Search for packages
| purl | pkg:nuget/Microsoft.NETCore.App@2.1.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1gtv-nubh-73a9
Aliases: CVE-2019-0564 GHSA-6px8-22w5-w334 |
Microsoft Security Advisory CVE-2019-0564: ASP.NET Core Denial of Service Vulnerability |
Affected by 5 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-5crw-96ay-a7b7
Aliases: CVE-2018-8416 GHSA-5633-f33j-c6f7 |
Microsoft Security Advisory CVE-2018-8416: .NET Core Tampering Vulnerability |
Affected by 5 other vulnerabilities. |
|
VCID-757k-8968-xkbx
Aliases: CVE-2021-1721 GHSA-3gp9-h8hw-pxpw |
Denial of service in .NET core .NET Core and Visual Studio Denial of Service Vulnerability due to a vulnerability which exists when creating HTTPS web request during X509 certificate chain building. |
Affected by 1 other vulnerability. |
|
VCID-du1r-hgyq-z7c7
Aliases: CVE-2021-34485 GHSA-vgwq-hfqc-58wv |
.NET Core Information Disclosure Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1 and .NET Core 2.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An information disclosure vulnerability exists in .NET 5.0, .NET Core 3.1 and .NET Core 2.1 when dumps created by the tool to collect crash dumps and dumps on demand are created with global read permissions on Linux and macOS. ### Patches * If you're using .NET 5.0, you should download and install Runtime 5.0.9 or SDK 5.0.206 (for Visual Studio 2019 v16.8) or SDK 5.0.303 (for Visual Studio 2019 V16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0. * If you're using .NET Core 3.1, you should download and install Runtime 3.1.18 or SDK 3.1.118 (for Visual Studio 2019 v16.4) or 3.1.412 (for Visual Studio 2019 v16.7 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1. * If you're using .NET Core 2.1, you should download and install Runtime 2.1.29 or SDK 2.1.525 (for Visual Studio 2019 v15.9) or 2.1.817 from https://dotnet.microsoft.com/download/dotnet-core/2.1. #### Other Details - Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/196 - An Issue for this can be found at https://github.com/dotnet/runtime/issues/57174 - MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34485 |
Affected by 0 other vulnerabilities. |
|
VCID-v2z1-w1v6-4ufg
Aliases: CVE-2020-1108 GHSA-3w5p-jhp5-c29q |
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'. |
Affected by 3 other vulnerabilities. |
|
VCID-vb4e-n91y-pqaf
Aliases: CVE-2019-0545 GHSA-2xjx-v99w-gqf3 |
Exposure of Sensitive Information to an Unauthorized Actor An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2. |
Affected by 5 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-wkn5-y3e5-67hj
Aliases: CVE-2019-0657 GHSA-x5qj-9vmx-7g6g |
Microsoft Security Advisory CVE-2019-0657: .NET Core Domain Spoofing Vulnerability |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-zy2q-8hz7-s7br
Aliases: CVE-2020-1147 GHSA-g5vf-38cp-4px9 |
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||