VYPR

Asp.net

by Microsoft

Source repositories

CVEs (34)

  • CVE-2004-0847CriNov 3, 2004
    risk 0.73cvss 9.8epss 0.76

    The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."

  • CVE-2025-36855HigSep 8, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due to buffer over-read. Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html , Buffer Over-read is when a product reads from a buffer using buffer access…

  • CVE-2006-1364HigMar 23, 2006
    risk 0.56cvss 7.5epss 0.59

    Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several…

  • CVE-2025-36854HigSep 8, 2025
    risk 0.53cvss 8.1epss 0.01

    A vulnerability ( CVE-2024-38229 https://www.cve.org/CVERecord ) exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free, resulting in Remote Code Execution. Per CWE-416: Use…

  • CVE-2018-8171HigJul 11, 2018
    risk 0.50cvss 7.5epss 0.10

    A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.

  • CVE-2018-8409HigSep 13, 2018
    risk 0.49cvss 7.5epss 0.07

    A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.

  • CVE-2017-11883HigNov 15, 2017
    risk 0.49cvss 7.5epss 0.09

    .NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability".

  • CVE-2025-7326HigJul 8, 2025
    risk 0.46cvss 7.0epss 0.01

    Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon…

  • CVE-2026-42899HigMay 12, 2026
    risk 0.42cvss 7.5epss 0.01

    Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.

  • CVE-2026-25667HigMar 19, 2026
    risk 0.42cvss 7.5epss 0.03

    ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing.

  • CVE-2018-8356MedJul 11, 2018
    risk 0.36cvss 5.5epss 0.01

    A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework…

  • CVE-2010-3332Sep 22, 2010
    risk 0.08cvss epss 0.67

    Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View…

  • CVE-2023-36899Aug 8, 2023
    risk 0.06cvss epss 0.74

    ASP.NET Elevation of Privilege Vulnerability

  • CVE-2005-0452Feb 16, 2005
    risk 0.05cvss epss 0.23

    Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including…

  • CVE-2005-1665May 18, 2005
    risk 0.03cvss epss 0.40

    The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.

  • CVE-2008-3843Aug 27, 2008
    risk 0.02cvss epss 0.22

    Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string…

  • CVE-2008-3842Aug 27, 2008
    risk 0.02cvss epss 0.20

    Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string…

  • CVE-2005-1664May 18, 2005
    risk 0.02cvss epss 0.19

    The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to…

  • CVE-2002-0369Jul 26, 2002
    risk 0.02cvss epss 0.24

    Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (restart) and possibly execute arbitrary code via a routine that processes cookies while in StateServer mode.

  • CVE-2025-26682Apr 8, 2025
    risk 0.01cvss epss 0.01

    Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Page 1 of 2