39 matches found
CVE-2023-44487
CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...
CVE-2023-38180
CVE-2023-38180 is a .NET/Visual Studio denial-of-service vulnerability (DoS) affecting .NET Core and related components. The CVSSv3.1 vector indicates Network attack, low attack complexity, no privileges required, with no confidentiality/integirty impact but a High availability impact. Moderate-t...
CVE-2018-8171
CVE-2018-8171 is a Security Feature Bypass in ASP.NET where the system fails to validate the number of incorrect login attempts. Affected components include ASP.NET, ASP.NET Core 1.x (1.0–1.1), and ASP.NET MVC 5.2. The root cause is improper login attempt validation, enabling an attacker to repea...
CVE-2025-55315
CVE-2025-55315 describes an HTTP request/response smuggling flaw in ASP.NET Core caused by inconsistent interpretation of HTTP requests. Affected ASP.NET Core versions include 2.3, 8.0, and 9.0, with high impact to confidentiality and integrity and network-based exploitation. Multiple public expl...
CVE-2024-21386
CVE-2024-21386 is a Denial of Service vulnerability in ASP.NET SignalR affecting .NET runtimes across 6.0/7.0/8.0. The issue affects ASP.NET Core implementations using SignalR and is mitigated by updating to patched runtimes: .NET 6.0.27, 7.0.16, and 8.0.2 (with affected package entries listed in...
CVE-2024-21404
CVE-2024-21404 is a .NET Denial of Service vulnerability (CVSS 3.1: 7.5) with network-based vector and high availability impact. Connected advisories attribute the DoS to components in .NET such as SignalR server and X509Certificate2, and indicate exploitation is possible in affected .NET runtime...
CVE-2023-36558
CVE-2023-36558 affects Microsoft ASP.NET Core and Blazor forms, enabling a security feature bypass that could let an attacker bypass validations in Blazor Server forms. Connected sources confirm the vulnerability and indicate Microsoft and ecosystem advisories exist; remediation is to apply the l...
CVE-2020-0603
ASP.NET Core remote code execution (CVE-2020-0603) is described in the connected OSV entries as a vulnerability where ASP.NET Core fails to handle memory objects, enabling arbitrary code execution. The OSV BIT-ASPNET-CORE-2020-0603 entry confirms this RCE vector in ASP.NET Core. Red Hat advisory ...
CVE-2020-1045
CVE-2020-1045 is a Security Feature Bypass in Microsoft ASP.NET Core where the cookie parser decodes entire cookie strings, allowing a attacker to set a second cookie with a percent-encoded name. Documented impact is a bypass of security controls via crafted encoded cookie names; CVSS v3.1 base s...
CVE-2023-35391
CVE-2023-35391 affects Microsoft ASP.NET Core SignalR and Visual Studio, exposing sensitive information through the ASP.NET Core SignalR backplane (e.g., Redis backplane) in affected .NET/ASP.NET Core deployments. Connected sources specify that exploitation involves information disclosure via Sig...
CVE-2023-36038
CVE-2023-36038 is an ASP.NET Core Denial of Service vulnerability affecting ASP.NET Core on .NET 8 (including RC1) with IIS InProcess hosting. The issue can cause a DoS by cancelling HTTP requests, potentially increasing thread counts and leading to OutOfMemoryException and service availability i...
CVE-2021-34532
Technical details for CVE-2021-34532 are not publicly provided in the supplied documents. Monitor for updates from the referenced advisories and vendor security guidance.
CVE-2020-0602
CVE-2020-0602 is a denial-of-service vulnerability in ASP.NET Core caused by improper handling of web requests. The issue affects ASP.NET Core components and can lead to an unavailable service (availability impact). The connected advisories indicate remediation by upgrading .NET Core components t...
CVE-2021-1723
CVE-2021-1723 is an ASP.NET Core/dotnet-denial-of-service issue related to the HTTP/2 path. Connected advisories cite that running callbacks outside of locks can cause a Krestel deadlock, leading to a DoS condition. Affected products include dotnet-runtime and related packages (Azure/Visual Studi...
