Search for packages
| purl | pkg:nuget/Microsoft.AspNetCore.All@2.0.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-c142-nvsc-aaaf
Aliases: GHSA-3m2r-q8x3-xmf7 GMS-2018-37 GMS-2018-39 GMS-2018-40 GMS-2018-43 |
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv |
Affected by 2 other vulnerabilities. |
|
VCID-hg9g-j6zh-aaaa
Aliases: GHSA-cgpw-2gph-2r9g GMS-2018-36 GMS-2018-38 GMS-2018-44 |
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core |
Affected by 1 other vulnerability. Affected by 12 other vulnerabilities. |
|
VCID-jm74-ks6f-aaaa
Aliases: CVE-2018-8292 GHSA-7jgj-8wvc-jh57 |
.NET Core Information Disclosure |
Affected by 11 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3nkp-dtxb-aaam | Privilege Escalation ASP.NET Core allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808. |
CVE-2018-0784
|
| VCID-4ycz-b62h-aaae | Permissive Cross-domain Policy with Untrusted Domains ASP.NET Core allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability". |
CVE-2017-8700
GHSA-3rp6-rjw4-cq39 |
| VCID-5h3z-fa4n-aaae | ASP.NET Core allow an elevation of privilege |
CVE-2018-0787
GHSA-365p-96qv-xr7g |
| VCID-5p1t-4vye-aaae | Security feature bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated |
CVE-2018-8171
GHSA-vhvh-528q-ff3p |
| VCID-dfht-553s-aaad | URL Redirection to Untrusted Site ('Open Redirect') ASP.NET Core allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability". |
CVE-2017-11879
GHSA-3wcj-rg8q-9cqv |
| VCID-g96g-hgdh-aaan | Improper Certificate Validation A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework, Microsoft .NET Framework, Microsoft .NET Framework /4.7/4.7.1/4.7.2, ASP.NET Core, Microsoft .NET Framework, ASP.NET Core, ASP.NET Core, .NET Core, Microsoft .NET Framework, Microsoft .NET Framework, Microsoft .NET Framework /4.6.1/4.6.2, .NET Core, .NET Core, Microsoft .NET Framework, Microsoft .NET Framework /4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework |
CVE-2018-8356
GHSA-p9wx-v264-q34p |
| VCID-gp99-uuan-aaac | Cross-Site Request Forgery (CSRF) ASP.NET Core allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Cross Site Request Forgery Vulnerability". |
CVE-2018-0785
|
| VCID-kqu6-94cz-aaaq | Uncontrolled Resource Consumption .NET Core, .NET Core, NET Core and PowerShell Core allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability". |
CVE-2018-0875
GHSA-xcvr-qv8h-m7xw |
| VCID-ut8u-n443-aaap | Privilege Escalation ASP.NET Core allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784. |
CVE-2018-0808
|