Rh-dotnet31-dotnet
Vulnerabilities
27
Known exploited
1
Max CVSS
9.3
Top EPSS
0.94243
Severity breakdown
Critical
1
High
17
Medium
9
Low
0
Also matched as (raw): rh-dotnet31-dotnet
Top vulnerabilities
CVE-2022-1650Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.
CVE-2020-1147A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
CVE-2021-26701.NET Core Remote Code Execution Vulnerability
CVE-2020-0603A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.
CVE-2022-41032NuGet Client Elevation of Privilege Vulnerability
CVE-2022-38013.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2022-29145.NET and Visual Studio Denial of Service Vulnerability
CVE-2022-29117.NET and Visual Studio Denial of Service Vulnerability
CVE-2022-24464.NET and Visual Studio Denial of Service Vulnerability
CVE-2022-23267.NET and Visual Studio Denial of Service Vulnerability
CVE-2021-26423.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2021-1723ASP.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2020-1597A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.
The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.
CVE-2020-1161A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
CVE-2020-1108A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.
CVE-2020-1045<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p>
<p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p>
<p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>
CVE-2020-0602A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
CVE-2021-31204.NET and Visual Studio Elevation of Privilege Vulnerability
CVE-2022-0613Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8.
CVE-2021-1721.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2020-8927A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
CVE-2022-24512.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2022-34716.NET Spoofing Vulnerability
CVE-2021-31957ASP.NET Core Denial of Service Vulnerability
CVE-2021-34532ASP.NET Core and Visual Studio Information Disclosure Vulnerability