CVE-2025-24070
The CVE describes a weak authentication issue in ASP.NET Core and Visual Studio that could allow elevation of privilege via calls to RefreshSignInAsync with an improperly authenticated user parameter. Affected software includes ASP.NET Core apps using Microsoft.AspNetCore.Identity (affected versi...
CVE-2019-0548
CVE-2019-0548 describes a denial-of-service in ASP.NET Core due to improper handling of web requests. The issue affects ASP.NET Core 2.1.x (before 2.1.7) and 2.2.x (before 2.2.1), involving the ASP.NET Core Hosting Bundle/ANCM (AspNetCoreModule). Root cause per Red Hat advisory is WebSocket/ANCM-...
CVE-2018-8292
CVE-2018-8292 is an information-disclosure vulnerability in Microsoft .NET Core caused by an open redirect that can cause a remote attacker to obtain sensitive information. Public sources in the connected documents describe exploitation via crafting content to trigger the redirect, potentially en...
CVE-2020-1597
CVE-2020-1597 is a denial-of-service vulnerability in ASP.NET Core where remote, unauthenticated attackers can cause resource exhaustion by sending specially crafted web requests. The flaw stems from how ASP.NET Core handles incoming requests and is fixed by an update that corrects request handli...
CVE-2018-8356
CVE-2018-8356 is a security feature bypass affecting multiple .NET Framework products where certificate validation is inadequate. Local attackers could exploit this by presenting expired certificates to vulnerable components, bypassing intended security checks. Public references (KB articles and ...
CVE-2020-1161
CVE-2020-1161 is a denial-of-service vulnerability in ASP.NET Core where improper handling of web requests can trigger a DoS. It is referenced in multiple advisories (e.g., RHSA-2020:2250 and ELSA-2020-2250) as part of the .NET Core DoS fixes. The connected Red Hat advisories indicate the remedia...
CVE-2018-0787
CVE-2018-0787 affects ASP.NET Core 1.0/1.1/2.0 where elevation of privilege arises from how template-generated web apps validate requests. The root cause is improper validation in Kestrel-based web apps, enabling HTML injection under certain conditions (e.g., crafted password-reset flow). Documen...
CVE-2019-1302
CVE-2019-1302 corresponds to an elevation‑of‑privilege vulnerability in ASP.NET Core web applications built with vulnerable templates, caused by improper sanitization of web requests. The linked documents (NVD, OSV, GHSA, CVE lists) consistently describe it as an ASP.NET Core elevation of privile...
CVE-2018-8416
CVE-2018-8416 is a tampering vulnerability in Microsoft .NET Core 2.1 where specially crafted files can be written due to improper input handling. The connected sources confirm the issue affects .NET Core 2.1 and describe arbitrary file/directory creation as the impact (e.g., RHSA-2018:3676 refer...
CVE-2021-43877
CVE-2021-43877 is an elevation-of-privilege vulnerability reported for ASP.NET Core (and Visual Studio) . The primary sources in the connected documents identify it by title as an “Elevation of Privilege” issue without providing explicit technical details in the text here. NVD data in the initial...
CVE-2018-8409
The CVE-2018-8409 entry concerns a Denial of Service affecting System.IO.Pipelines used with .NET Core 2.1 / ASP.NET Core 2.1. The vulnerability occurs when System.IO.Pipelines improperly handles requests, leading to partial availability impact. The connected documents confirm the affected compon...
CVE-2019-0564
CVE-2019-0564 describes a denial-of-service vulnerability in ASP.NET Core where the framework improperly handles web requests. The entry applies to ASP.NET Core 2.1 (and is listed alongside CVE-2019-0548/0545 in related advisories). The Red Hat RHSA-2019:0040 notes that the vulnerability is addre...
