.net Framework Security Vulnerabilities and Issues — Page 2 of .net Framework CVE List

A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'.

7.5CVSS7.2AI score0.10562EPSS

CVE•added 2023/06/14 3:15 p.m.•200 views

CVE-2023-24897

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.01678EPSS

CVE•added 2020/01/14 11:15 p.m.•194 views

CVE-2020-0606

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. ...

9.3CVSS8.8AI score0.42556EPSS

CVE•added 2020/08/17 7:15 p.m.•192 views

CVE-2020-1476

An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files.To exploit this vulnerability, an attacker would need to send ...

5.5CVSS7.1AI score0.01084EPSS

CVE•added 2021/08/12 6:15 p.m.•191 views

CVE-2021-34485

.NET Core and Visual Studio Information Disclosure Vulnerability

5.5CVSS5.8AI score0.00707EPSS

CVE•added 2022/09/13 7:15 p.m.•188 views

CVE-2022-38013

.NET Core and Visual Studio Denial of Service Vulnerability

7.5CVSS7.5AI score0.01393EPSS

CVE•added 2021/08/12 6:15 p.m.•186 views

CVE-2021-26423

.NET Core and Visual Studio Denial of Service Vulnerability

7.5CVSS7.4AI score0.0242EPSS

CVE•added 2014/10/15 10:55 a.m.•183 views

CVE-2014-4121

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application, aka ".NET ...

10CVSS8.3AI score0.4252EPSS

CVE•added 2020/10/16 11:15 p.m.•182 views

CVE-2020-16937

An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.To exploit the vulnerability, an authenticated attacker would need to run a sp...

5.5CVSS5.8AI score0.07537EPSS

CVE•added 2023/11/14 10:15 p.m.•182 views

CVE-2023-36038

ASP.NET Core Denial of Service Vulnerability

8.2CVSS7.7AI score0.07364EPSS

CVE•added 2012/05/09 12:55 a.m.•181 views

CVE-2012-0162

Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability."

9.3CVSS7.4AI score0.57604EPSS

CVE•added 2021/05/11 7:15 p.m.•181 views

CVE-2021-31204

.NET and Visual Studio Elevation of Privilege Vulnerability

7.8CVSS7.3AI score0.08688EPSS

CVE•added 2019/07/29 2:9 p.m.•180 views

CVE-2019-1113

8.8CVSS8.3AI score0.27594EPSS

CVE•added 2021/10/13 1:15 a.m.•180 views

CVE-2021-41355

.NET Core and Visual Studio Information Disclosure Vulnerability

5.7CVSS5.5AI score0.03608EPSS

CVE•added 2023/02/14 8:15 p.m.•177 views

CVE-2023-21722

.NET Framework Denial of Service Vulnerability

5CVSS5.3AI score0.00305EPSS

CVE•added 2013/10/09 2:53 p.m.•176 views

CVE-2013-3861

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service (application crash or hang) via crafted character sequences in JSON data, aka "JSON Parsing Vulnerability."

7.8CVSS6.5AI score0.77062EPSS

CVE•added 2022/10/11 7:15 p.m.•176 views

CVE-2022-41032

NuGet Client Elevation of Privilege Vulnerability

7.8CVSS7.8AI score0.09559EPSS

CVE•added 2022/11/09 10:15 p.m.•176 views

CVE-2022-41064

.NET Framework Information Disclosure Vulnerability

5.8CVSS5.7AI score0.00086EPSS

CVE•added 2012/04/10 9:55 p.m.•175 views

CVE-2012-0163

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framewor...

9.3CVSS9.5AI score0.55802EPSS

CVE•added 2023/08/08 7:15 p.m.•174 views

CVE-2023-36899

ASP.NET Elevation of Privilege Vulnerability

8.8CVSS8.6AI score0.59432EPSS

CVE•added 2019/05/16 7:29 p.m.•173 views

CVE-2019-0980

A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981.

7.5CVSS7.3AI score0.03215EPSS

CVE•added 2022/08/09 8:15 p.m.•173 views

CVE-2022-34716

.NET Spoofing Vulnerability

5.9CVSS5.9AI score0.0083EPSS

CVE•added 2018/05/09 7:29 p.m.•172 views

CVE-2018-0765

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4....

