118 matches found
CVE-2020-1147
CVE-2020-1147 affects the .NET Framework, SharePoint Server, and Visual Studio. The root cause is improper handling of XML input, specifically a failure to validate the source markup during deserialization, which can lead to remote code execution. The vulnerability is characterized by the ability...
CVE-2023-36792
CVE-2023-36792 is a Windows-only Visual Studio/.NET remote code execution vulnerability. Root cause: Microsoft.DiaSymReader.Native.amd64.dll mishandles corrupted PDB files, enabling RCE. Affected: .NET 6.0 and .NET 7.0 runtimes (applications) prior to patched versions. Patched versions: .NET 6.0....
CVE-2023-36793
CVE-2023-36793 is a Microsoft .NET/Visual Studio remote code execution vulnerability. It stems from Microsoft.DiaSymReader.Native.amd64.dll reading a corrupted PDB file, affecting Windows systems. Affected: .NET 7.0 up to 7.0.10 and .NET 6.0 up to 6.0.21. Patched versions: .NET 7.0.11 and .NET 6....
CVE-2023-36794
CVE-2023-36794 is a Visual Studio/.NET remote code execution vulnerability. Affects Windows applications using Microsoft.DiaSymReader.Native.amd64.dll when reading corrupted PDB files, potentially enabling code execution. Affected: .NET 6.0 and .NET 7.0 runtimes and Visual Studio environments; pa...
CVE-2023-36796
CVE-2023-36796 is a .NET Framework RCE vulnerability in DiaSymReader.dll triggered when reading a corrupted PDB file. It affects .NET Framework 3.5 and 4.8.1 on Windows Server/Windows OS configurations described in KB5029918. Mitigation: apply the corresponding cumulative update (KB5029918) or th...
CVE-2025-21172
CVE-2025-21172 is a Microsoft .NET/Visual Studio remote code execution vulnerability. The linked CVE record notes the root cause as an integer overflow and a heap-based overflow in msdia140.dll, yielding a high-impact remote code execution scenario over network; exploitation status is not detaile...
CVE-2020-8927
CVE-2020-8927 is a buffer overflow in the Brotli library prior to 1.0.8 triggered by oversized one-shot decompression requests (copying chunks > 2 GiB), which can crash a target process. Affected: Brotli up to 1.0.7/older builds used by various ecosystems. Root cause: unsafe handling of input ...
CVE-2021-26701
Technical details about CVE-2021-26701 are not publicly provided in the connected documents. No affected products, versions, or remediation are specified here. Monitor for official advisories and updates.
CVE-2023-36759
CVE-2023-36759 is a Visual Studio elevation-of-privilege vulnerability. The available data indicate a LOCAL attack with HIGH impact to confidentiality, integrity, and availability, requiring user interaction and with LOW privileges needed. Affected software spans Microsoft Visual Studio family (i...
CVE-2022-24512
CVE-2022-24512 is an RCE in .NET that affects .NET 6.0, .NET 5.0, and .NET Core 3.1 due to a stack buffer overrun in the Double Parse routine. An attacker could exploit it by sending a specially crafted request over the network to execute code on the target. Remediation per connected docs: upgrad...
CVE-2024-43590
CVE-2024-43590 is a local elevation-of-privilege vulnerability in the Visual C++ Redistributable Installer. A local attacker with Low privileges could exploit this (UI: none) to gain High confidentiality, integrity, and availability impact, with the attack vector being local and requiring Low pri...
CVE-2022-23267
CVE-2022-23267 is a .NET Denial of Service vulnerability. The connected sources describe a DoS arising from a crafted HttpClient request that can exhaust memory and impact .NET/ASP.NET/Visual Studio environments. The IBM RPA bulletin lists CVE-2022-23267 as part of multiple vulnerabilities with r...
CVE-2022-29117
CVE-2022-29117 is described as a denial-of-service vulnerability in Microsoft ASP.NET and Visual Studio. The entry notes a network-exploit path with no authentication required, leading to an availability impact (CVE-2022-29117) with CVSS v3.1 base score 7.5 (HIGH) and CVSS v2.0 base score 5.0 (PA...
CVE-2024-28929
CVE-2024-28929 affects the Microsoft ODBC Driver for SQL Server. Public advisories and update docs show a remote code execution vulnerability in the ODBC driver family, with attackers potentially bypassing authentication and executing arbitrary commands. Remediation is to install the security upd...
CVE-2021-24112
CVE-2021-24112 is a .NET Core remote-code-execution vulnerability that arises when parsing certain graphics inputs (notably involving libgdiplus) on non‑Windows systems (MacOS/Linux). Public documents describe exploitation leading to arbitrary code execution and provide concrete remediation paths...
CVE-2023-21808
CVE-2023-21808 is a remote code execution vulnerability in .NET and Visual Studio related to how debugging symbols are read. Connected sources confirm affected products include .NET 6.0/7.0 runtimes and SDKs and Visual Studio components, with the root cause in the handling of symbol files (debug ...
