Lucene search
+L
MicrosoftVisual Studio 2022

123 matches found

CVE
CVE
added 2023/10/10 12:0 a.m.5333 views

CVE-2023-44487

CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...

7.5CVSS8AI score0.99999EPSS
In wild
CVE
CVE
added 2023/08/08 6:52 p.m.816 views

CVE-2023-38180

CVE-2023-38180 is a .NET/Visual Studio denial-of-service vulnerability (DoS) affecting .NET Core and related components. The CVSSv3.1 vector indicates Network attack, low attack complexity, no privileges required, with no confidentiality/integirty impact but a High availability impact. Moderate-t...

7.5CVSS7.8AI score0.15519EPSS
In wild
CVE
CVE
added 2024/01/09 5:56 p.m.662 views

CVE-2024-0056

CVE-2024-0056 affects Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider security feature bypass. CVSS v3.1 base score 8.7 (NETWORK, HIGH impact on confidentiality and integrity, no availability impact) per Microsoft, with CVSS v4 score 8.8 indicating high impact. Descriptions i...

8.7CVSS9.1AI score0.0117EPSS
CVE
CVE
added 2024/01/09 5:56 p.m.653 views

CVE-2024-0057

CVE-2024-0057 is a security feature bypass in components used by .NET Framework-based apps when building X.509 chains. The root cause is a logic flaw that can cause the framework to report a failed chain build but return an incorrect reason code, which may lead an application to treat an untruste...

9.8CVSS9.3AI score0.02778EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.576 views

CVE-2023-36799

CVE-2023-36799 is a Denial of Service vulnerability in .NET Core/Visual Studio using .NET Kestrel that could be triggered remotely via crafted content, with an in-wild impact described as availability loss (I: High) and no confidentiality or integrity impact per the CVSS vector. Public advisories...

6.5CVSS6.9AI score0.04661EPSS
CVE
CVE
added 2023/04/11 7:13 p.m.572 views

CVE-2023-28260

CVE-2023-28260 is a .NET DLL Hijacking remote code execution vulnerability. The connected sources identify affected software as .NET 6.0 and .NET 7.0 runtimes/applications, with exploitation arising when a runtime DLL is loaded from an unexpected location. Affected versions include .NET 7.0 up to...

7.8CVSS7.8AI score0.01531EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.550 views

CVE-2023-36792

CVE-2023-36792 is a Windows-only Visual Studio/.NET remote code execution vulnerability. Root cause: Microsoft.DiaSymReader.Native.amd64.dll mishandles corrupted PDB files, enabling RCE. Affected: .NET 6.0 and .NET 7.0 runtimes (applications) prior to patched versions. Patched versions: .NET 6.0....

7.8CVSS7.9AI score0.01441EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.545 views

CVE-2023-36793

CVE-2023-36793 is a Microsoft .NET/Visual Studio remote code execution vulnerability. It stems from Microsoft.DiaSymReader.Native.amd64.dll reading a corrupted PDB file, affecting Windows systems. Affected: .NET 7.0 up to 7.0.10 and .NET 6.0 up to 6.0.21. Patched versions: .NET 7.0.11 and .NET 6....

7.8CVSS7.9AI score0.01441EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.545 views

CVE-2023-36794

CVE-2023-36794 is a Visual Studio/.NET remote code execution vulnerability. Affects Windows applications using Microsoft.DiaSymReader.Native.amd64.dll when reading corrupted PDB files, potentially enabling code execution. Affected: .NET 6.0 and .NET 7.0 runtimes and Visual Studio environments; pa...

7.8CVSS7.9AI score0.01441EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.544 views

CVE-2023-36796

CVE-2023-36796 is a .NET Framework RCE vulnerability in DiaSymReader.dll triggered when reading a corrupted PDB file. It affects .NET Framework 3.5 and 4.8.1 on Windows Server/Windows OS configurations described in KB5029918. Mitigation: apply the corresponding cumulative update (KB5029918) or th...

7.8CVSS7.9AI score0.01441EPSS
CVE
CVE
added 2020/09/15 9:15 a.m.531 views

CVE-2020-8927

CVE-2020-8927 is a buffer overflow in the Brotli library prior to 1.0.8 triggered by oversized one-shot decompression requests (copying chunks > 2 GiB), which can crash a target process. Affected: Brotli up to 1.0.7/older builds used by various ecosystems. Root cause: unsafe handling of input ...

