VYPR

Bitnami package

dotnet

pkg:bitnami/dotnet

Vulnerabilities (93)

  • CVE-2026-45591HigJun 9, 2026
    affected >= 8.0.0, < 8.0.28fixed 8.0.28

    Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.

  • CVE-2026-45491MedJun 9, 2026
    affected >= 8.0.0, < 8.0.28fixed 8.0.28

    Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.

  • CVE-2026-45490HigJun 9, 2026
    affected >= 8.0.0, < 8.0.28fixed 8.0.28

    Improper authorization in .NET allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42899HigMay 12, 2026
    affected >= 8.0.0, < 8.0.27fixed 8.0.27

    Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.

  • CVE-2026-35433HigMay 12, 2026
    affected >= 8.0.0, < 8.0.27fixed 8.0.27

    Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

  • CVE-2026-32177HigMay 12, 2026
    affected >= 8.0.0, < 8.0.27fixed 8.0.27

    Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

  • CVE-2026-32175MedMay 12, 2026
    affected >= 8.0.0, < 8.0.27fixed 8.0.27

    A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited c

  • CVE-2026-33116HigApr 14, 2026
    affected >= 8.0.0, < 8.0.26fixed 8.0.26

    Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.

  • CVE-2026-32203HigApr 14, 2026
    affected >= 8.0.0, < 8.0.26fixed 8.0.26

    Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.

  • CVE-2026-32178HigApr 14, 2026
    affected >= 8.0.0, < 8.0.26fixed 8.0.26

    Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2026-26171HigApr 14, 2026
    affected >= 8.0.0, < 8.0.26fixed 8.0.26

    Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.

  • CVE-2026-25667HigMar 19, 2026
    affected >= 8.0.0, < 8.0.22fixed 8.0.22

    ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing.

  • CVE-2026-26131HigMar 10, 2026
    affected >= 10.0.0, < 10.0.4fixed 10.0.4

    Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26127HigMar 10, 2026
    affected >= 9.0.0, < 9.0.14fixed 9.0.14

    Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.

  • CVE-2026-21218Feb 10, 2026
    affected >= 8.0.0, < 8.0.24fixed 8.0.24

    Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-55248Oct 14, 2025
    affected >= 8.0.0, < 8.0.21fixed 8.0.21

    Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.

  • CVE-2025-55247Oct 14, 2025
    affected >= 8.0.0, < 8.0.21fixed 8.0.21

    Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.

  • CVE-2025-30399Jun 13, 2025
    affected >= 8.0.0, < 8.0.18fixed 8.0.18

    Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

  • CVE-2020-36846CriMay 30, 2025
    affected >= 5.0.0, < 5.0.15fixed 5.0.15

    A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library.  Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot" decompression

  • CVE-2025-26646May 13, 2025
    affected >= 8.0.0, < 8.0.16fixed 8.0.16

    External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.

Page 1 of 5