RHEL 9 : .NET 8.0 (RHSA-2026:24334)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24334 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

RHEL 10 : .NET 10.0 (RHSA-2026:22145)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:22145 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation...

RockyLinux 9 : .NET 10.0 (RLSA-2026:21297)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:21297 advisory. dotnet: .NET: infinite loop allows an attacker to cause a denial of service CVE-2026-42899 Tenable has extracted the preceding description block directly from th...

RHEL 8 : .NET 9.0 (RHSA-2026:21294)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21294 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation...

ROS-20260521-73-0001

A vulnerability in the .NET software platform is related to incorrectly used standard permissions. Exploitation of the vulnerability could allow an attacker to escalate privileges...

Security Updates for Microsoft Visual Studio Products (May 2026)

The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 - A tampering vulnerability exists when .NET Core improperl...

CVE-2026-35433

Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally...

CVE-2026-32177

Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally...

ROS-20260508-73-0011

A vulnerability in the .NET software platform is related to incorrect handling of a missing special element. Exploitation of the vulnerability could allow an attacker acting remotely to conduct spoofing attacks...

PT-2026-39162

Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network...

dotnet: .NET: Security Bypass and Denial of Service Vulnerability

A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service DoS, making the service unavailable, and a bypass of security features...

RHEL 9 : .NET 8.0 (RHSA-2026:10082)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:10082 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation...

RHEL 9 : .NET 9.0 (RHSA-2026:10085)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:10085 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

dotnet: .NET: Denial of Service via stack overflow

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...

dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform

A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...

dotnet: .NET: Security Bypass and Denial of Service Vulnerability

A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service DoS, making the service unavailable, and a bypass of security features...

dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform

A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...

CVE-2026-32203

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users. Mitigation Mitigation for this issue is either not available or...

CVE-2026-26171

The entry CVE-2026-26171 describes a .NET Denial of Service vulnerability with a CVSSv3.1 base score of 7.5 (HIGH) and network exposure. Exploitation is possible without user interaction and with no privileges required, affecting availability. The provided reference points to a Microsoft update g...

CVE-2026-32178

Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network...