.net Framework Security Vulnerabilities and Issues — .net Framework CVE List

Lucene search

Microsoft.net Framework

235 matches found

CVE•added 2020/01/14 11:15 p.m.•1418 views

CVE-2020-0646

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.

10CVSS9.7AI score0.93121EPSS

In wildWeb

CVE•added 2017/09/13 1:29 a.m.•1331 views

CVE-2017-8759

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

9.3CVSS7.5AI score0.93905EPSS

In wild

CVE•added 2020/07/14 11:15 p.m.•1304 views

CVE-2020-1147

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

7.8CVSS8.1AI score0.92798EPSS

In wildWeb

CVE•added 2025/01/14 6:15 p.m.•1105 views

CVE-2025-21176

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

8.8CVSS9AI score0.00595EPSS

CVE•added 2015/05/13 10:59 a.m.•1059 views

CVE-2015-1671

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Develo...

9.3CVSS7.3AI score0.74241EPSS

In wild

CVE•added 2023/08/08 7:15 p.m.•746 views

CVE-2023-38180

.NET and Visual Studio Denial of Service Vulnerability

7.5CVSS7.8AI score0.00193EPSS

In wild

CVE•added 2024/01/09 6:15 p.m.•588 views

CVE-2024-0056

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability

8.7CVSS9.1AI score0.00346EPSS

CVE•added 2024/01/09 6:15 p.m.•573 views

CVE-2024-0057

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

9.8CVSS9.3AI score0.02349EPSS

CVE•added 2023/09/12 5:15 p.m.•508 views

CVE-2023-36799

.NET Core and Visual Studio Denial of Service Vulnerability

6.5CVSS6.9AI score0.01189EPSS

CVE•added 2023/04/11 9:15 p.m.•506 views

CVE-2023-28260

.NET DLL Hijacking Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.02283EPSS

CVE•added 2023/09/12 5:15 p.m.•499 views

CVE-2023-36792

Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.0114EPSS

CVE•added 2023/09/12 5:15 p.m.•495 views

CVE-2023-36793

Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.0136EPSS

CVE•added 2023/09/12 5:15 p.m.•488 views

CVE-2023-36794

Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00878EPSS

CVE•added 2023/09/12 5:15 p.m.•482 views

CVE-2023-36796

Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00884EPSS

CVE•added 2023/09/12 5:15 p.m.•442 views

CVE-2023-36788

.NET Framework Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00281EPSS

CVE•added 2025/01/14 6:15 p.m.•429 views

CVE-2025-21172

.NET and Visual Studio Remote Code Execution Vulnerability

7.5CVSS7.8AI score0.00197EPSS

CVE•added 2023/10/10 6:15 p.m.•419 views

CVE-2023-38171

Microsoft QUIC Denial of Service Vulnerability

7.5CVSS7.4AI score0.05105EPSS

CVE•added 2021/02/25 11:15 p.m.•404 views

CVE-2021-26701

.NET Core Remote Code Execution Vulnerability

9.8CVSS8.5AI score0.01745EPSS

CVE•added 2023/10/10 6:15 p.m.•404 views

CVE-2023-36435

Microsoft QUIC Denial of Service Vulnerability

7.5CVSS7.4AI score0.01201EPSS

CVE•added 2024/01/09 7:15 p.m.•396 views

CVE-2024-21319

Microsoft Identity Denial of service vulnerability

6.8CVSS6.6AI score0.00322EPSS

CVE•added 2024/03/23 12:15 a.m.•396 views

CVE-2024-29059

.NET Framework Information Disclosure Vulnerability

7.5CVSS7.3AI score0.93848EPSS

In wildWeb

CVE•added 2024/07/09 5:15 p.m.•376 views

CVE-2024-30105

.NET and Visual Studio Denial of Service Vulnerability

7.5CVSS7.6AI score0.01348EPSS

CVE•added 2020/08/17 7:15 p.m.•345 views

CVE-2020-1046

A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system.To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web ...

9.3CVSS8.3AI score0.09677EPSS

CVE•added 2022/03/09 5:15 p.m.•340 views

CVE-2022-24512

.NET and Visual Studio Remote Code Execution Vulnerability

6.8CVSS7.2AI score0.00247EPSS

CVE•added 2025/01/14 6:15 p.m.•318 views

CVE-2025-21173

.NET Elevation of Privilege Vulnerability

7.3CVSS7.2AI score0.02344EPSS

CVE•added 2015/11/11 12:59 p.m.•316 views

CVE-2015-6099

Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability."

4.3CVSS4.5AI score0.25179EPSS

Web

CVE•added 2022/05/10 9:15 p.m.•302 views

CVE-2022-23267

.NET and Visual Studio Denial of Service Vulnerability

7.5CVSS7.5AI score0.01969EPSS

CVE•added 2025/01/14 6:15 p.m.•295 views

CVE-2025-21171

.NET Remote Code Execution Vulnerability

7.5CVSS7.8AI score0.00179EPSS

CVE•added 2024/07/09 5:15 p.m.•292 views

CVE-2024-38095

.NET and Visual Studio Denial of Service Vulnerability

7.5CVSS6.4AI score0.02007EPSS

CVE•added 2022/05/10 9:15 p.m.•286 views

CVE-2022-29117

.NET and Visual Studio Denial of Service Vulnerability

7.5CVSS7.5AI score0.01512EPSS

CVE•added 2024/02/13 6:15 p.m.•283 views

CVE-2024-21404

.NET Denial of Service Vulnerability

7.5CVSS7.7AI score0.03703EPSS

CVE•added 2024/11/12 6:15 p.m.•281 views

CVE-2024-43498

.NET and Visual Studio Remote Code Execution Vulnerability

9.8CVSS9.4AI score0.01561EPSS

CVE•added 2020/01/14 11:15 p.m.•276 views

CVE-2020-0605

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. ...

9.3CVSS8.8AI score0.42556EPSS

CVE•added 2021/02/25 11:15 p.m.•276 views

CVE-2021-24112

.NET Core Remote Code Execution Vulnerability

9.8CVSS9.1AI score0.00755EPSS

CVE•added 2019/07/15 7:15 p.m.•275 views

CVE-2019-1006

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

7.5CVSS7.8AI score0.03045EPSS

CVE•added 2024/03/12 5:15 p.m.•259 views

CVE-2024-21392

.NET and Visual Studio Denial of Service Vulnerability

7.5CVSS7.7AI score0.00554EPSS

CVE•added 2022/05/10 9:15 p.m.•258 views

CVE-2022-29145

.NET and Visual Studio Denial of Service Vulnerability

7.5CVSS7.5AI score0.01947EPSS

CVE•added 2024/11/12 6:15 p.m.•258 views

CVE-2024-43499

.NET and Visual Studio Denial of Service Vulnerability

7.5CVSS7.5AI score0.01123EPSS

CVE•added 2022/03/09 5:15 p.m.•247 views

CVE-2022-24464

.NET and Visual Studio Denial of Service Vulnerability

7.5CVSS7.5AI score0.01473EPSS

CVE•added 2024/03/12 5:15 p.m.•245 views

CVE-2024-26190

Microsoft QUIC Denial of Service Vulnerability

7.5CVSS7.4AI score0.00623EPSS

CVE•added 2023/11/14 9:15 p.m.•244 views

CVE-2023-36049

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

9.8CVSS8.7AI score0.02207EPSS

CVE•added 2023/02/14 9:15 p.m.•242 views

CVE-2023-21808

.NET and Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.01397EPSS

CVE•added 2023/11/14 6:15 p.m.•240 views

CVE-2023-36560

ASP.NET Security Feature Bypass Vulnerability

8.8CVSS8.5AI score0.0417EPSS

CVE•added 2014/10/15 10:55 a.m.•232 views

CVE-2014-4073

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability."

10CVSS7.4AI score0.29986EPSS

CVE•added 2024/04/09 5:15 p.m.•232 views

CVE-2024-21409

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

7.3CVSS7.5AI score0.54695EPSS

CVE•added 2023/11/14 10:15 p.m.•228 views

CVE-2023-36558

ASP.NET Core Security Feature Bypass Vulnerability

6.2CVSS7.5AI score0.00405EPSS

CVE•added 2022/12/13 7:15 p.m.•223 views

CVE-2022-41089

.NET Framework Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.08927EPSS

CVE•added 2020/05/21 11:15 p.m.•221 views

CVE-2020-1108

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.

7.5CVSS7.3AI score0.03486EPSS

CVE•added 2019/05/16 7:29 p.m.•218 views

CVE-2019-0820

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.

7.5CVSS7.2AI score0.03215EPSS

CVE•added 2022/06/15 10:15 p.m.•216 views

CVE-2022-30184

.NET and Visual Studio Information Disclosure Vulnerability

5.5CVSS5.3AI score0.00657EPSS

Total number of security vulnerabilities235