Lucene search
+L
MicrosoftVisual Studio 2022

123 matches found

CVE
CVE
added 2024/04/09 5:1 p.m.244 views

CVE-2024-28933

CVE-2024-28933 is a Remote Code Execution vulnerability in Microsoft ODBC Driver for SQL Server. The connected sources confirm an in-the-wild risk surfaced by the ODBC driver family (drivers v17 and v18) used with SQL Server clients. The issue is described as a remote code execution vulnerability...

8.8CVSS9AI score0.02415EPSS
CVE
CVE
added 2023/06/14 2:52 p.m.237 views

CVE-2023-24895

CVE-2023-24895 is a .NET Framework/Visual Studio remote code execution vulnerability due to improper input validation. It is listed with a CVSS v3 base score of 7.8 (HIGH), vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The connected sources identify CVE-2023-24895 as an Improper Input Vali...

7.8CVSS7.9AI score0.01058EPSS
CVE
CVE
added 2024/04/09 5:0 p.m.229 views

CVE-2024-28936

CVE-2024-28936 : A Remote Code Execution vulnerability in the Microsoft ODBC Driver for SQL Server. Affects the Microsoft ODBC Driver for SQL Server components; the issue is fixed by Microsoft inApril 2024 security updates for SQL Server ODBC Driver 17.x (e.g., 17.10.6.1) and 18.x (e.g., 18.3.3.1...

8.8CVSS9AI score0.02415EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.226 views

CVE-2022-41032

IBM Robotic Process Automation for Cloud Pak is affected by CVE-2022-41032 (Microsoft NuGet Client elevation of privilege). The advisory links this vulnerability to the base container images and recommends updating IBM RPA for Cloud Pak to 21.0.6 or higher to remediate. The bulletin lists CVE-202...

7.8CVSS7.8AI score0.01057EPSS
CVE
CVE
added 2022/09/13 12:0 a.m.222 views

CVE-2022-38013

CVE-2022-38013 is a .NET Denial of Service vulnerability affecting .NET Core and related components across multiple Linux distributions. The connected documents reference updates and security fixes for various package families (e.g., ALT Linux packages dotnet-bootstrap, dotnet-aspnetcore, dotnet-...

7.5CVSS7.5AI score0.03233EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.222 views

CVE-2024-35264

CVE-2024-35264 is a remote code execution vulnerability in .NET/ASP.NET Core 8.0 related to Data Corruption in Kestrel HTTP/3 that affects multiple ASP.NET Core runtime packages. According to the Microsoft GHSA advisory, affected ASP.NET Core runtimes (e.g., Microsoft.AspNetCore.App.Runtime.* for...

8.1CVSS8.2AI score0.02565EPSS
CVE
CVE
added 2023/04/11 7:13 p.m.219 views

CVE-2023-28299

CVE-2023-28299 is the Visual Studio Spoofing Vulnerability. Connected sources indicate this affects Microsoft Visual Studio tooling and related components, with the NCSC entry mapping CVE-2023-28299 to an impersonation (spoofing) impact and noting PoCs exist for several related CVEs. The vulnerab...

5.5CVSS5.8AI score0.00543EPSS
CVE
CVE
added 2024/10/08 5:35 p.m.217 views

CVE-2024-43484

Summary of CVE-2024-43484 and related context : The connected documents corroborate a denial-of-service vulnerability affecting .NET/Visual Studio components, attributed to algorithmic complexity in both System.IO.Packaging (CVE-2024-43484) and related areas such as System.Text.Json (CVE-2024-434...

7.5CVSS7.6AI score0.02935EPSS
CVE
CVE
added 2023/11/14 5:57 p.m.213 views

CVE-2023-36042

CVE-2023-36042 is a Microsoft .NET Framework-related Denial of Service vulnerability. Connected sources show that multiple monthly security updates (KB5034276/KB5034274/KB5034275/KB5033920–KB5033910 family) address this issue across Windows 10/11, Azure Stack HCI, and server variants by applying ...

6.2CVSS6AI score0.00787EPSS
CVE
CVE
added 2022/02/09 4:36 p.m.210 views

CVE-2022-21986

CVE-2022-21986 is a .NET Denial of Service vulnerability in the Kestrel web server. The issue arises when processing certain HTTP/2 and HTTP/3 requests, enabling remote network-based DoS with low attack complexity. Affected products include .NET 6.0 up to 6.0.1 and .NET 5.0 up to 5.0.13. Remediat...

