Search CVE reports
1 – 10 of 30 results
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dotnet6 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
| dotnet7 | Not in release | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Not in release | Vulnerable | Vulnerable | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Vulnerable | Vulnerable | Not in release | Not in release | Not in release |
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dotnet6 | Not in release | Not in release | Not affected | Not in release | Not in release |
| dotnet7 | Not in release | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Not in release | Not affected | Not affected | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Not affected | Not affected | Not in release | Not in release | Not in release |
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dotnet6 | Not in release | Not in release | Not affected | Not in release | Not in release |
| dotnet7 | Not in release | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Not in release | Not affected | Not affected | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Not affected | Not affected | Not in release | Not in release | Not in release |
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable...
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dotnet6 | Not in release | Not in release | Not affected | Not in release | Not in release |
| dotnet7 | Not in release | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Not in release | Not affected | Not affected | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Not affected | Not affected | Not in release | Not in release | Not in release |
Some fixes available 3 of 4
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dotnet6 | — | Not in release | Not affected | Not in release | Not in release |
| dotnet7 | — | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | — | Not affected | Not affected | Not in release | Not in release |
| dotnet9 | — | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Fixed | Fixed | Not in release | Not in release | Not in release |
Some fixes available 7 of 9
Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dotnet6 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
| dotnet7 | Not in release | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Not in release | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Fixed | Fixed | Not in release | Not in release | Not in release |
Some fixes available 7 of 9
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dotnet6 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
| dotnet7 | Not in release | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Not in release | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Fixed | Fixed | Not in release | Not in release | Not in release |
Some fixes available 7 of 9
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dotnet6 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
| dotnet7 | Not in release | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Not in release | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Fixed | Fixed | Not in release | Not in release | Not in release |
Some fixes available 7 of 9
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dotnet6 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
| dotnet7 | Not in release | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Not in release | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Fixed | Fixed | Not in release | Not in release | Not in release |
Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dotnet6 | — | Not in release | Not affected | Not in release | Not in release |
| dotnet7 | — | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | — | Not affected | Not affected | Not in release | Not in release |
| dotnet9 | — | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | — | Not affected | Not in release | Not in release | Not in release |