VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Microsoft
>
ASP NET Core
> 3.1
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2021-12-15
CVE-2021-43877
Unspecified vulnerability in Microsoft products
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
local
low complexity
microsoft
8.8
8.8
2021-08-12
CVE-2021-34532
Unspecified vulnerability in Microsoft Visual Studio 2019
ASP.NET Core and Visual Studio Information Disclosure Vulnerability
local
low complexity
microsoft
5.5
5.5
2021-01-12
CVE-2021-1723
ASP.NET Core and Visual Studio Denial of Service Vulnerability
network
low complexity
microsoft
fedoraproject
7.5
7.5
2020-09-11
CVE-2020-1045
<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p> <p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>
network
low complexity
microsoft
fedoraproject
redhat
7.5
7.5
2020-08-17
CVE-2020-1597
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests.
network
low complexity
microsoft
fedoraproject
7.5
7.5
2020-05-21
CVE-2020-1161
Improper Input Validation vulnerability in Microsoft Asp.Net Core and Visual Studio 2017
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
network
low complexity
microsoft
CWE-20
5.0
5.0
2020-01-14
CVE-2020-0603
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.
network
microsoft
redhat
CWE-119
critical
9.3
9.3
2020-01-14
CVE-2020-0602
Resource Exhaustion vulnerability in multiple products
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
network
low complexity
microsoft
redhat
CWE-400
5.0
5.0