CVE-2022-29145
CVE-2022-29145 is a .NET denial-of-service vulnerability. The GitHub advisory (GHSA-fcg8-mg9g-6hc4) states exploitation via parsing HTML forms can cause DoS in .NET 6.0, .NET 5.0, and .NET Core 3.1. Affected versions include .NET Core 3.1 (3.1.24 and earlier), .NET 5.0 (5.0.16 and earlier), and ....
CVE-2019-1349
CVE-2019-1349 concerns a remote code execution vulnerability in Git for Visual Studio caused by improper input sanitization. The connected documents corroborate that this CVE is distinct from other CVEs in the same family and tie the issue to Git for Visual Studio, noting an impact of remote code...
CVE-2019-1352
CVE-2019-1352 is a remote code execution vulnerability described as arising when Git for Visual Studio improperly sanitizes input. The connected Astra Linux advisory notes a libgit2-based issue (path.c handling of NTFS Alternate Data Streams) that is similar to CVE-2019-1352, and other advisories...
CVE-2022-24464
CVE-2022-24464 is a denial-of-service vulnerability affecting Microsoft ASP.NET Core and Visual Studio components. Multiple connected sources describe a DoS condition triggered by certain inputs, with public scoring indicating a high impact (CVSSv3.1: 7.5, network attack, no authentication, avail...
CVE-2024-28931
CVE-2024-28931 affects the Microsoft ODBC Driver for SQL Server. The vulnerability enables remote code execution with network access and requires no privileges, with user interaction reportedly involved per CVSS metrics. The CVE is addressed by updates across ODBC Driver versions; example fixes i...
CVE-2022-35827
CVE-2022-35827 is a Visual Studio remote code execution vulnerability affecting multiple Visual Studio releases (e.g., 2012 Update 5, 2013 Update 5, 2015 Update 3) via the VSGraphics component. Microsoft update pages (KB5016314/KB5016315/KB5016316) describe security updates with specific hotfix f...
CVE-2022-24513
CVE-2022-24513 is a Visual Studio elevation-of-privilege vulnerability with a LOCAL attack vector, exploitation requiring LOW privileges, and HIGH impact on confidentiality, integrity, and availability per CVSSv3. Connected sources confirm this CVE is discussed in Microsoft advisories and securit...
CVE-2023-24897
CVE-2023-24897 covers a .NET/.NET Framework/Visual Studio Remote Code Execution vulnerability. Public advisories attribute the flaw to the MSDIA SDK (causing heap overflow due to corrupted PDBs) and enable RCE under certain conditions. Affected products include .NET 6/7 runtimes and corresponding...
CVE-2023-36897
CVE-2023-36897 is a spoofing vulnerability in the Visual Studio Tools for Office (VSTO) Runtime. It can allow impersonation of another user and is tied to Office/VSTO deployments. Evidence from multiple sources (MSRC/KB5029497, Nessus plugin, NCSC advisory) indicates the issue affects VSTO runtim...
CVE-2020-1108
CVE-2020-1108 affects Microsoft .NET Core and .NET Framework; a denial-of-service can be caused by improper handling of incoming web requests. The IBM security bulletin (referencing IBM X-Force) lists a base score of 7.5 (HIGH) and notes the vulnerability affects IBM Robotic Process Automation pr...
CVE-2024-28930
CVE-2024-28930 affects the Microsoft ODBC Driver for SQL Server. The vulnerability is a remote code execution issue in the ODBC driver components that can be exploited over a network with no privileges and requires user interaction (per CVSS metrics in the initial document). The linked updates co...
CVE-2024-20656
CVE-2024-20656 is a Microsoft Visual Studio elevation-of-privilege vulnerability. Public sources indicate it stems from how Diagnostics Hub Standard Collector handles data operations, enabling a local attacker to gain SYSTEM privileges when exploiting Visual Studio components. The vulnerability i...
CVE-2024-28937
CVE-2024-28937 is a remote code execution vulnerability in Microsoft ODBC Driver for SQL Server. The connected documentation confirms the issue affects the Microsoft ODBC Driver for SQL Server and is addressed by updates in the April 2024 security releases. The issue is exploitable over a network...
CVE-2022-30184
CVE-2022-30184 is a .NET/Visual Studio information-disclosure vulnerability. Connected sources confirm it targets Microsoft software via improper input validation, enabling a local attacker to obtain sensitive information when processing crafted content. The CVSSv3.1 base score is 5.5 (AV:L/AC:L/...
CVE-2019-1354
Technical details for CVE-2019-1354 are not publicly provided in the supplied documents; monitor for updates.
CVE-2024-28933
CVE-2024-28933 is a Remote Code Execution vulnerability in Microsoft ODBC Driver for SQL Server. The connected sources confirm an in-the-wild risk surfaced by the ODBC driver family (drivers v17 and v18) used with SQL Server clients. The issue is described as a remote code execution vulnerability...
CVE-2024-28936
CVE-2024-28936 : A Remote Code Execution vulnerability in the Microsoft ODBC Driver for SQL Server. Affects the Microsoft ODBC Driver for SQL Server components; the issue is fixed by Microsoft inApril 2024 security updates for SQL Server ODBC Driver 17.x (e.g., 17.10.6.1) and 18.x (e.g., 18.3.3.1...
