Microsoft Net Core vulnerabilities

29 known vulnerabilities affecting microsoft/net_core.

Total CVEs

29

CISA KEV

1

actively exploited

Public exploits

1

Exploited in wild

1

Severity breakdown

HIGH21MEDIUM8

Vulnerabilities

Page 2 of 2

CVE-2019-0657MEDIUMCVSS 5.9v1.0v2.1+2 more2019-03-05

CVE-2019-0657 [MEDIUM] CWE-20 CVE-2019-0657: A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.

CVE-2019-0545HIGHCVSS 7.5v2.1v2.22019-01-08

CVE-2019-0545 [HIGH] CWE-200 CVE-2019-0545: An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassin An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Frame

CVE-2018-8416MEDIUMCVSS 6.5v2.12018-11-14

CVE-2018-8416 [MEDIUM] CVE-2018-8416: A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NE A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1.

CVE-2018-8292HIGHCVSS 7.5v1.0v1.1+1 more2018-10-10

CVE-2018-8292 [HIGH] CWE-200 CVE-2018-8292: An information disclosure vulnerability exists in .NET Core when authentication information is inadv An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.

CVE-2018-8409HIGHCVSS 7.5≥ 2.1, < 2.1.4v2.12018-09-13

CVE-2018-8409 [HIGH] CVE-2018-8409: A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka " A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.

CVE-2018-8356MEDIUMCVSS 5.5v1.0v1.1+1 more2018-07-11

CVE-2018-8356 [MEDIUM] CWE-295 CVE-2018-8356: A security feature bypass vulnerability exists when Microsoft .NET Framework components do not corre A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, AS

CVE-2018-0765HIGHCVSS 7.5v2.02018-05-09

CVE-2018-0765 [HIGH] CWE-611 CVE-2018-0765: A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, a A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft

CVE-2018-0786HIGHCVSS 7.5v1.0v2.02018-01-10

CVE-2018-0786 [HIGH] CWE-295 CVE-2018-0786: Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Co Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."

CVE-2018-0764HIGHCVSS 7.5v1.0v1.1+1 more2018-01-10

CVE-2018-0764 [HIGH] CVE-2018-0764: Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.

← Previous2 / 2