Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys function when a form key contains an opening without a matching . An attacker can cause the application to become unresponsive by sending specially crafted network requests that trigge...

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.win-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.linux-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions. An attacker can gain elevated privileges by exploiting these permissions locally. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm64 to version 10.0.4 or higher. References - Vulnerability Advis...

HTTP Request Smuggling

Overview Microsoft.AspNetCore.App.Runtime.linux-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of...

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read via the DiaSymReader.dll process. An attacker can execute arbitrary code by exploiting a buffer over-read condition when the application processes specially crafted input. This issue affects EOL ASP.NET 6.0.0 = 6.0.36 a...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the msdia140.dll process. An attacker can execute arbitrary code by supplying specially crafted input that triggers an integer overflow and subsequent heap-bas...

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path. An attacker can achieve remote code execution by planting malicious files on the victim's system, with knowledge of where they should be placed, then tricking a user to run these files. Remediation Upgrade...

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path. An attacker can achieve remote code execution by planting malicious files on the victim's system, with knowledge of where they should be placed, then tricking a user to run these files. Remediation Upgrade...

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path. An attacker can achieve remote code execution by planting malicious files on the victim's system, with knowledge of where they should be placed, then tricking a user to run these files. Remediation Upgrade...

Improper Authentication

Overview Microsoft.AspNetCore.App.Runtime.win-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Improper Authentication in the RefreshSignInAsync...

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read through the loading of a specially crafted file. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm64 to version 8.0.12, 9.0.1 or higher. References - GitHub Issue - GitHub Issue - Security Advisory...

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read through the loading of a specially crafted file. Remediation Upgrade Microsoft.NETCore.App.Runtime.osx-arm64 to version 8.0.12, 9.0.1 or higher. References - GitHub Issue - GitHub Issue - Security Advisory...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow. An attacker can execute arbitrary code by sending malicious requests designed to exploit the vulnerability. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm64 to version 9.0.1 or higher. References...

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information via the TlsStream process. An attacker can gain access to sensitive information by intercepting unencrypted data. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm64 to version...

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information via the TlsStream process. An attacker can gain access to sensitive information by intercepting unencrypted data. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm64 to version 8.0...

Use After Free

Overview Microsoft.AspNetCore.App.Runtime.linux-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free through the handling of HTTP/3...

Race Condition

Overview Microsoft.AspNetCore.App.Runtime.linux-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Race Condition through the...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to a stack buffer overrun in the Double Parse routine. An attacker can execute arbitrary code by supplying a specially crafted input that triggers the buffer overrun. Remediation Upgrade...