| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network. |
| Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network. |
| Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network. |
| Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network. |
| Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. |
| ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing. |
| Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally. |
| Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network. |
| Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally. |
| Improper authorization in .NET allows an authorized attacker to elevate privileges locally. |
| .NET and Visual Studio Denial of Service Vulnerability |
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability |
| .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability |
| .NET and Visual Studio Remote Code Execution Vulnerability |
| A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. |
| .NET Core Remote Code Execution Vulnerability |
| .NET Core and Visual Studio Denial of Service Vulnerability |
| .NET DLL Hijacking Remote Code Execution Vulnerability |
| .NET and Visual Studio Elevation of Privilege Vulnerability |
| ASP.NET and Visual Studio Security Feature Bypass Vulnerability |