NuGet package
microsoft.netcore.app.runtime.osx-arm64
pkg:nuget/microsoft.netcore.app.runtime.osx-arm64
Vulnerabilities (17)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-32178 | Hig | 7.5 | >= 10.0.0, < 10.0.6 | 10.0.6 | Apr 14, 2026 | Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network. | |
| CVE-2026-26127 | Hig | 7.5 | >= 9.0.0, < 9.0.14 | 9.0.14 | Mar 10, 2026 | Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. | |
| CVE-2025-55248 | — | >= 9.0.0, < 9.0.10 | 9.0.10 | Oct 14, 2025 | Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. | ||
| CVE-2025-30399 | — | >= 9.0.0, < 9.0.6 | 9.0.6 | Jun 13, 2025 | Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-21172 | — | >= 9.0.0, < 9.0.1 | 9.0.1 | Jan 14, 2025 | .NET and Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2025-21176 | — | >= 9.0.0, < 9.0.1 | 9.0.1 | Jan 14, 2025 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2025-21171 | — | >= 9.0.0, < 9.0.1 | 9.0.1 | Jan 14, 2025 | .NET Remote Code Execution Vulnerability | ||
| CVE-2024-38167 | — | >= 8.0.0, < 8.0.8 | 8.0.8 | Aug 13, 2024 | .NET and Visual Studio Information Disclosure Vulnerability | ||
| CVE-2024-38095 | — | >= 8.0.0, < 8.0.7 | 8.0.7 | Jul 9, 2024 | .NET and Visual Studio Denial of Service Vulnerability | ||
| CVE-2024-30045 | — | >= 7.0.0, < 7.0.19 | 7.0.19 | May 14, 2024 | .NET and Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2024-21392 | — | >= 7.0.0-preview.1.22076.8, < 7.0.17 | 7.0.17 | Mar 12, 2024 | .NET and Visual Studio Denial of Service Vulnerability | ||
| CVE-2023-29331 | — | >= 6.0.0, < 6.0.18 | 6.0.18 | Jun 14, 2023 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | ||
| CVE-2023-24936 | — | >= 7.0.0, < 7.0.7 | 7.0.7 | Jun 14, 2023 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | ||
| CVE-2023-33128 | — | >= 7.0.0, < 7.0.7 | 7.0.7 | Jun 13, 2023 | .NET and Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2023-21538 | — | >= 6.0.0, < 6.0.13 | 6.0.13 | Jan 10, 2023 | .NET Denial of Service Vulnerability | ||
| CVE-2022-24512 | — | >= 6.0.0, < 6.0.3 | 6.0.3 | Mar 9, 2022 | .NET and Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2020-8927 | — | >= 6.0.0, < 6.0.3 | 6.0.3 | Sep 15, 2020 | A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to upda |
- affected >= 10.0.0, < 10.0.6fixed 10.0.6
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
- affected >= 9.0.0, < 9.0.14fixed 9.0.14
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
- CVE-2025-55248Oct 14, 2025affected >= 9.0.0, < 9.0.10fixed 9.0.10
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
- CVE-2025-30399Jun 13, 2025affected >= 9.0.0, < 9.0.6fixed 9.0.6
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
- CVE-2025-21172Jan 14, 2025affected >= 9.0.0, < 9.0.1fixed 9.0.1
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2025-21176Jan 14, 2025affected >= 9.0.0, < 9.0.1fixed 9.0.1
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
- CVE-2025-21171Jan 14, 2025affected >= 9.0.0, < 9.0.1fixed 9.0.1
.NET Remote Code Execution Vulnerability
- CVE-2024-38167Aug 13, 2024affected >= 8.0.0, < 8.0.8fixed 8.0.8
.NET and Visual Studio Information Disclosure Vulnerability
- CVE-2024-38095Jul 9, 2024affected >= 8.0.0, < 8.0.7fixed 8.0.7
.NET and Visual Studio Denial of Service Vulnerability
- CVE-2024-30045May 14, 2024affected >= 7.0.0, < 7.0.19fixed 7.0.19
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2024-21392Mar 12, 2024affected >= 7.0.0-preview.1.22076.8, < 7.0.17fixed 7.0.17
.NET and Visual Studio Denial of Service Vulnerability
- CVE-2023-29331Jun 14, 2023affected >= 6.0.0, < 6.0.18fixed 6.0.18
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
- CVE-2023-24936Jun 14, 2023affected >= 7.0.0, < 7.0.7fixed 7.0.7
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
- CVE-2023-33128Jun 13, 2023affected >= 7.0.0, < 7.0.7fixed 7.0.7
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2023-21538Jan 10, 2023affected >= 6.0.0, < 6.0.13fixed 6.0.13
.NET Denial of Service Vulnerability
- CVE-2022-24512Mar 9, 2022affected >= 6.0.0, < 6.0.3fixed 6.0.3
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2020-8927Sep 15, 2020affected >= 6.0.0, < 6.0.3fixed 6.0.3
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to upda