7 matches found
Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability
Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core SignalR and Blazor Server. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack via improper link resolution before file access. An attacker can modify local files by exploiting symbolic links to redirect file operations to unintended locations. Remediation Upgrade...
Infinite loop
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the...
Improper Authentication
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Improper Authentication in the RefreshSignInAsyn...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the loading of a specially crafted file. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-x64 to version 8.0.12, 9.0.1 or higher. References - GitHub Issue...
Use After Free
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free that could allow remote code...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS when creating HTTPS web requests while building X509 certificate chains. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users...