Bitnami package
aspnet-core
pkg:bitnami/aspnet-core
Vulnerabilities (20)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40372 | Cri | 9.1 | >= 10.0.0, < 10.0.7 | 10.0.7 | Apr 21, 2026 | Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-26130 | Hig | 7.5 | >= 8.0.0, < 8.0.25 | 8.0.25 | Mar 10, 2026 | Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. | |
| CVE-2025-55315 | — | >= 2.3.0, < 2.3.6 | 2.3.6 | Oct 14, 2025 | Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. | ||
| CVE-2025-26682 | — | >= 8.0.0, < 8.0.15 | 8.0.15 | Apr 8, 2025 | Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-24070 | — | >= 8.0.0, < 8.0.14 | 8.0.14 | Mar 11, 2025 | Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2024-21404 | — | >= 6.0.0, < 6.0.27 | 6.0.27 | Feb 13, 2024 | .NET Denial of Service Vulnerability | ||
| CVE-2024-21386 | — | >= 6.0.0, < 6.0.27 | 6.0.27 | Feb 13, 2024 | .NET Denial of Service Vulnerability | ||
| CVE-2023-36038 | — | >= 8.0.0, < 8.0.1 | 8.0.1 | Nov 14, 2023 | ASP.NET Core Denial of Service Vulnerability | ||
| CVE-2023-36558 | — | >= 6.0.0, < 6.0.25 | 6.0.25 | Nov 14, 2023 | ASP.NET Core Security Feature Bypass Vulnerability | ||
| CVE-2023-44487 | Hig | 7.5 | KEV | >= 6.0.0, < 6.0.23 | 6.0.23 | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| CVE-2023-38180 | — | KEV | >= 2.1.0, < 2.1.40 | 2.1.40 | Aug 8, 2023 | .NET and Visual Studio Denial of Service Vulnerability | |
| CVE-2023-35391 | — | >= 2.1.0, < 2.1.40 | 2.1.40 | Aug 8, 2023 | ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability | ||
| CVE-2021-43877 | — | >= 3.1.0, < 3.1.1 | 3.1.1 | Dec 15, 2021 | ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability | ||
| CVE-2021-34532 | — | >= 2.1.0, < 2.1.3 | 2.1.3 | Aug 12, 2021 | ASP.NET Core and Visual Studio Information Disclosure Vulnerability | ||
| CVE-2021-1723 | — | >= 3.1.0, < 3.1.11 | 3.1.11 | Jan 12, 2021 | ASP.NET Core and Visual Studio Denial of Service Vulnerability | ||
| CVE-2020-1045 | — | >= 3.1.0, < 3.1.8 | 3.1.8 | Sep 11, 2020 | A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.< | ||
| CVE-2020-1597 | — | >= 2.1.0, < 2.1.1 | 2.1.1 | Aug 17, 2020 | A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without auth | ||
| CVE-2020-1161 | — | >= 3.1.0, < 3.1.1 | 3.1.1 | May 21, 2020 | A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. | ||
| CVE-2020-0603 | — | >= 2.1.0, < 2.1.1 | 2.1.1 | Jan 14, 2020 | A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution | ||
| CVE-2020-0602 | — | >= 2.1.0, < 2.1.1 | 2.1.1 | Jan 14, 2020 | A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. |
- affected >= 10.0.0, < 10.0.7fixed 10.0.7
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
- affected >= 8.0.0, < 8.0.25fixed 8.0.25
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
- CVE-2025-55315Oct 14, 2025affected >= 2.3.0, < 2.3.6fixed 2.3.6
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
- CVE-2025-26682Apr 8, 2025affected >= 8.0.0, < 8.0.15fixed 8.0.15
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
- CVE-2025-24070Mar 11, 2025affected >= 8.0.0, < 8.0.14fixed 8.0.14
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
- CVE-2024-21404Feb 13, 2024affected >= 6.0.0, < 6.0.27fixed 6.0.27
.NET Denial of Service Vulnerability
- CVE-2024-21386Feb 13, 2024affected >= 6.0.0, < 6.0.27fixed 6.0.27
.NET Denial of Service Vulnerability
- CVE-2023-36038Nov 14, 2023affected >= 8.0.0, < 8.0.1fixed 8.0.1
ASP.NET Core Denial of Service Vulnerability
- CVE-2023-36558Nov 14, 2023affected >= 6.0.0, < 6.0.25fixed 6.0.25
ASP.NET Core Security Feature Bypass Vulnerability
- affected >= 6.0.0, < 6.0.23fixed 6.0.23
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- affected >= 2.1.0, < 2.1.40fixed 2.1.40
.NET and Visual Studio Denial of Service Vulnerability
- CVE-2023-35391Aug 8, 2023affected >= 2.1.0, < 2.1.40fixed 2.1.40
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
- CVE-2021-43877Dec 15, 2021affected >= 3.1.0, < 3.1.1fixed 3.1.1
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
- CVE-2021-34532Aug 12, 2021affected >= 2.1.0, < 2.1.3fixed 2.1.3
ASP.NET Core and Visual Studio Information Disclosure Vulnerability
- CVE-2021-1723Jan 12, 2021affected >= 3.1.0, < 3.1.11fixed 3.1.11
ASP.NET Core and Visual Studio Denial of Service Vulnerability
- CVE-2020-1045Sep 11, 2020affected >= 3.1.0, < 3.1.8fixed 3.1.8
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.<
- CVE-2020-1597Aug 17, 2020affected >= 2.1.0, < 2.1.1fixed 2.1.1
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without auth
- CVE-2020-1161May 21, 2020affected >= 3.1.0, < 3.1.1fixed 3.1.1
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
- CVE-2020-0603Jan 14, 2020affected >= 2.1.0, < 2.1.1fixed 2.1.1
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution
- CVE-2020-0602Jan 14, 2020affected >= 2.1.0, < 2.1.1fixed 2.1.1
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.