CVE-2020-1416
CVE-2020-1416 is the Visual Studio and Visual Studio Code Elevation of Privilege vulnerability. The issue arises when these products load software dependencies, allowing a local attacker who can plant malicious content to execute arbitrary code with the user’s privileges. Microsoft’s advisory sta...
CVE-2019-1350
Technical details about CVE-2019-1350 are not publicly available in the provided documents. Monitor for updates and forthcoming advisories.
CVE-2022-41032
IBM Robotic Process Automation for Cloud Pak is affected by CVE-2022-41032 (Microsoft NuGet Client elevation of privilege). The advisory links this vulnerability to the base container images and recommends updating IBM RPA for Cloud Pak to 21.0.6 or higher to remediate. The bulletin lists CVE-202...
CVE-2021-26423
CVE-2021-26423 is a .NET Core/ASP.NET DoS vulnerability described as a denial of service in WebSocket frame processing. The primary documentation identifies affected software as .NET Core and Visual Studio (Denial of Service Vulnerability) with network-based exposure and low attack complexity. Co...
CVE-2021-34485
CVE-2021-34485 is a .NET Core information disclosure vulnerability. The root cause is that crash-dump files created by the tool (for crash dumps and on-demand dumps) could be written with world-readable permissions on Linux/macOS, enabling local attackers to read sensitive dump data. Affected sof...
CVE-2023-28299
CVE-2023-28299 is the Visual Studio Spoofing Vulnerability. Connected sources indicate this affects Microsoft Visual Studio tooling and related components, with the NCSC entry mapping CVE-2023-28299 to an impersonation (spoofing) impact and noting PoCs exist for several related CVEs. The vulnerab...
CVE-2021-41355
CVE-2021-41355 is discussed across connected advisories, with concrete detail from MiracleLinux AXSA-2021-2473:12: dotnet5.0-5.0.208-1.el8.ML.1 is affected and the vulnerability is that System.DirectoryServices.Protocols.LdapConnection can transmit credentials in plaintext if the TLS handshake fa...
CVE-2022-38013
CVE-2022-38013 is a .NET Denial of Service vulnerability affecting .NET Core and related components across multiple Linux distributions. The connected documents reference updates and security fixes for various package families (e.g., ALT Linux packages dotnet-bootstrap, dotnet-aspnetcore, dotnet-...
CVE-2022-24767
CVE-2022-24767 affects Git for Windows prior to 2.35.2, where the uninstaller is vulnerable to DLL hijacking when executed under the SYSTEM account. Root cause: uninstaller loads a malicious DLL from a user-writable path, enabling potential arbitrary code execution or compromise of the host as de...
CVE-2021-31204
CVE-2021-31204 affects .NET Core/.NET 5.x components. Multiple connected advisories describe an elevation-of-privilege vulnerability in .NET 5.0 and .NET Core 3.1 when a user runs a single-file application on Linux/macOS, allowing privilege escalation. Upstream fixes exist: Runtime/SDK updates to...
CVE-2021-34532
Technical details for CVE-2021-34532 are not publicly provided in the supplied documents. Monitor for updates from the referenced advisories and vendor security guidance.
CVE-2022-21986
CVE-2022-21986 is a .NET Denial of Service vulnerability in the Kestrel web server. The issue arises when processing certain HTTP/2 and HTTP/3 requests, enabling remote network-based DoS with low attack complexity. Affected products include .NET 6.0 up to 6.0.1 and .NET 5.0 up to 5.0.13. Remediat...
CVE-2019-1351
CVE-2019-1351 refers to a tampering vulnerability in Git for Visual Studio, caused by improper handling of virtual drive paths. The available documents explicitly identify the issue as a tampering vulnerability and name the affected component, but they do not provide exploit details, affected ver...
CVE-2021-31957
The CVE-2021-31957 issue is an ASP.NET Core Denial of Service vulnerability. It affects ASP.NET Core apps when handling client disconnects, allowing remote attackers to trigger a DoS without authentication. Affected platforms include .NET 5.0 and .NET Core 3.1 runtimes. The advisory states that e...
CVE-2023-36042
CVE-2023-36042 is a Microsoft .NET Framework-related Denial of Service vulnerability. Connected sources show that multiple monthly security updates (KB5034276/KB5034274/KB5034275/KB5033920–KB5033910 family) address this issue across Windows 10/11, Azure Stack HCI, and server variants by applying ...
CVE-2024-28934
CVE-2024-28934 refers to a remote code execution vulnerability in the Microsoft ODBC Driver for SQL Server. The connected MS update advisories confirm fixes in the ODBC Driver components: Driver 17 (SQL Server ODBC Driver 17) updated to build 17.10.6.1 and Driver 18 updated to build 18.3.3.1, add...
CVE-2021-42277
Technical details about CVE-2021-42277 are not provided in the connected documents; only generic vulnerability labels and references are available. Monitor for official advisories or CVE records for affected products, fixes, and mitigations.