CVE-2018-0875
CVE-2018-0875 corresponds to a denial-of-service vulnerability in .NET Core runtimes and PowerShell Core caused by how the runtime handles certain crafted requests. Connected advisories confirm a hash-collision-based DoS vector (Red Hat RHSA-2018:0522; GHSA-XCVR-QV8H-M7XW) affecting .NET Core 1.0...
CVE-2019-0982
This CVE describes a denial-of-service vulnerability in ASP.NET Core related to improper handling of web requests. Connected sources identify that ASP.NET Core versions ≤ 2.1.x (<2.1.11) and ≤ 2.2.x (
CVE-2025-26682
CVE-2025-26682 affects ASP.NET Core and Visual Studio components. The root cause is Allocation of resources without limits or throttling, allowing an unauthorized network attacker to cause a Denial of Service. The issue is referenced across multiple advisories (e.g., NVD/MSRC/MS Knowledge Base) a...
CVE-2017-11879
CVE-2017-11879 affects ASP.NET Core 2.0. The vulnerability allows an attacker to steal login session information (cookies or authentication tokens) via a specially crafted URL, described as an Elevation of Privilege in ASP.NET Core. The affected component is ASP.NET Core 2.0 runtime; root cause i...
CVE-2019-1075
The CVE-2019-1075 entry documents a spoofing vulnerability in ASP.NET Core that can cause an open redirect . The connected data provides concrete remediation details: affected packages are Microsoft ASP.NET Core 2.1.x before 2.1.12 and 2.2.x before 2.2.6; upgrading to at least 2.1.12 or 2.2.6 mit...
CVE-2019-0815
CVE-2019-0815 is a DoS in ASP.NET Core caused by improper handling of web requests. Affected components include ASP.NET Core 2.2 and the ASP.NET Core Hosting Bundle module (ANCM) used by hosting environments such as ASP.NET Core apps on Windows. The issue allows a remote, unauthenticated attacker...
CVE-2018-0808
CVE-2018-0808 affects ASP.NET Core 1.0/1.1/2.0 where elevation of privilege arises from how web requests are handled. The issue is a denial/privilege-elevation style vulnerability in ASP.NET Core, enabling a remote, unauthenticated attacker to influence the target app via specially crafted reques...
CVE-2026-45591
CVE-2026-45591 is an ASP.NET Core Denial of Service vulnerability caused by uncontrolled resource consumption, enabling network-based DoS by an unauthorized attacker. The NVD entries describe the impact as availability loss with a CVSS v3.1 base score of 7.5 (NETWORK, HIGH) and no confidentiality...
CVE-2017-8700
CVE-2017-8700 is an information-disclosure vulnerability in ASP.NET Core (versions 1.0, 1.1, 2.0) where CORS configuration can be bypassed, potentially allowing access to normally restricted content. Affected stack includes ASP.NET Core and .NET Core 1.0/1.1/2.0. The root cause is improper CORS h...
CVE-2018-0784
CVE-2018-0784 is an elevation of privilege vulnerability in ASP.NET Core 1.0, 1.1, and 2.0 caused by flaws in the ASP.NET Core project templates. It is explicitly distinguished from CVE-2018-0808. The NVD entry attributes a high severity (CVSSv3 base 8.8) and describes privilege escalation withou...
CVE-2018-0785
CVE-2018-0785 is a CSRF vulnerability in ASP.NET Core 1.0/1.1/2.0 introduced via the ASP.NET Core project templates. The connected data confirms an attacker could change a victim’s account recovery codes, with the MSRC entry describing a cross‑site request forgery affecting template‑created apps ...
CVE-2026-26130
Technical details about CVE-2026-26130 are not provided in the supplied documents; no affected products, components, impact, or remediation are specified here. Monitor for updates.
CVE-2026-40372
ASP.NET Core has a elevation-of-privilege vulnerability (CVE-2026-40372) due to improper verification of a cryptographic signature. The issue affects ASP.NET Core components where signature verification is required, enabling a remote attacker to elevate privileges over a network without user inte...