Search CVE reports
1 – 10 of 33 results
CVE-2025-26646
Medium priorityExternal control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Needs evaluation | Not in release | Not in release |
| dotnet7 | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Vulnerable | Vulnerable | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release |
CVE-2025-26682
Medium prioritySome fixes available 6 of 8
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Vulnerable | Not in release | Not in release |
| dotnet7 | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release |
CVE-2025-24070
Medium prioritySome fixes available 6 of 8
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Vulnerable | Not in release | Not in release |
| dotnet7 | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release |
CVE-2025-21176
Medium prioritySome fixes available 4 of 6
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Ignored | Not in release | Not in release |
| dotnet7 | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release |
CVE-2025-21173
Medium prioritySome fixes available 4 of 6
.NET Elevation of Privilege Vulnerability
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Ignored | Not in release | Not in release |
| dotnet7 | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release |
CVE-2025-21172
Medium prioritySome fixes available 4 of 6
.NET and Visual Studio Remote Code Execution Vulnerability
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Ignored | Not in release | Not in release |
| dotnet7 | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release |
CVE-2025-21171
Medium prioritySome fixes available 1 of 2
.NET Remote Code Execution Vulnerability
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Not affected | Not in release | Not in release |
| dotnet7 | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Not affected | Not affected | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release |
CVE-2024-43499
Medium prioritySome fixes available 1 of 2
.NET and Visual Studio Denial of Service Vulnerability
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Not affected | Not in release | Not in release |
| dotnet7 | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Not affected | Not affected | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release |
CVE-2024-43498
Medium prioritySome fixes available 1 of 2
.NET and Visual Studio Remote Code Execution Vulnerability
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Not affected | Not in release | Not in release |
| dotnet7 | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Not affected | Not affected | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release |
CVE-2024-43485
Medium prioritySome fixes available 4 of 5
.NET and Visual Studio Denial of Service Vulnerability
4 affected packages
dotnet6, dotnet7, dotnet8, dotnet9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Fixed | Not in release | Not in release |
| dotnet7 | Not in release | Ignored | Not in release | Not in release |
| dotnet8 | Fixed | Fixed | Not in release | Not in release |
| dotnet9 | Not in release | Not in release | Not in release | Not in release |