15 matches found
BIT-DOTNET-2026-25667
ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...
MiracleLinux 9 : dotnet7.0-7.0.111-1.el9.ML.1 (AXSA:2023-6425:27)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6425:27 advisory. dotnet: Denial of Service with Client Certificates using .NET Kestrel CVE-2023-36799 Tenable has extracted the preceding description block directly from the...
Denial Of Service (DoS)
Microsoft.AspNetCore.App.Runtime is vulnerable to Denial of Service DoS. The vulnerability is caused by a deadlock that occurs within the .NET Kestrel web server, specifically impacting the handling of concurrent requests under certain conditions, which allows an attacker to potentially disrupt...
dotnet: Denial of Service with Client Certificates using .NET Kestrel
A vulnerability was found in dotnet. This issue can lead to a denial of service when processing X.509 certificates...
USN-6438-2: .Net regressions
USN-6438-1 fixed vulnerabilities in .Net. It was discovered that the fix for CVE-2023-36799 was incomplete. This update fixes the problem. Original advisory details: Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to...
USN-6427-2 dotnet8 vulnerability
USN-6427-1 fixed a vulnerability in .NET. This update provides the corresponding update for .NET 8. Original advisory details: It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a denial of service...
.NET Core Multiple DoS Vulnerabilities - Windows
.NET Core is prone to multiple denial of service vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Security Update for .NET Core SDK (October 2023)
The version of Microsoft .NET Core SDK installed on the remote host is 6.0.x prior to 6.0.123, 6.0.x prior to 6.0.318, 6.0.x prior to 6.0.414, 7.0.x prior to 7.0.112 or 7.0.x prior to 7.0.309 or 7.0.x prior to 7.0.402. It is, therefore, affected by multiple vulnerabilities, as follows: - A...
Patch Tuesday - October 2023
Microsoft is addressing 105 vulnerabilities this October Patch Tuesday, including three zero-day vulnerabilities, as well as 12 critical remote code execution RCE vulnerabilities, and one republished third-party vulnerability. WordPad: zero-day NTLM hash disclosure Another Patch Tuesday, another...
dotnet: .NET Kestrel: Denial of Service processing X509 Certificates
A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates...
GHSA-X459-P2RX-F8FF .NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET 5.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Denial of Service vulnerability exists in .NET 6.0 and...
Denial of Service (DoS)
Overview Microsoft.AspNetCore.App.Runtime.linux-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS when the Kestrel web server...
Denial Of Service (DoS)
microsoft.aspnetcore.http.features is vulnerable to denial of service. The vulnerability exists in NET 6.0 and .NET 5.0 when kestrel web server processes certain HTTP requests causing an application crash...
PT-2022-1791 · Microsoft +5 · Net 5.0 +7
Name of the Vulnerable Software and Affected Versions: .NET 6.0 versions 6.0.0 through 6.0.1 .NET 5.0 versions 5.0.0 through 5.0.13 Description: A Denial of Service issue exists in .NET 6.0 and .NET 5.0 when the Kestrel web server processes certain HTTP/2 and HTTP/3 requests. This is due to...
Kestrel Web Server 输入验证错误漏洞
Kestrel Web Server is a cross-platform web server for ASP.NET Core. An input validation error vulnerability exists in Kestrel Web Server. The following products and releases are affected:Microsoft Visual Studio 2019 version 16.9 includes 16.0 - 16.8,Microsoft Visual Studio 2019 version 16.11...