6.5CVSS6.6AI score0.03217EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.527 views

CVE-2023-36758

CVE-2023-36758 is a Microsoft Visual Studio related elevation-of-privilege vulnerability. Public sources in the connected documents consistently describe it as a privilege-escalation issue affecting Visual Studio components (and related tooling) with an impact profile of gaining higher privileges...

9.8CVSS8.7AI score0.01354EPSS
CVE
CVE
added 2025/10/14 5:0 p.m.523 views

CVE-2025-55315

CVE-2025-55315 describes an HTTP request/response smuggling flaw in ASP.NET Core caused by inconsistent interpretation of HTTP requests. Affected ASP.NET Core versions include 2.3, 8.0, and 9.0, with high impact to confidentiality and integrity and network-based exploitation. Multiple public expl...

9.9CVSS6.5AI score0.65838EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.500 views

CVE-2025-21172

CVE-2025-21172 is a Microsoft .NET/Visual Studio remote code execution vulnerability. The linked CVE record notes the root cause as an integer overflow and a heap-based overflow in msdia140.dll, yielding a high-impact remote code execution scenario over network; exploitation status is not detaile...

7.5CVSS7.8AI score0.01794EPSS
CVE
CVE
added 2024/01/09 6:59 p.m.475 views

CVE-2024-21319

CVE-2024-21319 is a Microsoft Identity Denial-of-Service vulnerability with a network-exposed attack surface (AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). Connected sources describe a DoS pattern via maliciously crafted JWE/JWT payloads that trigger heavy memory/CPU usage during decompression or process...

6.8CVSS6.6AI score0.02868EPSS
CVE
CVE
added 2023/10/10 5:7 p.m.471 views

CVE-2023-38171

CVE-2023-38171 — Microsoft QUIC Denial of Service vulnerability is documented in connected advisories (MSRC/GHSA). The issue affects QUIC implementations in Windows environments and can enable a remote attacker to cause a denial-of-service by crafting specific requests to the QUIC component. The ...

7.5CVSS7.4AI score0.69494EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.463 views

CVE-2024-30105

CVE-2024-30105 affects .NET 8.0 applications (notably involving System.Text.Json) and can cause a Denial of Service when deserializing untrusted input via JsonSerializer.DeserializeAsyncEnumerable. Connected advisories confirm the vulnerability in .NET Core/Visual Studio with DoS conditions and i...

7.5CVSS7.6AI score0.02915EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.427 views

CVE-2023-36759

CVE-2023-36759 is a Visual Studio elevation-of-privilege vulnerability. The available data indicate a LOCAL attack with HIGH impact to confidentiality, integrity, and availability, requiring user interaction and with LOW privileges needed. Affected software spans Microsoft Visual Studio family (i...

6.7CVSS6.7AI score0.00527EPSS
CVE
CVE
added 2024/10/08 5:36 p.m.413 views

CVE-2024-43590

CVE-2024-43590 is a local elevation-of-privilege vulnerability in the Visual C++ Redistributable Installer. A local attacker with Low privileges could exploit this (UI: none) to gain High confidentiality, integrity, and availability impact, with the attack vector being local and requiring Low pri...

7.8CVSS7.8AI score0.0043EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.409 views

CVE-2024-21386

CVE-2024-21386 is a Denial of Service vulnerability in ASP.NET SignalR affecting .NET runtimes across 6.0/7.0/8.0. The issue affects ASP.NET Core implementations using SignalR and is mitigated by updating to patched runtimes: .NET 6.0.27, 7.0.16, and 8.0.2 (with affected package entries listed in...

7.5CVSS7.7AI score0.024EPSS
CVE
CVE
added 2025/01/14 6:3 p.m.393 views

CVE-2025-21171

CVE-2025-21171 is a remote code execution vulnerability in .NET 9.0 affecting multiple runtime packages (e.g., Microsoft.NetCore.App.Runtime.*) prior to 9.0.1. The issue allows an attacker to exploit by sending a crafted request to the vulnerable web server, potentially compromising affected host...

7.5CVSS7.8AI score0.01665EPSS
CVE
CVE
added 2022/03/09 5:8 p.m.380 views

CVE-2022-24512

CVE-2022-24512 is an RCE in .NET that affects .NET 6.0, .NET 5.0, and .NET Core 3.1 due to a stack buffer overrun in the Double Parse routine. An attacker could exploit it by sending a specially crafted request over the network to execute code on the target. Remediation per connected docs: upgrad...

6.8CVSS7.2AI score0.01555EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.379 views

CVE-2025-21173

CVE-2025-21173 is a .NET Elevation of Privilege vulnerability. Confirmed remediation in connected sources: update to .NET/ASP.NET packages for dotnet8.0, specifically runtime/sdk updates (example: .NET Runtime 8.0.1.12 and related 8.0.x builds) as part of the dotnet8.0 security updates. Amazon Li...

7.3CVSS7.2AI score0.01218EPSS
CVE
CVE
added 2024/04/09 5:0 p.m.375 views

CVE-2024-28929

CVE-2024-28929 affects the Microsoft ODBC Driver for SQL Server. Public advisories and update docs show a remote code execution vulnerability in the ODBC driver family, with attackers potentially bypassing authentication and executing arbitrary commands. Remediation is to install the security upd...

8.8CVSS9AI score0.02399EPSS
CVE
CVE
added 2024/07/09 5:3 p.m.373 views

CVE-2024-38095

CVE-2024-38095 is a Microsoft .NET/Visual Studio DoS issue leveraged by a crafted request. IBM Robotic Process Automation (RPA) is affected on both client and server sides. Remediation in IBM advisories: upgrade IBM Robotic Process Automation to 30.0.1 or higher (client/server), and for IBM RPA f...

7.5CVSS6.4AI score0.02719EPSS
CVE
CVE
added 2022/05/10 8:33 p.m.362 views

CVE-2022-23267

CVE-2022-23267 is a .NET Denial of Service vulnerability. The connected sources describe a DoS arising from a crafted HttpClient request that can exhaust memory and impact .NET/ASP.NET/Visual Studio environments. The IBM RPA bulletin lists CVE-2022-23267 as part of multiple vulnerabilities with r...

7.5CVSS7.5AI score0.05041EPSS
CVE
CVE
added 2024/11/12 5:53 p.m.360 views

CVE-2024-43498

CVE-2024-43498 is a remote code execution in .NET/Visual Studio affecting .NET 9.0 via the System.Formats.Nrbf/NrbfDecoder path. The advisory notes an attacker could trigger RCE by sending crafted requests to a vulnerable webapp or loading a crafted file, with a CVSS v3.1 score of 9.8. Remediatio...

9.8CVSS9.4AI score0.03512EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.356 views

CVE-2024-21404

CVE-2024-21404 is a .NET Denial of Service vulnerability (CVSS 3.1: 7.5) with network-based vector and high availability impact. Connected advisories attribute the DoS to components in .NET such as SignalR server and X509Certificate2, and indicate exploitation is possible in affected .NET runtime...

7.5CVSS7.7AI score0.02707EPSS
CVE
CVE
added 2022/05/10 8:34 p.m.353 views

CVE-2022-29117

CVE-2022-29117 is described as a denial-of-service vulnerability in Microsoft ASP.NET and Visual Studio. The entry notes a network-exploit path with no authentication required, leading to an availability impact (CVE-2022-29117) with CVSS v3.1 base score 7.5 (HIGH) and CVSS v2.0 base score 5.0 (PA...

7.5CVSS7.5AI score0.04913EPSS
CVE
CVE
added 2024/04/09 5:0 p.m.345 views

CVE-2024-21409

CVE-2024-21409 is described in the provided documents as a .NET family remote code execution vulnerability affecting .NET/.NET Framework and related SDKs. Concrete details in connected sources indicate affected products/versions include .NET Core/.NET SDKs prior to 6.0.29, 7.0.18, or 8.0.4, with ...

7.3CVSS7.5AI score0.02513EPSS
CVE
CVE
added 2024/03/12 4:57 p.m.332 views

CVE-2024-21392

CVE-2024-21392 affects .NET 7.0 and .NET 8.0 runtimes where specially crafted requests may trigger a resource leak, causing a Denial of Service. Affected versions include .NET 7.0 up to 7.0.16 and .NET 8.0 up to 8.0.2; patched versions are 7.0.17 and 8.0.3, respectively. The issue also impacts mu...

