123 matches found
CVE-2024-28933
CVE-2024-28933 is a Remote Code Execution vulnerability in Microsoft ODBC Driver for SQL Server. The connected sources confirm an in-the-wild risk surfaced by the ODBC driver family (drivers v17 and v18) used with SQL Server clients. The issue is described as a remote code execution vulnerability...
CVE-2023-24895
CVE-2023-24895 is a .NET Framework/Visual Studio remote code execution vulnerability due to improper input validation. It is listed with a CVSS v3 base score of 7.8 (HIGH), vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The connected sources identify CVE-2023-24895 as an Improper Input Vali...
CVE-2024-28936
CVE-2024-28936 : A Remote Code Execution vulnerability in the Microsoft ODBC Driver for SQL Server. Affects the Microsoft ODBC Driver for SQL Server components; the issue is fixed by Microsoft inApril 2024 security updates for SQL Server ODBC Driver 17.x (e.g., 17.10.6.1) and 18.x (e.g., 18.3.3.1...
CVE-2022-41032
IBM Robotic Process Automation for Cloud Pak is affected by CVE-2022-41032 (Microsoft NuGet Client elevation of privilege). The advisory links this vulnerability to the base container images and recommends updating IBM RPA for Cloud Pak to 21.0.6 or higher to remediate. The bulletin lists CVE-202...
CVE-2022-38013
CVE-2022-38013 is a .NET Denial of Service vulnerability affecting .NET Core and related components across multiple Linux distributions. The connected documents reference updates and security fixes for various package families (e.g., ALT Linux packages dotnet-bootstrap, dotnet-aspnetcore, dotnet-...
CVE-2024-35264
CVE-2024-35264 is a remote code execution vulnerability in .NET/ASP.NET Core 8.0 related to Data Corruption in Kestrel HTTP/3 that affects multiple ASP.NET Core runtime packages. According to the Microsoft GHSA advisory, affected ASP.NET Core runtimes (e.g., Microsoft.AspNetCore.App.Runtime.* for...
CVE-2023-28299
CVE-2023-28299 is the Visual Studio Spoofing Vulnerability. Connected sources indicate this affects Microsoft Visual Studio tooling and related components, with the NCSC entry mapping CVE-2023-28299 to an impersonation (spoofing) impact and noting PoCs exist for several related CVEs. The vulnerab...
CVE-2024-43484
Summary of CVE-2024-43484 and related context : The connected documents corroborate a denial-of-service vulnerability affecting .NET/Visual Studio components, attributed to algorithmic complexity in both System.IO.Packaging (CVE-2024-43484) and related areas such as System.Text.Json (CVE-2024-434...
CVE-2023-36042
CVE-2023-36042 is a Microsoft .NET Framework-related Denial of Service vulnerability. Connected sources show that multiple monthly security updates (KB5034276/KB5034274/KB5034275/KB5033920–KB5033910 family) address this issue across Windows 10/11, Azure Stack HCI, and server variants by applying ...
CVE-2022-21986
CVE-2022-21986 is a .NET Denial of Service vulnerability in the Kestrel web server. The issue arises when processing certain HTTP/2 and HTTP/3 requests, enabling remote network-based DoS with low attack complexity. Affected products include .NET 6.0 up to 6.0.1 and .NET 5.0 up to 5.0.13. Remediat...
CVE-2023-36038
CVE-2023-36038 is an ASP.NET Core Denial of Service vulnerability affecting ASP.NET Core on .NET 8 (including RC1) with IIS InProcess hosting. The issue can cause a DoS by cancelling HTTP requests, potentially increasing thread counts and leading to OutOfMemoryException and service availability i...
CVE-2022-24767
CVE-2022-24767 affects Git for Windows prior to 2.35.2, where the uninstaller is vulnerable to DLL hijacking when executed under the SYSTEM account. Root cause: uninstaller loads a malicious DLL from a user-writable path, enabling potential arbitrary code execution or compromise of the host as de...
CVE-2024-30045
CVE-2024-30045 is a .NET/Visual Studio Remote Code Execution vulnerability caused by a stack buffer overrun in the Double Parse routine. It affects .NET 7.0 up to 7.0.18 and .NET 8.0 up to 8.0.4; patched versions are 7.0.19 and 8.0.5 ( Microsoft/MSRC advisory; GHSA entry lists affected packages a...
CVE-2024-28934
CVE-2024-28934 refers to a remote code execution vulnerability in the Microsoft ODBC Driver for SQL Server. The connected MS update advisories confirm fixes in the ODBC Driver components: Driver 17 (SQL Server ODBC Driver 17) updated to build 17.10.6.1 and Driver 18 updated to build 18.3.3.1, add...
CVE-2023-33170
CVE-2023-33170 is a security feature bypass in Microsoft SharePoint Server. A race condition could allow a remote attacker to bypass access controls, impacting confidentiality, integrity and availability. The IBM bulletin (CVE-2023-33170) links the issue to Microsoft.AspNetCore.Identity usage in ...
CVE-2023-35391
CVE-2023-35391 affects Microsoft ASP.NET Core SignalR and Visual Studio, exposing sensitive information through the ASP.NET Core SignalR backplane (e.g., Redis backplane) in affected .NET/ASP.NET Core deployments. Connected sources specify that exploitation involves information disclosure via Sig...
CVE-2023-35390
CVE-2023-35390 affects Microsoft .NET Core and Visual Studio runtimes used by IBM Robotic Process Automation for Cloud Pak. The IBM security bulletin confirms remote code execution via a user‑vectored payload: persuading a victim to open a specially crafted file could allow arbitrary code executi...
CVE-2023-33128
CVE-2023-33128 is a .NET/Visual Studio Remote Code Execution vulnerability. IBM’s bulletin ties it to Remote Code Execution via crafted input (Source Generators issue) and unmanaged heap corruption, requiring an authenticated user. Affected: Microsoft .NET/Visual Studio; impact: arbitrary code ex...
CVE-2024-28932
CVE-2024-28932 is a remote code execution vulnerability in Microsoft ODBC Driver for SQL Server. Connected sources confirm the issue affects the ODBC Driver family and is addressed by Microsoft security updates. Specifically, security updates KB5037570/KB5037571 cover ODBC Driver 17 for SQL Serve...
CVE-2024-38229
CVE-2024-38229 describes a remote code execution vulnerability in .NET/Visual Studio caused by a race condition when closing an HTTP/3 stream, leading to use-after-free in affected components. Public references indicate impacted products include .NET and ASP.NET stack (including self-contained de...
CVE-2024-43485
CVE-2024-43485 is a denial-of-service vulnerability in Microsoft .NET and Visual Studio. The IBM security bulletins corroborate the CVE and specify version-specific remediation: IBM Robotic Process Automation and IBM/Instana-related products are advised to upgrade to fixed releases (e.g., IBM Rob...
CVE-2023-32032
CVE-2023-32032 is a .NET and Visual Studio elevation-of-privilege vulnerability. The root cause is an improper handling in TarFile.ExtractToDirectory where the extraction directory argument is ignored, enabling an attacker with limited privileges to bypass intended file placement. The vulnerabili...
CVE-2023-33126
CVE-2023-33126 is a .NET/Visual Studio vulnerability that could lead to remote code execution during crash/stack-trace scenarios. Microsoft’s advisory lists affected runtimes and patched versions: .NET 7.0.x up to 7.0.5 (update to 7.0.7), .NET 6.x up to 6.0.117 (update to 6.0.18). Affected packag...
CVE-2024-28935
CVE-2024-28935 pertains to the Microsoft ODBC Driver for SQL Server. It is a Remote Code Execution vulnerability in the ODBC Driver component. The public record indicates an RCE vulnerability with CVSSv3 base score 8.8 (Network, high impact, user interaction required). Microsoft’s April 2024 secu...
