CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2021-1723 – ASP.NET Core and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1723
12 Jan 2021 — ASP.NET Core and Visual Studio Denial of Service Vulnerability Una Vulnerabilidad de Denegación de Servicio de ASP.NET Core y Visual Studio A flaw was found in dotnet. Running callbacks outside of locks results in Krestel deadlock using HTTP2. The highest threat from this vulnerability is to system availability. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a secu... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723 • CWE-833: Deadlock •
CVSS: 7.5EPSS: 13%CPEs: 14EXPL: 0CVE-2020-1045 – Microsoft ASP.NET Core Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-1045
08 Sep 2020 —
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.
The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.
The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.
Se presenta una vulnerabilidad de omisión de la característica de seguridad en la manera en que Micro... • https://access.redhat.com/errata/RHSA-2020:3699 • CWE-807: Reliance on Untrusted Inputs in a Security Decision •CVSS: 7.5EPSS: 6%CPEs: 7EXPL: 0CVE-2020-1597 – ASP.NET Core Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-1597
11 Aug 2020 — A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web appl... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0CVE-2020-1161 – dotnet: Denial of service due to infinite loop
https://notcve.org/view.php?id=CVE-2020-1161
21 May 2020 — A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. Existe una vulnerabilidad denegación de servicio cuando ASP.NET Core maneja inapropiadamente las peticiones web, también se conoce como "ASP.NET Core Denial of Service Vulnerability". An infinite loop was found in the HTTP Routing component of Microsoft.AspNetCore.App, which could be exploited by a remote, unauthenticated attacker. This flaw allows an attacker witho... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.3EPSS: 10%CPEs: 5EXPL: 0CVE-2020-0603 – dotnet: Memory Corruption in SignalR
https://notcve.org/view.php?id=CVE-2020-0603
14 Jan 2020 — A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota en el software ASP.NET Core cuando el software presenta un fallo al manejar los objetos en memoria. Un atacante que explotó con éxito la vulnerabilidad pod... • https://access.redhat.com/errata/RHSA-2020:0130 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 4%CPEs: 5EXPL: 0CVE-2020-0602 – dotnet: Denial of service via backpressure issue
https://notcve.org/view.php?id=CVE-2020-0602
14 Jan 2020 — A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. Se presenta una vulnerabilidad de denegación de servicio cuando ASP.NET Core maneja inapropiadamente las peticiones web, también se conoce como "ASP.NET Core Denial of Service Vulnerability". A denial of service flaw was found in ASP.NET Core. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted requests to an ASP.NET Cor... • https://access.redhat.com/errata/RHSA-2020:0130 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 9%CPEs: 3EXPL: 0CVE-2019-1302
https://notcve.org/view.php?id=CVE-2019-1302
11 Sep 2019 — An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'. Se presenta una vulnerabilidad de elevación de privilegios cuando una aplicación web de ASP.NET Core, creada usando plantillas de proyecto vulnerables, no puede sanear apropiadamente las peticiones web, también se conoce como "ASP.NET Core Elevation Of Privilege Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1302 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1075
https://notcve.org/view.php?id=CVE-2019-1075
15 Jul 2019 — A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'. Existe una vulnerabilidad de suplantación de identidad en el Core de ASP.NET que podría conllevar a un redireccionamiento abierto, también se conoce como "ASP.NET Core Spoofing Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 0CVE-2019-0982
https://notcve.org/view.php?id=CVE-2019-0982
16 May 2019 — A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. Existe una vulnerabilidad de Denegación de Servicio (DoS) cuando ASP.NET Core maneja inapropiadamente las solicitudes web, también se conoce como 'ASP.NET Core Denial of Service Vulnerability' • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0982 • CWE-19: Data Processing Errors •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 0CVE-2019-0815
https://notcve.org/view.php?id=CVE-2019-0815
09 Apr 2019 — A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. Se presenta una vulnerabilidad de denegación de servicio cuando ASP.NET Core maneja inapropiadamente las peticiones web, también se conoce como "ASP.NET Core Denial of Service Vulnerability". • http://www.securityfocus.com/bid/107701 • CWE-19: Data Processing Errors •