — Visual Studio Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Visual Studio • https://github.com/Wh04m1001/CVE-2024-20656 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 8%CPEs: 75EXPL: 0CVE-2024-0057 – NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-0057
09 Jan 2024 — NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability Vulnerabididad en NET, .NET Framework y Visual Studio Security Feature Bypass A security feature bypass vulnerability exists when Microsoft .NET Framework-based applications use X.509 chain building APIs but do not completely validate the X.509 certificate due to a logic flaw. An attacker could present an arbitrary untrusted certificate with malformed signatures, triggering a bug in the framework. The framework will correctly repor... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057 • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •
CVSS: 8.7EPSS: 0%CPEs: 77EXPL: 0CVE-2024-0056 – Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-0056
09 Jan 2024 — Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability Vulnerabilidad de omisión de característica de seguridad del proveedor de datos SQL de Microsoft.Data.SqlClient y System.Data.SqlClient A vulnerability was found in the .NET Framework. This vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attackercan perform an AiTM (adversary-in-the-middle) attack between the SQL client and the SQL server. This ... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056 • CWE-319: Cleartext Transmission of Sensitive Information CWE-420: Unprotected Alternate Channel •
CVSS: 8.2EPSS: 29%CPEs: 14EXPL: 0CVE-2023-36038 – ASP.NET Core Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-36038
14 Nov 2023 — ASP.NET Core Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de ASP.NET Core • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36038 • CWE-400: Uncontrolled Resource Consumption •