CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-43877 – ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-43877
15 Dec 2021 — ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en ASP.NET Core y Visual Studio • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43877 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-34532 – ASP.NET Core and Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-34532
12 Aug 2021 — ASP.NET Core and Visual Studio Information Disclosure Vulnerability Una Vulnerabilidad de Divulgación de Información en ASP.NET Core y Visual Studio .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.118 and .NET Runtime 3.1.18. Issues addressed include a denial of service vulnerability. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34532 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2021-1723 – ASP.NET Core and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1723
12 Jan 2021 — ASP.NET Core and Visual Studio Denial of Service Vulnerability Una Vulnerabilidad de Denegación de Servicio de ASP.NET Core y Visual Studio A flaw was found in dotnet. Running callbacks outside of locks results in Krestel deadlock using HTTP2. The highest threat from this vulnerability is to system availability. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a secu... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723 • CWE-833: Deadlock •
CVSS: 7.5EPSS: 13%CPEs: 14EXPL: 0CVE-2020-1045 – Microsoft ASP.NET Core Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-1045
08 Sep 2020 —
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.
The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.
The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.
Se presenta una vulnerabilidad de omisión de la característica de seguridad en la manera en que Micro... • https://access.redhat.com/errata/RHSA-2020:3699 • CWE-807: Reliance on Untrusted Inputs in a Security Decision •CVSS: 7.5EPSS: 6%CPEs: 7EXPL: 0CVE-2020-1597 – ASP.NET Core Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-1597
11 Aug 2020 — A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web appl... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0CVE-2020-1161 – dotnet: Denial of service due to infinite loop
https://notcve.org/view.php?id=CVE-2020-1161
21 May 2020 — A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. Existe una vulnerabilidad denegación de servicio cuando ASP.NET Core maneja inapropiadamente las peticiones web, también se conoce como "ASP.NET Core Denial of Service Vulnerability". An infinite loop was found in the HTTP Routing component of Microsoft.AspNetCore.App, which could be exploited by a remote, unauthenticated attacker. This flaw allows an attacker witho... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.3EPSS: 10%CPEs: 5EXPL: 0CVE-2020-0603 – dotnet: Memory Corruption in SignalR
https://notcve.org/view.php?id=CVE-2020-0603
14 Jan 2020 — A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota en el software ASP.NET Core cuando el software presenta un fallo al manejar los objetos en memoria. Un atacante que explotó con éxito la vulnerabilidad pod... • https://access.redhat.com/errata/RHSA-2020:0130 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 4%CPEs: 5EXPL: 0CVE-2020-0602 – dotnet: Denial of service via backpressure issue
https://notcve.org/view.php?id=CVE-2020-0602
14 Jan 2020 — A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. Se presenta una vulnerabilidad de denegación de servicio cuando ASP.NET Core maneja inapropiadamente las peticiones web, también se conoce como "ASP.NET Core Denial of Service Vulnerability". A denial of service flaw was found in ASP.NET Core. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted requests to an ASP.NET Cor... • https://access.redhat.com/errata/RHSA-2020:0130 • CWE-400: Uncontrolled Resource Consumption •