Bitnami package
dotnet-sdk
pkg:bitnami/dotnet-sdk
Vulnerabilities (87)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-42899 | Hig | 7.5 | >= 8.0.0, < 8.0.27 | 8.0.27 | May 12, 2026 | Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network. | |
| CVE-2026-33116 | Hig | 7.5 | >= 8.0.0, < 8.0.26 | 8.0.26 | Apr 14, 2026 | Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network. | |
| CVE-2026-32203 | Hig | 7.5 | >= 8.0.0, < 8.0.26 | 8.0.26 | Apr 14, 2026 | Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. | |
| CVE-2026-32178 | Hig | 7.5 | >= 8.0.0, < 8.0.26 | 8.0.26 | Apr 14, 2026 | Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network. | |
| CVE-2026-26171 | Hig | 7.5 | >= 8.0.0, < 8.0.26 | 8.0.26 | Apr 14, 2026 | Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. | |
| CVE-2026-25667 | Hig | 7.5 | >= 8.0.0, < 8.0.22 | 8.0.22 | Mar 19, 2026 | ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing. | |
| CVE-2026-26131 | Hig | 7.8 | >= 10.0.0, < 10.0.4 | 10.0.4 | Mar 10, 2026 | Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-26127 | Hig | 7.5 | >= 9.0.0, < 9.0.14 | 9.0.14 | Mar 10, 2026 | Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. | |
| CVE-2026-21218 | — | >= 8.0.0, < 8.0.24 | 8.0.24 | Feb 10, 2026 | Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-55248 | — | >= 8.0.0, < 8.0.21 | 8.0.21 | Oct 14, 2025 | Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. | ||
| CVE-2025-55247 | — | >= 8.0.0, < 8.0.21 | 8.0.21 | Oct 14, 2025 | Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-30399 | — | >= 8.0.0, < 8.0.101 | 8.0.101 | Jun 13, 2025 | Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. | ||
| CVE-2020-36846 | Cri | 9.8 | >= 5.0.0, < 5.0.15 | 5.0.15 | May 30, 2025 | A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot" decompression | |
| CVE-2025-26646 | — | >= 8.0.0, < 8.0.101 | 8.0.101 | May 13, 2025 | External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2025-21172 | — | >= 8.0.0, < 8.0.101 | 8.0.101 | Jan 14, 2025 | .NET and Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2025-21173 | — | >= 8.0.0, < 8.0.101 | 8.0.101 | Jan 14, 2025 | .NET Elevation of Privilege Vulnerability | ||
| CVE-2025-21176 | — | >= 8.0.0, < 8.0.101 | 8.0.101 | Jan 14, 2025 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2025-21171 | — | >= 9.0.0, < 9.0.100 | 9.0.100 | Jan 14, 2025 | .NET Remote Code Execution Vulnerability | ||
| CVE-2024-43498 | — | >= 9.0.0, < 9.0.1 | 9.0.1 | Nov 12, 2024 | .NET and Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2024-43499 | — | >= 9.0.0, < 9.0.1 | 9.0.1 | Nov 12, 2024 | .NET and Visual Studio Denial of Service Vulnerability |
- affected >= 8.0.0, < 8.0.27fixed 8.0.27
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
- affected >= 8.0.0, < 8.0.26fixed 8.0.26
Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.
- affected >= 8.0.0, < 8.0.26fixed 8.0.26
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
- affected >= 8.0.0, < 8.0.26fixed 8.0.26
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
- affected >= 8.0.0, < 8.0.26fixed 8.0.26
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
- affected >= 8.0.0, < 8.0.22fixed 8.0.22
ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing.
- affected >= 10.0.0, < 10.0.4fixed 10.0.4
Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
- affected >= 9.0.0, < 9.0.14fixed 9.0.14
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
- CVE-2026-21218Feb 10, 2026affected >= 8.0.0, < 8.0.24fixed 8.0.24
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-55248Oct 14, 2025affected >= 8.0.0, < 8.0.21fixed 8.0.21
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
- CVE-2025-55247Oct 14, 2025affected >= 8.0.0, < 8.0.21fixed 8.0.21
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
- CVE-2025-30399Jun 13, 2025affected >= 8.0.0, < 8.0.101fixed 8.0.101
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
- affected >= 5.0.0, < 5.0.15fixed 5.0.15
A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot" decompression
- CVE-2025-26646May 13, 2025affected >= 8.0.0, < 8.0.101fixed 8.0.101
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
- CVE-2025-21172Jan 14, 2025affected >= 8.0.0, < 8.0.101fixed 8.0.101
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2025-21173Jan 14, 2025affected >= 8.0.0, < 8.0.101fixed 8.0.101
.NET Elevation of Privilege Vulnerability
- CVE-2025-21176Jan 14, 2025affected >= 8.0.0, < 8.0.101fixed 8.0.101
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
- CVE-2025-21171Jan 14, 2025affected >= 9.0.0, < 9.0.100fixed 9.0.100
.NET Remote Code Execution Vulnerability
- CVE-2024-43498Nov 12, 2024affected >= 9.0.0, < 9.0.1fixed 9.0.1
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2024-43499Nov 12, 2024affected >= 9.0.0, < 9.0.1fixed 9.0.1
.NET and Visual Studio Denial of Service Vulnerability
Page 1 of 5