7.5CVSS7.5AI score0.03739EPSS
CVE
CVE
added 2023/11/14 9:35 p.m.210 views

CVE-2023-36038

CVE-2023-36038 is an ASP.NET Core Denial of Service vulnerability affecting ASP.NET Core on .NET 8 (including RC1) with IIS InProcess hosting. The issue can cause a DoS by cancelling HTTP requests, potentially increasing thread counts and leading to OutOfMemoryException and service availability i...

8.2CVSS7.7AI score0.02777EPSS
CVE
CVE
added 2022/04/12 5:51 p.m.209 views

CVE-2022-24767

CVE-2022-24767 affects Git for Windows prior to 2.35.2, where the uninstaller is vulnerable to DLL hijacking when executed under the SYSTEM account. Root cause: uninstaller loads a malicious DLL from a user-writable path, enabling potential arbitrary code execution or compromise of the host as de...

7.8CVSS7.6AI score0.01403EPSS
CVE
CVE
added 2024/05/14 4:57 p.m.208 views

CVE-2024-30045

CVE-2024-30045 is a .NET/Visual Studio Remote Code Execution vulnerability caused by a stack buffer overrun in the Double Parse routine. It affects .NET 7.0 up to 7.0.18 and .NET 8.0 up to 8.0.4; patched versions are 7.0.19 and 8.0.5 ( Microsoft/MSRC advisory; GHSA entry lists affected packages a...

6.3CVSS6.8AI score0.01248EPSS
CVE
CVE
added 2024/04/09 5:1 p.m.205 views

CVE-2024-28934

CVE-2024-28934 refers to a remote code execution vulnerability in the Microsoft ODBC Driver for SQL Server. The connected MS update advisories confirm fixes in the ODBC Driver components: Driver 17 (SQL Server ODBC Driver 17) updated to build 17.10.6.1 and Driver 18 updated to build 18.3.3.1, add...

8.8CVSS9AI score0.02415EPSS
CVE
CVE
added 2023/07/11 5:3 p.m.204 views

CVE-2023-33170

CVE-2023-33170 is a security feature bypass in Microsoft SharePoint Server. A race condition could allow a remote attacker to bypass access controls, impacting confidentiality, integrity and availability. The IBM bulletin (CVE-2023-33170) links the issue to Microsoft.AspNetCore.Identity usage in ...

8.1CVSS8AI score0.01978EPSS
CVE
CVE
added 2023/08/08 6:52 p.m.204 views

CVE-2023-35391

CVE-2023-35391 affects Microsoft ASP.NET Core SignalR and Visual Studio, exposing sensitive information through the ASP.NET Core SignalR backplane (e.g., Redis backplane) in affected .NET/ASP.NET Core deployments. Connected sources specify that exploitation involves information disclosure via Sig...

7.5CVSS6.5AI score0.01937EPSS
CVE
CVE
added 2023/08/08 5:8 p.m.203 views

CVE-2023-35390

CVE-2023-35390 affects Microsoft .NET Core and Visual Studio runtimes used by IBM Robotic Process Automation for Cloud Pak. The IBM security bulletin confirms remote code execution via a user‑vectored payload: persuading a victim to open a specially crafted file could allow arbitrary code executi...

7.8CVSS8AI score0.02471EPSS
CVE
CVE
added 2023/06/13 11:26 p.m.202 views

CVE-2023-33128

CVE-2023-33128 is a .NET/Visual Studio Remote Code Execution vulnerability. IBM’s bulletin ties it to Remote Code Execution via crafted input (Source Generators issue) and unmanaged heap corruption, requiring an authenticated user. Affected: Microsoft .NET/Visual Studio; impact: arbitrary code ex...

7.3CVSS7.6AI score0.00999EPSS
CVE
CVE
added 2024/04/09 5:0 p.m.200 views

CVE-2024-28932

CVE-2024-28932 is a remote code execution vulnerability in Microsoft ODBC Driver for SQL Server. Connected sources confirm the issue affects the ODBC Driver family and is addressed by Microsoft security updates. Specifically, security updates KB5037570/KB5037571 cover ODBC Driver 17 for SQL Serve...