CVE-2024-28938
CVE-2024-28938 corresponds to a Remote Code Execution vulnerability in Microsoft ODBC Driver for SQL Server. The issue affects the ODBC Driver family (notably components used by SQL Server clients) and is tied to improper handling that could permit arbitrary code execution. Microsoft has released...
CVE-2026-32177
CVE-2026-32177 is a heap-based buffer overflow in the .NET Framework that enables local privilege escalation. The issue is described across multiple sources as affecting the .NET Framework components in versions 3.5 and 4.8.1, with impact described as unauthorized elevation of privileges locally ...
CVE-2022-35777
CVE-2022-35777 is a Visual Studio remote code execution vulnerability affecting the VSGraphics component. Connected sources (KB/MSRC/NVD) identify it as a Fbx File parser Heap overflow vulnerability within Visual Studio product lines, with references listing affected versions (including VS 2012 U...
CVE-2023-33135
Technical details for CVE-2023-33135 are not provided in the supplied documents. Connected sources reference this CVE but do not disclose affected products, root cause, impact, or fixes. Monitor for updates from Microsoft and security advisories.
CVE-2023-38178
Summary: CVE-2023-38178 is a remote Denial of Service vulnerability in .NET Core/Visual Studio (notably affecting .NET 7.0 up to 7.0.9 and .NET 6 with HTTP/3 support). Connected advisories provide concrete mitigations and patched versions: for .NET 7.0, upgrade to 7.0.10 (and corresponding Runtim...
CVE-2025-24070
The CVE describes a weak authentication issue in ASP.NET Core and Visual Studio that could allow elevation of privilege via calls to RefreshSignInAsync with an improperly authenticated user parameter. Affected software includes ASP.NET Core apps using Microsoft.AspNetCore.Identity (affected versi...
CVE-2023-21815
CVE-2023-21815 is a Visual Studio remote code execution vulnerability. The connected Microsoft KB entries state it exists in Visual Studio 2013 Update 5 and is caused by improper handling of debug information, enabling remote code execution. The updated security fixes (KB5026610 for VS2013 Update...
CVE-2024-30046
CVE-2024-30046 is a denial-of-service vulnerability in Microsoft’s .NET/ASP.NET Core stack caused by a deadlock in Microsoft.AspNetCore.Server.Kestrel.Core.dll, leading to service unavailability. Connected advisories indicate the issue affects ASP.NET Core runtimes and associated Microsoft.AspNet...
CVE-2023-28296
CVE-2023-28296 is a Microsoft Visual Studio remote code execution vulnerability with multiple affected products (Visual Studio 2022/2019, .NET components, and Visual Studio Code). The root cause is not explicitly detailed here, but the CVSSv3.1 scores it as a high-severity, locally exploitable is...
CVE-2025-21178
Technical details about CVE-2025-21178 are not publicly provided in the connected documents. No affected product/version/root cause/impact are specified here. Monitor for updates from MSRC/MSKB and other sources for concrete details and patch information.
CVE-2023-33127
CVE-2023-33127 is a .NET/Visual Studio Elevation of Privilege and remote code execution vulnerability. Public docs indicate exploitation arises via the diagnostic server to achieve cross-session/user code execution. Affected software includes .NET 6.0 and 7.0 runtimes and corresponding Visual Stu...
CVE-2025-55248
CVE-2025-55248 is an information-disclosure vulnerability in the .NET ecosystem (affecting .NET 8.0/9.0 runtimes) caused by insufficient encryption, enabling an authorized network attacker to access leaked data. The issue is discussed in Microsoft and ENISA/ALMAS advisories, which indicate affect...
CVE-2025-26646
The CVE-2025-26646 entry relates to External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio, enabling spoofing over a network. Connected sources specify affected stack as .NET/Visual Studio tooling and provide concrete patch lines: for .NET 8.0, mitigations...
