VulnerableCode Package Details - pkg:rpm/redhat/dotnet9.0@9.0.111-1?arch=el9

Search for packages

Vulnerability	Summary	Fixed by
VCID-cju3-5hjk-h3d3 Aliases: CVE-2025-55315 GHSA-5rrx-jjjq-q2r5	Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.	There are no reported fixed by versions.
VCID-hrdk-wnbt-cyes Aliases: CVE-2025-55247 GHSA-w3q9-fxm7-j8fq	Microsoft Security Advisory CVE-2025-55247 \| .NET Denial of Service Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0.xxx, .NET 9.0.xxx and .NET 10.0.xxx. This advisory also provides guidance on what developers can do to update their environments to remove this vulnerability. A vulnerability exists in .NET where predictable paths for MSBuild's temporary directories on Linux let another user create the directories ahead of MSBuild, leading to DoS of builds. This only affects .NET on Linux operating systems.	There are no reported fixed by versions.
VCID-k3fx-jcj4-jfc6 Aliases: CVE-2025-55248 GHSA-gwq6-fmvp-qp68	Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A MITM (man in the middle) attacker may prevent use of TLS between client and SMTP server, forcing client to send data over unencrypted connection.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-cju3-5hjk-h3d3
Aliases:
CVE-2025-55315
GHSA-5rrx-jjjq-q2r5

Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

There are no reported fixed by versions.

VCID-hrdk-wnbt-cyes
Aliases:
CVE-2025-55247
GHSA-w3q9-fxm7-j8fq

Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0.xxx, .NET 9.0.xxx and .NET 10.0.xxx. This advisory also provides guidance on what developers can do to update their environments to remove this vulnerability. A vulnerability exists in .NET where predictable paths for MSBuild's temporary directories on Linux let another user create the directories ahead of MSBuild, leading to DoS of builds. This only affects .NET on Linux operating systems.

There are no reported fixed by versions.

VCID-k3fx-jcj4-jfc6
Aliases:
CVE-2025-55248
GHSA-gwq6-fmvp-qp68

Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A MITM (man in the middle) attacker may prevent use of TLS between client and SMTP server, forcing client to send data over unencrypted connection.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:35:50.377900+00:00	RedHat Importer	Affected by	VCID-k3fx-jcj4-jfc6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55248.json	38.0.0
2026-04-01T13:35:50.107453+00:00	RedHat Importer	Affected by	VCID-cju3-5hjk-h3d3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55315.json	38.0.0
2026-04-01T13:35:49.843461+00:00	RedHat Importer	Affected by	VCID-hrdk-wnbt-cyes	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55247.json	38.0.0