Search for packages
| purl | pkg:nuget/Microsoft.AspNetCore.All@2.1.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1va4-u1vh-aaab
Aliases: CVE-2019-0548 |
Uncontrolled Resource Consumption A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core, ASP.NET Core This CVE ID is unique from CVE-2019-0564. | There are no reported fixed by versions. |
|
VCID-3c5z-k9qt-aaaa
Aliases: CVE-2018-8409 GHSA-j378-6mmw-hqfr |
Denial of service vulnerability exists when System.IO.Pipelines improperly handles requests |
Affected by 10 other vulnerabilities. |
|
VCID-b4f8-17jc-aaap
Aliases: CVE-2018-8269 GHSA-mv2r-q4g5-j8q5 |
Microsoft.Data.OData Library improperly handles web requests |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-bsmn-prby-aaan
Aliases: CVE-2020-1597 GHSA-f8qx-mjcq-wfgx |
Improper Input Validation A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-h1ra-1p9m-aaag
Aliases: CVE-2019-0564 GHSA-6px8-22w5-w334 |
Uncontrolled Resource Consumption A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core This CVE ID is unique from CVE-2019-0548. |
Affected by 8 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-hg9g-j6zh-aaaa
Aliases: GHSA-cgpw-2gph-2r9g GMS-2018-36 GMS-2018-38 GMS-2018-44 |
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core |
Affected by 12 other vulnerabilities. |
|
VCID-qfp7-4wbw-aaaf
Aliases: CVE-2019-0982 GHSA-4jxx-4qxw-prxm |
Uncontrolled Resource Consumption A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. |
Affected by 4 other vulnerabilities. |
|
VCID-rcjn-7ufv-aaag
Aliases: CVE-2020-1045 GHSA-hxrm-9w7p-39cc |
Improper Input Validation A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded. The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'. |
Affected by 0 other vulnerabilities. |
|
VCID-rt1q-nt91-aaar
Aliases: CVE-2019-1302 GHSA-xr8f-59pp-rxxh |
Improper Input Validation An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'. | There are no reported fixed by versions. |
|
VCID-tsvj-kuwx-aaag
Aliases: CVE-2019-1075 GHSA-prrf-397v-83xh |
URL Redirection to Untrusted Site ('Open Redirect') A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'. |
Affected by 6 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-zrxn-gnee-aaad
Aliases: CVE-2021-34532 GHSA-q7cg-43mg-qp69 |
ASP.NET Core Information Disclosure Vulnerability |
Affected by 11 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3c5z-k9qt-aaaa | Denial of service vulnerability exists when System.IO.Pipelines improperly handles requests |
CVE-2018-8409
GHSA-j378-6mmw-hqfr |
| VCID-63fu-pwhf-aaaf | Improper Input Validation A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. |
CVE-2020-0602
GHSA-23cv-jh4v-vffm |
| VCID-c413-2csk-aaam | Out-of-bounds Write A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'. |
CVE-2020-0603
GHSA-655q-9gvg-q4cm |
| VCID-h1ra-1p9m-aaag | Uncontrolled Resource Consumption A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core This CVE ID is unique from CVE-2019-0548. |
CVE-2019-0564
GHSA-6px8-22w5-w334 |
| VCID-jm74-ks6f-aaaa | .NET Core Information Disclosure |
CVE-2018-8292
GHSA-7jgj-8wvc-jh57 |
| VCID-vfbm-6tkw-aaae | Path Traversal A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." |
CVE-2018-8416
GHSA-5633-f33j-c6f7 |
| VCID-zb7b-ff2v-aaan | .NET and Visual Studio Denial of Service Vulnerability |
CVE-2023-38180
GHSA-vmch-3w2x-vhgq |