by Microsoft
Source repositories
CVEs (19)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-26131 | Hig | 0.51 | 7.8 | 0.00 | Mar 10, 2026 | Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-33116 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2026 | Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network. | |
| CVE-2026-32203 | Hig | 0.49 | 7.5 | 0.00 | Apr 14, 2026 | Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. | |
| CVE-2026-32178 | Hig | 0.49 | 7.5 | 0.00 | Apr 14, 2026 | Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network. | |
| CVE-2026-26171 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2026 | Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. | |
| CVE-2026-26127 | Hig | 0.49 | 7.5 | 0.00 | Mar 10, 2026 | Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. | |
| CVE-2026-25667 | Hig | 0.43 | 7.5 | 0.14 | Mar 19, 2026 | ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing. | |
| CVE-2021-24111 | 0.02 | — | 0.25 | Feb 25, 2021 | .NET Framework Denial of Service Vulnerability | ||
| CVE-2021-31957 | 0.01 | — | 0.09 | Jun 8, 2021 | ASP.NET Core Denial of Service Vulnerability | ||
| CVE-2021-1721 | 0.01 | — | 0.09 | Feb 25, 2021 | .NET Core and Visual Studio Denial of Service Vulnerability | ||
| CVE-2020-16937 | 0.01 | — | 0.09 | Oct 16, 2020 | <p>An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.</p> <p>To exploit the vulnerability, an authenticated attacker would need to run a specially crafted application.</p> <p>The update addresses the vulnerability by correcting how the .NET Framework handles objects in memory.</p> | ||
| CVE-2020-1046 | 0.01 | — | 0.11 | Aug 17, 2020 | A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application. The security update addresses the vulnerability by correcting how .NET Framework processes input. | ||
| CVE-2021-41355 | 0.00 | — | 0.04 | Oct 13, 2021 | .NET Core and Visual Studio Information Disclosure Vulnerability | ||
| CVE-2021-34485 | 0.00 | — | 0.01 | Aug 12, 2021 | .NET Core and Visual Studio Information Disclosure Vulnerability | ||
| CVE-2021-26423 | 0.00 | — | 0.03 | Aug 12, 2021 | .NET Core and Visual Studio Denial of Service Vulnerability | ||
| CVE-2021-31204 | 0.00 | — | 0.04 | May 11, 2021 | .NET and Visual Studio Elevation of Privilege Vulnerability | ||
| CVE-2021-26701 | 0.00 | — | 0.03 | Feb 25, 2021 | .NET Core Remote Code Execution Vulnerability | ||
| CVE-2021-24112 | 0.00 | — | 0.01 | Feb 25, 2021 | .NET Core Remote Code Execution Vulnerability | ||
| CVE-2020-1476 | 0.00 | — | 0.01 | Aug 17, 2020 | An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. To exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server. The update addresses the vulnerability by changing how ASP.NET and .NET handle requests. |