asp.net core · threatengine.sh

Home/Product/microsoft asp.net core

Product

microsoft asp.net core

40 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

>= 10.0.0 and < 10.0.7

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a netw

>= 8.0.0 and < 8.0.25

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a networ

>= 2.3.0 and < 2.3.6

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to

>= 8.0.0 and < 8.0.15

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a networ

>= 8.0.0 and < 8.0.14

Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.

>= 6.0.0 and < 6.0.27

.NET Denial of Service Vulnerability

>= 6.0.0 and < 6.0.27

.NET Denial of Service Vulnerability

>= 6.0.0 and < 6.0.25

ASP.NET Core Security Feature Bypass Vulnerability

ASP.NET Core Denial of Service Vulnerability

>= 6.0.0 and < 6.0.23

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q

>= 2.1 and < 2.1.40

.NET and Visual Studio Denial of Service Vulnerability

>= 2.1 and < 2.1.40

ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability

>= 2.1 and <= 2.1.2

ASP.NET Core and Visual Studio Information Disclosure Vulnerability

>= 3.1 and <= 3.1.10

ASP.NET Core and Visual Studio Denial of Service Vulnerability

>= 2.1 and <= 2.1.21

<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NE

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vu

A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attac

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vu

An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fa

A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vu

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vu

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vu

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vu

A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect

>= 2.1 and < 2.1.4

A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, ak

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.N

.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web reques

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from tem

ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "AS

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.N

ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normal

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web

ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially c

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin