Microsoft Asp.Net Model View Controller vulnerabilities

CVE-2018-8171 [HIGH] CWE-287 CVE-2018-8171: A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempt A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.

CVE-2017-0247 [HIGH] CWE-20 CVE-2017-0247: A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web reques A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denia

CVE-2017-0249 [HIGH] CWE-20 CVE-2017-0249: An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

CVE-2017-0256 [MEDIUM] CWE-20 CVE-2017-0256: A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

CVE-2014-4075 [MEDIUM] CWE-79 CVE-2014-4075: Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Contr Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability."