120 matches found
CVE-2023-44487
CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...
CVE-2023-38180
CVE-2023-38180 is a .NET/Visual Studio denial-of-service vulnerability (DoS) affecting .NET Core and related components. The CVSSv3.1 vector indicates Network attack, low attack complexity, no privileges required, with no confidentiality/integirty impact but a High availability impact. Moderate-t...
CVE-2024-0056
CVE-2024-0056 affects Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider security feature bypass. CVSS v3.1 base score 8.7 (NETWORK, HIGH impact on confidentiality and integrity, no availability impact) per Microsoft, with CVSS v4 score 8.8 indicating high impact. Descriptions i...
CVE-2024-0057
CVE-2024-0057 is a security feature bypass in components used by .NET Framework-based apps when building X.509 chains. The root cause is a logic flaw that can cause the framework to report a failed chain build but return an incorrect reason code, which may lead an application to treat an untruste...
CVE-2023-28260
CVE-2023-28260 is a .NET DLL Hijacking remote code execution vulnerability. The connected sources identify affected software as .NET 6.0 and .NET 7.0 runtimes/applications, with exploitation arising when a runtime DLL is loaded from an unexpected location. Affected versions include .NET 7.0 up to...
CVE-2023-36799
CVE-2023-36799 is a Denial of Service vulnerability in .NET Core/Visual Studio using .NET Kestrel that could be triggered remotely via crafted content, with an in-wild impact described as availability loss (I: High) and no confidentiality or integrity impact per the CVSS vector. Public advisories...
CVE-2023-36792
CVE-2023-36792 is a Windows-only Visual Studio/.NET remote code execution vulnerability. Root cause: Microsoft.DiaSymReader.Native.amd64.dll mishandles corrupted PDB files, enabling RCE. Affected: .NET 6.0 and .NET 7.0 runtimes (applications) prior to patched versions. Patched versions: .NET 6.0....
CVE-2023-36793
CVE-2023-36793 is a Microsoft .NET/Visual Studio remote code execution vulnerability. It stems from Microsoft.DiaSymReader.Native.amd64.dll reading a corrupted PDB file, affecting Windows systems. Affected: .NET 7.0 up to 7.0.10 and .NET 6.0 up to 6.0.21. Patched versions: .NET 7.0.11 and .NET 6....
CVE-2023-36794
CVE-2023-36794 is a Visual Studio/.NET remote code execution vulnerability. Affects Windows applications using Microsoft.DiaSymReader.Native.amd64.dll when reading corrupted PDB files, potentially enabling code execution. Affected: .NET 6.0 and .NET 7.0 runtimes and Visual Studio environments; pa...
CVE-2023-36796
CVE-2023-36796 is a .NET Framework RCE vulnerability in DiaSymReader.dll triggered when reading a corrupted PDB file. It affects .NET Framework 3.5 and 4.8.1 on Windows Server/Windows OS configurations described in KB5029918. Mitigation: apply the corresponding cumulative update (KB5029918) or th...
CVE-2023-36758
CVE-2023-36758 is a Microsoft Visual Studio related elevation-of-privilege vulnerability. Public sources in the connected documents consistently describe it as a privilege-escalation issue affecting Visual Studio components (and related tooling) with an impact profile of gaining higher privileges...
CVE-2025-55315
CVE-2025-55315 describes an HTTP request/response smuggling flaw in ASP.NET Core caused by inconsistent interpretation of HTTP requests. Affected ASP.NET Core versions include 2.3, 8.0, and 9.0, with high impact to confidentiality and integrity and network-based exploitation. Multiple public expl...
CVE-2025-21172
CVE-2025-21172 is a Microsoft .NET/Visual Studio remote code execution vulnerability. The linked CVE record notes the root cause as an integer overflow and a heap-based overflow in msdia140.dll, yielding a high-impact remote code execution scenario over network; exploitation status is not detaile...
CVE-2023-38171
CVE-2023-38171 — Microsoft QUIC Denial of Service vulnerability is documented in connected advisories (MSRC/GHSA). The issue affects QUIC implementations in Windows environments and can enable a remote attacker to cause a denial-of-service by crafting specific requests to the QUIC component. The ...
CVE-2024-21319
CVE-2024-21319 is a Microsoft Identity Denial-of-Service vulnerability with a network-exposed attack surface (AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). Connected sources describe a DoS pattern via maliciously crafted JWE/JWT payloads that trigger heavy memory/CPU usage during decompression or process...
CVE-2020-8927
CVE-2020-8927 is a buffer overflow in the Brotli library prior to 1.0.8 triggered by oversized one-shot decompression requests (copying chunks > 2 GiB), which can crash a target process. Affected: Brotli up to 1.0.7/older builds used by various ecosystems. Root cause: unsafe handling of input ...
CVE-2024-30105
CVE-2024-30105 affects .NET 8.0 applications (notably involving System.Text.Json) and can cause a Denial of Service when deserializing untrusted input via JsonSerializer.DeserializeAsyncEnumerable. Connected advisories confirm the vulnerability in .NET Core/Visual Studio with DoS conditions and i...
CVE-2023-36759
CVE-2023-36759 is a Visual Studio elevation-of-privilege vulnerability. The available data indicate a LOCAL attack with HIGH impact to confidentiality, integrity, and availability, requiring user interaction and with LOW privileges needed. Affected software spans Microsoft Visual Studio family (i...
CVE-2024-21386
CVE-2024-21386 is a Denial of Service vulnerability in ASP.NET SignalR affecting .NET runtimes across 6.0/7.0/8.0. The issue affects ASP.NET Core implementations using SignalR and is mitigated by updating to patched runtimes: .NET 6.0.27, 7.0.16, and 8.0.2 (with affected package entries listed in...
CVE-2022-24512
CVE-2022-24512 is an RCE in .NET that affects .NET 6.0, .NET 5.0, and .NET Core 3.1 due to a stack buffer overrun in the Double Parse routine. An attacker could exploit it by sending a specially crafted request over the network to execute code on the target. Remediation per connected docs: upgrad...
CVE-2024-43590
CVE-2024-43590 is a local elevation-of-privilege vulnerability in the Visual C++ Redistributable Installer. A local attacker with Low privileges could exploit this (UI: none) to gain High confidentiality, integrity, and availability impact, with the attack vector being local and requiring Low pri...
CVE-2025-21173
CVE-2025-21173 is a .NET Elevation of Privilege vulnerability. Confirmed remediation in connected sources: update to .NET/ASP.NET packages for dotnet8.0, specifically runtime/sdk updates (example: .NET Runtime 8.0.1.12 and related 8.0.x builds) as part of the dotnet8.0 security updates. Amazon Li...
CVE-2025-21171
CVE-2025-21171 is a remote code execution vulnerability in .NET 9.0 affecting multiple runtime packages (e.g., Microsoft.NetCore.App.Runtime.*) prior to 9.0.1. The issue allows an attacker to exploit by sending a crafted request to the vulnerable web server, potentially compromising affected host...
CVE-2024-38095
CVE-2024-38095 is a Microsoft .NET/Visual Studio DoS issue leveraged by a crafted request. IBM Robotic Process Automation (RPA) is affected on both client and server sides. Remediation in IBM advisories: upgrade IBM Robotic Process Automation to 30.0.1 or higher (client/server), and for IBM RPA f...
CVE-2022-23267
CVE-2022-23267 is a .NET Denial of Service vulnerability. The connected sources describe a DoS arising from a crafted HttpClient request that can exhaust memory and impact .NET/ASP.NET/Visual Studio environments. The IBM RPA bulletin lists CVE-2022-23267 as part of multiple vulnerabilities with r...
