Microsoft ASP.NET (April 2026)

The Microsoft ASP.NET installations on the remote host are missing a security update. It is, therefore, affected by an elevation of privileges vulnerability: - Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network...

EUVD-2024-0259

Malicious code in bioql PyPI...

Microsoft Visual Studio和Microsoft ASP.NET Core 安全漏洞

Microsoft Visual Studio and Microsoft ASP.NET Core are both products of Microsoft Corporation, USA. Microsoft Visual Studio is a family of development tool suites and a largely complete set of development tools that includes most of the tools needed throughout the software lifecycle. Microsoft...

Microsoft ASP.NET Core Security Vulnerability

Microsoft ASP.NET Core is a framework of cross-platform open source framework from Microsoft. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. A security vulnerability exists in Microsoft ASP.NET Core. An...

Security Updates for Microsoft ASP.NET Core (October 2023)

The version of ASP.NET core installed on the remote host is affected by a denial of service DoS vulnerability. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October...

Security Bulletin: A vulnerability in Microsoft ASP.NET Core may affect IBM Robotic Process Automation and result in an exposure of sensitive information (CVE-2023-35391).

Summary There is a vulnerability in Microsoft ASP.NET Core used by IBM Robotic Process Automation as part of it's infrastructure, which may allow a remote authenticated attacker to obtain sensitive information. CVE-2023-35391. This bulletin identifies the security fixes to apply to address this...

Microsoft ASP.NET Core Security Vulnerability

Microsoft ASP.NET Core is a framework of cross-platform open source framework from Microsoft. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. ASP.NET has a security vulnerability. An attacker could exploit the...

Security Updates for Microsoft ASP.NET Core (July 2023)

Multiple vulnerabilities exist in ASP.NET Core 6.0 6.0.20 and ASP.NET Core 7.0 7.0.9. - A vulnerability exists in .NET applications where the diagnostic server can be exploited to achieve cross-session/cross-user elevation of privilege EoP and code execution. CVE-2023-33127 - A vulnerability exis...

Microsoft ASP.NET Core 安全漏洞

Microsoft ASP.NET Core is a framework of cross-platform open source framework from Microsoft. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. A security vulnerability exists in Microsoft ASP.NET Core. No...

Security Updates for Microsoft ASP.NET Core (February 2023)

A remote code execution vulnerability exists in ASP.NET Core 6.0 6.0.14 and ASP.NET Core 7.0 7.0.3. This vulnerability exists due to how .NET reads debugging symbols, where reading a malicious symbols file may result in remote code execution. An unauthenticated, local attacker can exploit this, t...

Security Updates for Microsoft ASP.NET Core (December 2022)

A remote code execution vulnerability exists in ASP.NET core 3.1, ASP.NET 6.0, and ASP.NET 7.0, where a malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files. Note that Nessus has not tested for this issue but has instead relied only on the...

.NET Core Remote Code Execution Vulnerability - Windows

.NET Core is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Security Updates for Microsoft ASP.NET Core (September 2022)

A denial of service vulnerability exists in ASP.NET core 6.0 6.0.9 and ASP.NET Core 3.1 3.1.29. An unauthenticated, remote attacker can exploit this, by sending a customized payload that is parsed during model binding, to cause a stack overflow, which may cause the application to stop responding...

Cookie parsing failure

A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses...

Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation

Summary Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation Vulnerability Details CVEID: CVE-2017-0247 DESCRIPTION: Microsoft ASP.NET Core is vulnerable to a denial of service, caused by improper validation of web requests in the TextEncoder.EncodeCore function. ...

Security Updates for Microsoft ASP.NET Core (December 2021)

The Microsoft ASP.NET Core installations on the remote host are missing a security update. It is, therefore, affected by an elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. Note that Nessus has not tested for this issue but has instead relied only on...

Security Update for Microsoft ASP.NET Core (August 2021)

The Microsoft ASP.NET Core installation on the remote host is version 2.1.x prior to 2.1.29, 3.1.x prior to 3.1.18, or 5.x prior to 5.0.9. It is, therefore, affected by multiple vulnerabilities: - A denial of service DoS vulnerability. An attacker can exploit this issue to cause the affected...

Security Update for Microsoft ASP.NET Core (February 2021)

The Microsoft ASP.NET Core installation on the remote host is version 2.1.x prior to 2.1.25, 3.1.x prior to 3.1.126, or 5.x prior to 5.0.3. It is, therefore, affected by a denial of service vulnerability when creating HTTPS web requests during X509 certificate chain building. An unauthenticated,...

Security fix for the ALT Linux 10 package dotnet-bootstrap-3.1 version 3.1.11-alt1

Jan. 28, 2021 Vitaly Lipatov 3.1.11-alt1 - new version 3.1.11 with rpmgs script - .NET Core 3.1.11 - January 12, 2021 - CVE-2021-1723: ASP.NET Core Denial of Service Vulnerability - CVE-2020-1045: Microsoft ASP.NET Core Security Feature Bypass Vulnerability - CVE-2020-1597: NET Core Remote Code...

Security fix for the ALT Linux 9 package dotnet-bootstrap-3.1 version 3.1.11-alt1

Jan. 28, 2021 Vitaly Lipatov 3.1.11-alt1 - new version 3.1.11 with rpmgs script - .NET Core 3.1.11 - January 12, 2021 - CVE-2021-1723: ASP.NET Core Denial of Service Vulnerability - CVE-2020-1045: Microsoft ASP.NET Core Security Feature Bypass Vulnerability - CVE-2020-1597: NET Core Remote Code...