CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2023-38180 – Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-38180
.NET and Visual Studio Denial of Service Vulnerability An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service. Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service (DoS). • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWVZFKTLNMNKPZ755EMRYIA6GHFOWGKY https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180 https://access.redhat.com/security/cve/CVE-2023-38180 https://bugzilla.redhat.com/show_bug.cgi?id=2228621 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-35391 – ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-35391
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35391 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-34532 – ASP.NET Core and Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-34532
ASP.NET Core and Visual Studio Information Disclosure Vulnerability Una Vulnerabilidad de Divulgación de Información en ASP.NET Core y Visual Studio • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34532 https://access.redhat.com/security/cve/CVE-2021-34532 https://bugzilla.redhat.com/show_bug.cgi?id=1990300 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1045 – Microsoft ASP.NET Core Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-1045
<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p> <p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p> Se presenta una vulnerabilidad de omisión de la característica de seguridad en la manera en que Microsoft ASP.NET Core analiza los nombres de cookies codificados. El analizador de cookies de ASP.NET Core decodifica cadenas de cookies completas que podrían permitir a un atacante malicioso establecer una segunda cookie con el nombre codificado en porcentaje. • https://access.redhat.com/errata/RHSA-2020:3699 https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045 https://security.snyk.io/vuln/SNYK-RHEL8 • CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2020-1597 – ASP.NET Core Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-1597
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests. Se presenta una vulnerabilidad de denegación de servicio cuando ASP.NET Core maneja inapropiadamente las peticiones web, también se conoce como "ASP.NET Core Denial of Service Vulnerability". A flaw was found in ASP.NET Core. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597 https://access.redhat.com/security/cve/CVE-2020-1597 https://bugzilla.redhat.com/show_bug.cgi?id=1861110 • CWE-400: Uncontrolled Resource Consumption •