7.5CVSS7.7AI score0.03065EPSS
CVE
CVE
added 2024/11/12 5:53 p.m.324 views

CVE-2024-43499

CVE-2024-43499 is a .NET 9.0 Denial of Service vulnerability impacting the NrbfDecoder component due to incorrect input validation. Affected software includes .NET 9.0 runtime/SDK prior to GA and packages such as System.Formats.Nrbf (

7.5CVSS7.5AI score0.02559EPSS
CVE
CVE
added 2023/02/14 8:9 p.m.318 views

CVE-2023-21808

CVE-2023-21808 is a remote code execution vulnerability in .NET and Visual Studio related to how debugging symbols are read. Connected sources confirm affected products include .NET 6.0/7.0 runtimes and SDKs and Visual Studio components, with the root cause in the handling of symbol files (debug ...

7.8CVSS7.9AI score0.01148EPSS
CVE
CVE
added 2023/11/14 8:18 p.m.312 views

CVE-2023-36049

CVE-2023-36049 affects Microsoft .NET, .NET Framework and Visual Studio, enabling a remote authenticated attacker to gain elevated privileges by injecting commands via the FTP server (elevation of privilege). Public references in connected advisories confirm the vulnerability and provide distribu...

9.8CVSS8.7AI score0.12512EPSS
CVE
CVE
added 2022/05/10 8:34 p.m.299 views

CVE-2022-29145

CVE-2022-29145 is a .NET denial-of-service vulnerability. The GitHub advisory (GHSA-fcg8-mg9g-6hc4) states exploitation via parsing HTML forms can cause DoS in .NET 6.0, .NET 5.0, and .NET Core 3.1. Affected versions include .NET Core 3.1 (3.1.24 and earlier), .NET 5.0 (5.0.16 and earlier), and ....

7.5CVSS7.5AI score0.04763EPSS
CVE
CVE
added 2024/03/12 4:57 p.m.295 views

CVE-2024-26190

CVE-2024-26190 : Microsoft QUIC (MsQuic) server component is affected by a denial-of-service vulnerability caused by a memory leak that can be triggered by multiple decodes, leading to memory exhaustion. The entry’s CVSSv3.1 base score is 7.5 (HIGH) with network attack vector, no authentication, ...

7.5CVSS7.4AI score0.0299EPSS
CVE
CVE
added 2023/08/08 5:8 p.m.289 views

CVE-2023-36897

CVE-2023-36897 is a spoofing vulnerability in the Visual Studio Tools for Office (VSTO) Runtime. It can allow impersonation of another user and is tied to Office/VSTO deployments. Evidence from multiple sources (MSRC/KB5029497, Nessus plugin, NCSC advisory) indicates the issue affects VSTO runtim...

8.1CVSS7AI score0.01616EPSS
CVE
CVE
added 2022/03/09 5:7 p.m.287 views

CVE-2022-24464

CVE-2022-24464 is a denial-of-service vulnerability affecting Microsoft ASP.NET Core and Visual Studio components. Multiple connected sources describe a DoS condition triggered by certain inputs, with public scoring indicating a high impact (CVSSv3.1: 7.5, network attack, no authentication, avail...

7.5CVSS7.5AI score0.03306EPSS
CVE
CVE
added 2023/11/14 9:35 p.m.286 views

CVE-2023-36558

CVE-2023-36558 affects Microsoft ASP.NET Core and Blazor forms, enabling a security feature bypass that could let an attacker bypass validations in Blazor Server forms. Connected sources confirm the vulnerability and indicate Microsoft and ecosystem advisories exist; remediation is to apply the l...

6.2CVSS7.5AI score0.01085EPSS
CVE
CVE
added 2024/04/09 5:0 p.m.278 views

CVE-2024-28931

CVE-2024-28931 affects the Microsoft ODBC Driver for SQL Server. The vulnerability enables remote code execution with network access and requires no privileges, with user interaction reportedly involved per CVSS metrics. The CVE is addressed by updates across ODBC Driver versions; example fixes i...

8.8CVSS9AI score0.02415EPSS
CVE
CVE
added 2023/06/14 2:52 p.m.271 views

CVE-2023-24897

CVE-2023-24897 covers a .NET/.NET Framework/Visual Studio Remote Code Execution vulnerability. Public advisories attribute the flaw to the MSDIA SDK (causing heap overflow due to corrupted PDBs) and enable RCE under certain conditions. Affected products include .NET 6/7 runtimes and corresponding...

7.8CVSS7.9AI score0.01184EPSS
CVE
CVE
added 2022/08/09 8:12 p.m.270 views

CVE-2022-35827

CVE-2022-35827 is a Visual Studio remote code execution vulnerability affecting multiple Visual Studio releases (e.g., 2012 Update 5, 2013 Update 5, 2015 Update 3) via the VSGraphics component. Microsoft update pages (KB5016314/KB5016315/KB5016316) describe security updates with specific hotfix f...

8.8CVSS8.8AI score0.01815EPSS
CVE
CVE
added 2022/04/15 7:3 p.m.263 views

CVE-2022-24513

CVE-2022-24513 is a Visual Studio elevation-of-privilege vulnerability with a LOCAL attack vector, exploitation requiring LOW privileges, and HIGH impact on confidentiality, integrity, and availability per CVSSv3. Connected sources confirm this CVE is discussed in Microsoft advisories and securit...

7.8CVSS7.6AI score0.00753EPSS
CVE
CVE
added 2024/07/09 5:3 p.m.257 views

CVE-2024-38081

CVE-2024-38081 is a .NET/.NET Framework and Visual Studio elevation of privilege vulnerability (CVSS v3.1: 7.3, LOCAL attacker, LOW attack complexity, user interaction required,Privileges: LOW). Exploitation leads to total impact on confidentiality, integrity and availability as per the Microsoft...

7.3CVSS7.2AI score0.01292EPSS
CVE
CVE
added 2024/04/09 5:1 p.m.254 views

CVE-2024-28930

CVE-2024-28930 affects the Microsoft ODBC Driver for SQL Server. The vulnerability is a remote code execution issue in the ODBC driver components that can be exploited over a network with no privileges and requires user interaction (per CVSS metrics in the initial document). The linked updates co...

8.8CVSS9AI score0.02356EPSS
CVE
CVE
added 2025/06/13 1:8 a.m.253 views

CVE-2025-30399

CVE-2025-30399 is a Remote Code Execution vulnerability described as an untrusted search path in .NET and Visual Studio that allows an attacker to execute code over the network by placing files in specific locations. Connected advisories confirm affected runtimes and provide fixes: .NET 8.x runti...

7.5CVSS7.6AI score0.0089EPSS
CVE
CVE
added 2022/06/15 9:52 p.m.252 views

CVE-2022-30184

CVE-2022-30184 is a .NET/Visual Studio information-disclosure vulnerability. Connected sources confirm it targets Microsoft software via improper input validation, enabling a local attacker to obtain sensitive information when processing crafted content. The CVSSv3.1 base score is 5.5 (AV:L/AC:L/...

5.5CVSS5.3AI score0.05327EPSS
CVE
CVE
added 2024/01/09 5:57 p.m.252 views

CVE-2024-20656

CVE-2024-20656 is a Microsoft Visual Studio elevation-of-privilege vulnerability. Public sources indicate it stems from how Diagnostics Hub Standard Collector handles data operations, enabling a local attacker to gain SYSTEM privileges when exploiting Visual Studio components. The vulnerability i...

7.8CVSS7.6AI score0.03913EPSS
CVE
CVE
added 2024/10/08 5:35 p.m.252 views

CVE-2024-43483

CVE-2024-43483 is a .NET/Dotnet Framework/Visual Studio Denial of Service vulnerability. Connected advisories confirm it involves algorithmic complexity/hash flooding issues in multiple .NET components, leading to potential DoS. Affected packages span .NET 6.0 and .NET 8.0 lines across distributi...

7.5CVSS7.6AI score0.02873EPSS
CVE
CVE
added 2024/04/09 5:1 p.m.248 views

CVE-2024-28937

CVE-2024-28937 is a remote code execution vulnerability in Microsoft ODBC Driver for SQL Server. The connected documentation confirms the issue affects the Microsoft ODBC Driver for SQL Server and is addressed by updates in the April 2024 security releases. The issue is exploitable over a network...

8.8CVSS9AI score0.0233EPSS
Total number of security vulnerabilities123