CVSS: 7.5EPSS: 8%CPEs: 5EXPL: 0CVE-2018-8171
https://notcve.org/view.php?id=CVE-2018-8171
11 Jul 2018 — A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2. Existe una vulnerabilidad de omisión de la característica de seguridad en ASP.NET cuando el número de intentos de inicio de sesión incorrectos no se valida. Esto también se conoce como "ASP.NET Security Feature Bypass Vulnerability". Esto afecta ... • http://www.securityfocus.com/bid/104659 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 11%CPEs: 101EXPL: 1CVE-2017-0247
https://notcve.org/view.php?id=CVE-2017-0247
12 May 2017 — A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. Se presenta una vulnerabilidad ... • https://github.com/aspnet/Announcements/issues/239 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 101EXPL: 0CVE-2017-0249
https://notcve.org/view.php?id=CVE-2017-0249
12 May 2017 — An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Existe una vulnerabilidad de elevación de privilegios cuando el ASP.NET Core falla al desinfectar adecuadamente las solicitudes web. • https://github.com/aspnet/Announcements/issues/239 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 4%CPEs: 101EXPL: 0CVE-2017-0256
https://notcve.org/view.php?id=CVE-2017-0256
12 May 2017 — A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Se presenta una vulnerabilidad de suplantación de identidad cuando el Core de ASP.NET no puede sanear apropiadamente las peticiones web. • https://github.com/aspnet/Announcements/issues/239 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 18%CPEs: 5EXPL: 0CVE-2014-4075
https://notcve.org/view.php?id=CVE-2014-4075
15 Oct 2014 — Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability." Vulnerabilidad de XSS en System.Web.Mvc.dll en Microsoft ASP.NET Model View Controller (MVC) 2.0 hasta 5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una página web manipulada, también conocido como 'vulnerabilidad d... • http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •