17 matches found
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can exhaust system resources by sending specially crafted requests over the network, resulting in service unavailability for legitimate users. Remediation Upgrade...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys function when a form key contains an opening without a matching . An attacker can cause the application to become unresponsive by sending specially crafted network requests that trigge...
HTTP Response Splitting
Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.osx-arm64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit -...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of chunked HTTP requests. An attacker can bypass security restrictions and potentially access or manipulate sensitive data by sending specially crafted HTTP requests that exploit...
Buffer Over-read
Overview Affected versions of this package are vulnerable to Buffer Over-read via the DiaSymReader.dll process. An attacker can execute arbitrary code by exploiting a buffer over-read condition when the application processes specially crafted input. This issue affects EOL ASP.NET 6.0.0 = 6.0.36 a...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the msdia140.dll process. An attacker can execute arbitrary code by supplying specially crafted input that triggers an integer overflow and subsequent heap-bas...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when handling very large buffered HTTP/3 header values. Remediation Upgrade Microsoft.AspNetCore.App.Runtime.osx-arm64 to version 8.0.15, 9.0.4 or higher. References - GitHub Commit -...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the RefreshSignInAsync function method, which does not verify the identity of the calling TUser, allowing an attacker to escalate privileges to that of another user. Remediation Upgrade...
Cleartext Transmission of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information via the TlsStream process. An attacker can gain access to sensitive information by intercepting unencrypted data. Remediation Upgrade Microsoft.NETCore.App.Runtime.osx-arm64 to version 8.0...
Race Condition
Overview Affected versions of this package are vulnerable to Race Condition through the Microsoft.AspNetCore.Server.Kestrel.Core.dll component. An attacker can induce a deadlock condition leading to a denial of service by exploiting the handling of certain requests. Remediation Upgrade...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to a stack buffer overrun in the Double Parse routine. An attacker can execute arbitrary code by supplying a specially crafted input that triggers the buffer overrun. Remediation Upgrade...
Resource Exhaustion
Overview Affected versions of this package are vulnerable to Resource Exhaustion due to improper handling of certain requests in applications using SignalR. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS when parsing X509 certificates. Note: Windows systems are not vulnerable to this issue. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS by sending an invalid request to an exposed endpoint. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via excess memory allocations through HttpClient. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS when the Kestrel web server processes certain HTTP/2 and HTTP/3 requests. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users...