Net
by Microsoft
Source repositories
CVEs (30)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-44487 | Hig | 0.65 | 7.5 | 1.00 | KEV | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | |
| CVE-2026-45490 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Improper authorization in .NET allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26131 | Hig | 0.51 | 7.8 | 0.00 | Mar 10, 2026 | Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26127 | Hig | 0.49 | 7.5 | 0.02 | Mar 10, 2026 | Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. | ||
| CVE-2022-29145 | Hig | 0.49 | 7.5 | 0.05 | May 10, 2022 | .NET and Visual Studio Denial of Service Vulnerability | ||
| CVE-2022-29117 | Hig | 0.49 | 7.5 | 0.05 | May 10, 2022 | .NET and Visual Studio Denial of Service Vulnerability | ||
| CVE-2022-24464 | Hig | 0.49 | 7.5 | 0.03 | Mar 9, 2022 | .NET and Visual Studio Denial of Service Vulnerability | ||
| CVE-2026-35433 | Hig | 0.47 | 7.3 | 0.01 | May 12, 2026 | Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. | ||
| CVE-2026-33116 | Hig | 0.42 | 7.5 | 0.01 | Apr 14, 2026 | Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-32203 | Hig | 0.42 | 7.5 | 0.01 | Apr 14, 2026 | Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-32178 | Hig | 0.42 | 7.5 | 0.01 | Apr 14, 2026 | Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2026-26171 | Hig | 0.42 | 7.5 | 0.01 | Apr 14, 2026 | Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-25667 | Hig | 0.42 | 7.5 | 0.03 | Mar 19, 2026 | ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing. | ||
| CVE-2022-38013 | Hig | 0.42 | 7.5 | 0.03 | Sep 13, 2022 | .NET Core and Visual Studio Denial of Service Vulnerability | ||
| CVE-2026-45491 | Med | 0.40 | 6.2 | 0.00 | Jun 9, 2026 | Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally. | ||
| CVE-2022-24512 | Med | 0.34 | 6.3 | 0.02 | Mar 9, 2022 | .NET and Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2021-24111 | 0.02 | — | 0.04 | Feb 25, 2021 | .NET Framework Denial of Service Vulnerability | |||
| CVE-2021-31957 | 0.01 | — | 0.05 | Jun 8, 2021 | ASP.NET Core Denial of Service Vulnerability | |||
| CVE-2021-1721 | 0.01 | — | 0.03 | Feb 25, 2021 | .NET Core and Visual Studio Denial of Service Vulnerability | |||
| CVE-2020-16937 | 0.01 | — | 0.03 | Oct 16, 2020 | An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory. To exploit the vulnerability, an authenticated… |
- risk 0.65cvss 7.5epss 1.00
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- risk 0.51cvss 7.8epss 0.00
Improper authorization in .NET allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
- risk 0.49cvss 7.5epss 0.02
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.05
.NET and Visual Studio Denial of Service Vulnerability
- risk 0.49cvss 7.5epss 0.05
.NET and Visual Studio Denial of Service Vulnerability
- risk 0.49cvss 7.5epss 0.03
.NET and Visual Studio Denial of Service Vulnerability
- risk 0.47cvss 7.3epss 0.01
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
- risk 0.42cvss 7.5epss 0.01
Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.
- risk 0.42cvss 7.5epss 0.01
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
- risk 0.42cvss 7.5epss 0.01
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
- risk 0.42cvss 7.5epss 0.01
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
- risk 0.42cvss 7.5epss 0.03
ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing.
- risk 0.42cvss 7.5epss 0.03
.NET Core and Visual Studio Denial of Service Vulnerability
- risk 0.40cvss 6.2epss 0.00
Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.
- risk 0.34cvss 6.3epss 0.02
.NET and Visual Studio Remote Code Execution Vulnerability
- CVE-2021-24111Feb 25, 2021risk 0.02cvss —epss 0.04
.NET Framework Denial of Service Vulnerability
- CVE-2021-31957Jun 8, 2021risk 0.01cvss —epss 0.05
ASP.NET Core Denial of Service Vulnerability
- CVE-2021-1721Feb 25, 2021risk 0.01cvss —epss 0.03
.NET Core and Visual Studio Denial of Service Vulnerability
- CVE-2020-16937Oct 16, 2020risk 0.01cvss —epss 0.03
An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory. To exploit the vulnerability, an authenticated…
Page 1 of 2