.net Framework Security Vulnerabilities and Issues — Page 2 of .net Framework CVE List

Lucene search

Microsoft.net Framework

177 matches found

CVE•added 2020/05/21 11:15 p.m.•166 views

CVE-2020-1066

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcti...

7.8CVSS7.5AI score0.29538EPSS

CVE•added 2024/10/08 6:15 p.m.•166 views

CVE-2024-43483

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

7.5CVSS7.6AI score0.01052EPSS

CVE•added 2019/09/11 10:15 p.m.•161 views

CVE-2019-1142

An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'.

5.5CVSS6.8AI score0.00463EPSS

CVE•added 2010/09/22 7:0 p.m.•159 views

CVE-2010-3332

Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE)...

6.4CVSS6.1AI score0.87272EPSS

Web

CVE•added 2013/05/15 3:36 a.m.•158 views

CVE-2013-1336

The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spo...

5CVSS6.5AI score0.71344EPSS

CVE•added 2015/09/09 12:59 a.m.•158 views

CVE-2015-2504

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a craf...

9.3CVSS7.7AI score0.258EPSS

CVE•added 2018/01/10 1:29 a.m.•158 views

CVE-2018-0764

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CV...

7.5CVSS6.4AI score0.22007EPSS

CVE•added 2022/01/11 9:15 p.m.•155 views

CVE-2022-21911

.NET Framework Denial of Service Vulnerability

7.5CVSS7.5AI score0.16178EPSS

CVE•added 2013/01/09 6:9 p.m.•154 views

CVE-2013-0005

The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via cra...

7.8CVSS6.4AI score0.68306EPSS

CVE•added 2017/07/11 9:29 p.m.•154 views

CVE-2017-8585

Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability.

7.5CVSS6.7AI score0.18597EPSS

CVE•added 2013/01/09 6:9 p.m.•153 views

CVE-2013-0003

Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that...

9.3CVSS7.7AI score0.5886EPSS

CVE•added 2013/10/09 2:53 p.m.•153 views

CVE-2013-3128

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary...

9.3CVSS7.3AI score0.51765EPSS

CVE•added 2012/05/09 12:55 a.m.•150 views

CVE-2012-0161

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application...

9.3CVSS9.4AI score0.55229EPSS

CVE•added 2019/03/06 12:0 a.m.•148 views

CVE-2019-0657

A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.

5.9CVSS6.7AI score0.05691EPSS

CVE•added 2012/05/09 12:55 a.m.•147 views

CVE-2012-0160

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework S...

9.3CVSS9.4AI score0.57511EPSS

CVE•added 2012/11/14 12:55 a.m.•147 views

CVE-2012-2519

Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application,...

7.9CVSS6.3AI score0.00949EPSS

CVE•added 2013/10/09 2:53 p.m.•145 views

CVE-2013-3860

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service (application crash or hang) via a crafted signed XML document, aka "Entity Expansion Vulnerability."

7.8CVSS6.5AI score0.63818EPSS

CVE•added 2018/09/13 12:29 a.m.•143 views

CVE-2018-8421

A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework...

10CVSS8.8AI score0.4314EPSS

CVE•added 2018/12/12 12:29 a.m.•141 views

CVE-2018-8540

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NE...

10CVSS9.6AI score0.11835EPSS

CVE•added 2015/11/11 12:59 p.m.•138 views

CVE-2015-6096

The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosu...

4.3CVSS6.4AI score0.32946EPSS

CVE•added 2023/08/08 7:15 p.m.•137 views

CVE-2023-36873

.NET Framework Spoofing Vulnerability

7.4CVSS6.4AI score0.00414EPSS

CVE•added 2012/06/12 10:55 p.m.•135 views

CVE-2012-1855

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerabi...

9.3CVSS7.4AI score0.47527EPSS

CVE•added 2014/05/14 11:13 a.m.•135 views

CVE-2014-1806

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."

10CVSS7.5AI score0.2675EPSS

CVE•added 2009/10/14 10:30 a.m.•134 views

CVE-2009-2528

GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."

9.3CVSS7.2AI score0.43234EPSS

CVE•added 2019/01/08 9:29 p.m.•133 views

CVE-2019-0545

An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .N...

7.5CVSS6.7AI score0.05995EPSS

CVE•added 2021/02/25 11:15 p.m.•133 views

CVE-2021-24111

.NET Framework Denial of Service Vulnerability

7.5CVSS7.5AI score0.17989EPSS

CVE•added 2012/02/14 10:55 p.m.•131 views

CVE-2012-0014

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET app...

9.3CVSS7.5AI score0.48808EPSS

CVE•added 2007/07/10 10:30 p.m.•130 views

CVE-2007-0041

The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.

9.3CVSS7.5AI score0.61823EPSS

CVE•added 2022/09/13 7:15 p.m.•127 views

CVE-2022-26929

.NET Framework Remote Code Execution Vulnerability

7.8CVSS8.8AI score0.02821EPSS

CVE•added 2023/06/14 3:15 p.m.•127 views

CVE-2023-32030

.NET and Visual Studio Denial of Service Vulnerability

7.5CVSS7.5AI score0.05241EPSS

CVE•added 2022/04/15 7:15 p.m.•126 views

CVE-2022-26832

.NET Framework Denial of Service Vulnerability

7.5CVSS7.5AI score0.19361EPSS

CVE•added 2023/06/14 3:15 p.m.•125 views

CVE-2023-29326

.NET Framework Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00555EPSS

CVE•added 2017/05/12 2:29 p.m.•123 views

CVE-2017-0248

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."

7.5CVSS7.3AI score0.01092EPSS

CVE•added 2018/01/10 1:29 a.m.•123 views

CVE-2018-0786

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."

7.5CVSS6.2AI score0.01143EPSS

CVE•added 2019/03/06 12:0 a.m.•122 views

CVE-2019-0613

A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visual...

9.3CVSS9.3AI score0.20489EPSS

CVE•added 2009/10/14 10:30 a.m.•120 views

CVE-2009-2500

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office ...

9.3CVSS7.9AI score0.54154EPSS

CVE•added 2009/10/14 10:30 a.m.•120 views

CVE-2009-3126

9.3CVSS9.7AI score0.48214EPSS

CVE•added 2015/04/14 8:59 p.m.•116 views

CVE-2015-1648

ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka "ASP.NET Information Disclosure Vulnerability."

2.6CVSS5.8AI score0.34816EPSS

CVE•added 2004/09/28 4:0 a.m.•115 views

CVE-2004-0200

Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy oper...

9.3CVSS7.6AI score0.76686EPSS

CVE•added 2019/05/16 7:29 p.m.•113 views

CVE-2019-0864

A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of Service Vulnerability'.

5.5CVSS6AI score0.00134EPSS

CVE•added 2018/07/11 12:29 a.m.•112 views

CVE-2018-8356

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2...

5.5CVSS6.3AI score0.00356EPSS

CVE•added 2016/04/12 11:59 p.m.•111 views

CVE-2016-0145

The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007 SP3 and 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, and 3.5.1; Skype for Business 2016; Lyn...

9.3CVSS7.7AI score0.74815EPSS

CVE•added 2014/02/12 4:50 a.m.•110 views

CVE-2014-0257

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM ser...

9.3CVSS7.7AI score0.67923EPSS

CVE•added 2017/04/12 2:59 p.m.•110 views

CVE-2017-0160

Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."

7.8CVSS7.8AI score0.14415EPSS

CVE•added 2015/08/15 12:59 a.m.•107 views

CVE-2015-2464

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight b...

9.3CVSS7.3AI score0.52873EPSS

CVE•added 2009/10/14 10:30 a.m.•106 views

CVE-2009-2501

Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP...

9.3CVSS9.7AI score0.42403EPSS

CVE•added 2009/10/14 10:30 a.m.•104 views

CVE-2009-0090

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3)...

9.3CVSS9.4AI score0.41906EPSS

CVE•added 2018/07/11 12:29 a.m.•104 views

CVE-2018-8284

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microso...

9.3CVSS7.3AI score0.50205EPSS

CVE•added 2009/10/14 10:30 a.m.•98 views

CVE-2009-2502

Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office E...

9.3CVSS9.7AI score0.42434EPSS

CVE•added 2013/01/09 6:9 p.m.•98 views

CVE-2013-0004

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application,...

9.3CVSS9.4AI score0.10129EPSS

Total number of security vulnerabilities177