| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. |
| .NET Core Remote Code Execution Vulnerability |
| .NET Core and Visual Studio Denial of Service Vulnerability |
| .NET Core and Visual Studio Denial of Service Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| .NET and Visual Studio Remote Code Execution Vulnerability |
| .NET Framework Remote Code Execution Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.
To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.
The security update fixes the vulnerability by ensuring .NET Core properly handles files. |
| Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. |
| Visual Studio Tools for Office Runtime Spoofing Vulnerability |
| .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
| Visual Studio Remote Code Execution Vulnerability |
| .NET and Visual Studio Remote Code Execution Vulnerability |
| Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. |
| Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network. |
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. |
| A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.
The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests. |
