Search CVE reports
11 – 20 of 36 results
Some fixes available 4 of 6
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dotnet6 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
| dotnet7 | Not in release | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Not in release | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Fixed | Fixed | Not in release | Not in release | Not in release |
Some fixes available 4 of 6
Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dotnet6 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
| dotnet7 | Not in release | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Not in release | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Fixed | Fixed | Not in release | Not in release | Not in release |
Some fixes available 4 of 6
Access of resource using incompatible type ('type confusion') in .NET Core allows an unauthorized attacker to deny service over a network.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dotnet6 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
| dotnet7 | Not in release | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Not in release | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Fixed | Fixed | Not in release | Not in release | Not in release |
Some fixes available 7 of 9
A denial of service vulnerability exists in ASP.NET Core SignalR in .NET 8, .NET 9, and .NET 10. Stateful reconnect can be leveraged by an attacker to deny service to other users.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dotnet6 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
| dotnet7 | Not in release | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Not in release | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Fixed | Fixed | Not in release | Not in release | Not in release |
An elevation of privilege vulnerability exists in Windows Presentation Foundation (WPF) in .NET 8, .NET 9, and .NET 10 when parsing specially crafted XAML input. An attacker who successfully exploits this vulnerability could...
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dotnet6 | Not in release | Not in release | Not affected | Not in release | Not in release |
| dotnet7 | Not in release | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Not in release | Not affected | Not affected | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Not affected | Not affected | Not in release | Not in release | Not in release |
A remote code execution vulnerability exists in Windows Presentation Foundation (WPF) in .NET 8, .NET 9, and .NET 10 when parsing specially crafted XAML input. An attacker who successfully exploits this vulnerability could execute...
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dotnet6 | Not in release | Not in release | Not affected | Not in release | Not in release |
| dotnet7 | Not in release | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Not in release | Not affected | Not affected | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Not affected | Not affected | Not in release | Not in release | Not in release |
A remote code execution vulnerability exists in Windows Presentation Foundation (WPF) in .NET 8, .NET 9, and .NET 10 when parsing specially crafted XAML input. An attacker who successfully exploits this vulnerability could execute...
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dotnet6 | Not in release | Not in release | Not affected | Not in release | Not in release |
| dotnet7 | Not in release | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Not in release | Not affected | Not affected | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Not affected | Not affected | Not in release | Not in release | Not in release |
Some fixes available 7 of 9
Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.
5 affected packages
dotnet8, dotnet9, dotnet10, dotnet6, dotnet7
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dotnet8 | Not in release | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Fixed | Fixed | Not in release | Not in release | Not in release |
| dotnet6 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
| dotnet7 | Not in release | Not in release | Ignored | Not in release | Not in release |
Some fixes available 7 of 9
Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.
5 affected packages
dotnet8, dotnet9, dotnet10, dotnet6, dotnet7
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dotnet8 | Not in release | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
| dotnet10 | Fixed | Fixed | Not in release | Not in release | Not in release |
| dotnet6 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
| dotnet7 | Not in release | Not in release | Ignored | Not in release | Not in release |
Improper authorization in .NET allows an authorized attacker to elevate privileges locally.
5 affected packages
dotnet10, dotnet6, dotnet7, dotnet8, dotnet9
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dotnet10 | Not affected | Not affected | Not in release | Not in release | Not in release |
| dotnet6 | Not in release | Not in release | Not affected | Not in release | Not in release |
| dotnet7 | Not in release | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Not in release | Not affected | Not affected | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |