rpm package
almalinux/aspnetcore-runtime-8.0
pkg:rpm/almalinux/aspnetcore-runtime-8.0
Vulnerabilities (32)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-33116 | Hig | 7.5 | < 8.0.26-1.el8_10 | 8.0.26-1.el8_10 | Apr 14, 2026 | Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network. | |
| CVE-2026-32203 | Hig | 7.5 | < 8.0.26-1.el8_10 | 8.0.26-1.el8_10 | Apr 14, 2026 | Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. | |
| CVE-2026-32178 | Hig | 7.5 | < 8.0.26-1.el8_10 | 8.0.26-1.el8_10 | Apr 14, 2026 | Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network. | |
| CVE-2026-26171 | Hig | 7.5 | < 8.0.26-1.el8_10 | 8.0.26-1.el8_10 | Apr 14, 2026 | Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. | |
| CVE-2026-26130 | Hig | 7.5 | < 8.0.25-1.el10_1 | 8.0.25-1.el10_1 | Mar 10, 2026 | Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. | |
| CVE-2025-55248 | — | < 8.0.21-1.el8_10 | 8.0.21-1.el8_10 | Oct 14, 2025 | Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. | ||
| CVE-2025-55315 | — | < 8.0.21-1.el8_10 | 8.0.21-1.el8_10 | Oct 14, 2025 | Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. | ||
| CVE-2025-55247 | — | < 8.0.21-1.el8_10 | 8.0.21-1.el8_10 | Oct 14, 2025 | Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-30399 | — | < 8.0.17-1.el8_10 | 8.0.17-1.el8_10 | Jun 13, 2025 | Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-26646 | — | < 8.0.16-1.el8_10 | 8.0.16-1.el8_10 | May 13, 2025 | External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2025-24070 | — | < 8.0.14-1.el9_5 | 8.0.14-1.el9_5 | Mar 11, 2025 | Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2025-21172 | — | < 8.0.12-1.el8_10 | 8.0.12-1.el8_10 | Jan 14, 2025 | .NET and Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2025-21173 | — | < 8.0.12-1.el8_10 | 8.0.12-1.el8_10 | Jan 14, 2025 | .NET Elevation of Privilege Vulnerability | ||
| CVE-2025-21176 | — | < 8.0.12-1.el8_10 | 8.0.12-1.el8_10 | Jan 14, 2025 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2024-43485 | — | < 8.0.10-1.el8_10 | 8.0.10-1.el8_10 | Oct 8, 2024 | .NET and Visual Studio Denial of Service Vulnerability | ||
| CVE-2024-43484 | — | < 8.0.10-1.el8_10 | 8.0.10-1.el8_10 | Oct 8, 2024 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | ||
| CVE-2024-43483 | — | < 8.0.10-1.el8_10 | 8.0.10-1.el8_10 | Oct 8, 2024 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | ||
| CVE-2024-38229 | — | < 8.0.10-1.el8_10 | 8.0.10-1.el8_10 | Oct 8, 2024 | .NET and Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2024-38167 | — | < 8.0.8-1.el9_4 | 8.0.8-1.el9_4 | Aug 13, 2024 | .NET and Visual Studio Information Disclosure Vulnerability | ||
| CVE-2024-38095 | — | < 8.0.7-1.el9_4 | 8.0.7-1.el9_4 | Jul 9, 2024 | .NET and Visual Studio Denial of Service Vulnerability |
- affected < 8.0.26-1.el8_10fixed 8.0.26-1.el8_10
Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.
- affected < 8.0.26-1.el8_10fixed 8.0.26-1.el8_10
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
- affected < 8.0.26-1.el8_10fixed 8.0.26-1.el8_10
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
- affected < 8.0.26-1.el8_10fixed 8.0.26-1.el8_10
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
- affected < 8.0.25-1.el10_1fixed 8.0.25-1.el10_1
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
- CVE-2025-55248Oct 14, 2025affected < 8.0.21-1.el8_10fixed 8.0.21-1.el8_10
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
- CVE-2025-55315Oct 14, 2025affected < 8.0.21-1.el8_10fixed 8.0.21-1.el8_10
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
- CVE-2025-55247Oct 14, 2025affected < 8.0.21-1.el8_10fixed 8.0.21-1.el8_10
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
- CVE-2025-30399Jun 13, 2025affected < 8.0.17-1.el8_10fixed 8.0.17-1.el8_10
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
- CVE-2025-26646May 13, 2025affected < 8.0.16-1.el8_10fixed 8.0.16-1.el8_10
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
- CVE-2025-24070Mar 11, 2025affected < 8.0.14-1.el9_5fixed 8.0.14-1.el9_5
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
- CVE-2025-21172Jan 14, 2025affected < 8.0.12-1.el8_10fixed 8.0.12-1.el8_10
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2025-21173Jan 14, 2025affected < 8.0.12-1.el8_10fixed 8.0.12-1.el8_10
.NET Elevation of Privilege Vulnerability
- CVE-2025-21176Jan 14, 2025affected < 8.0.12-1.el8_10fixed 8.0.12-1.el8_10
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
- CVE-2024-43485Oct 8, 2024affected < 8.0.10-1.el8_10fixed 8.0.10-1.el8_10
.NET and Visual Studio Denial of Service Vulnerability
- CVE-2024-43484Oct 8, 2024affected < 8.0.10-1.el8_10fixed 8.0.10-1.el8_10
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
- CVE-2024-43483Oct 8, 2024affected < 8.0.10-1.el8_10fixed 8.0.10-1.el8_10
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
- CVE-2024-38229Oct 8, 2024affected < 8.0.10-1.el8_10fixed 8.0.10-1.el8_10
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2024-38167Aug 13, 2024affected < 8.0.8-1.el9_4fixed 8.0.8-1.el9_4
.NET and Visual Studio Information Disclosure Vulnerability
- CVE-2024-38095Jul 9, 2024affected < 8.0.7-1.el9_4fixed 8.0.7-1.el9_4
.NET and Visual Studio Denial of Service Vulnerability
Page 1 of 2