CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24070 – ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24070
11 Mar 2025 — Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. A flaw was found in the SignInManager.RefreshSignInAsync method. This flaw allows an attacker with local access and low privileges to escalate privileges. The issue might lead to unauthorized access or manipulation of authentication sessions. An update for.NET 8.0 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070 • CWE-269: Improper Privilege Management CWE-1390: Weak Authentication •
CVSS: 7.8EPSS: 18%CPEs: 6EXPL: 0CVE-2024-21404 – .NET Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-21404
13 Feb 2024 — .NET Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de .NET A denial of service vulnerability exists in .NET applications with OpenSSL support when parsing X509 certificates. The issue arises from inadequate validation of user-supplied input in .NET. This flaw allows a remote attacker to trigger a denial of service (DoS) attack by providing specially crafted input. Brennan Conroy discovered that .NET with SignalR did not properly handle malicious clients. An attacker could possibly... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21404 • CWE-400: Uncontrolled Resource Consumption CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 10%CPEs: 6EXPL: 0CVE-2024-21386 – .NET Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-21386
13 Feb 2024 — .NET Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de .NET A denial of service vulnerability is present in the .NET applications utilizing SignalR, which a malicious client can exploit. The issue arises from inadequate validation of user-supplied input in .NET. This flaw allows a remote attacker to trigger a denial of service (DoS) attack by providing specially crafted input. Brennan Conroy discovered that .NET with SignalR did not properly handle malicious clients. An attacker co... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.2EPSS: 29%CPEs: 14EXPL: 0CVE-2023-36038 – ASP.NET Core Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-36038
14 Nov 2023 — ASP.NET Core Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de ASP.NET Core • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36038 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.2EPSS: 0%CPEs: 11EXPL: 0CVE-2023-36558 – ASP.NET Core Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-36558
14 Nov 2023 — ASP.NET Core - Security Feature Bypass Vulnerability Vulnerabilidad de omisión de funciones de seguridad en ASP.NET Core ASP.NET Core Security Feature Bypass Vulnerability A security feature bypass vulnerability was found in Blazor forms in ASP.NET in the .NET package. Barry Dorrans discovered that .NET did not properly implement certain security features for Blazor server forms. An attacker could possibly use this issue to bypass validation, which could trigger unintended actions. Piotr Bazydlo discovered ... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558 •
CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 56%CPEs: 8EXPL: 0CVE-2023-38180 – Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-38180
08 Aug 2023 — .NET and Visual Studio Denial of Service Vulnerability An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service. It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. Benoit Foucher discovered that .NET did not properly implement the Q... • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 2%CPEs: 6EXPL: 0CVE-2023-35391 – ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-35391
08 Aug 2023 — ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35391 •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-43877 – ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-43877
15 Dec 2021 — ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en ASP.NET Core y Visual Studio • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43877 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-34532 – ASP.NET Core and Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-34532
12 Aug 2021 — ASP.NET Core and Visual Studio Information Disclosure Vulnerability Una Vulnerabilidad de Divulgación de Información en ASP.NET Core y Visual Studio .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.118 and .NET Runtime 3.1.18. Issues addressed include a denial of service vulnerability. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34532 • CWE-532: Insertion of Sensitive Information into Log File •