8.8CVSS9AI score0.02415EPSS
CVE
CVE
added 2024/10/08 5:35 p.m.196 views

CVE-2024-38229

CVE-2024-38229 describes a remote code execution vulnerability in .NET/Visual Studio caused by a race condition when closing an HTTP/3 stream, leading to use-after-free in affected components. Public references indicate impacted products include .NET and ASP.NET stack (including self-contained de...

8.1CVSS8.2AI score0.02078EPSS
CVE
CVE
added 2024/10/08 5:35 p.m.195 views

CVE-2024-43485

CVE-2024-43485 is a denial-of-service vulnerability in Microsoft .NET and Visual Studio. The IBM security bulletins corroborate the CVE and specify version-specific remediation: IBM Robotic Process Automation and IBM/Instana-related products are advised to upgrade to fixed releases (e.g., IBM Rob...

7.5CVSS7.5AI score0.03052EPSS
CVE
CVE
added 2023/06/13 11:26 p.m.186 views

CVE-2023-32032

CVE-2023-32032 is a .NET and Visual Studio elevation-of-privilege vulnerability. The root cause is an improper handling in TarFile.ExtractToDirectory where the extraction directory argument is ignored, enabling an attacker with limited privileges to bypass intended file placement. The vulnerabili...

6.5CVSS6.9AI score0.006EPSS
CVE
CVE
added 2023/06/13 11:26 p.m.186 views

CVE-2023-33126

CVE-2023-33126 is a .NET/Visual Studio vulnerability that could lead to remote code execution during crash/stack-trace scenarios. Microsoft’s advisory lists affected runtimes and patched versions: .NET 7.0.x up to 7.0.5 (update to 7.0.7), .NET 6.x up to 6.0.117 (update to 6.0.18). Affected packag...

7.3CVSS7.4AI score0.00999EPSS
CVE
CVE
added 2024/04/09 5:1 p.m.186 views

CVE-2024-28935

CVE-2024-28935 pertains to the Microsoft ODBC Driver for SQL Server. It is a Remote Code Execution vulnerability in the ODBC Driver component. The public record indicates an RCE vulnerability with CVSSv3 base score 8.8 (Network, high impact, user interaction required). Microsoft’s April 2024 secu...

8.8CVSS9AI score0.02356EPSS
CVE
CVE
added 2024/04/09 5:1 p.m.185 views

CVE-2024-28938

CVE-2024-28938 corresponds to a Remote Code Execution vulnerability in Microsoft ODBC Driver for SQL Server. The issue affects the ODBC Driver family (notably components used by SQL Server clients) and is tied to improper handling that could permit arbitrary code execution. Microsoft has released...

8.8CVSS9AI score0.0233EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.184 views

CVE-2026-32177

CVE-2026-32177 is a heap-based buffer overflow in the .NET Framework that enables local privilege escalation. The issue is described across multiple sources as affecting the .NET Framework components in versions 3.5 and 4.8.1, with impact described as unauthorized elevation of privileges locally ...

7.3CVSS5.9AI score0.00551EPSS
CVE
CVE
added 2022/08/09 7:59 p.m.182 views

CVE-2022-35777

CVE-2022-35777 is a Visual Studio remote code execution vulnerability affecting the VSGraphics component. Connected sources (KB/MSRC/NVD) identify it as a Fbx File parser Heap overflow vulnerability within Visual Studio product lines, with references listing affected versions (including VS 2012 U...

8.8CVSS8.8AI score0.0175EPSS
CVE
CVE
added 2023/06/13 11:26 p.m.182 views

CVE-2023-33135

Technical details for CVE-2023-33135 are not provided in the supplied documents. Connected sources reference this CVE but do not disclose affected products, root cause, impact, or fixes. Monitor for updates from Microsoft and security advisories.

7.3CVSS7.2AI score0.00999EPSS
CVE
CVE
added 2023/08/08 5:8 p.m.182 views

CVE-2023-38178

Summary: CVE-2023-38178 is a remote Denial of Service vulnerability in .NET Core/Visual Studio (notably affecting .NET 7.0 up to 7.0.9 and .NET 6 with HTTP/3 support). Connected advisories provide concrete mitigations and patched versions: for .NET 7.0, upgrade to 7.0.10 (and corresponding Runtim...

7.5CVSS7.5AI score0.02563EPSS
CVE
CVE
added 2025/03/11 4:58 p.m.179 views

CVE-2025-24070

The CVE describes a weak authentication issue in ASP.NET Core and Visual Studio that could allow elevation of privilege via calls to RefreshSignInAsync with an improperly authenticated user parameter. Affected software includes ASP.NET Core apps using Microsoft.AspNetCore.Identity (affected versi...

7CVSS6.9AI score0.00911EPSS
CVE
CVE
added 2023/02/14 8:9 p.m.172 views

CVE-2023-21815

CVE-2023-21815 is a Visual Studio remote code execution vulnerability. The connected Microsoft KB entries state it exists in Visual Studio 2013 Update 5 and is caused by improper handling of debug information, enabling remote code execution. The updated security fixes (KB5026610 for VS2013 Update...

7.8CVSS8.1AI score0.00523EPSS
CVE
CVE
added 2024/05/14 4:57 p.m.171 views

CVE-2024-30046

CVE-2024-30046 is a denial-of-service vulnerability in Microsoft’s .NET/ASP.NET Core stack caused by a deadlock in Microsoft.AspNetCore.Server.Kestrel.Core.dll, leading to service unavailability. Connected advisories indicate the issue affects ASP.NET Core runtimes and associated Microsoft.AspNet...

5.9CVSS6.2AI score0.01688EPSS
CVE
CVE
added 2023/04/11 7:13 p.m.165 views

CVE-2023-28296

CVE-2023-28296 is a Microsoft Visual Studio remote code execution vulnerability with multiple affected products (Visual Studio 2022/2019, .NET components, and Visual Studio Code). The root cause is not explicitly detailed here, but the CVSSv3.1 scores it as a high-severity, locally exploitable is...

7.8CVSS7.9AI score0.00681EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.162 views

CVE-2025-21178

Technical details about CVE-2025-21178 are not publicly provided in the connected documents. No affected product/version/root cause/impact are specified here. Monitor for updates from MSRC/MSKB and other sources for concrete details and patch information.

8.8CVSS9AI score0.01523EPSS
CVE
CVE
added 2023/07/11 5:3 p.m.161 views

CVE-2023-33127

CVE-2023-33127 is a .NET/Visual Studio Elevation of Privilege and remote code execution vulnerability. Public docs indicate exploitation arises via the diagnostic server to achieve cross-session/user code execution. Affected software includes .NET 6.0 and 7.0 runtimes and corresponding Visual Stu...

8.1CVSS8AI score0.01866EPSS
CVE
CVE
added 2025/10/14 5:0 p.m.161 views

CVE-2025-55248

CVE-2025-55248 is an information-disclosure vulnerability in the .NET ecosystem (affecting .NET 8.0/9.0 runtimes) caused by insufficient encryption, enabling an authorized network attacker to access leaked data. The issue is discussed in Microsoft and ENISA/ALMAS advisories, which indicate affect...

5.7CVSS6.1AI score0.00671EPSS
CVE
CVE
added 2025/05/13 9:39 p.m.158 views

CVE-2025-26646

The CVE-2025-26646 entry relates to External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio, enabling spoofing over a network. Connected sources specify affected stack as .NET/Visual Studio tooling and provide concrete patch lines: for .NET 8.0, mitigations...

8CVSS7.8AI score0.011EPSS
CVE
CVE
added 2022/08/09 8:12 p.m.154 views

CVE-2022-35826

CVE-2022-35826 is a Visual Studio remote code execution vulnerability affecting multiple Visual Studio versions through the VSGraphics component, with Microsoft’s August 2022 updates addressing CVE-2022-35826 alongside related CVEs (e.g., 35825, 35777, 35827). The Microsoft advisories describe an...

8.8CVSS8.8AI score0.01853EPSS
CVE
CVE
added 2023/06/13 11:25 p.m.154 views

CVE-2023-33139

CVE-2023-33139 describes an Information Disclosure vulnerability in Microsoft Visual Studio, tied to the VSGraphics component. Public disclosures indicate affected VS versions range from Visual Studio 2013 Update 5 through newer updates, with MSKB entries (KB5026454/KB5026455) outlining hotfixes ...

5.5CVSS5.5AI score0.00824EPSS
CVE
CVE
added 2023/02/14 8:9 p.m.148 views

CVE-2023-23381

CVE-2023-23381 is a Visual Studio remote code execution vulnerability. Connected documents confirm this CVE is referenced in Microsoft security updates for multiple Visual Studio versions (e.g., VS2013 Update 5 and VS2015 Update 3) with patches/KB articles available (KB5026610, KB5025792). The KB...

