25 matches found
CVE-2024-0057
CVE-2024-0057 is a security feature bypass in components used by .NET Framework-based apps when building X.509 chains. The root cause is a logic flaw that can cause the framework to report a failed chain build but return an incorrect reason code, which may lead an application to treat an untruste...
CVE-2020-8927
CVE-2020-8927 is a buffer overflow in the Brotli library prior to 1.0.8 triggered by oversized one-shot decompression requests (copying chunks > 2 GiB), which can crash a target process. Affected: Brotli up to 1.0.7/older builds used by various ecosystems. Root cause: unsafe handling of input ...
CVE-2022-24512
CVE-2022-24512 is an RCE in .NET that affects .NET 6.0, .NET 5.0, and .NET Core 3.1 due to a stack buffer overrun in the Double Parse routine. An attacker could exploit it by sending a specially crafted request over the network to execute code on the target. Remediation per connected docs: upgrad...
CVE-2025-21171
CVE-2025-21171 is a remote code execution vulnerability in .NET 9.0 affecting multiple runtime packages (e.g., Microsoft.NetCore.App.Runtime.*) prior to 9.0.1. The issue allows an attacker to exploit by sending a crafted request to the vulnerable web server, potentially compromising affected host...
CVE-2022-23267
CVE-2022-23267 is a .NET Denial of Service vulnerability. The connected sources describe a DoS arising from a crafted HttpClient request that can exhaust memory and impact .NET/ASP.NET/Visual Studio environments. The IBM RPA bulletin lists CVE-2022-23267 as part of multiple vulnerabilities with r...
CVE-2024-21392
CVE-2024-21392 affects .NET 7.0 and .NET 8.0 runtimes where specially crafted requests may trigger a resource leak, causing a Denial of Service. Affected versions include .NET 7.0 up to 7.0.16 and .NET 8.0 up to 8.0.2; patched versions are 7.0.17 and 8.0.3, respectively. The issue also impacts mu...
CVE-2024-21409
CVE-2024-21409 is described in the provided documents as a .NET family remote code execution vulnerability affecting .NET/.NET Framework and related SDKs. Concrete details in connected sources indicate affected products/versions include .NET Core/.NET SDKs prior to 6.0.29, 7.0.18, or 8.0.4, with ...
CVE-2024-26190
CVE-2024-26190 : Microsoft QUIC (MsQuic) server component is affected by a denial-of-service vulnerability caused by a memory leak that can be triggered by multiple decodes, leading to memory exhaustion. The entry’s CVSSv3.1 base score is 7.5 (HIGH) with network attack vector, no authentication, ...
CVE-2023-21538
CVE-2023-21538 is a .NET Denial of Service vulnerability affecting .NET 6.0 (and related runtimes/sdks) engineered to cause a stack overflow via specially crafted input. Public details in the connected IBM and security advisories confirm a remote-denial-of-service impact when processing invalid r...
CVE-2020-1108
CVE-2020-1108 affects Microsoft .NET Core and .NET Framework; a denial-of-service can be caused by improper handling of incoming web requests. The IBM security bulletin (referencing IBM X-Force) lists a base score of 7.5 (HIGH) and notes the vulnerability affects IBM Robotic Process Automation pr...
CVE-2022-26788
No concrete technical details about CVE-2022-26788 are provided in the connected documents. The initial entry only notes a PowerShell Elevation of Privilege vulnerability; monitor for updates in public advisories.
CVE-2021-41355
CVE-2021-41355 is discussed across connected advisories, with concrete detail from MiracleLinux AXSA-2021-2473:12: dotnet5.0-5.0.208-1.el8.ML.1 is affected and the vulnerability is that System.DirectoryServices.Protocols.LdapConnection can transmit credentials in plaintext if the TLS handshake fa...
CVE-2025-30399
CVE-2025-30399 is a Remote Code Execution vulnerability described as an untrusted search path in .NET and Visual Studio that allows an attacker to execute code over the network by placing files in specific locations. Connected advisories confirm affected runtimes and provide fixes: .NET 8.x runti...
CVE-2022-34716
CVE-2022-34716 is a .NET information-disclosure vulnerability caused by improper XML signature verification in System.Security.Cryptography.Xml.SignedXml (XML external entity injection). It can allow a remote attacker to obtain sensitive information. Affected: .NET Core 3.1 and .NET 6 deployments...
CVE-2024-30045
CVE-2024-30045 is a .NET/Visual Studio Remote Code Execution vulnerability caused by a stack buffer overrun in the Double Parse routine. It affects .NET 7.0 up to 7.0.18 and .NET 8.0 up to 8.0.4; patched versions are 7.0.19 and 8.0.5 ( Microsoft/MSRC advisory; GHSA entry lists affected packages a...
CVE-2022-41076
Technical details for CVE-2022-41076 are not publicly available in the provided documents. Monitor for updates; no affected product/version or remediation details are given here.
CVE-2023-36013
CVE-2023-36013 is a PowerShell information-disclosure vulnerability with a CVSS v3.1 base score 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Several connected advisories document affected environments and versions. In macOS (Photon/Tenable Nessus NASL entries), Microsoft PowerShell 7.2.x is vulnera...
CVE-2022-41121
CVE-2022-41121 is a Windows Graphics Component Elevation of Privilege vulnerability with a CVSS v3.1 base score of 7.8 (HIGH), requiring LOCAL access with LOW privileges and no user interaction. The available descriptions identify the affected component as Windows Graphics Component but provide n...
CVE-2020-0951
The CVE-2020-0951 issue is a security feature bypass in Windows Defender Application Control (WDAC). The vulnerability could allow an attacker with local admin access to bypass WDAC enforcement and execute PowerShell commands that WDAC would normally block. Exploitation requires an administrator ...
CVE-2021-43896
CVE-2021-43896 corresponds to Microsoft PowerShell Spoofing Vulnerability. Multiple connected sources confirm this as a PowerShell spoofing issue affecting PowerShell products; affected component is PowerShell, with confirmed remediation via upgraded packages (for example, Mariner entries note fi...
CVE-2025-25004
CVE-2025-25004 affects Microsoft PowerShell. The connected documents corroborate a local privilege escalation vulnerability due to improper access control, enabling an authorized attacker to obtain elevated privileges on the host. The advisory entries (including NCSC-2025-0313) assign CVSS v3.1/3...
CVE-2018-8327
CVE-2018-8327 — Microsoft PowerShell Editor Services RCE . A remote code execution vulnerability affects PowerShell Editor, PowerShell Extension, and PowerShell Editor Services. The root cause is improper handling of local connections in PowerShell Editor Services, allowing an attacker to run arb...
CVE-2025-49734
CVE-2025-49734 affects Windows PowerShell. The root cause is an improper restriction of the communication channel to intended endpoints, enabling an authorized local attacker to elevate privileges. The CVE maps to a local privilege escalation with high impact (C:H/I:H/A:H) and requires local acce...
CVE-2026-26171
The entry CVE-2026-26171 describes a .NET Denial of Service vulnerability with a CVSSv3.1 base score of 7.5 (HIGH) and network exposure. Exploitation is possible without user interaction and with no privileges required, affecting availability. The provided reference points to a Microsoft update g...
CVE-2026-26143
The CVE-2026-26143 entry concerns Improper input validation in Microsoft PowerShell that allows a local attacker to bypass a security feature. The advisory set shows affected software as Microsoft PowerShell with a high impact (MITRE-style: Circumvention of security measure) and a high base score...