CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » .net Core : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-38013 DoS 2022-09-13 2022-09-16
0.0
None ??? ??? ??? ??? ??? ???
.NET Core and Visual Studio Denial of Service Vulnerability.
2 CVE-2022-34716 2022-08-09 2022-09-16
0.0
None ??? ??? ??? ??? ??? ???
.NET Spoofing Vulnerability.
3 CVE-2022-30184 2022-06-15 2022-07-07
4.3
None Remote Medium Not required Partial None None
.NET and Visual Studio Information Disclosure Vulnerability.
4 CVE-2022-29145 DoS 2022-05-10 2022-05-21
5.0
None Remote Low Not required None None Partial
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29117.
5 CVE-2022-29117 400 DoS 2022-05-10 2022-05-23
5.0
None Remote Low Not required None None Partial
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.
6 CVE-2022-24512 Exec Code 2022-03-09 2022-05-12
6.8
None Remote Medium Not required Partial Partial Partial
.NET and Visual Studio Remote Code Execution Vulnerability.
7 CVE-2022-24464 DoS 2022-03-09 2022-05-12
5.0
None Remote Low Not required None None Partial
.NET and Visual Studio Denial of Service Vulnerability.
8 CVE-2022-23267 400 DoS 2022-05-10 2022-05-21
5.0
None Remote Low Not required None None Partial
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145.
9 CVE-2021-34485 2021-08-12 2021-08-18
2.1
None Local Low Not required Partial None None
.NET Core and Visual Studio Information Disclosure Vulnerability
10 CVE-2021-31957 DoS 2021-06-08 2021-07-07
5.0
None Remote Low Not required None None Partial
ASP.NET Denial of Service Vulnerability
11 CVE-2021-31204 2021-05-11 2022-05-03
4.6
None Local Low Not required Partial Partial Partial
.NET and Visual Studio Elevation of Privilege Vulnerability
12 CVE-2021-26701 Exec Code 2021-02-25 2021-11-29
7.5
None Remote Low Not required Partial Partial Partial
.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112.
13 CVE-2021-26423 DoS 2021-08-12 2021-08-19
5.0
None Remote Low Not required None None Partial
.NET Core and Visual Studio Denial of Service Vulnerability
14 CVE-2021-24112 Exec Code 2021-02-25 2021-07-07
7.5
None Remote Low Not required Partial Partial Partial
.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26701.
15 CVE-2021-1721 DoS 2021-02-25 2021-08-16
4.3
None Remote Medium Not required None None Partial
.NET Core and Visual Studio Denial of Service Vulnerability
16 CVE-2020-8927 120 Overflow 2020-09-15 2022-04-22
6.4
None Remote Low Not required None Partial Partial
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
17 CVE-2020-1147 Exec Code 2020-07-14 2022-07-12
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
18 CVE-2020-1108 DoS 2020-05-21 2021-05-18
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.
19 CVE-2020-0606 20 Exec Code 2020-01-14 2020-01-17
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.
20 CVE-2020-0605 20 Exec Code 2020-01-14 2020-01-21
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606.
21 CVE-2019-1301 DoS 2019-09-11 2020-08-24
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'.
22 CVE-2019-0981 19 DoS 2019-05-16 2019-05-22
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980.
23 CVE-2019-0980 19 DoS 2019-05-16 2019-05-22
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981.
24 CVE-2019-0820 400 DoS 2019-05-16 2020-08-24
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.
25 CVE-2019-0657 20 2019-03-05 2019-03-07
4.3
None Remote Medium Not required None Partial None
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.
26 CVE-2019-0545 200 Bypass +Info 2019-01-08 2022-05-23
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2.
27 CVE-2018-8409 DoS 2018-09-13 2020-08-24
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.
28 CVE-2018-8356 295 Bypass 2018-07-11 2022-05-23
2.1
None Local Low Not required None Partial None
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
29 CVE-2018-0786 295 Bypass 2018-01-10 2021-08-12
5.0
None Remote Low Not required None Partial None
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."
30 CVE-2018-0765 611 DoS 2018-05-09 2018-06-14
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.
31 CVE-2018-0764 DoS 2018-01-10 2021-08-12
5.0
None Remote Low Not required None None Partial
Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.
Total number of vulnerabilities : 31   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.