ASP.NET Core
by Microsoft
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-1045 | 0.02 | — | 0.20 | Sep 11, 2020 | A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent… | |||
| CVE-2023-36038 | 0.01 | — | 0.08 | Nov 14, 2023 | ASP.NET Core Denial of Service Vulnerability | |||
| CVE-2018-8409 | 0.01 | — | 0.14 | Sep 13, 2018 | A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1. | |||
| CVE-2018-8171 | 0.01 | — | 0.08 | Jul 11, 2018 | A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2. | |||
| CVE-2018-0787 | 0.01 | — | 0.17 | Mar 14, 2018 | ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". | |||
| CVE-2018-0808 | 0.01 | — | 0.13 | Mar 14, 2018 | ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784. | |||
| CVE-2018-0784 | 0.01 | — | 0.16 | Jan 10, 2018 | ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808. | |||
| CVE-2023-36558 | 0.00 | — | 0.00 | Nov 14, 2023 | ASP.NET Core Security Feature Bypass Vulnerability | |||
| CVE-2021-1723 | 0.00 | — | 0.04 | Jan 12, 2021 | ASP.NET Core and Visual Studio Denial of Service Vulnerability | |||
| CVE-2018-8356 | 0.00 | — | 0.00 | Jul 11, 2018 | A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework… | |||
| CVE-2018-0785 | 0.00 | — | 0.03 | Jan 10, 2018 | ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Cross Site Request Forgery Vulnerability". |
- CVE-2020-1045Sep 11, 2020risk 0.02cvss —epss 0.20
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent…
- CVE-2023-36038Nov 14, 2023risk 0.01cvss —epss 0.08
ASP.NET Core Denial of Service Vulnerability
- CVE-2018-8409Sep 13, 2018risk 0.01cvss —epss 0.14
A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.
- CVE-2018-8171Jul 11, 2018risk 0.01cvss —epss 0.08
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
- CVE-2018-0787Mar 14, 2018risk 0.01cvss —epss 0.17
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
- CVE-2018-0808Mar 14, 2018risk 0.01cvss —epss 0.13
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784.
- CVE-2018-0784Jan 10, 2018risk 0.01cvss —epss 0.16
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808.
- CVE-2023-36558Nov 14, 2023risk 0.00cvss —epss 0.00
ASP.NET Core Security Feature Bypass Vulnerability
- CVE-2021-1723Jan 12, 2021risk 0.00cvss —epss 0.04
ASP.NET Core and Visual Studio Denial of Service Vulnerability
- CVE-2018-8356Jul 11, 2018risk 0.00cvss —epss 0.00
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework…
- CVE-2018-0785Jan 10, 2018risk 0.00cvss —epss 0.03
ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Cross Site Request Forgery Vulnerability".