Microsoft Microsoft.Netcore.App.Runtime.Osx-Arm64 vulnerabilities

CVE-2026-32178 [HIGH] CWE-138 Microsoft Security Advisory CVE-2026-32178 – .NET Spoofing Vulnerability Microsoft Security Advisory CVE-2026-32178 – .NET Spoofing Vulnerability ## Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in System.Net.Mail where

CVE-2026-26127 [HIGH] CWE-125 .NET Denial of Service Vulnerability .NET Denial of Service Vulnerability # Microsoft Security Advisory CVE-2026-26127 – .NET Denial of Service Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0 and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists in .NE

CVE-2025-55248 [MEDIUM] CWE-326 Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability # Microsoft Security Advisory CVE-2025-55248 | .NET Information Disclosure Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to

CVE-2025-36853 [HIGH] CWE-190 EOL .NET 6.0 Runtime Remote Code Execution Vulnerability EOL .NET 6.0 Runtime Remote Code Execution Vulnerability A vulnerability (CVE-2025-21172) exists in msdia140.dll due to integer overflow and heap-based overflow. Per CWE-122: Heap-based Buffer Overflow, a heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as mal

CVE-2025-30399 [HIGH] CWE-426 Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability # Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remo

CVE-2025-21176 [HIGH] CWE-126 Microsoft Security Advisory CVE-2025-21176 | .NET and Visual Studio Remote Code Execution Vulnerability Microsoft Security Advisory CVE-2025-21176 | .NET and Visual Studio Remote Code Execution Vulnerability # Microsoft Security Advisory CVE-2025-21176 | .NET and Visual Studio Remote Code Execution Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory a

CVE-2025-21172 [HIGH] CWE-122 CVE-2025-21172: .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability

CVE-2025-21171 [HIGH] CWE-122 Microsoft Security Advisory CVE-2025-21171 | .NET Remote Code Execution Vulnerability Microsoft Security Advisory CVE-2025-21171 | .NET Remote Code Execution Vulnerability # Microsoft Security Advisory CVE-2025-21171 | .NET Remote Code Execution Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0. This advisory also provides guidance on what developers can do to update their app

CVE-2024-38167 [MEDIUM] CWE-319 Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability # Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0. This advisory also provides guidance on what developers can do to update thei

CVE-2024-38095 [HIGH] CWE-20 Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability # Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their app

CVE-2024-30045 [MEDIUM] CWE-122 Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability # Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their appli

CVE-2024-21392 [HIGH] CWE-400 Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability # Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0 . This advisory also provides guidance on what developers can do to update their appl

CVE-2023-33128 [HIGH] CWE-416 .NET Remote Code Execution Vulnerability .NET Remote Code Execution Vulnerability # Microsoft Security Advisory CVE-2023-33128: .NET Remote Code Execution Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET source generator fo

CVE-2023-24936 [HIGH] .NET Elevation of Privilege Vulnerability .NET Elevation of Privilege Vulnerability # Microsoft Security Advisory CVE-2023-24936: .NET Elevation of Privilege Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET when deseri

CVE-2023-29331 [HIGH] CWE-400 .NET Denial of Service vulnerability .NET Denial of Service vulnerability # Microsoft Security Advisory CVE-2023-29331: .NET Denial of Service vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET when processing X.

CVE-2023-21538 [HIGH] CWE-502 .NET Denial of Service Vulnerability .NET Denial of Service Vulnerability # Microsoft Security Advisory CVE-2023-21538: .NET Denial of Service Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists in .NET 6.0 where a m

CVE-2022-24512 [MEDIUM] .NET Remote Code Execution Vulnerability .NET Remote Code Execution Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Remote Code Execution vulnerability exists in .NET 6.0, .NET 5.0, and .NET Core 3.1 where a stack buffer overrun occurs in .NET Double P

CVE-2020-8927 [MEDIUM] CWE-120 Integer overflow in the bundled Brotli C library Integer overflow in the bundled Brotli C library A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "s

CVE-2020-36846 [MEDIUM] Integer overflow in the bundled Brotli C library Integer overflow in the bundled Brotli C library A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streamin