NuGet package
microsoft.aspnetcore.app.runtime.linux-musl-arm
pkg:nuget/microsoft.aspnetcore.app.runtime.linux-musl-arm
Vulnerabilities (16)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-26130 | Hig | 7.5 | >= 8.0.0, < 8.0.25 | 8.0.25 | Mar 10, 2026 | Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. | |
| CVE-2025-55315 | — | >= 10.0.0-rc.1.25451.107, < 10.0.0-rc.2.25502.107 | 10.0.0-rc.2.25502.107 | Oct 14, 2025 | Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. | ||
| CVE-2025-24070 | — | >= 9.0.0, < 9.0.3 | 9.0.3 | Mar 11, 2025 | Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2024-38229 | — | >= 9.0.0-preview.1.24081.5, < 9.0.0-rc.2.24474.3 | 9.0.0-rc.2.24474.3 | Oct 8, 2024 | .NET and Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2024-35264 | — | >= 8.0.0, < 8.0.7 | 8.0.7 | Jul 9, 2024 | .NET and Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2024-30046 | — | >= 8.0.0, < 8.0.5 | 8.0.5 | May 14, 2024 | Visual Studio Denial of Service Vulnerability | ||
| CVE-2024-21386 | — | < 6.0.27 | 6.0.27 | Feb 13, 2024 | .NET Denial of Service Vulnerability | ||
| CVE-2023-33170 | — | < 6.0.20 | 6.0.20 | Jul 11, 2023 | ASP.NET and Visual Studio Security Feature Bypass Vulnerability | ||
| CVE-2022-38013 | — | >= 5.0.0, < 6.0.9 | 6.0.9 | Sep 13, 2022 | .NET Core and Visual Studio Denial of Service Vulnerability | ||
| CVE-2022-34716 | — | >= 3.1.0, < 3.1.28 | 3.1.28 | Aug 9, 2022 | .NET Spoofing Vulnerability | ||
| CVE-2022-29145 | — | >= 3.0.0, < 3.1.25 | 3.1.25 | May 10, 2022 | .NET and Visual Studio Denial of Service Vulnerability | ||
| CVE-2022-29117 | — | >= 3.0.0, < 3.1.25 | 3.1.25 | May 10, 2022 | .NET and Visual Studio Denial of Service Vulnerability | ||
| CVE-2022-23267 | — | >= 5.0.1, < 5.0.17 | 5.0.17 | May 10, 2022 | .NET and Visual Studio Denial of Service Vulnerability | ||
| CVE-2022-24464 | — | >= 5.0.0, < 5.0.15 | 5.0.15 | Mar 9, 2022 | .NET and Visual Studio Denial of Service Vulnerability | ||
| CVE-2022-21986 | — | >= 5.0.0, < 5.0.14 | 5.0.14 | Feb 9, 2022 | .NET Denial of Service Vulnerability | ||
| CVE-2021-1723 | — | >= 5.0.1, < 5.0.2 | 5.0.2 | Jan 12, 2021 | ASP.NET Core and Visual Studio Denial of Service Vulnerability |
- affected >= 8.0.0, < 8.0.25fixed 8.0.25
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
- CVE-2025-55315Oct 14, 2025affected >= 10.0.0-rc.1.25451.107, < 10.0.0-rc.2.25502.107fixed 10.0.0-rc.2.25502.107
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
- CVE-2025-24070Mar 11, 2025affected >= 9.0.0, < 9.0.3fixed 9.0.3
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
- CVE-2024-38229Oct 8, 2024affected >= 9.0.0-preview.1.24081.5, < 9.0.0-rc.2.24474.3fixed 9.0.0-rc.2.24474.3
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2024-35264Jul 9, 2024affected >= 8.0.0, < 8.0.7fixed 8.0.7
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2024-30046May 14, 2024affected >= 8.0.0, < 8.0.5fixed 8.0.5
Visual Studio Denial of Service Vulnerability
- CVE-2024-21386Feb 13, 2024affected < 6.0.27fixed 6.0.27
.NET Denial of Service Vulnerability
- CVE-2023-33170Jul 11, 2023affected < 6.0.20fixed 6.0.20
ASP.NET and Visual Studio Security Feature Bypass Vulnerability
- CVE-2022-38013Sep 13, 2022affected >= 5.0.0, < 6.0.9fixed 6.0.9
.NET Core and Visual Studio Denial of Service Vulnerability
- CVE-2022-34716Aug 9, 2022affected >= 3.1.0, < 3.1.28fixed 3.1.28
.NET Spoofing Vulnerability
- CVE-2022-29145May 10, 2022affected >= 3.0.0, < 3.1.25fixed 3.1.25
.NET and Visual Studio Denial of Service Vulnerability
- CVE-2022-29117May 10, 2022affected >= 3.0.0, < 3.1.25fixed 3.1.25
.NET and Visual Studio Denial of Service Vulnerability
- CVE-2022-23267May 10, 2022affected >= 5.0.1, < 5.0.17fixed 5.0.17
.NET and Visual Studio Denial of Service Vulnerability
- CVE-2022-24464Mar 9, 2022affected >= 5.0.0, < 5.0.15fixed 5.0.15
.NET and Visual Studio Denial of Service Vulnerability
- CVE-2022-21986Feb 9, 2022affected >= 5.0.0, < 5.0.14fixed 5.0.14
.NET Denial of Service Vulnerability
- CVE-2021-1723Jan 12, 2021affected >= 5.0.1, < 5.0.2fixed 5.0.2
ASP.NET Core and Visual Studio Denial of Service Vulnerability