jprdonnelly/core
1
0
Fork 0
mirror of synced 2025-12-19 18:06:02 -05:00
Code Issues Projects Releases Wiki Activity

Update CVE entries for .NET 6 patch versions (#9910)

Browse Source 
* Update CVE entries for .NET 6 patch versions. Added entries for .NET 6 versions 6.0.36 and 6.0.28 with no new CVEs. Updated version 6.0.35 to include three new denial of service CVEs. Removed outdated entries to streamline the document.

* Fix broken link for CVE-2025-26646

Replaced the outdated link for CVE-2025-26646 with the correct issue (#356) to ensure accurate information regarding .NET 8 security vulnerabilities.
This commit is contained in:
Dave Black
2025-05-28 15:02:15 -05:00
committed by GitHub
parent 43654d259d
commit 8caf972ba9
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
release-notes/6.0/cve.md
View File

@@ -8,6 +8,8 @@ Your app needs to be on the latest .NET 6 patch version to be secure. The longer
Your app may be vulnerable to the following published security [CVEs](https://www.cve.org/) if you are using an older .NET 6 patch version.
- 6.0.36 (November 2024)
- No new CVEs.
- 6.0.35 (October 2024)
- [CVE-2024-43483 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/327)
- [CVE-2024-43484 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/328)
@@ -23,6 +25,8 @@ Your app may be vulnerable to the following published security [CVEs](https://ww
- No new CVEs.
- 6.0.29 (April 2024)
- [CVE-2024-21409 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/303)
- 6.0.28 (March 2024)
- No new CVEs.
- 6.0.27 (February 2024)
- [CVE-2024-21386 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/295)
- [CVE-2024-21404 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/296)
@@ -66,8 +70,6 @@ Your app may be vulnerable to the following published security [CVEs](https://ww
- [CVE-2023-33135 | .NET Elevation of Privilege Vulnerability](https://github.com/dotnet/announcements/issues/252)
- 6.0.18 (June 2023)
- No new CVEs.
- 6.0.17 (May 2023)
- No new CVEs.
- 6.0.16 (April 2023)
- [CVE-2023-28260 | .NET Remote Code Execution Vulnerability](https://github.com/dotnet/announcements/issues/250)
- 6.0.15 (March 2023)

2
release-notes/8.0/cve.md
View File

@@ -9,7 +9,7 @@ Your app needs to be on the latest .NET 8 patch version to be secure. The longer
Your app may be vulnerable to the following published security [CVEs](https://www.cve.org/) if you are using an older version.
- 8.0.16 (May 2025)
- [CVE-2025-26646 | .NET and Visual Studio Spoofing Vulnerability](https://github.com/dotnet/announcements/issues/xxx)
- [CVE-2025-26646 | .NET and Visual Studio Spoofing Vulnerability](https://github.com/dotnet/announcements/issues/356)
- 8.0.15 (April 2025)
- [CVE-2025-26682 | .NET Denial of Service Vulnerability](https://github.com/dotnet/announcements/issues/352)
- 8.0.14 (March 2025)