Search CVE reports
1 – 10 of 24 results
CVE-2024-43485
Medium priorityDenial of Service attack against System.Text.Json ExtensionData feature.
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dotnet6 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
dotnet7 | Not in release | Ignored | Not in release | Not in release | Not in release |
dotnet8 | Vulnerable | Vulnerable | Not in release | Not in release | Not in release |
dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2024-43484
Medium prioritySystem.IO.Packaging - Multiple DoS vectors in use of SortedList.
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dotnet6 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
dotnet7 | Not in release | Ignored | Not in release | Not in release | Not in release |
dotnet8 | Vulnerable | Vulnerable | Not in release | Not in release | Not in release |
dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2024-43483
Medium priorityMultiple .NET components designed to process hostile input are susceptible to hash flooding attacks.
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dotnet6 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
dotnet7 | Not in release | Ignored | Not in release | Not in release | Not in release |
dotnet8 | Vulnerable | Vulnerable | Not in release | Not in release | Not in release |
dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2024-38229
Medium priorityKestrel http/3 - When closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to remote code execution.
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dotnet6 | Not in release | Not affected | Not in release | Not in release | Not in release |
dotnet7 | Not in release | Ignored | Not in release | Not in release | Not in release |
dotnet8 | Vulnerable | Vulnerable | Not in release | Not in release | Not in release |
dotnet9 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2024-38168
Medium priority.NET and Visual Studio Denial of Service Vulnerability
3 affected packages
dotnet6, dotnet7, dotnet8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dotnet6 | Not in release | Not affected | Not in release | Not in release | Not in release |
dotnet7 | Not in release | Not affected | Not in release | Not in release | Not in release |
dotnet8 | Not affected | Not affected | Not in release | Not in release | Not in release |
CVE-2024-38167
Medium prioritySome fixes available 2 of 3
.NET and Visual Studio Information Disclosure Vulnerability
3 affected packages
dotnet6, dotnet7, dotnet8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dotnet6 | Not in release | Not affected | Not in release | Not in release | Not in release |
dotnet7 | Not in release | Ignored | Not in release | Not in release | Not in release |
dotnet8 | Fixed | Fixed | Not in release | Not in release | Not in release |
CVE-2024-38095
Medium prioritySome fixes available 5 of 7
.NET and Visual Studio Denial of Service Vulnerability
3 affected packages
dotnet6, dotnet7, dotnet8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dotnet6 | Not in release | Fixed | Not in release | Not in release | Not in release |
dotnet7 | Not in release | Ignored | Not in release | Not in release | Not in release |
dotnet8 | Fixed | Fixed | Not in release | Not in release | Not in release |
CVE-2024-38081
Medium priority.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
3 affected packages
dotnet6, dotnet7, dotnet8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dotnet6 | Not in release | Not affected | Not in release | Not in release | Not in release |
dotnet7 | Not in release | Ignored | Not in release | Not in release | Not in release |
dotnet8 | Not affected | Not affected | Not in release | Not in release | Not in release |
CVE-2024-35264
Medium prioritySome fixes available 3 of 5
.NET and Visual Studio Remote Code Execution Vulnerability
3 affected packages
dotnet6, dotnet7, dotnet8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dotnet6 | Not in release | Not affected | Not in release | Not in release | Not in release |
dotnet7 | Not in release | Ignored | Not in release | Not in release | Not in release |
dotnet8 | Fixed | Fixed | Not in release | Not in release | Not in release |
CVE-2024-30105
Medium prioritySome fixes available 3 of 5
.NET Core and Visual Studio Denial of Service Vulnerability
3 affected packages
dotnet6, dotnet7, dotnet8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dotnet6 | Not in release | Not affected | Not in release | Not in release | Not in release |
dotnet7 | Not in release | Ignored | Not in release | Not in release | Not in release |
dotnet8 | Fixed | Fixed | Not in release | Not in release | Not in release |