CVE-2024-43498
CVE-2024-43498 is a remote code execution in .NET/Visual Studio affecting .NET 9.0 via the System.Formats.Nrbf/NrbfDecoder path. The advisory notes an attacker could trigger RCE by sending crafted requests to a vulnerable webapp or loading a crafted file, with a CVSS v3.1 score of 9.8. Remediatio...
CVE-2024-21404
CVE-2024-21404 is a .NET Denial of Service vulnerability (CVSS 3.1: 7.5) with network-based vector and high availability impact. Connected advisories attribute the DoS to components in .NET such as SignalR server and X509Certificate2, and indicate exploitation is possible in affected .NET runtime...
CVE-2022-29117
CVE-2022-29117 is described as a denial-of-service vulnerability in Microsoft ASP.NET and Visual Studio. The entry notes a network-exploit path with no authentication required, leading to an availability impact (CVE-2022-29117) with CVSS v3.1 base score 7.5 (HIGH) and CVSS v2.0 base score 5.0 (PA...
CVE-2024-28929
CVE-2024-28929 affects the Microsoft ODBC Driver for SQL Server. Public advisories and update docs show a remote code execution vulnerability in the ODBC driver family, with attackers potentially bypassing authentication and executing arbitrary commands. Remediation is to install the security upd...
CVE-2024-21392
CVE-2024-21392 affects .NET 7.0 and .NET 8.0 runtimes where specially crafted requests may trigger a resource leak, causing a Denial of Service. Affected versions include .NET 7.0 up to 7.0.16 and .NET 8.0 up to 8.0.2; patched versions are 7.0.17 and 8.0.3, respectively. The issue also impacts mu...
CVE-2024-43499
CVE-2024-43499 is a .NET 9.0 Denial of Service vulnerability impacting the NrbfDecoder component due to incorrect input validation. Affected software includes .NET 9.0 runtime/SDK prior to GA and packages such as System.Formats.Nrbf (
CVE-2023-21808
CVE-2023-21808 is a remote code execution vulnerability in .NET and Visual Studio related to how debugging symbols are read. Connected sources confirm affected products include .NET 6.0/7.0 runtimes and SDKs and Visual Studio components, with the root cause in the handling of symbol files (debug ...
CVE-2024-21409
CVE-2024-21409 is described in the provided documents as a .NET family remote code execution vulnerability affecting .NET/.NET Framework and related SDKs. Concrete details in connected sources indicate affected products/versions include .NET Core/.NET SDKs prior to 6.0.29, 7.0.18, or 8.0.4, with ...
CVE-2023-36049
CVE-2023-36049 affects Microsoft .NET, .NET Framework and Visual Studio, enabling a remote authenticated attacker to gain elevated privileges by injecting commands via the FTP server (elevation of privilege). Public references in connected advisories confirm the vulnerability and provide distribu...
CVE-2022-29145
CVE-2022-29145 is a .NET denial-of-service vulnerability. The GitHub advisory (GHSA-fcg8-mg9g-6hc4) states exploitation via parsing HTML forms can cause DoS in .NET 6.0, .NET 5.0, and .NET Core 3.1. Affected versions include .NET Core 3.1 (3.1.24 and earlier), .NET 5.0 (5.0.16 and earlier), and ....
CVE-2024-26190
CVE-2024-26190 : Microsoft QUIC (MsQuic) server component is affected by a denial-of-service vulnerability caused by a memory leak that can be triggered by multiple decodes, leading to memory exhaustion. The entry’s CVSSv3.1 base score is 7.5 (HIGH) with network attack vector, no authentication, ...
CVE-2023-36558
CVE-2023-36558 affects Microsoft ASP.NET Core and Blazor forms, enabling a security feature bypass that could let an attacker bypass validations in Blazor Server forms. Connected sources confirm the vulnerability and indicate Microsoft and ecosystem advisories exist; remediation is to apply the l...
CVE-2022-24464
CVE-2022-24464 is a denial-of-service vulnerability affecting Microsoft ASP.NET Core and Visual Studio components. Multiple connected sources describe a DoS condition triggered by certain inputs, with public scoring indicating a high impact (CVSSv3.1: 7.5, network attack, no authentication, avail...
CVE-2024-28931
CVE-2024-28931 affects the Microsoft ODBC Driver for SQL Server. The vulnerability enables remote code execution with network access and requires no privileges, with user interaction reportedly involved per CVSS metrics. The CVE is addressed by updates across ODBC Driver versions; example fixes i...
CVE-2022-35827
CVE-2022-35827 is a Visual Studio remote code execution vulnerability affecting multiple Visual Studio releases (e.g., 2012 Update 5, 2013 Update 5, 2015 Update 3) via the VSGraphics component. Microsoft update pages (KB5016314/KB5016315/KB5016316) describe security updates with specific hotfix f...
CVE-2022-24513
CVE-2022-24513 is a Visual Studio elevation-of-privilege vulnerability with a LOCAL attack vector, exploitation requiring LOW privileges, and HIGH impact on confidentiality, integrity, and availability per CVSSv3. Connected sources confirm this CVE is discussed in Microsoft advisories and securit...
CVE-2023-24897
CVE-2023-24897 covers a .NET/.NET Framework/Visual Studio Remote Code Execution vulnerability. Public advisories attribute the flaw to the MSDIA SDK (causing heap overflow due to corrupted PDBs) and enable RCE under certain conditions. Affected products include .NET 6/7 runtimes and corresponding...
CVE-2023-36897
CVE-2023-36897 is a spoofing vulnerability in the Visual Studio Tools for Office (VSTO) Runtime. It can allow impersonation of another user and is tied to Office/VSTO deployments. Evidence from multiple sources (MSRC/KB5029497, Nessus plugin, NCSC advisory) indicates the issue affects VSTO runtim...
CVE-2024-28930
CVE-2024-28930 affects the Microsoft ODBC Driver for SQL Server. The vulnerability is a remote code execution issue in the ODBC driver components that can be exploited over a network with no privileges and requires user interaction (per CVSS metrics in the initial document). The linked updates co...
CVE-2024-20656
CVE-2024-20656 is a Microsoft Visual Studio elevation-of-privilege vulnerability. Public sources indicate it stems from how Diagnostics Hub Standard Collector handles data operations, enabling a local attacker to gain SYSTEM privileges when exploiting Visual Studio components. The vulnerability i...
CVE-2024-28937
CVE-2024-28937 is a remote code execution vulnerability in Microsoft ODBC Driver for SQL Server. The connected documentation confirms the issue affects the Microsoft ODBC Driver for SQL Server and is addressed by updates in the April 2024 security releases. The issue is exploitable over a network...
CVE-2022-30184
CVE-2022-30184 is a .NET/Visual Studio information-disclosure vulnerability. Connected sources confirm it targets Microsoft software via improper input validation, enabling a local attacker to obtain sensitive information when processing crafted content. The CVSSv3.1 base score is 5.5 (AV:L/AC:L/...
CVE-2024-38081
CVE-2024-38081 is a .NET/.NET Framework and Visual Studio elevation of privilege vulnerability (CVSS v3.1: 7.3, LOCAL attacker, LOW attack complexity, user interaction required,Privileges: LOW). Exploitation leads to total impact on confidentiality, integrity and availability as per the Microsoft...
CVE-2024-28933
CVE-2024-28933 is a Remote Code Execution vulnerability in Microsoft ODBC Driver for SQL Server. The connected sources confirm an in-the-wild risk surfaced by the ODBC driver family (drivers v17 and v18) used with SQL Server clients. The issue is described as a remote code execution vulnerability...
CVE-2024-28936
CVE-2024-28936 : A Remote Code Execution vulnerability in the Microsoft ODBC Driver for SQL Server. Affects the Microsoft ODBC Driver for SQL Server components; the issue is fixed by Microsoft inApril 2024 security updates for SQL Server ODBC Driver 17.x (e.g., 17.10.6.1) and 18.x (e.g., 18.3.3.1...