Asp.net
by Microsoft
Source repositories
CVEs (34)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-0603 | 0.01 | — | 0.20 | Jan 14, 2020 | A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution… | |||
| CVE-2019-1302 | 0.01 | — | 0.05 | Sep 11, 2019 | An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'. | |||
| CVE-2019-0982 | 0.01 | — | 0.07 | May 16, 2019 | A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. | |||
| CVE-2019-0815 | 0.01 | — | 0.07 | Apr 9, 2019 | A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. | |||
| CVE-2019-0548 | 0.01 | — | 0.08 | Jan 8, 2019 | A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564. | |||
| CVE-2019-0564 | 0.01 | — | 0.08 | Jan 8, 2019 | A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548. | |||
| CVE-2010-2088 | 0.01 | — | 0.09 | May 27, 2010 | ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter. | |||
| CVE-2010-2084 | 0.01 | — | 0.13 | May 27, 2010 | Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute. | |||
| CVE-2005-2224 | 0.01 | — | 0.18 | Jul 12, 2005 | aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method. | |||
| CVE-2003-0768 | 0.01 | — | 0.13 | Sep 22, 2003 | Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name. | |||
| CVE-2020-1476 | 0.00 | — | 0.01 | Aug 17, 2020 | An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. To exploit this vulnerability, an… | |||
| CVE-2020-1161 | 0.00 | — | 0.06 | May 21, 2020 | A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. | |||
| CVE-2020-0602 | 0.00 | — | 0.08 | Jan 14, 2020 | A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. | |||
| CVE-2019-1075 | 0.00 | — | 0.03 | Jul 15, 2019 | A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'. |
- CVE-2020-0603Jan 14, 2020risk 0.01cvss —epss 0.20
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution…
- CVE-2019-1302Sep 11, 2019risk 0.01cvss —epss 0.05
An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'.
- CVE-2019-0982May 16, 2019risk 0.01cvss —epss 0.07
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
- CVE-2019-0815Apr 9, 2019risk 0.01cvss —epss 0.07
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
- CVE-2019-0548Jan 8, 2019risk 0.01cvss —epss 0.08
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564.
- CVE-2019-0564Jan 8, 2019risk 0.01cvss —epss 0.08
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548.
- CVE-2010-2088May 27, 2010risk 0.01cvss —epss 0.09
ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.
- CVE-2010-2084May 27, 2010risk 0.01cvss —epss 0.13
Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
- CVE-2005-2224Jul 12, 2005risk 0.01cvss —epss 0.18
aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.
- CVE-2003-0768Sep 22, 2003risk 0.01cvss —epss 0.13
Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.
- CVE-2020-1476Aug 17, 2020risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. To exploit this vulnerability, an…
- CVE-2020-1161May 21, 2020risk 0.00cvss —epss 0.06
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
- CVE-2020-0602Jan 14, 2020risk 0.00cvss —epss 0.08
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
- CVE-2019-1075Jul 15, 2019risk 0.00cvss —epss 0.03
A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.
Page 2 of 2