CVE-2022-35826
CVE-2022-35826 is a Visual Studio remote code execution vulnerability affecting multiple Visual Studio versions through the VSGraphics component, with Microsoft’s August 2022 updates addressing CVE-2022-35826 alongside related CVEs (e.g., 35825, 35777, 35827). The Microsoft advisories describe an...
CVE-2023-33139
CVE-2023-33139 describes an Information Disclosure vulnerability in Microsoft Visual Studio, tied to the VSGraphics component. Public disclosures indicate affected VS versions range from Visual Studio 2013 Update 5 through newer updates, with MSKB entries (KB5026454/KB5026455) outlining hotfixes ...
CVE-2023-23381
CVE-2023-23381 is a Visual Studio remote code execution vulnerability. Connected documents confirm this CVE is referenced in Microsoft security updates for multiple Visual Studio versions (e.g., VS2013 Update 5 and VS2015 Update 3) with patches/KB articles available (KB5026610, KB5025792). The KB...
CVE-2023-28262
CVE-2023-28262 is a Microsoft Visual Studio elevation of privilege vulnerability. Several connected sources (e.g., NCSC advisories) confirm a privilege-escalation flaw affecting multiple Visual Studio products, including various Visual Studio versions (e.g., 2017/2019/2022 lines) and Visual Studi...
CVE-2022-35825
Technical details about CVE-2022-35825 are not publicly provided in the supplied documents. No explicit affected product version, root cause, or remediation is described here. Monitor for official updates from Microsoft and security advisories.
CVE-2023-21566
CVE-2023-21566 is a Visual Studio elevation-of-privilege vulnerability. The linked documents describe insufficient access restrictions in Visual Studio that can allow a local attacker with low privileges to escalate to higher privileges (obtaining increased entitlements). Exploitation is local an...
CVE-2024-38167
CVE-2024-38167 is a .NET 8.0 information disclosure vulnerability in the TlsStream path. Connected advisories confirm affected software are .NET 8 runtimes/SDKs and related packages; vulnerable versions are 8.0.0 through 8.0.7, with a patched release at 8.0.8 (and related OS/packaged updates). Th...
CVE-2021-43877
CVE-2021-43877 is an elevation-of-privilege vulnerability reported for ASP.NET Core (and Visual Studio) . The primary sources in the connected documents identify it by title as an “Elevation of Privilege” issue without providing explicit technical details in the text here. NVD data in the initial...
CVE-2024-38168
CVE-2024-38168 is a Windows-only Denial of Service vulnerability in .NET and ASP.NET/HTTP.sys affecting .NET 8.0 runtimes prior to 8.0.8 (and related ASP.NET packages). The issue arises when an unauthenticated client sends requests that trigger the HTTP.sys DoS condition. Microsoft’s advisory lis...
CVE-2025-26682
CVE-2025-26682 affects ASP.NET Core and Visual Studio components. The root cause is Allocation of resources without limits or throttling, allowing an unauthorized network attacker to cause a Denial of Service. The issue is referenced across multiple advisories (e.g., NVD/MSRC/MS Knowledge Base) a...
CVE-2025-53773
CVE-2025-53773 describes a command-injection-based remote code execution risk in GitHub Copilot and Visual Studio. The root cause is improper neutralization of elements in prompts/config that Copilot can read and act on, potentially allowing an attacker to cause Copilot to modify project configur...
CVE-2024-43603
CVE-2024-43603 is a Denial of Service vulnerability in the Visual Studio Diagnostics Hub Standard Collector (Visual Studio Collector Service). The MS security update description confirms a DoS in Diagnostics Hub Standard Collector when handling certain file operations. Remediations are provided v...
CVE-2022-41119
CVE-2022-41119 concerns Microsoft Visual Studio Remote Code Execution. Connected sources describe it as a Visual Studio vulnerability leading to arbitrary code execution, attributed to insufficient input validation in Visual Studio and affecting multiple VS versions (including 2017/2019 and 2022 ...