Total
86
Critical
2
High
67
Medium
17
CISA KEV
2
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing.
Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
.NET Elevation of Privilege Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
.NET Remote Code Execution Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Information Disclosure Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
Microsoft QUIC Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
Microsoft Identity Denial of service vulnerability
.NET Denial of Service Vulnerability
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
ASP.NET Core Security Feature Bypass Vulnerability
ASP.NET Core Denial of Service Vulnerability
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
Microsoft QUIC Denial of Service Vulnerability
Microsoft QUIC Denial of Service Vulnerability
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
.NET Core and Visual Studio Denial of Service Vulnerability
Visual Studio Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
.NET Core and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
ASP.NET and Visual Studio Security Feature Bypass Vulnerability
.NET and Visual Studio Elevation of Privilege Vulnerability
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Elevation of Privilege Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Elevation of Privilege Vulnerability
.NET DLL Hijacking Remote Code Execution Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
.NET Denial of Service Vulnerability
NuGet Client Elevation of Privilege Vulnerability
.NET Core and Visual Studio Denial of Service Vulnerability
.NET Spoofing Vulnerability
.NET and Visual Studio Information Disclosure Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
.NET Denial of Service Vulnerability
.NET Core and Visual Studio Information Disclosure Vulnerability
.NET Core and Visual Studio Information Disclosure Vulnerability
.NET Core and Visual Studio Denial of Service Vulnerability
ASP.NET Core Denial of Service Vulnerability
.NET and Visual Studio Elevation of Privilege Vulnerability
.NET Core Remote Code Execution Vulnerability
.NET Core Remote Code Execution Vulnerability
.NET Core and Visual Studio Denial of Service Vulnerability
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.
