Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Asp\.net_core
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 33 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-08-17 | CVE-2020-1597 | A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the... | Fedora, Asp\.net_core, Visual_studio_2017, Visual_studio_2019 | 7.5 | ||
| 2020-09-11 | CVE-2020-1045 | <p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p> <p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p> | Fedora, Asp\.net_core, Enterprise_linux, Enterprise_linux_aus, Enterprise_linux_eus, Enterprise_linux_tus | 7.5 | ||
| 2021-01-12 | CVE-2021-1723 | ASP.NET Core and Visual Studio Denial of Service Vulnerability | Fedora, Asp\.net_core, Visual_studio_2019 | 7.5 | ||
| 2021-08-12 | CVE-2021-34532 | ASP.NET Core and Visual Studio Information Disclosure Vulnerability | Asp\.net_core, Visual_studio_2019 | 5.5 | ||
| 2021-12-15 | CVE-2021-43877 | ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability | Asp\.net_core, Visual_studio_2019, Visual_studio_2022 | 8.8 | ||
| 2023-11-14 | CVE-2023-36038 | ASP.NET Core Denial of Service Vulnerability | Asp\.net_core, Visual_studio_2022 | 7.5 | ||
| 2023-11-14 | CVE-2023-36558 | ASP.NET Core - Security Feature Bypass Vulnerability | \.net, Asp\.net_core, Visual_studio_2022 | 5.5 | ||
| 2023-08-08 | CVE-2023-35391 | ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability | \.net, Asp\.net_core, Visual_studio_2022 | 7.5 | ||
| 2023-08-08 | CVE-2023-38180 | .NET and Visual Studio Denial of Service Vulnerability | \.net, Asp\.net_core, Visual_studio_2022 | 7.5 | ||
| 2018-09-13 | CVE-2018-8409 | A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1. | \.net_core, Asp\.net_core, System\.io\.pipelines | 7.5 |