7.8CVSS7.9AI score0.00436EPSS
CVE
CVE
added 2023/04/11 7:13 p.m.143 views

CVE-2023-28262

CVE-2023-28262 is a Microsoft Visual Studio elevation of privilege vulnerability. Several connected sources (e.g., NCSC advisories) confirm a privilege-escalation flaw affecting multiple Visual Studio products, including various Visual Studio versions (e.g., 2017/2019/2022 lines) and Visual Studi...

7.8CVSS7.7AI score0.00439EPSS
CVE
CVE
added 2022/08/09 8:12 p.m.137 views

CVE-2022-35825

Technical details about CVE-2022-35825 are not publicly provided in the supplied documents. No explicit affected product version, root cause, or remediation is described here. Monitor for official updates from Microsoft and security advisories.

8.8CVSS8.8AI score0.01853EPSS
CVE
CVE
added 2023/02/14 8:9 p.m.135 views

CVE-2023-21566

CVE-2023-21566 is a Visual Studio elevation-of-privilege vulnerability. The linked documents describe insufficient access restrictions in Visual Studio that can allow a local attacker with low privileges to escalate to higher privileges (obtaining increased entitlements). Exploitation is local an...

7.8CVSS7.7AI score0.00367EPSS
CVE
CVE
added 2024/08/13 5:29 p.m.135 views

CVE-2024-38167

CVE-2024-38167 is a .NET 8.0 information disclosure vulnerability in the TlsStream path. Connected advisories confirm affected software are .NET 8 runtimes/SDKs and related packages; vulnerable versions are 8.0.0 through 8.0.7, with a patched release at 8.0.8 (and related OS/packaged updates). Th...

6.5CVSS6.3AI score0.0131EPSS
CVE
CVE
added 2021/12/15 2:15 p.m.128 views

CVE-2021-43877

CVE-2021-43877 is an elevation-of-privilege vulnerability reported for ASP.NET Core (and Visual Studio) . The primary sources in the connected documents identify it by title as an “Elevation of Privilege” issue without providing explicit technical details in the text here. NVD data in the initial...

8.8CVSS8.1AI score0.00716EPSS
CVE
CVE
added 2024/08/13 5:29 p.m.127 views

CVE-2024-38168

CVE-2024-38168 is a Windows-only Denial of Service vulnerability in .NET and ASP.NET/HTTP.sys affecting .NET 8.0 runtimes prior to 8.0.8 (and related ASP.NET packages). The issue arises when an unauthenticated client sends requests that trigger the HTTP.sys DoS condition. Microsoft’s advisory lis...

7.5CVSS7.5AI score0.02701EPSS
CVE
CVE
added 2025/04/08 5:24 p.m.121 views

CVE-2025-26682

CVE-2025-26682 affects ASP.NET Core and Visual Studio components. The root cause is Allocation of resources without limits or throttling, allowing an unauthorized network attacker to cause a Denial of Service. The issue is referenced across multiple advisories (e.g., NVD/MSRC/MS Knowledge Base) a...

7.5CVSS7AI score0.0154EPSS
CVE
CVE
added 2025/08/12 5:9 p.m.120 views

CVE-2025-53773

CVE-2025-53773 describes a command-injection-based remote code execution risk in GitHub Copilot and Visual Studio. The root cause is improper neutralization of elements in prompts/config that Copilot can read and act on, potentially allowing an attacker to cause Copilot to modify project configur...

7.8CVSS7.6AI score0.02568EPSS
Web
CVE
CVE
added 2024/10/08 5:36 p.m.118 views

CVE-2024-43603

CVE-2024-43603 is a Denial of Service vulnerability in the Visual Studio Diagnostics Hub Standard Collector (Visual Studio Collector Service). The MS security update description confirms a DoS in Diagnostics Hub Standard Collector when handling certain file operations. Remediations are provided v...

5.5CVSS5.7AI score0.00767EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.114 views

CVE-2022-41119

CVE-2022-41119 concerns Microsoft Visual Studio Remote Code Execution. Connected sources describe it as a Visual Studio vulnerability leading to arbitrary code execution, attributed to insufficient input validation in Visual Studio and affecting multiple VS versions (including 2017/2019 and 2022 ...

7.8CVSS7.8AI score0.00774EPSS
Total number of security vulnerabilities123