Microsoft Net

Do you want an email whenever new security vulnerabilities are reported in Microsoft Net?

Recent Microsoft Net Security Advisories

Advisory	Title	Published
CVE-2023-23415	Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability	March 14, 2023
CVE-2023-23407	Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability	March 14, 2023
CVE-2023-23385	Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability	March 14, 2023
CVE-2023-24859	Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability	March 14, 2023
CVE-2023-23414	Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability	March 14, 2023
CVE-2023-21722	.NET Framework Denial of Service Vulnerability	February 14, 2023
CVE-2023-21697	Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability	February 14, 2023
CVE-2023-21699	Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability	February 14, 2023
CVE-2023-21808	.NET and Visual Studio Remote Code Execution Vulnerability	February 14, 2023
CVE-2023-0129	Chromium:CVE-2023-0129: Heap buffer overflow in Network Service	January 12, 2023

By the Year

In 2023 there have been 2 vulnerabilities in Microsoft Net with an average score of 7.7 out of ten. Last year Net had 10 security vulnerabilities published. Right now, Net is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.35.

Year	Vulnerabilities	Average Score
2023	2	7.65
2022	10	7.30
2021	8	7.51
2020	1	6.50
2019	0	0.00
2018	0	0.00

It may take a day or so for new Net vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Net Security Vulnerabilities

.NET and Visual Studio Remote Code Execution Vulnerability

CVE-2023-21808 7.8 - High - February 14, 2023

.NET and Visual Studio Remote Code Execution Vulnerability

.NET Denial of Service Vulnerability.

CVE-2023-21538 7.5 - High - January 10, 2023

.NET Denial of Service Vulnerability.

NuGet Client Elevation of Privilege Vulnerability.

CVE-2022-41032 7.8 - High - October 11, 2022

NuGet Client Elevation of Privilege Vulnerability.

.NET Core and Visual Studio Denial of Service Vulnerability.

CVE-2022-38013 7.5 - High - September 13, 2022

.NET Core and Visual Studio Denial of Service Vulnerability.

.NET Spoofing Vulnerability.

CVE-2022-34716 5.9 - Medium - August 09, 2022

.NET Spoofing Vulnerability.

.NET and Visual Studio Information Disclosure Vulnerability.

CVE-2022-30184 5.5 - Medium - June 15, 2022

.NET and Visual Studio Information Disclosure Vulnerability.

.NET and Visual Studio Denial of Service Vulnerability

CVE-2022-29117 7.5 - High - May 10, 2022

.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.

Resource Exhaustion

.NET and Visual Studio Denial of Service Vulnerability

CVE-2022-29145 7.5 - High - May 10, 2022

.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29117.

.NET and Visual Studio Denial of Service Vulnerability

CVE-2022-23267 7.5 - High - May 10, 2022

.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145.

Resource Exhaustion

.NET and Visual Studio Remote Code Execution Vulnerability.

CVE-2022-24512 8.8 - High - March 09, 2022

.NET and Visual Studio Remote Code Execution Vulnerability.

.NET and Visual Studio Denial of Service Vulnerability.

CVE-2022-24464 7.5 - High - March 09, 2022

.NET and Visual Studio Denial of Service Vulnerability.

.NET Denial of Service Vulnerability.

CVE-2022-21986 7.5 - High - February 09, 2022

.NET Denial of Service Vulnerability.

.NET Core and Visual Studio Information Disclosure Vulnerability

CVE-2021-41355 5.7 - Medium - October 13, 2021

.NET Core and Visual Studio Information Disclosure Vulnerability

.NET Core and Visual Studio Denial of Service Vulnerability

CVE-2021-26423 7.5 - High - August 12, 2021

.NET Core and Visual Studio Denial of Service Vulnerability

.NET Core and Visual Studio Information Disclosure Vulnerability

CVE-2021-34485 5.5 - Medium - August 12, 2021

.NET Core and Visual Studio Information Disclosure Vulnerability

ASP.NET Denial of Service Vulnerability

CVE-2021-31957 7.5 - High - June 08, 2021

ASP.NET Denial of Service Vulnerability

.NET and Visual Studio Elevation of Privilege Vulnerability

CVE-2021-31204 7.8 - High - May 11, 2021

.NET and Visual Studio Elevation of Privilege Vulnerability

.NET Core Remote Code Execution Vulnerability

CVE-2021-26701 9.8 - Critical - February 25, 2021

.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112.

.NET Core Remote Code Execution Vulnerability

CVE-2021-24112 9.8 - Critical - February 25, 2021

.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26701.

.NET Core and Visual Studio Denial of Service Vulnerability

CVE-2021-1721 6.5 - Medium - February 25, 2021

.NET Core and Visual Studio Denial of Service Vulnerability

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash

CVE-2020-8927 6.5 - Medium - September 15, 2020

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.

Classic Buffer Overflow

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Visual Studio 2022 or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Net
Product

Microsoft Net

Recent Microsoft Net Security Advisories

By the Year

Recent Microsoft Net Security Vulnerabilities

.NET and Visual Studio Remote Code Execution Vulnerability CVE-2023-21808 7.8 - High - February 14, 2023

.NET Denial of Service Vulnerability. CVE-2023-21538 7.5 - High - January 10, 2023

NuGet Client Elevation of Privilege Vulnerability. CVE-2022-41032 7.8 - High - October 11, 2022

.NET Core and Visual Studio Denial of Service Vulnerability. CVE-2022-38013 7.5 - High - September 13, 2022

.NET Spoofing Vulnerability. CVE-2022-34716 5.9 - Medium - August 09, 2022

.NET and Visual Studio Information Disclosure Vulnerability. CVE-2022-30184 5.5 - Medium - June 15, 2022

.NET and Visual Studio Denial of Service Vulnerability CVE-2022-29117 7.5 - High - May 10, 2022

.NET and Visual Studio Denial of Service Vulnerability CVE-2022-29145 7.5 - High - May 10, 2022

.NET and Visual Studio Denial of Service Vulnerability CVE-2022-23267 7.5 - High - May 10, 2022

.NET and Visual Studio Remote Code Execution Vulnerability. CVE-2022-24512 8.8 - High - March 09, 2022

.NET and Visual Studio Denial of Service Vulnerability. CVE-2022-24464 7.5 - High - March 09, 2022

.NET Denial of Service Vulnerability. CVE-2022-21986 7.5 - High - February 09, 2022

.NET Core and Visual Studio Information Disclosure Vulnerability CVE-2021-41355 5.7 - Medium - October 13, 2021

.NET Core and Visual Studio Denial of Service Vulnerability CVE-2021-26423 7.5 - High - August 12, 2021

.NET Core and Visual Studio Information Disclosure Vulnerability CVE-2021-34485 5.5 - Medium - August 12, 2021

ASP.NET Denial of Service Vulnerability CVE-2021-31957 7.5 - High - June 08, 2021

.NET and Visual Studio Elevation of Privilege Vulnerability CVE-2021-31204 7.8 - High - May 11, 2021

.NET Core Remote Code Execution Vulnerability CVE-2021-26701 9.8 - Critical - February 25, 2021

.NET Core Remote Code Execution Vulnerability CVE-2021-24112 9.8 - Critical - February 25, 2021

.NET Core and Visual Studio Denial of Service Vulnerability CVE-2021-1721 6.5 - Medium - February 25, 2021

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash CVE-2020-8927 6.5 - Medium - September 15, 2020