.net Framework Security Vulnerabilities and Issues — Page 3 of .net Framework CVE List

Lucene search

Microsoft.net Framework

235 matches found

CVE•added 2012/11/14 12:55 a.m.•146 views

CVE-2012-2519

Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application,...

7.9CVSS6.3AI score0.00949EPSS

CVE•added 2017/07/11 9:29 p.m.•144 views

CVE-2017-8585

Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability.

7.5CVSS6.7AI score0.18597EPSS

CVE•added 2013/10/09 2:53 p.m.•143 views

CVE-2013-3860

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service (application crash or hang) via a crafted signed XML document, aka "Entity Expansion Vulnerability."

7.8CVSS6.5AI score0.63818EPSS

CVE•added 2019/03/06 12:0 a.m.•143 views

CVE-2019-0657

A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.

5.9CVSS6.7AI score0.0553EPSS

CVE•added 2024/10/08 6:15 p.m.•143 views

CVE-2024-43484

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

7.5CVSS7.6AI score0.01412EPSS

CVE•added 2023/06/14 12:15 a.m.•140 views

CVE-2023-33128

.NET and Visual Studio Remote Code Execution Vulnerability

7.3CVSS7.6AI score0.01084EPSS

CVE•added 2023/08/08 7:15 p.m.•139 views

CVE-2023-35391

ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability

7.5CVSS6.5AI score0.02242EPSS

CVE•added 2018/12/12 12:29 a.m.•138 views

CVE-2018-8540

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NE...

10CVSS9.6AI score0.11835EPSS

CVE•added 2023/07/11 6:15 p.m.•138 views

CVE-2023-33170

ASP.NET and Visual Studio Security Feature Bypass Vulnerability

8.1CVSS8AI score0.00143EPSS

CVE•added 2015/11/11 12:59 p.m.•136 views

CVE-2015-6096

The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosu...

4.3CVSS6.4AI score0.32946EPSS

CVE•added 2023/08/08 7:15 p.m.•136 views

CVE-2023-36873

.NET Framework Spoofing Vulnerability

7.4CVSS6.4AI score0.00414EPSS

CVE•added 2012/06/12 10:55 p.m.•134 views

CVE-2012-1855

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerabi...

9.3CVSS7.4AI score0.47527EPSS

CVE•added 2014/05/14 11:13 a.m.•134 views

CVE-2014-1806

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."

10CVSS7.5AI score0.2675EPSS

CVE•added 2018/09/13 12:29 a.m.•134 views

CVE-2018-8421

A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework...

10CVSS8.8AI score0.14185EPSS

CVE•added 2009/10/14 10:30 a.m.•133 views

CVE-2009-2528

GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."

9.3CVSS7.2AI score0.43234EPSS

CVE•added 2023/08/08 6:15 p.m.•132 views

CVE-2023-35390

.NET and Visual Studio Remote Code Execution Vulnerability

7.8CVSS8AI score0.0181EPSS

CVE•added 2019/01/08 9:29 p.m.•131 views

CVE-2019-0545

An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .N...

7.5CVSS6.7AI score0.05995EPSS

CVE•added 2021/02/25 11:15 p.m.•131 views

CVE-2021-24111

.NET Framework Denial of Service Vulnerability

7.5CVSS7.5AI score0.17989EPSS

CVE•added 2024/10/08 6:15 p.m.•130 views

CVE-2024-38229

.NET and Visual Studio Remote Code Execution Vulnerability

8.1CVSS8.2AI score0.00482EPSS

CVE•added 2024/10/08 6:15 p.m.•130 views

CVE-2024-43483

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

7.5CVSS7.6AI score0.00827EPSS

CVE•added 2007/07/10 10:30 p.m.•129 views

CVE-2007-0041

The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.

9.3CVSS7.5AI score0.61823EPSS

CVE•added 2012/02/14 10:55 p.m.•129 views

CVE-2012-0014

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET app...

9.3CVSS7.5AI score0.48808EPSS

CVE•added 2023/06/14 3:15 p.m.•126 views

CVE-2023-32030

.NET and Visual Studio Denial of Service Vulnerability

7.5CVSS7.5AI score0.05241EPSS

CVE•added 2023/06/14 12:15 a.m.•126 views

CVE-2023-33126

.NET and Visual Studio Remote Code Execution Vulnerability

7.3CVSS7.4AI score0.00799EPSS

CVE•added 2023/06/14 12:15 a.m.•126 views

CVE-2023-33135

.NET and Visual Studio Elevation of Privilege Vulnerability

7.3CVSS7.2AI score0.00799EPSS

CVE•added 2024/05/14 5:17 p.m.•126 views

CVE-2024-30045

.NET and Visual Studio Remote Code Execution Vulnerability

6.3CVSS6.8AI score0.00287EPSS

CVE•added 2022/04/15 7:15 p.m.•124 views

CVE-2022-26832

.NET Framework Denial of Service Vulnerability

7.5CVSS7.5AI score0.04986EPSS

CVE•added 2022/09/13 7:15 p.m.•124 views

CVE-2022-26929

.NET Framework Remote Code Execution Vulnerability

7.8CVSS8.8AI score0.01914EPSS

CVE•added 2023/06/14 3:15 p.m.•124 views

CVE-2023-29326

.NET Framework Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00555EPSS

CVE•added 2023/06/14 12:15 a.m.•124 views

CVE-2023-32032

.NET and Visual Studio Elevation of Privilege Vulnerability

6.5CVSS6.9AI score0.00152EPSS

CVE•added 2017/05/12 2:29 p.m.•120 views

CVE-2017-0248

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."

7.5CVSS7.3AI score0.01092EPSS

CVE•added 2018/01/10 1:29 a.m.•120 views

CVE-2018-0786

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."

7.5CVSS6.2AI score0.01188EPSS

CVE•added 2009/10/14 10:30 a.m.•119 views

CVE-2009-2500

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office ...

9.3CVSS7.9AI score0.54154EPSS

CVE•added 2009/10/14 10:30 a.m.•119 views

CVE-2009-3126

9.3CVSS9.7AI score0.48214EPSS

CVE•added 2019/03/06 12:0 a.m.•119 views

CVE-2019-0613

A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visual...

9.3CVSS9.3AI score0.20489EPSS

CVE•added 2023/08/08 6:15 p.m.•118 views

CVE-2023-38178

.NET Core and Visual Studio Denial of Service Vulnerability

7.5CVSS7.5AI score0.01313EPSS

CVE•added 2024/10/08 6:15 p.m.•118 views

CVE-2024-43485

.NET and Visual Studio Denial of Service Vulnerability

7.5CVSS7.5AI score0.00827EPSS

CVE•added 2004/09/28 4:0 a.m.•112 views

CVE-2004-0200

Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy oper...

9.3CVSS7.6AI score0.75514EPSS

CVE•added 2019/05/16 7:29 p.m.•112 views

CVE-2019-0864

A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of Service Vulnerability'.

5.5CVSS6AI score0.00134EPSS

CVE•added 2015/04/14 8:59 p.m.•111 views

CVE-2015-1648

ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka "ASP.NET Information Disclosure Vulnerability."

2.6CVSS5.8AI score0.34816EPSS

CVE•added 2016/04/12 11:59 p.m.•110 views

CVE-2016-0145

The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007 SP3 and 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, and 3.5.1; Skype for Business 2016; Lyn...

9.3CVSS7.7AI score0.74815EPSS

CVE•added 2018/07/11 12:29 a.m.•110 views

CVE-2018-8356

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2...

5.5CVSS6.3AI score0.00356EPSS

CVE•added 2024/05/14 5:17 p.m.•109 views

CVE-2024-30046

Visual Studio Denial of Service Vulnerability

5.9CVSS6.2AI score0.00105EPSS

CVE•added 2014/02/12 4:50 a.m.•108 views

CVE-2014-0257

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM ser...

9.3CVSS7.7AI score0.66897EPSS

CVE•added 2017/04/12 2:59 p.m.•108 views

CVE-2017-0160

Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."

7.8CVSS7.8AI score0.21605EPSS

CVE•added 2009/10/14 10:30 a.m.•105 views

CVE-2009-2501

Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP...

9.3CVSS9.7AI score0.42403EPSS

CVE•added 2021/01/12 8:15 p.m.•105 views

CVE-2021-1725

Bot Framework SDK Information Disclosure Vulnerability

5.5CVSS5.1AI score0.0052EPSS

CVE•added 2015/08/15 12:59 a.m.•104 views

CVE-2015-2464

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight b...

9.3CVSS7.3AI score0.52873EPSS

CVE•added 2009/10/14 10:30 a.m.•103 views

CVE-2009-0090

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3)...

9.3CVSS9.4AI score0.41906EPSS

CVE•added 2009/10/14 10:30 a.m.•97 views

CVE-2009-2502

Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office E...

9.3CVSS9.7AI score0.42434EPSS

Total number of security vulnerabilities235