Microsoft Microsoft.Netcore.App.Runtime.Win-Arm64 vulnerabilities

CVE-2023-29331 [HIGH] CWE-400 .NET Denial of Service vulnerability .NET Denial of Service vulnerability # Microsoft Security Advisory CVE-2023-29331: .NET Denial of Service vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET when processing X.

CVE-2023-24897 [HIGH] CWE-122 .NET Remote Code Execution Vulnerability .NET Remote Code Execution Vulnerability # Microsoft Security Advisory CVE-2023-24897: .NET Remote Code Execution Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. This security update addresses a vuln

CVE-2023-28260 [HIGH] .NET Remote Code Execution vulnerability .NET Remote Code Execution vulnerability # Microsoft Security Advisory CVE-2023-28260: .NET Remote Code Execution Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET running on Win

CVE-2023-21808 [HIGH] CWE-416 .NET Remote Code Execution Vulnerability .NET Remote Code Execution Vulnerability # Microsoft Security Advisory CVE-2023-21808: .NET Remote Code Execution Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in how .NET re

CVE-2023-21538 [HIGH] CWE-502 .NET Denial of Service Vulnerability .NET Denial of Service Vulnerability # Microsoft Security Advisory CVE-2023-21538: .NET Denial of Service Vulnerability ## Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists in .NET 6.0 where a m

CVE-2021-26423 [HIGH] .NET Core Elevation of Privilege Vulnerability .NET Core Elevation of Privilege Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists in .NET 5.0, .NET Core 3.1 and .NET Core 2.1 where .NET (Core) server applications providing WebS

CVE-2021-34485 [MEDIUM] .NET Core Information Disclosure Vulnerability .NET Core Information Disclosure Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1 and .NET Core 2.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An information disclosure vulnerability exists in .NET 5.0, .NET Core 3.1 and .NET Core 2.1 when dumps created by the too

CVE-2022-24512 [MEDIUM] .NET Remote Code Execution Vulnerability .NET Remote Code Execution Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Remote Code Execution vulnerability exists in .NET 6.0, .NET 5.0, and .NET Core 3.1 where a stack buffer overrun occurs in .NET Double P

CVE-2020-1147 [HIGH] .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

CVE-2020-1108 [HIGH] .NET Core & .NET Framework Denial of Service Vulnerability .NET Core & .NET Framework Denial of Service Vulnerability A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.

CVE-2021-1721 [MEDIUM] Denial of service in .NET core Denial of service in .NET core .NET Core and Visual Studio Denial of Service Vulnerability due to a vulnerability which exists when creating HTTPS web request during X509 certificate chain building.

CVE-2020-8927 [MEDIUM] CWE-120 Integer overflow in the bundled Brotli C library Integer overflow in the bundled Brotli C library A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "s

CVE-2020-36846 [MEDIUM] Integer overflow in the bundled Brotli C library Integer overflow in the bundled Brotli C library A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streamin