Lucene search
K
MicrosoftAsp.net Core

39 matches found

CVE
CVE
added 2023/10/10 12:0 a.m.5293 views

CVE-2023-44487

CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...

7.5CVSS8AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2023/08/08 6:52 p.m.805 views

CVE-2023-38180

CVE-2023-38180 is a .NET/Visual Studio denial-of-service vulnerability (DoS) affecting .NET Core and related components. The CVSSv3.1 vector indicates Network attack, low attack complexity, no privileges required, with no confidentiality/integirty impact but a High availability impact. Moderate-t...

7.5CVSS7.8AI score0.15519EPSS
In wild
CVE
CVE
added 2018/07/11 12:0 a.m.678 views

CVE-2018-8171

CVE-2018-8171 is a Security Feature Bypass in ASP.NET where the system fails to validate the number of incorrect login attempts. Affected components include ASP.NET, ASP.NET Core 1.x (1.0–1.1), and ASP.NET MVC 5.2. The root cause is improper login attempt validation, enabling an attacker to repea...

7.5CVSS7.3AI score0.09832EPSS
CVE
CVE
added 2025/10/14 5:0 p.m.512 views

CVE-2025-55315

CVE-2025-55315 describes an HTTP request/response smuggling flaw in ASP.NET Core caused by inconsistent interpretation of HTTP requests. Affected ASP.NET Core versions include 2.3, 8.0, and 9.0, with high impact to confidentiality and integrity and network-based exploitation. Multiple public expl...

9.9CVSS6.5AI score0.66258EPSS
Web
CVE
CVE
added 2024/02/13 6:2 p.m.391 views

CVE-2024-21386

CVE-2024-21386 is a Denial of Service vulnerability in ASP.NET SignalR affecting .NET runtimes across 6.0/7.0/8.0. The issue affects ASP.NET Core implementations using SignalR and is mitigated by updating to patched runtimes: .NET 6.0.27, 7.0.16, and 8.0.2 (with affected package entries listed in...

7.5CVSS7.7AI score0.024EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.345 views

CVE-2024-21404

CVE-2024-21404 is a .NET Denial of Service vulnerability (CVSS 3.1: 7.5) with network-based vector and high availability impact. Connected advisories attribute the DoS to components in .NET such as SignalR server and X509Certificate2, and indicate exploitation is possible in affected .NET runtime...

7.5CVSS7.7AI score0.02707EPSS
CVE
CVE
added 2023/11/14 9:35 p.m.279 views

CVE-2023-36558

CVE-2023-36558 affects Microsoft ASP.NET Core and Blazor forms, enabling a security feature bypass that could let an attacker bypass validations in Blazor Server forms. Connected sources confirm the vulnerability and indicate Microsoft and ecosystem advisories exist; remediation is to apply the l...

6.2CVSS7.5AI score0.01085EPSS
CVE
CVE
added 2020/01/14 11:11 p.m.231 views

CVE-2020-0603

ASP.NET Core remote code execution (CVE-2020-0603) is described in the connected OSV entries as a vulnerability where ASP.NET Core fails to handle memory objects, enabling arbitrary code execution. The OSV BIT-ASPNET-CORE-2020-0603 entry confirms this RCE vector in ASP.NET Core. Red Hat advisory ...

9.3CVSS8.8AI score0.19982EPSS
CVE
CVE
added 2020/09/11 12:0 a.m.206 views

CVE-2020-1045

CVE-2020-1045 is a Security Feature Bypass in Microsoft ASP.NET Core where the cookie parser decodes entire cookie strings, allowing a attacker to set a second cookie with a percent-encoded name. Documented impact is a bypass of security controls via crafted encoded cookie names; CVSS v3.1 base s...

7.5CVSS7.6AI score0.06624EPSS
CVE
CVE
added 2023/08/08 6:52 p.m.203 views

CVE-2023-35391

CVE-2023-35391 affects Microsoft ASP.NET Core SignalR and Visual Studio, exposing sensitive information through the ASP.NET Core SignalR backplane (e.g., Redis backplane) in affected .NET/ASP.NET Core deployments. Connected sources specify that exploitation involves information disclosure via Sig...

7.5CVSS6.5AI score0.01937EPSS
CVE
CVE
added 2023/11/14 9:35 p.m.203 views

CVE-2023-36038

CVE-2023-36038 is an ASP.NET Core Denial of Service vulnerability affecting ASP.NET Core on .NET 8 (including RC1) with IIS InProcess hosting. The issue can cause a DoS by cancelling HTTP requests, potentially increasing thread counts and leading to OutOfMemoryException and service availability i...

8.2CVSS7.7AI score0.02777EPSS
CVE
CVE
added 2021/08/12 6:12 p.m.202 views

CVE-2021-34532

Technical details for CVE-2021-34532 are not publicly provided in the supplied documents. Monitor for updates from the referenced advisories and vendor security guidance.

5.5CVSS6.2AI score0.01121EPSS
CVE
CVE
added 2020/01/14 11:11 p.m.190 views

CVE-2020-0602

CVE-2020-0602 is a denial-of-service vulnerability in ASP.NET Core caused by improper handling of web requests. The issue affects ASP.NET Core components and can lead to an unavailable service (availability impact). The connected advisories indicate remediation by upgrading .NET Core components t...

7.5CVSS7.6AI score0.07614EPSS
CVE
CVE
added 2021/01/12 7:42 p.m.188 views

CVE-2021-1723

CVE-2021-1723 is an ASP.NET Core/dotnet-denial-of-service issue related to the HTTP/2 path. Connected advisories cite that running callbacks outside of locks can cause a Krestel deadlock, leading to a DoS condition. Affected products include dotnet-runtime and related packages (Azure/Visual Studi...

7.5CVSS7.3AI score0.04908EPSS
CVE
CVE
added 2025/03/11 4:58 p.m.170 views

CVE-2025-24070

The CVE describes a weak authentication issue in ASP.NET Core and Visual Studio that could allow elevation of privilege via calls to RefreshSignInAsync with an improperly authenticated user parameter. Affected software includes ASP.NET Core apps using Microsoft.AspNetCore.Identity (affected versi...

7CVSS6.9AI score0.00911EPSS
CVE
CVE
added 2019/01/08 9:0 p.m.166 views

CVE-2019-0548

CVE-2019-0548 describes a denial-of-service in ASP.NET Core due to improper handling of web requests. The issue affects ASP.NET Core 2.1.x (before 2.1.7) and 2.2.x (before 2.2.1), involving the ASP.NET Core Hosting Bundle/ANCM (AspNetCoreModule). Root cause per Red Hat advisory is WebSocket/ANCM-...

7.5CVSS7.1AI score0.0821EPSS
CVE
CVE
added 2018/10/10 1:0 p.m.161 views

CVE-2018-8292

CVE-2018-8292 is an information-disclosure vulnerability in Microsoft .NET Core caused by an open redirect that can cause a remote attacker to obtain sensitive information. Public sources in the connected documents describe exploitation via crafting content to trigger the redirect, potentially en...

7.5CVSS7AI score0.14833EPSS
CVE
CVE
added 2020/08/17 7:13 p.m.160 views

CVE-2020-1597

CVE-2020-1597 is a denial-of-service vulnerability in ASP.NET Core where remote, unauthenticated attackers can cause resource exhaustion by sending specially crafted web requests. The flaw stems from how ASP.NET Core handles incoming requests and is fixed by an update that corrects request handli...

7.5CVSS7.6AI score0.06561EPSS
CVE
CVE
added 2018/07/11 12:0 a.m.144 views

CVE-2018-8356

CVE-2018-8356 is a security feature bypass affecting multiple .NET Framework products where certificate validation is inadequate. Local attackers could exploit this by presenting expired certificates to vulnerable components, bypassing intended security checks. Public references (KB articles and ...

5.5CVSS6.3AI score0.00691EPSS
CVE
CVE
added 2020/05/21 10:53 p.m.139 views

CVE-2020-1161

CVE-2020-1161 is a denial-of-service vulnerability in ASP.NET Core where improper handling of web requests can trigger a DoS. It is referenced in multiple advisories (e.g., RHSA-2020:2250 and ELSA-2020-2250) as part of the .NET Core DoS fixes. The connected Red Hat advisories indicate the remedia...

7.5CVSS7.3AI score0.05701EPSS
CVE
CVE
added 2018/03/14 5:0 p.m.135 views

CVE-2018-0787

CVE-2018-0787 affects ASP.NET Core 1.0/1.1/2.0 where elevation of privilege arises from how template-generated web apps validate requests. The root cause is improper validation in Kestrel-based web apps, enabling HTML injection under certain conditions (e.g., crafted password-reset flow). Documen...

8.8CVSS8.6AI score0.09948EPSS
CVE
CVE
added 2019/09/11 9:25 p.m.134 views

CVE-2019-1302

CVE-2019-1302 corresponds to an elevation‑of‑privilege vulnerability in ASP.NET Core web applications built with vulnerable templates, caused by improper sanitization of web requests. The linked documents (NVD, OSV, GHSA, CVE lists) consistently describe it as an ASP.NET Core elevation of privile...

8.8CVSS8.4AI score0.04846EPSS
CVE
CVE
added 2018/11/14 1:0 a.m.131 views

CVE-2018-8416

CVE-2018-8416 is a tampering vulnerability in Microsoft .NET Core 2.1 where specially crafted files can be written due to improper input handling. The connected sources confirm the issue affects .NET Core 2.1 and describe arbitrary file/directory creation as the impact (e.g., RHSA-2018:3676 refer...

6.5CVSS6.4AI score0.07258EPSS
CVE
CVE
added 2021/12/15 2:15 p.m.128 views

CVE-2021-43877

CVE-2021-43877 is an elevation-of-privilege vulnerability reported for ASP.NET Core (and Visual Studio) . The primary sources in the connected documents identify it by title as an “Elevation of Privilege” issue without providing explicit technical details in the text here. NVD data in the initial...

8.8CVSS8.1AI score0.00716EPSS
CVE
CVE
added 2018/09/13 12:0 a.m.126 views

CVE-2018-8409

The CVE-2018-8409 entry concerns a Denial of Service affecting System.IO.Pipelines used with .NET Core 2.1 / ASP.NET Core 2.1. The vulnerability occurs when System.IO.Pipelines improperly handles requests, leading to partial availability impact. The connected documents confirm the affected compon...

7.5CVSS7.2AI score0.06558EPSS
CVE
CVE
added 2019/01/08 9:0 p.m.124 views

CVE-2019-0564

CVE-2019-0564 describes a denial-of-service vulnerability in ASP.NET Core where the framework improperly handles web requests. The entry applies to ASP.NET Core 2.1 (and is listed alongside CVE-2019-0548/0545 in related advisories). The Red Hat RHSA-2019:0040 notes that the vulnerability is addre...

7.5CVSS7.1AI score0.08386EPSS
CVE
CVE
added 2018/03/14 5:0 p.m.119 views

CVE-2018-0875

CVE-2018-0875 corresponds to a denial-of-service vulnerability in .NET Core runtimes and PowerShell Core caused by how the runtime handles certain crafted requests. Connected advisories confirm a hash-collision-based DoS vector (Red Hat RHSA-2018:0522; GHSA-XCVR-QV8H-M7XW) affecting .NET Core 1.0...

7.5CVSS7.2AI score0.09436EPSS
CVE
CVE
added 2019/05/16 6:24 p.m.111 views

CVE-2019-0982

This CVE describes a denial-of-service vulnerability in ASP.NET Core related to improper handling of web requests. Connected sources identify that ASP.NET Core versions ≤ 2.1.x (<2.1.11) and ≤ 2.2.x (

7.5CVSS7.2AI score0.06681EPSS
CVE
CVE
added 2025/04/08 5:24 p.m.108 views

CVE-2025-26682

CVE-2025-26682 affects ASP.NET Core and Visual Studio components. The root cause is Allocation of resources without limits or throttling, allowing an unauthorized network attacker to cause a Denial of Service. The issue is referenced across multiple advisories (e.g., NVD/MSRC/MS Knowledge Base) a...

7.5CVSS7AI score0.01383EPSS
CVE
CVE
added 2017/11/15 3:0 a.m.104 views

CVE-2017-11879

CVE-2017-11879 affects ASP.NET Core 2.0. The vulnerability allows an attacker to steal login session information (cookies or authentication tokens) via a specially crafted URL, described as an Elevation of Privilege in ASP.NET Core. The affected component is ASP.NET Core 2.0 runtime; root cause i...

8.8CVSS8.4AI score0.09398EPSS
CVE
CVE
added 2019/07/15 6:56 p.m.102 views

CVE-2019-1075

The CVE-2019-1075 entry documents a spoofing vulnerability in ASP.NET Core that can cause an open redirect . The connected data provides concrete remediation details: affected packages are Microsoft ASP.NET Core 2.1.x before 2.1.12 and 2.2.x before 2.2.6; upgrading to at least 2.1.12 or 2.2.6 mit...

6.1CVSS6.1AI score0.02644EPSS
CVE
CVE
added 2019/04/09 8:16 p.m.100 views

CVE-2019-0815

CVE-2019-0815 is a DoS in ASP.NET Core caused by improper handling of web requests. Affected components include ASP.NET Core 2.2 and the ASP.NET Core Hosting Bundle module (ANCM) used by hosting environments such as ASP.NET Core apps on Windows. The issue allows a remote, unauthenticated attacker...

7.5CVSS6.1AI score0.06972EPSS
CVE
CVE
added 2018/03/14 5:0 p.m.98 views

CVE-2018-0808

CVE-2018-0808 affects ASP.NET Core 1.0/1.1/2.0 where elevation of privilege arises from how web requests are handled. The issue is a denial/privilege-elevation style vulnerability in ASP.NET Core, enabling a remote, unauthenticated attacker to influence the target app via specially crafted reques...

7.5CVSS7.9AI score0.08066EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.90 views

CVE-2026-45591

CVE-2026-45591 is an ASP.NET Core Denial of Service vulnerability caused by uncontrolled resource consumption, enabling network-based DoS by an unauthorized attacker. The NVD entries describe the impact as availability loss with a CVSS v3.1 base score of 7.5 (NETWORK, HIGH) and no confidentiality...

7.5CVSS5.4AI score0.0243EPSS
CVE
CVE
added 2017/11/15 3:0 a.m.88 views

CVE-2017-8700

CVE-2017-8700 is an information-disclosure vulnerability in ASP.NET Core (versions 1.0, 1.1, 2.0) where CORS configuration can be bypassed, potentially allowing access to normally restricted content. Affected stack includes ASP.NET Core and .NET Core 1.0/1.1/2.0. The root cause is improper CORS h...

7.5CVSS7.2AI score0.10485EPSS
CVE
CVE
added 2018/01/10 1:0 a.m.78 views

CVE-2018-0784

CVE-2018-0784 is an elevation of privilege vulnerability in ASP.NET Core 1.0, 1.1, and 2.0 caused by flaws in the ASP.NET Core project templates. It is explicitly distinguished from CVE-2018-0808. The NVD entry attributes a high severity (CVSSv3 base 8.8) and describes privilege escalation withou...

8.8CVSS7.9AI score0.06496EPSS
CVE
CVE
added 2018/01/10 1:0 a.m.67 views

CVE-2018-0785

CVE-2018-0785 is a CSRF vulnerability in ASP.NET Core 1.0/1.1/2.0 introduced via the ASP.NET Core project templates. The connected data confirms an attacker could change a victim’s account recovery codes, with the MSRC entry describing a cross‑site request forgery affecting template‑created apps ...

6.5CVSS7.3AI score0.03035EPSS
CVE
CVE
added 2026/03/10 5:5 p.m.65 views

CVE-2026-26130

Technical details about CVE-2026-26130 are not provided in the supplied documents; no affected products, components, impact, or remediation are specified here. Monitor for updates.

7.5CVSS5.8AI score0.02818EPSS
CVE
CVE
added 2026/04/21 7:20 p.m.65 views

CVE-2026-40372

ASP.NET Core has a elevation-of-privilege vulnerability (CVE-2026-40372) due to improper verification of a cryptographic signature. The issue affects ASP.NET Core components where signature verification is required, enabling a remote attacker to elevate privileges over a network without user inte...

9.1CVSS5.8AI score0.11205EPSS