| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| .NET Core and Visual Studio Denial of Service Vulnerability |
| .NET DLL Hijacking Remote Code Execution Vulnerability |
| .NET and Visual Studio Elevation of Privilege Vulnerability |
| ASP.NET and Visual Studio Security Feature Bypass Vulnerability |
| .NET Core and Visual Studio Denial of Service Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| .NET and Visual Studio Remote Code Execution Vulnerability |
| .NET Framework Remote Code Execution Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network. |
| A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.
To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.
The security update fixes the vulnerability by ensuring .NET Core properly handles files. |
| Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. |
| ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing. |
| The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network. |
| Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network. |
| Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. |
