Search CVE reports
1 – 10 of 67 results
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Needs evaluation | Not in release | Not in release |
| dotnet7 | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Vulnerable | Vulnerable | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Not in release | Not in release | Not in release | Not in release |
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Needs evaluation | Not in release | Not in release |
| dotnet7 | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Vulnerable | Vulnerable | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Not in release | Not in release | Not in release | Not in release |
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Needs evaluation | Not in release | Not in release |
| dotnet7 | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Vulnerable | Vulnerable | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Not in release | Not in release | Not in release | Not in release |
Some fixes available 6 of 7
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Not affected | Not in release | Not in release |
| dotnet7 | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release |
Some fixes available 8 of 10
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Vulnerable | Not in release | Not in release |
| dotnet7 | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release |
Some fixes available 8 of 10
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Vulnerable | Not in release | Not in release |
| dotnet7 | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release |
Some fixes available 8 of 10
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Vulnerable | Not in release | Not in release |
| dotnet7 | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release |
Some fixes available 4 of 6
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Ignored | Not in release | Not in release |
| dotnet7 | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release |
Some fixes available 4 of 6
.NET Elevation of Privilege Vulnerability
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Ignored | Not in release | Not in release |
| dotnet7 | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release |
Some fixes available 4 of 6
.NET and Visual Studio Remote Code Execution Vulnerability
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Ignored | Not in release | Not in release |
| dotnet7 | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release |