15 matches found
CVE-2025-21171
CVE-2025-21171 is a remote code execution vulnerability in .NET 9.0 affecting multiple runtime packages (e.g., Microsoft.NetCore.App.Runtime.*) prior to 9.0.1. The issue allows an attacker to exploit by sending a crafted request to the vulnerable web server, potentially compromising affected host...
CVE-2022-23267
CVE-2022-23267 is a .NET Denial of Service vulnerability. The connected sources describe a DoS arising from a crafted HttpClient request that can exhaust memory and impact .NET/ASP.NET/Visual Studio environments. The IBM RPA bulletin lists CVE-2022-23267 as part of multiple vulnerabilities with r...
CVE-2024-21409
CVE-2024-21409 is described in the provided documents as a .NET family remote code execution vulnerability affecting .NET/.NET Framework and related SDKs. Concrete details in connected sources indicate affected products/versions include .NET Core/.NET SDKs prior to 6.0.29, 7.0.18, or 8.0.4, with ...
CVE-2024-21392
CVE-2024-21392 affects .NET 7.0 and .NET 8.0 runtimes where specially crafted requests may trigger a resource leak, causing a Denial of Service. Affected versions include .NET 7.0 up to 7.0.16 and .NET 8.0 up to 8.0.2; patched versions are 7.0.17 and 8.0.3, respectively. The issue also impacts mu...
CVE-2024-26190
CVE-2024-26190 : Microsoft QUIC (MsQuic) server component is affected by a denial-of-service vulnerability caused by a memory leak that can be triggered by multiple decodes, leading to memory exhaustion. The entry’s CVSSv3.1 base score is 7.5 (HIGH) with network attack vector, no authentication, ...
CVE-2023-21538
CVE-2023-21538 is a .NET Denial of Service vulnerability affecting .NET 6.0 (and related runtimes/sdks) engineered to cause a stack overflow via specially crafted input. Public details in the connected IBM and security advisories confirm a remote-denial-of-service impact when processing invalid r...
CVE-2020-1108
CVE-2020-1108 affects Microsoft .NET Core and .NET Framework; a denial-of-service can be caused by improper handling of incoming web requests. The IBM security bulletin (referencing IBM X-Force) lists a base score of 7.5 (HIGH) and notes the vulnerability affects IBM Robotic Process Automation pr...
CVE-2025-30399
CVE-2025-30399 is a Remote Code Execution vulnerability described as an untrusted search path in .NET and Visual Studio that allows an attacker to execute code over the network by placing files in specific locations. Connected advisories confirm affected runtimes and provide fixes: .NET 8.x runti...
CVE-2022-26788
No concrete technical details about CVE-2022-26788 are provided in the connected documents. The initial entry only notes a PowerShell Elevation of Privilege vulnerability; monitor for updates in public advisories.
CVE-2022-41121
CVE-2022-41121 is a Windows Graphics Component Elevation of Privilege vulnerability with a CVSS v3.1 base score of 7.8 (HIGH), requiring LOCAL access with LOW privileges and no user interaction. The available descriptions identify the affected component as Windows Graphics Component but provide n...
CVE-2020-0951
The CVE-2020-0951 issue is a security feature bypass in Windows Defender Application Control (WDAC). The vulnerability could allow an attacker with local admin access to bypass WDAC enforcement and execute PowerShell commands that WDAC would normally block. Exploitation requires an administrator ...
CVE-2025-25004
CVE-2025-25004 affects Microsoft PowerShell. The connected documents corroborate a local privilege escalation vulnerability due to improper access control, enabling an authorized attacker to obtain elevated privileges on the host. The advisory entries (including NCSC-2025-0313) assign CVSS v3.1/3...
CVE-2026-26171
The entry CVE-2026-26171 describes a .NET Denial of Service vulnerability with a CVSSv3.1 base score of 7.5 (HIGH) and network exposure. Exploitation is possible without user interaction and with no privileges required, affecting availability. The provided reference points to a Microsoft update g...
CVE-2026-26143
The CVE-2026-26143 entry concerns Improper input validation in Microsoft PowerShell that allows a local attacker to bypass a security feature. The advisory set shows affected software as Microsoft PowerShell with a high impact (MITRE-style: Circumvention of security measure) and a high base score...
CVE-2025-49734
CVE-2025-49734 affects Windows PowerShell. The root cause is an improper restriction of the communication channel to intended endpoints, enabling an authorized local attacker to elevate privileges. The CVE maps to a local privilege escalation with high impact (C:H/I:H/A:H) and requires local acce...