.net Framework Security Vulnerabilities and Issues — .net Framework CVE List

Lucene search

Microsoft.net Framework

177 matches found

CVE•added 2020/01/14 11:15 p.m.•1419 views

CVE-2020-0646

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.

10CVSS9.7AI score0.93121EPSS

In wildWeb

CVE•added 2017/09/13 1:29 a.m.•1332 views

CVE-2017-8759

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

9.3CVSS7.5AI score0.93893EPSS

In wild

CVE•added 2020/07/14 11:15 p.m.•1310 views

CVE-2020-1147

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

7.8CVSS8.1AI score0.92742EPSS

In wildWeb

CVE•added 2025/01/14 6:15 p.m.•1127 views

CVE-2025-21176

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

8.8CVSS9AI score0.00662EPSS

CVE•added 2015/05/13 10:59 a.m.•1060 views

CVE-2015-1671

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Develo...

9.3CVSS7.3AI score0.74241EPSS

In wild

CVE•added 2024/01/09 6:15 p.m.•610 views

CVE-2024-0056

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability

8.7CVSS9.1AI score0.00346EPSS

CVE•added 2024/01/09 6:15 p.m.•595 views

CVE-2024-0057

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

9.8CVSS9.3AI score0.02349EPSS

CVE•added 2023/09/12 5:15 p.m.•521 views

CVE-2023-36792

Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.01289EPSS

CVE•added 2023/09/12 5:15 p.m.•518 views

CVE-2023-36793

Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.01537EPSS

CVE•added 2023/09/12 5:15 p.m.•511 views

CVE-2023-36794

Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00994EPSS

CVE•added 2023/09/12 5:15 p.m.•504 views

CVE-2023-36796

Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.01EPSS

CVE•added 2023/09/12 5:15 p.m.•443 views

CVE-2023-36788

.NET Framework Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00281EPSS

CVE•added 2024/03/23 12:15 a.m.•403 views

CVE-2024-29059

.NET Framework Information Disclosure Vulnerability

7.5CVSS7.3AI score0.93743EPSS

In wild

CVE•added 2020/08/17 7:15 p.m.•346 views

CVE-2020-1046

A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system.To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web ...

9.3CVSS8.3AI score0.09677EPSS

CVE•added 2015/11/11 12:59 p.m.•317 views

CVE-2015-6099

Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability."

4.3CVSS4.5AI score0.25179EPSS

CVE•added 2020/01/14 11:15 p.m.•277 views

CVE-2020-0605

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. ...

9.3CVSS8.8AI score0.49116EPSS

CVE•added 2019/07/15 7:15 p.m.•276 views

CVE-2019-1006

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

7.5CVSS7.8AI score0.02931EPSS

CVE•added 2023/11/14 9:15 p.m.•266 views

CVE-2023-36049

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

9.8CVSS8.7AI score0.03285EPSS

CVE•added 2023/02/14 9:15 p.m.•265 views

CVE-2023-21808

.NET and Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.01752EPSS

CVE•added 2024/04/09 5:15 p.m.•256 views

CVE-2024-21409

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

7.3CVSS7.5AI score0.54695EPSS

CVE•added 2023/11/14 6:15 p.m.•241 views

CVE-2023-36560

ASP.NET Security Feature Bypass Vulnerability

8.8CVSS8.5AI score0.0417EPSS

CVE•added 2014/10/15 10:55 a.m.•233 views

CVE-2014-4073

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability."

10CVSS7.4AI score0.29986EPSS

CVE•added 2023/06/14 3:15 p.m.•230 views

CVE-2023-24897

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.02262EPSS

CVE•added 2020/05/21 11:15 p.m.•227 views

CVE-2020-1108

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.

7.5CVSS7.3AI score0.03486EPSS

CVE•added 2022/12/13 7:15 p.m.•226 views

CVE-2022-41089

.NET Framework Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.08927EPSS

CVE•added 2019/05/16 7:29 p.m.•221 views

CVE-2019-0820

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.

7.5CVSS7.2AI score0.03215EPSS

CVE•added 2022/05/10 9:15 p.m.•216 views

CVE-2022-30130

.NET Framework Denial of Service Vulnerability

5.5CVSS4AI score0.01774EPSS

CVE•added 2019/07/15 7:15 p.m.•203 views

CVE-2019-1083

A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'.

7.5CVSS7.2AI score0.10562EPSS

CVE•added 2024/07/09 5:15 p.m.•197 views

CVE-2024-38081

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

7.3CVSS7.2AI score0.00607EPSS

CVE•added 2020/01/14 11:15 p.m.•196 views

CVE-2020-0606

9.3CVSS8.8AI score0.49116EPSS

CVE•added 2023/06/14 3:15 p.m.•194 views

CVE-2023-24895

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.01252EPSS

CVE•added 2020/08/17 7:15 p.m.•193 views

CVE-2020-1476

An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files.To exploit this vulnerability, an attacker would need to send ...

5.5CVSS7.1AI score0.01084EPSS

CVE•added 2023/06/14 3:15 p.m.•191 views

CVE-2023-24936

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

7.5CVSS7.7AI score0.01539EPSS

CVE•added 2023/06/14 3:15 p.m.•187 views

CVE-2023-29331

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

7.5CVSS7.6AI score0.01714EPSS

CVE•added 2014/10/15 10:55 a.m.•184 views

CVE-2014-4121

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application, aka ".NET ...

10CVSS8.3AI score0.4252EPSS

CVE•added 2023/02/14 8:15 p.m.•184 views

CVE-2023-21722

.NET Framework Denial of Service Vulnerability

5CVSS5.3AI score0.00305EPSS

CVE•added 2020/10/16 11:15 p.m.•183 views

CVE-2020-16937

An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.To exploit the vulnerability, an authenticated attacker would need to run a sp...

5.5CVSS5.8AI score0.0906EPSS

CVE•added 2012/05/09 12:55 a.m.•182 views

CVE-2012-0162

Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability."

9.3CVSS7.4AI score0.57604EPSS

CVE•added 2019/07/29 2:9 p.m.•181 views

CVE-2019-1113

8.8CVSS8.3AI score0.27594EPSS

CVE•added 2013/10/09 2:53 p.m.•179 views

CVE-2013-3861

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service (application crash or hang) via crafted character sequences in JSON data, aka "JSON Parsing Vulnerability."

7.8CVSS6.5AI score0.77062EPSS

CVE•added 2022/11/09 10:15 p.m.•177 views

CVE-2022-41064

.NET Framework Information Disclosure Vulnerability

5.8CVSS5.7AI score0.00092EPSS

CVE•added 2024/10/08 6:15 p.m.•177 views

CVE-2024-43484

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

7.5CVSS7.6AI score0.01791EPSS

CVE•added 2012/04/10 9:55 p.m.•176 views

CVE-2012-0163

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framewor...

9.3CVSS9.5AI score0.55802EPSS

CVE•added 2019/05/16 7:29 p.m.•176 views

CVE-2019-0980

A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981.

7.5CVSS7.3AI score0.03215EPSS

CVE•added 2023/08/08 7:15 p.m.•176 views

CVE-2023-36899

ASP.NET Elevation of Privilege Vulnerability

8.8CVSS8.6AI score0.69655EPSS

CVE•added 2018/05/09 7:29 p.m.•174 views

CVE-2018-0765

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4....

7.5CVSS7.2AI score0.07821EPSS

CVE•added 2024/01/09 6:15 p.m.•172 views

CVE-2024-21312

.NET Framework Denial of Service Vulnerability

7.5CVSS7.7AI score0.05333EPSS

CVE•added 2013/01/09 6:9 p.m.•170 views

CVE-2013-0002

Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that l...

9.3CVSS7.8AI score0.58748EPSS

CVE•added 2015/12/09 11:59 a.m.•167 views

CVE-2015-6108

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and ...

9.3CVSS7.4AI score0.47364EPSS

CVE•added 2019/05/16 7:29 p.m.•166 views

CVE-2019-0981

7.5CVSS7.3AI score0.03215EPSS

Total number of security vulnerabilities177