7.5CVSS7.2AI score0.05916EPSS

CVE•added 2024/01/09 6:15 p.m.•171 views

CVE-2024-21312

.NET Framework Denial of Service Vulnerability

7.5CVSS7.7AI score0.05333EPSS

CVE•added 2013/01/09 6:9 p.m.•169 views

CVE-2013-0002

Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that l...

9.3CVSS7.8AI score0.58748EPSS

CVE•added 2022/02/09 5:15 p.m.•169 views

CVE-2022-21986

.NET Denial of Service Vulnerability

7.5CVSS7.5AI score0.00468EPSS

CVE•added 2021/06/08 11:15 p.m.•167 views

CVE-2021-31957

ASP.NET Core Denial of Service Vulnerability

7.5CVSS6AI score0.03841EPSS

CVE•added 2024/07/09 5:15 p.m.•166 views

CVE-2024-38081

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

7.3CVSS7.2AI score0.00195EPSS

CVE•added 2020/05/21 11:15 p.m.•164 views

CVE-2020-1066

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcti...

7.8CVSS7.5AI score0.29538EPSS

CVE•added 2015/12/09 11:59 a.m.•163 views

CVE-2015-6108

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and ...

9.3CVSS7.4AI score0.47364EPSS

CVE•added 2019/05/16 7:29 p.m.•163 views

CVE-2019-0981

7.5CVSS7.3AI score0.03215EPSS

CVE•added 2023/06/14 3:15 p.m.•162 views

CVE-2023-24895

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00925EPSS

CVE•added 2019/09/11 10:15 p.m.•159 views

CVE-2019-1142

An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'.

5.5CVSS6.8AI score0.00463EPSS

CVE•added 2010/09/22 7:0 p.m.•157 views

CVE-2010-3332

Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE)...

6.4CVSS6.1AI score0.87272EPSS

CVE•added 2013/05/15 3:36 a.m.•156 views

CVE-2013-1336

The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spo...

5CVSS6.5AI score0.71344EPSS

CVE•added 2023/06/14 3:15 p.m.•156 views

CVE-2023-24936

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

7.5CVSS7.7AI score0.01138EPSS

CVE•added 2023/06/14 3:15 p.m.•156 views

CVE-2023-29331

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

7.5CVSS7.6AI score0.01597EPSS

CVE•added 2018/01/10 1:29 a.m.•155 views

CVE-2018-0764

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CV...

7.5CVSS6.4AI score0.22007EPSS

CVE•added 2024/07/09 5:15 p.m.•155 views

CVE-2024-35264

.NET and Visual Studio Remote Code Execution Vulnerability

8.1CVSS8.2AI score0.01353EPSS

CVE•added 2015/09/09 12:59 a.m.•154 views

CVE-2015-2504

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a craf...

9.3CVSS7.7AI score0.258EPSS

CVE•added 2021/02/25 11:15 p.m.•154 views

CVE-2021-1721

.NET Core and Visual Studio Denial of Service Vulnerability

6.5CVSS6.6AI score0.07042EPSS

CVE•added 2022/01/11 9:15 p.m.•154 views

CVE-2022-21911

.NET Framework Denial of Service Vulnerability

7.5CVSS7.5AI score0.16178EPSS

CVE•added 2013/01/09 6:9 p.m.•153 views

CVE-2013-0005

The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via cra...

7.8CVSS6.4AI score0.68306EPSS

CVE•added 2013/01/09 6:9 p.m.•152 views

CVE-2013-0003

Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that...

9.3CVSS7.7AI score0.5886EPSS

CVE•added 2013/10/09 2:53 p.m.•152 views

CVE-2013-3128

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary...

9.3CVSS7.3AI score0.51765EPSS

CVE•added 2012/05/09 12:55 a.m.•149 views

CVE-2012-0161

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application...

9.3CVSS9.4AI score0.55229EPSS

CVE•added 2017/07/11 9:29 p.m.•148 views

CVE-2017-8585

Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability.

7.5CVSS6.7AI score0.18597EPSS

Total number of security vulnerabilities235